gcrypt: Ensure that signing key is set to one of the participants keys.
Otherwise gcrypt will fail to pull, since it requires this to be the case. This needs a patched gcrypt, which is in my forked version.
This commit is contained in:
Joey Hess
parent
d0bba5138c
commit
6c35038643
3 changed files with 17 additions and 3 deletions
|
|
@ -74,5 +74,8 @@ getParticiantList globalconfigrepo repo remotename = KeyIds $ parse $ firstJust
|
|||
remoteParticipantConfigKey :: RemoteName -> String
|
||||
remoteParticipantConfigKey = remoteConfigKey "gcrypt-participants"
|
||||
|
||||
remoteSigningKey :: RemoteName -> String
|
||||
remoteSigningKey = remoteConfigKey "gcrypt-signingkey"
|
||||
|
||||
remoteConfigKey :: String -> RemoteName -> String
|
||||
remoteConfigKey key remotename = "remote." ++ remotename ++ "." ++ key
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ import Annex.Ssh
|
|||
import qualified Remote.Rsync
|
||||
import Utility.Rsync
|
||||
import Logs.Remote
|
||||
import Utility.Gpg
|
||||
|
||||
remote :: RemoteType
|
||||
remote = RemoteType {
|
||||
|
|
@ -177,15 +178,24 @@ gCryptSetup mu c = go $ M.lookup "gitrepo" c
|
|||
else error "uuid mismatch"
|
||||
|
||||
{- Configure gcrypt to use the same list of keyids that
|
||||
- were passed to initremote. (For shared encryption,
|
||||
- gcrypt's default behavior is used.) -}
|
||||
- were passed to initremote as its participants.
|
||||
- Also, configure it to use a signing key that is in the list of
|
||||
- participants, which gcrypt requires is the case, and may not be
|
||||
- depending on system configuration.
|
||||
-
|
||||
- (For shared encryption, gcrypt's default behavior is used.) -}
|
||||
setGcryptEncryption :: RemoteConfig -> String -> Annex ()
|
||||
setGcryptEncryption c remotename = do
|
||||
let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename
|
||||
case extractCipher c of
|
||||
Nothing -> noCrypto
|
||||
Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) ->
|
||||
Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do
|
||||
setConfig participants (unwords ks)
|
||||
let signingkey = ConfigKey $ Git.GCrypt.remoteSigningKey remotename
|
||||
skeys <- M.keys <$> liftIO secretKeys
|
||||
case filter (`elem` ks) skeys of
|
||||
[] -> noop
|
||||
(k:_) -> setConfig signingkey k
|
||||
Just (SharedCipher _) ->
|
||||
unsetConfig participants
|
||||
|
||||
|
|
|
|||
1
debian/changelog
vendored
1
debian/changelog
vendored
|
|
@ -16,6 +16,7 @@ git-annex (4.20130912) UNRELEASED; urgency=low
|
|||
* addurl: Fix quvi audodetection, broken in last release.
|
||||
* status: In local mode, displays information about variance from configured
|
||||
numcopies levels. (--fast avoids calculating these)
|
||||
* gcrypt: Ensure that signing key is set to one of the participants keys.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Thu, 12 Sep 2013 12:14:46 -0400
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue