Use config gcrypt.participants for GPG key ids
Instead of using a separate keyring file (gcrypt.keyring is now deprecated!), use a simple list of key ids. Extract all keyids and use these to match GOODSIG <keyid> manually on the gpg status output. The gcrypt.keyring variable is still used, but it will be removed later.
This commit is contained in:
root
parent
6173d0ffe0
commit
7aa54e1ae6
2 changed files with 60 additions and 50 deletions
25
README.rst
25
README.rst
|
|
@ -29,12 +29,11 @@ Quickstart
|
|||
|
||||
Install as `git-remote-gcrypt` in `$PATH`.
|
||||
|
||||
Configure a keyring:
|
||||
Configure the list of participant gpg keys:
|
||||
|
||||
::
|
||||
|
||||
gpg --export KEY1 KEY2 > $PWD/.git/keyring.gpg
|
||||
git config --path gcrypt.keyring $PWD/.git/keyring.gpg
|
||||
git config --global gcrypt.participants YOURKEYID
|
||||
|
||||
Create an encrypted remote by pushing to it:
|
||||
|
||||
|
|
@ -50,7 +49,7 @@ Create an encrypted remote by pushing to it:
|
|||
> To gcrypt::[...]
|
||||
> * [new branch] master -> master
|
||||
|
||||
Share the updated Repository URL with everyone in the keyring.
|
||||
Share the updated Repository URL with all participants.
|
||||
|
||||
(The generated Repository ID is not secret, it only exists to ensure
|
||||
that two repositories signed by the same user can not be maliciously
|
||||
|
|
@ -68,16 +67,17 @@ evaluate how well we meet this design goal!
|
|||
Configuration
|
||||
=============
|
||||
|
||||
*gcrypt.keyring*
|
||||
Path to the GPG keyring file containing the public keys of all
|
||||
participants. This file can be created using ``gpg --export``.
|
||||
*gcrypt.participants*
|
||||
Space-separated list of GPG key identifiers. The remote is
|
||||
encrypted to these participants and only signatures from these
|
||||
are accepted. ``gpg -k`` lists all public keys you know.
|
||||
|
||||
git-remote-gcrypt respects the variable *user.signingkey*.
|
||||
You should set *user.signingkey* if your default signing key is not part
|
||||
of the participant list.
|
||||
|
||||
The encryption of the manifest is updated for each push. The pusher must
|
||||
have the public keys of all collaborators in the keyring. You can
|
||||
commit the keyring to the repo, further key management features do not
|
||||
yet exist.
|
||||
have the public keys of all collaborators. You can commit a keyring to
|
||||
the repo, further key management features do not yet exist.
|
||||
|
||||
GPG configuration applies to public-key encryption, symmetric
|
||||
encryption, and signing. See `man gpg` for more information.
|
||||
|
|
@ -88,8 +88,7 @@ Examples
|
|||
|
||||
::
|
||||
|
||||
gpg --export YOURKEYID > $PWD/.git/keyring.gpg
|
||||
git config gcrypt.keyring $PWD/.git/keyring.gpg
|
||||
git config gcrypt.participants YOURKEYID
|
||||
git remote add cryptremote gcrypt::ssh://example.com:repo
|
||||
git push cryptremote HEAD
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,10 @@ Branchlist=
|
|||
Packlist=
|
||||
Extension_list=
|
||||
|
||||
Recipients=
|
||||
Signers=
|
||||
Goodsig=
|
||||
|
||||
# compat/utility functions
|
||||
xecho()
|
||||
{
|
||||
|
|
@ -232,19 +236,19 @@ EOF
|
|||
# Encrypt to recipients $1
|
||||
PRIVENCRYPT()
|
||||
{
|
||||
addsignkeyparam gpg --no-default-keyring --keyring "$Conf_keyring" \
|
||||
--compress-algo none -se $1
|
||||
addsignkeyparam gpg --compress-algo none -se $1
|
||||
}
|
||||
|
||||
PRIVDECRYPT()
|
||||
{
|
||||
local status_=
|
||||
exec 4>&1 &&
|
||||
status_=$(gpg --no-default-keyring --keyring "$Conf_keyring" \
|
||||
--status-fd 3 -q -d 3>&1 1>&4) &&
|
||||
status_=$(gpg --status-fd 3 -q -d 3>&1 1>&4) &&
|
||||
xecho "$status_" | grep "^\[GNUPG:\] ENC_TO " >/dev/null &&
|
||||
(xecho "$status_" | grep "^\[GNUPG:\] GOODSIG " >/dev/null || {
|
||||
echo_info "Failed to verify manifest signature!" && return 1
|
||||
(xecho "$status_" | grep -e "$Goodsig" >/dev/null || {
|
||||
echo_info "Failed to verify manifest signature!" &&
|
||||
echo_info "Only accepting signatories: ${Signers:-(none)}" &&
|
||||
return 1
|
||||
})
|
||||
}
|
||||
|
||||
|
|
@ -269,26 +273,6 @@ safe_git_rev_parse()
|
|||
xgrep -v "missing" | cut -f 1 -d ' '
|
||||
}
|
||||
|
||||
check_recipients()
|
||||
{
|
||||
# Find which keys in the keyring we can encrypt to
|
||||
Recipients=$(gpg --no-default-keyring --keyring "$Conf_keyring" \
|
||||
--with-colons --fast-list -k | xgrep ^pub | \
|
||||
while read rc_line; do
|
||||
cap_=$(xecho "$rc_line" | cut -f 12 -d :)
|
||||
keyid_=$(xecho "$rc_line" | cut -f 5 -d :)
|
||||
iseq "${cap_#*E}" "$cap_" || xecho_n "-R $keyid_ "
|
||||
done)
|
||||
if isnull "$Recipients"
|
||||
then
|
||||
echo_info "You must configure a keyring for the repository."
|
||||
echo_info "Use ::"
|
||||
echo_info " gpg --export KEYID1 > <path-to-keyring>"
|
||||
echo_info " git config gcrypt.keyring <path-to-keyring>"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
make_new_repo()
|
||||
{
|
||||
local urlid_= fix_config=
|
||||
|
|
@ -314,8 +298,43 @@ make_new_repo()
|
|||
|
||||
read_config()
|
||||
{
|
||||
Conf_keyring=$(git config --path gcrypt.keyring || xecho "/dev/null")
|
||||
local recp_= key_line= cap_= conf_keyring= conf_part=
|
||||
Conf_signkey=$(git config --path user.signingkey || :)
|
||||
conf_keyring=$(git config --path gcrypt.keyring || :)
|
||||
conf_part=$(git config --get gcrypt.participants '.+' || :)
|
||||
|
||||
# Figure out which keys we should encrypt to or accept signatures from
|
||||
if isnonnull "$conf_keyring" && isnull "$conf_part"
|
||||
then
|
||||
echo_info "WARNING: Setting gcrypt.keyring is deprecated," \
|
||||
"use gcrypt.participants instead."
|
||||
conf_part=$(gpg --no-default-keyring --keyring "$conf_keyring" \
|
||||
--with-colons --fast-list -k | grep ^pub | cut -f 5 -d :)
|
||||
fi
|
||||
|
||||
for recp_ in $conf_part
|
||||
do
|
||||
key_line=$(gpg --with-colons --fast-list -k "$recp_" | xgrep ^pub)
|
||||
keyid_=$(xecho "$key_line" | cut -f 5 -d :)
|
||||
|
||||
isnonnull "$keyid_" &&
|
||||
Signers="$Signers $keyid_" &&
|
||||
Goodsig=$(append "$Goodsig" "^\[GNUPG:\] GOODSIG $keyid_") || {
|
||||
echo_info "WARNING: Skipping missing key $recp_"
|
||||
continue
|
||||
}
|
||||
# Check 'E'ncrypt capability
|
||||
cap_=$(xecho "$key_line" | cut -f 12 -d :)
|
||||
iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_"
|
||||
done
|
||||
|
||||
if isnull "$Recipients"
|
||||
then
|
||||
echo_info "You have not configured any keys to encrypt to for this repository"
|
||||
echo_info "Use ::"
|
||||
echo_info " git config gcrypt.participants YOURKEYID"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
ensure_connected()
|
||||
|
|
@ -347,15 +366,8 @@ ensure_connected()
|
|||
Did_find_repo=yes
|
||||
echo_info "Decrypting manifest"
|
||||
manifest_=$(PRIVDECRYPT < "$TmpManifest_Enc") &&
|
||||
isnonnull "$manifest_" || {
|
||||
echo_info "Failed to decrypt manifest!"
|
||||
echo_info "Using keyring $Conf_keyring"
|
||||
if iseq "$Conf_keyring" "/dev/null"
|
||||
then
|
||||
echo_info "NOTE: Please configure gcrypt.keyring"
|
||||
fi
|
||||
exit 1
|
||||
}
|
||||
isnonnull "$manifest_" ||
|
||||
echo_die "Failed to decrypt manifest!"
|
||||
rm -f "$TmpManifest_Enc"
|
||||
trap - EXIT
|
||||
|
||||
|
|
@ -453,7 +465,6 @@ do_push()
|
|||
del_hash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
|
||||
ensure_connected
|
||||
check_recipients
|
||||
|
||||
if iseq "$Did_find_repo" "no"
|
||||
then
|
||||
|
|
|
|||
Loading…
Reference in a new issue