mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

gcrypt: Ensure that signing key is set to one of the participants keys.

Browse source 
Otherwise gcrypt will fail to pull, since it requires this to be the case.

This needs a patched gcrypt, which is in my forked version.
This commit is contained in:
Joey Hess 2013-09-17 16:06:29 -04:00
parent d0bba5138c
commit 6c35038643
3 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Git/GCrypt.hs
View file

@ -74,5 +74,8 @@ getParticiantList globalconfigrepo repo remotename = KeyIds $ parse $ firstJust
remoteParticipantConfigKey :: RemoteName -> String remoteParticipantConfigKey :: RemoteName -> String
remoteParticipantConfigKey = remoteConfigKey "gcrypt-participants" remoteParticipantConfigKey = remoteConfigKey "gcrypt-participants"
remoteSigningKey :: RemoteName -> String
remoteSigningKey = remoteConfigKey "gcrypt-signingkey"
remoteConfigKey :: String -> RemoteName -> String remoteConfigKey :: String -> RemoteName -> String
remoteConfigKey key remotename = "remote." ++ remotename ++ "." ++ key remoteConfigKey key remotename = "remote." ++ remotename ++ "." ++ key

16
Remote/GCrypt.hs
View file

@ -34,6 +34,7 @@ import Annex.Ssh
import qualified Remote.Rsync import qualified Remote.Rsync
import Utility.Rsync import Utility.Rsync
import Logs.Remote import Logs.Remote
import Utility.Gpg
remote :: RemoteType remote :: RemoteType
remote = RemoteType { remote = RemoteType {
@ -177,15 +178,24 @@ gCryptSetup mu c = go $ M.lookup "gitrepo" c
else error "uuid mismatch" else error "uuid mismatch"
{- Configure gcrypt to use the same list of keyids that {- Configure gcrypt to use the same list of keyids that
- were passed to initremote. (For shared encryption, - were passed to initremote as its participants.
- gcrypt's default behavior is used.) -} - Also, configure it to use a signing key that is in the list of
- participants, which gcrypt requires is the case, and may not be
- depending on system configuration.
-
- (For shared encryption, gcrypt's default behavior is used.) -}
setGcryptEncryption :: RemoteConfig -> String -> Annex () setGcryptEncryption :: RemoteConfig -> String -> Annex ()
setGcryptEncryption c remotename = do setGcryptEncryption c remotename = do
let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename
case extractCipher c of case extractCipher c of
Nothing -> noCrypto Nothing -> noCrypto
Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do
setConfig participants (unwords ks) setConfig participants (unwords ks)
let signingkey = ConfigKey $ Git.GCrypt.remoteSigningKey remotename
skeys <- M.keys <$> liftIO secretKeys
case filter (`elem` ks) skeys of
[] -> noop
(k:_) -> setConfig signingkey k
Just (SharedCipher _) -> Just (SharedCipher _) ->
unsetConfig participants unsetConfig participants

1
debian/changelog vendored
View file

@ -16,6 +16,7 @@ git-annex (4.20130912) UNRELEASED; urgency=low
* addurl: Fix quvi audodetection, broken in last release. * addurl: Fix quvi audodetection, broken in last release.
* status: In local mode, displays information about variance from configured * status: In local mode, displays information about variance from configured
numcopies levels. (--fast avoids calculating these) numcopies levels. (--fast avoids calculating these)
* gcrypt: Ensure that signing key is set to one of the participants keys.
-- Joey Hess <joeyh@debian.org> Thu, 12 Sep 2013 12:14:46 -0400 -- Joey Hess <joeyh@debian.org> Thu, 12 Sep 2013 12:14:46 -0400