added gcrypt.publish-participants configuration
Fixes https://github.com/blake2-ppc/git-remote-gcrypt/issues/9
This commit is contained in:
parent
0ce768c4dd
commit
5dcc77f507
2 changed files with 21 additions and 1 deletions
12
README.rst
12
README.rst
|
@ -60,6 +60,17 @@ The following ``git-config(1)`` variables are supported:
|
||||||
The ``gcrypt-participants`` setting on the remote takes precedence
|
The ``gcrypt-participants`` setting on the remote takes precedence
|
||||||
over the repository variable ``gcrypt.participants``.
|
over the repository variable ``gcrypt.participants``.
|
||||||
|
|
||||||
|
``remote.<name>.gcrypt-publish-participants``
|
||||||
|
..
|
||||||
|
``gcrypt.publish-participants``
|
||||||
|
By default, the gpg key ids of the participants are obscured by
|
||||||
|
encrypting using `gpg -R`. Setting this option to `true` disables
|
||||||
|
that security measure.
|
||||||
|
|
||||||
|
The problem with using `gpg -R` is that to decrypt, gpg tries each
|
||||||
|
available secret key in turn until it finds a usable key.
|
||||||
|
This can result in unncessary passphrase prompts.
|
||||||
|
|
||||||
``remote.<name>.gcrypt-signingkey``
|
``remote.<name>.gcrypt-signingkey``
|
||||||
..
|
..
|
||||||
``user.signingkey``
|
``user.signingkey``
|
||||||
|
@ -68,6 +79,7 @@ The following ``git-config(1)`` variables are supported:
|
||||||
part of the participant list. You may use the per-remote version
|
part of the participant list. You may use the per-remote version
|
||||||
to sign different remotes using different keys.
|
to sign different remotes using different keys.
|
||||||
|
|
||||||
|
|
||||||
Environment Variables
|
Environment Variables
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
|
|
|
@ -406,6 +406,8 @@ read_config()
|
||||||
git config --path user.signingkey || :)
|
git config --path user.signingkey || :)
|
||||||
conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
|
conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
|
||||||
git config --get gcrypt.participants '.+' || :)
|
git config --get gcrypt.participants '.+' || :)
|
||||||
|
Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' ||
|
||||||
|
git config --get --bool gcrypt.publish-participants || :)
|
||||||
|
|
||||||
# Figure out which keys we should encrypt to or accept signatures from
|
# Figure out which keys we should encrypt to or accept signatures from
|
||||||
if isnull "$conf_part" || iseq "$conf_part" simple
|
if isnull "$conf_part" || iseq "$conf_part" simple
|
||||||
|
@ -440,7 +442,13 @@ read_config()
|
||||||
}
|
}
|
||||||
# Check 'E'ncrypt capability
|
# Check 'E'ncrypt capability
|
||||||
cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :)
|
cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :)
|
||||||
iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_"
|
if ! iseq "${cap_#*E}" "$cap_"; then
|
||||||
|
if [ "$Conf_pubish_participants" = true ]; then
|
||||||
|
Recipients="$Recipients -r $keyid_"
|
||||||
|
else
|
||||||
|
Recipients="$Recipients -R $keyid_"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if isnull "$Recipients"
|
if isnull "$Recipients"
|
||||||
|
|
Loading…
Reference in a new issue