jigen/git-remote-gcrypt
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Small cleanup

Browse source
This commit is contained in:
root 2013-02-14 00:00:00 +00:00
parent a091942677
commit 0bf22501af
1 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
git-remote-gcrypt
View file

@ -25,7 +25,7 @@ sha1()
LOCALDIR="${GIT_DIR:-.git}/remote-gcrypt" LOCALDIR="${GIT_DIR:-.git}/remote-gcrypt"
DUMMYKEY="00000000000000000000" DUMMYKEY="00000000000000000000"
isurl() { test -z ${2%%"$1"://*} ; } isurl() { test -z ${2%%$1://*} ; }
# Split $1 into $prefix_:$suffix_ # Split $1 into $prefix_:$suffix_
splitcolon() splitcolon()
@ -84,6 +84,9 @@ PUTREPO()
ENCRYPT() ENCRYPT()
{ {
# Security protocol:
# Symmetric encryption using the long MASTERKEY. We use AES
# and OpenPGP's modification detection code (mdc).
(printf "%s" "$MASTERKEY" | \ (printf "%s" "$MASTERKEY" | \
gpg --batch --force-mdc --cipher-algo AES \ gpg --batch --force-mdc --cipher-algo AES \
--passphrase-fd 0 --output - -c /dev/fd/3) 3<&0 --passphrase-fd 0 --output - -c /dev/fd/3) 3<&0
@ -100,8 +103,9 @@ echo_info() { echo "$@" >&2; }
make_new_repo() make_new_repo()
{ {
# Security protocol # Security protocol:
# The MASTERKEY is encrypted to all RECIPIENTS # The MASTERKEY is encrypted to all RECIPIENTS. The key is a long
# ascii-encoded string used for symmetric encryption with GnuPG.
local RECIPIENTS local RECIPIENTS
echo_info "Setting up new repository at $URL" echo_info "Setting up new repository at $URL"
RECIPIENTS=$(git config gcrypt.recipients | sed -e 's/\([^ ]\+\)/-R &/g') RECIPIENTS=$(git config gcrypt.recipients | sed -e 's/\([^ ]\+\)/-R &/g')
@ -113,7 +117,6 @@ make_new_repo()
exit 1 exit 1
fi fi
PUTREPO "$URL" PUTREPO "$URL"
# Use an ascii key for GnuPG (due to its input limitations)
echo_info "Generating new master key" echo_info "Generating new master key"
MASTERKEY="$(genkey)" MASTERKEY="$(genkey)"
printf "%s" "$MASTERKEY" | gpg -e $RECIPIENTS | PUT "$URL" masterkey printf "%s" "$MASTERKEY" | gpg -e $RECIPIENTS | PUT "$URL" masterkey
@ -154,7 +157,7 @@ do_list()
do_fetch() do_fetch()
{ {
# Security protocol: # Security protocol:
# The PACK id is the sha-1 of the encrypted git packfile. # The PACK id is the SHA-1 of the encrypted git packfile.
# We only download packs mentioned in the encrypted 'packfest', # We only download packs mentioned in the encrypted 'packfest',
# and check their digest when received. # and check their digest when received.
local PNEED local PNEED
@ -196,11 +199,13 @@ do_fetch()
echo # end with blank line echo # end with blank line
} }
# do_push PUSHARGS (multiple lines) # do_push PUSHARGS (multiple lines like +src:dst, with both + and src opt.)
do_push() do_push()
{ {
# each line is (with optional `+` and src) # Security protocol:
# +src:dst # Each git packfile is encrypted and then named for the encrypted
# file's SHA-1. `packfest` is updated with the pack id.
# The packfest and manifest are encrypted.
local REMOTEHAS local REMOTEHAS
local REMOTEWANT local REMOTEWANT
local PACKFEST local PACKFEST