gcrypt: Ensure that signing key is set to one of the participants keys.

Otherwise gcrypt will fail to pull, since it requires this to be the case.

This needs a patched gcrypt, which is in my forked version.
This commit is contained in:
Joey Hess 2013-09-17 16:06:29 -04:00
parent d0bba5138c
commit 6c35038643
3 changed files with 17 additions and 3 deletions

View file

@ -34,6 +34,7 @@ import Annex.Ssh
import qualified Remote.Rsync
import Utility.Rsync
import Logs.Remote
import Utility.Gpg
remote :: RemoteType
remote = RemoteType {
@ -177,15 +178,24 @@ gCryptSetup mu c = go $ M.lookup "gitrepo" c
else error "uuid mismatch"
{- Configure gcrypt to use the same list of keyids that
- were passed to initremote. (For shared encryption,
- gcrypt's default behavior is used.) -}
- were passed to initremote as its participants.
- Also, configure it to use a signing key that is in the list of
- participants, which gcrypt requires is the case, and may not be
- depending on system configuration.
-
- (For shared encryption, gcrypt's default behavior is used.) -}
setGcryptEncryption :: RemoteConfig -> String -> Annex ()
setGcryptEncryption c remotename = do
let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename
case extractCipher c of
Nothing -> noCrypto
Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) ->
Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do
setConfig participants (unwords ks)
let signingkey = ConfigKey $ Git.GCrypt.remoteSigningKey remotename
skeys <- M.keys <$> liftIO secretKeys
case filter (`elem` ks) skeys of
[] -> noop
(k:_) -> setConfig signingkey k
Just (SharedCipher _) ->
unsetConfig participants