diff --git a/Git/GCrypt.hs b/Git/GCrypt.hs index fb99cf6199..c2a5a98fe2 100644 --- a/Git/GCrypt.hs +++ b/Git/GCrypt.hs @@ -99,6 +99,9 @@ getParticiantList globalconfigrepo repo remotename = KeyIds $ parse $ firstJust remoteParticipantConfigKey :: RemoteName -> String remoteParticipantConfigKey = remoteConfigKey "gcrypt-participants" +remotePublishParticipantConfigKey :: RemoteName -> String +remotePublishParticipantConfigKey = remoteConfigKey "gcrypt-publish-participants" + remoteSigningKey :: RemoteName -> String remoteSigningKey = remoteConfigKey "gcrypt-signingkey" diff --git a/Remote/GCrypt.hs b/Remote/GCrypt.hs index 60c2df73e4..b2dd6cdaf5 100644 --- a/Remote/GCrypt.hs +++ b/Remote/GCrypt.hs @@ -263,10 +263,14 @@ shellOrRsync r ashell arsync = case method of - participants, which gcrypt requires is the case, and may not be - depending on system configuration. - - - (For shared encryption, gcrypt's default behavior is used.) -} + - (For shared encryption, gcrypt's default behavior is used.) + - + - Also, sets gcrypt-publish-participants to avoid unncessary gpg + - passphrase prompts. + -} setGcryptEncryption :: RemoteConfig -> String -> Annex () setGcryptEncryption c remotename = do - let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename + let participants = remoteconfig Git.GCrypt.remoteParticipantConfigKey case extractCipher c of Nothing -> noCrypto Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do @@ -278,6 +282,10 @@ setGcryptEncryption c remotename = do (k:_) -> setConfig signingkey k Just (SharedCipher _) -> unsetConfig participants + setConfig (remoteconfig Git.GCrypt.remotePublishParticipantConfigKey) + (Git.Config.boolConfig True) + where + remoteconfig n = ConfigKey $ n remotename store :: Remote -> Remote.Rsync.RsyncOpts -> (Cipher, Key) -> Key -> MeterUpdate -> Annex Bool store r rsyncopts (cipher, enck) k p diff --git a/debian/changelog b/debian/changelog index 179a24dca3..42ab381d85 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,6 +17,11 @@ git-annex (5.20140710) UNRELEASED; urgency=medium (since 5.20140707). * sync: Fix git sync with local git remotes even when they don't have an annex.uuid set. (The assistant already did so.) + * Set gcrypt-publish-participants when setting up a gcrypt repository, + to avoid unncessary passphrase prompts. + This is a security/usability tradeoff. To avoid exposing the gpg key + ids who can decrypt the repository, users can unset + gcrypt-publish-participants. -- Joey Hess Wed, 09 Jul 2014 23:29:21 -0400 diff --git a/doc/special_remotes/gcrypt.mdwn b/doc/special_remotes/gcrypt.mdwn index ac98c43bb7..2e07741d3f 100644 --- a/doc/special_remotes/gcrypt.mdwn +++ b/doc/special_remotes/gcrypt.mdwn @@ -43,3 +43,8 @@ way git-remote-gcrypt encrypts the git repository, you will need to somehow force it to re-push everything again, so that the encrypted repository can be decrypted by the added keys. Probably this can be done by setting `GCRYPT_FULL_REPACK` and doing a forced push of branches. + +Recent versions of git-annex configure gcrypt-publish-participants when +setting up a gcrypt repository. This is done to avoid unncessary gpg +passphrase prompts, but it does publish the gpg keyids that can decrypt the +repository. Unset it if you need to obscure that.