Commit graph

93 commits

Author SHA1 Message Date
Joey Hess
d8e8128b50 work around a strance change in gpg behavior; needs a trustdb to exist even when using --trust-model=always 2014-01-07 13:20:07 -04:00
Joey Hess
57d49a6d04 remove *>=> and >=*> ; use <$$> instead
I forgot I had <$$> hidden away in Utility.Applicative.
It allows doing the same kind of currying as does >=*>
and I found using it made the code more readable for me.

(*>=> was not used)
2013-09-27 19:58:48 -04:00
Joey Hess
9de189e788 webapp gpg key generation
Now the webapp can generate a gpg key that is dedicated for use by
git-annex. Since the key is single use, much of the complexity of
generating gpg keys is avoided.

Note that the key has no password, because gpg-agent is not available
everywhere the assistant is installed. This is not a big security problem
because the key is going to live on the same disk as the git annex
repository, so an attacker with access to it can look directly in the
repository to see the same files that get stored in the encrypted
repository on the removable drive.

There is no provision yet for backing up keys.

This commit sponsored by Robert Beaty.
2013-09-17 15:36:15 -04:00
Joey Hess
7936cc646d gpg secret key generation 2013-09-16 13:22:43 -04:00
Joey Hess
e4290c61d7 gpg secret keys list parsing
Note that Utility.Format.prop_idempotent_deencode does not hold
now that hex escaped characters are supported. quickcheck fails to notice
this, so I have left it as-is for now.
2013-09-16 12:57:39 -04:00
Joey Hess
b33bddd753 fix comment 2013-09-07 19:08:28 -04:00
Joey Hess
0a2f5f3993 gpg: Force --no-textmode in case the user has it turned on in config. 2013-09-07 13:06:36 -04:00
Joey Hess
cbc5aa623d fix windows build 2013-09-06 17:05:41 -04:00
guilhem
ac9807c887 Leverage an ambiguities between Ciphers
Cipher is now a datatype

    data Cipher = Cipher String | MacOnlyCipher String

which makes more precise its interpretation MAC-only vs. MAC + used to
derive a key for symmetric crypto.
2013-09-05 11:09:08 -04:00
Joey Hess
08f026e886 keep Utility.Gpg free of dependencies on git-annex 2013-09-04 23:16:33 -04:00
guilhem
8293ed619f Allow public-key encryption of file content.
With the initremote parameters "encryption=pubkey keyid=788A3F4C".

/!\ Adding or removing a key has NO effect on files that have already
been copied to the remote. Hence using keyid+= and keyid-= with such
remotes should be used with care, and make little sense unless the point
is to replace a (sub-)key by another. /!\

Also, a test case has been added to ensure that the cipher and file
contents are encrypted as specified by the chosen encryption scheme.
2013-09-03 14:34:16 -04:00
guilhem
53ce59021a Allow revocation of OpenPGP keys.
/!\ It is to be noted that revoking a key does NOT necessarily prevent
the owner of its private part from accessing data on the remote /!\

The only sound use of `keyid-=` is probably to replace a (sub-)key by
another, where the private part of both is owned by the same
person/entity:

    git annex enableremote myremote keyid-=2512E3C7 keyid+=788A3F4C

Reference: http://git-annex.branchable.com/bugs/Using_a_revoked_GPG_key/

* Other change introduced by this patch:

New keys now need to be added with option `keyid+=`, and the scheme
specified (upon initremote only) with `encryption=`. The motivation for
this change is to open for new schemes, e.g., strict asymmetric
encryption.

    git annex initremote myremote encryption=hybrid keyid=2512E3C7
    git annex enableremote myremote keyid+=788A3F4C
2013-08-29 14:31:33 -04:00
Joey Hess
a3224ce35b avoid more build warnings on Windows 2013-08-04 14:05:36 -04:00
Joey Hess
a837ed47f7 Windows: Added support for encrypted special remotes. 2013-08-04 13:03:34 -04:00
Joey Hess
93f2371e09 get rid of __WINDOWS__, use mingw32_HOST_OS
The latter is harder for me to remember, but avoids build failures in code
used by the configure program.
2013-08-02 12:27:32 -04:00
Joey Hess
d5ba9cb728 Allow building with gpg2. 2013-05-19 17:59:58 -04:00
Joey Hess
25cb9a48da fix the day's Windows permissions damage 2013-05-14 20:15:14 -04:00
Joey Hess
d3ed8a3271 better error message for Windows stub 2013-05-14 16:38:26 -05:00
Joey Hess
a7f4b6d2e1 fix build 2013-05-12 19:09:39 -04:00
Joey Hess
abe8d549df fix permission damage (thanks, Windows) 2013-05-11 23:54:25 -04:00
Joey Hess
18bdff3fae clean up from windows porting 2013-05-11 18:23:41 -04:00
Joey Hess
763cbda14f fixup #if 0 stubs to use #ifndef mingw32_HOST_OS
That's needed in files used to build the configure program.
For the other files, I'm keeping my __WINDOWS__ define, as I find that much easier to type.
I may search and replace it to use the mingw32_HOST_OS thing later.
2013-05-10 16:57:21 -05:00
Joey Hess
6c74a42cc6 stub out POSIX stuff 2013-05-10 16:29:59 -05:00
guilhem
00fc21bfec Generate ciphers with a better entropy.
Unless highRandomQuality=false (or --fast) is set, use Libgcypt's
'GCRY_VERY_STRONG_RANDOM' level by default for cipher generation, like
it's done for OpenPGP key generation.

On the assistant side, the random quality is left to the old (lower)
level, in order not to scare the user with an enless page load due to
the blocking PRNG waiting for IO actions.
2013-04-06 16:09:51 -04:00
Joey Hess
5895b2ac75 check that gpg generated as much data as we asked for 2013-03-03 20:39:01 -04:00
Joey Hess
13cfe5c582 improve comments and variable names WRT base64 encoded encryption keys 2013-03-03 19:44:48 -04:00
Joey Hess
88df952243 Deal with incompatability in gpg2, which caused prompts for encryption passphrases rather than using the supplied --passphrase-fd. 2013-01-16 15:27:46 -04:00
Joey Hess
0d50a6105b whitespace fixes 2012-12-13 00:45:27 -04:00
Joey Hess
f87a781aa6 finished where indentation changes 2012-12-13 00:24:19 -04:00
Joey Hess
81379bb29c better streaming while encrypting/decrypting
Both the directory and webdav special remotes used to have to buffer
the whole file contents before it could be decrypted, as they read
from chunks. Now the chunks are streamed through gpg with no buffering.
2012-11-18 15:27:44 -04:00
Joey Hess
5513e71723 avoid partial !! in gpg list-keys parser 2012-10-16 01:43:54 -04:00
Joey Hess
c6f3c410d4 fix gpg pipeline stall
Bug introduced in d1da9cf221, where
I removed a forkProcess when feeding gpg. Feeding it from a thread
solves the bug.
2012-09-09 13:11:54 -04:00
Joey Hess
dcd208513d Merge branch 'master' into assistant
Conflicts:
	debian/changelog
2012-08-17 08:22:43 -07:00
Joey Hess
fe8fee235b Pass --use-agent to gpg when in no tty mode. Thanks, Eskild Hustvedt. 2012-08-17 08:22:11 -07:00
Joey Hess
1db7d27a45 add back debug logging
Make Utility.Process wrap the parts of System.Process that I use,
and add debug logging to them.

Also wrote some higher-level code that allows running an action
with handles to a processes stdin or stdout (or both), and checking
its exit status, all in a single function call.

As a bonus, the debug logging now indicates whether the process
is being run to read from it, feed it data, chat with it (writing and
reading), or just call it for its side effect.
2012-07-19 00:46:52 -04:00
Joey Hess
d1da9cf221 switch from System.Cmd.Utils to System.Process
Test suite now passes with -threaded!

I traced back all the hangs with -threaded to System.Cmd.Utils. It seems
it's just crappy/unsafe/outdated, and should not be used. System.Process
seems to be the cool new thing, so converted all the code to use it
instead.

In the process, --debug stopped printing commands it runs. I may try to
bring that back later.

Note that even SafeSystem was switched to use System.Process. Since that
was a modified version of code from System.Cmd.Utils, it needed to be
converted too. I also got rid of nearly all calls to forkProcess,
and all calls to executeFile, which I'm also doubtful about working
well with -threaded.
2012-07-18 18:00:24 -04:00
Joey Hess
75b6ee81f9 avoid ByteString.Char8 where not needed
Its truncation behavior is a red flag, so avoid using it in these places
where only raw ByteStrings are used, without looking at the data inside.
2012-06-20 13:13:40 -04:00
Joey Hess
1c16f616df Added shared cipher mode to encryptable special remotes.
This option avoids gpg key distribution, at the expense of flexability, and
with the requirement that all clones of the git repository be equally
trusted.
2012-04-29 14:02:43 -04:00
Joey Hess
9ffd97442b don't use GPG_AGENT_INFO to force batch mode in test suite
Fails with gpg 2. Instead, use a different environment variable.

The clean fix would instead be to add an annex.gpg-options configuration.
But, that would be rather a lot of work and it's unlikely it would be
useful for much else.
2012-01-09 18:19:29 -04:00
Joey Hess
60c1aeeb6f Fix overbroad gpg --no-tty fix from last release.
Only set --no-tty when GPG_AGENT_INFO is set and batch mode is used.

In the test suite, set GPG_AGENT_INFO to /dev/null to avoid the test suite
relying on /dev/tty.
2012-01-07 12:38:08 -04:00
Joey Hess
769edd6b08 Run gpg with --no-tty. Closes: #654721 2012-01-05 13:44:09 -04:00
Joey Hess
82a145df91 test encrypted special remote
This involved adding a test harness to run gpg with a dummy key, and lots
of fun.
2011-12-20 23:24:06 -04:00
Joey Hess
c11cfea355 split out Utility.Gpg with the generic gpg interface, from Crypto 2011-12-20 23:24:06 -04:00