jigen/git-remote-gcrypt
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Use config gcrypt.participants for GPG key ids

Browse source 
Instead of using a separate keyring file (gcrypt.keyring is now
deprecated!), use a simple list of key ids. Extract all keyids and use
these to match GOODSIG <keyid> manually on the gpg status output.

The gcrypt.keyring variable is still used, but it will be removed later.
This commit is contained in:
root 2013-02-14 00:00:00 +00:00
parent 6173d0ffe0
commit 7aa54e1ae6
2 changed files with 60 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
README.rst
View file

@ -29,12 +29,11 @@ Quickstart
Install as `git-remote-gcrypt` in `$PATH`. Install as `git-remote-gcrypt` in `$PATH`.
Configure a keyring: Configure the list of participant gpg keys:
:: ::
gpg --export KEY1 KEY2 > $PWD/.git/keyring.gpg git config --global gcrypt.participants YOURKEYID
git config --path gcrypt.keyring $PWD/.git/keyring.gpg
Create an encrypted remote by pushing to it: Create an encrypted remote by pushing to it:
@ -50,7 +49,7 @@ Create an encrypted remote by pushing to it:
> To gcrypt::[...] > To gcrypt::[...]
> * [new branch] master -> master > * [new branch] master -> master
Share the updated Repository URL with everyone in the keyring. Share the updated Repository URL with all participants.
(The generated Repository ID is not secret, it only exists to ensure (The generated Repository ID is not secret, it only exists to ensure
that two repositories signed by the same user can not be maliciously that two repositories signed by the same user can not be maliciously
@ -68,16 +67,17 @@ evaluate how well we meet this design goal!
Configuration Configuration
============= =============
*gcrypt.keyring* *gcrypt.participants*
Path to the GPG keyring file containing the public keys of all Space-separated list of GPG key identifiers. The remote is
participants. This file can be created using ``gpg --export``. encrypted to these participants and only signatures from these
are accepted. ``gpg -k`` lists all public keys you know.
git-remote-gcrypt respects the variable *user.signingkey*. You should set *user.signingkey* if your default signing key is not part
of the participant list.
The encryption of the manifest is updated for each push. The pusher must The encryption of the manifest is updated for each push. The pusher must
have the public keys of all collaborators in the keyring. You can have the public keys of all collaborators. You can commit a keyring to
commit the keyring to the repo, further key management features do not the repo, further key management features do not yet exist.
yet exist.
GPG configuration applies to public-key encryption, symmetric GPG configuration applies to public-key encryption, symmetric
encryption, and signing. See `man gpg` for more information. encryption, and signing. See `man gpg` for more information.
@ -88,8 +88,7 @@ Examples
:: ::
gpg --export YOURKEYID > $PWD/.git/keyring.gpg git config gcrypt.participants YOURKEYID
git config gcrypt.keyring $PWD/.git/keyring.gpg
git remote add cryptremote gcrypt::ssh://example.com:repo git remote add cryptremote gcrypt::ssh://example.com:repo
git push cryptremote HEAD git push cryptremote HEAD

85
git-remote-gcrypt
View file

@ -23,6 +23,10 @@ Branchlist=
Packlist= Packlist=
Extension_list= Extension_list=
Recipients=
Signers=
Goodsig=
# compat/utility functions # compat/utility functions
xecho() xecho()
{ {
@ -232,19 +236,19 @@ EOF
# Encrypt to recipients $1 # Encrypt to recipients $1
PRIVENCRYPT() PRIVENCRYPT()
{ {
addsignkeyparam gpg --no-default-keyring --keyring "$Conf_keyring" \ addsignkeyparam gpg --compress-algo none -se $1
--compress-algo none -se $1
} }
PRIVDECRYPT() PRIVDECRYPT()
{ {
local status_= local status_=
exec 4>&1 && exec 4>&1 &&
status_=$(gpg --no-default-keyring --keyring "$Conf_keyring" \ status_=$(gpg --status-fd 3 -q -d 3>&1 1>&4) &&
--status-fd 3 -q -d 3>&1 1>&4) &&
xecho "$status_" | grep "^\[GNUPG:\] ENC_TO " >/dev/null && xecho "$status_" | grep "^\[GNUPG:\] ENC_TO " >/dev/null &&
(xecho "$status_" | grep "^\[GNUPG:\] GOODSIG " >/dev/null || { (xecho "$status_" | grep -e "$Goodsig" >/dev/null || {
echo_info "Failed to verify manifest signature!" && return 1 echo_info "Failed to verify manifest signature!" &&
echo_info "Only accepting signatories: ${Signers:-(none)}" &&
return 1
}) })
} }
@ -269,26 +273,6 @@ safe_git_rev_parse()
xgrep -v "missing" | cut -f 1 -d ' ' xgrep -v "missing" | cut -f 1 -d ' '
} }
check_recipients()
{
# Find which keys in the keyring we can encrypt to
Recipients=$(gpg --no-default-keyring --keyring "$Conf_keyring" \
--with-colons --fast-list -k | xgrep ^pub | \
while read rc_line; do
cap_=$(xecho "$rc_line" | cut -f 12 -d :)
keyid_=$(xecho "$rc_line" | cut -f 5 -d :)
iseq "${cap_#*E}" "$cap_" || xecho_n "-R $keyid_ "
done)
if isnull "$Recipients"
then
echo_info "You must configure a keyring for the repository."
echo_info "Use ::"
echo_info " gpg --export KEYID1 > <path-to-keyring>"
echo_info " git config gcrypt.keyring <path-to-keyring>"
exit 1
fi
}
make_new_repo() make_new_repo()
{ {
local urlid_= fix_config= local urlid_= fix_config=
@ -314,8 +298,43 @@ make_new_repo()
read_config() read_config()
{ {
Conf_keyring=$(git config --path gcrypt.keyring || xecho "/dev/null") local recp_= key_line= cap_= conf_keyring= conf_part=
Conf_signkey=$(git config --path user.signingkey || :) Conf_signkey=$(git config --path user.signingkey || :)
conf_keyring=$(git config --path gcrypt.keyring || :)
conf_part=$(git config --get gcrypt.participants '.+' || :)
# Figure out which keys we should encrypt to or accept signatures from
if isnonnull "$conf_keyring" && isnull "$conf_part"
then
echo_info "WARNING: Setting gcrypt.keyring is deprecated," \
"use gcrypt.participants instead."
conf_part=$(gpg --no-default-keyring --keyring "$conf_keyring" \
--with-colons --fast-list -k | grep ^pub | cut -f 5 -d :)
fi
for recp_ in $conf_part
do
key_line=$(gpg --with-colons --fast-list -k "$recp_" | xgrep ^pub)
keyid_=$(xecho "$key_line" | cut -f 5 -d :)
isnonnull "$keyid_" &&
Signers="$Signers $keyid_" &&
Goodsig=$(append "$Goodsig" "^\[GNUPG:\] GOODSIG $keyid_") || {
echo_info "WARNING: Skipping missing key $recp_"
continue
}
# Check 'E'ncrypt capability
cap_=$(xecho "$key_line" | cut -f 12 -d :)
iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_"
done
if isnull "$Recipients"
then
echo_info "You have not configured any keys to encrypt to for this repository"
echo_info "Use ::"
echo_info " git config gcrypt.participants YOURKEYID"
exit 1
fi
} }
ensure_connected() ensure_connected()
@ -347,15 +366,8 @@ ensure_connected()
Did_find_repo=yes Did_find_repo=yes
echo_info "Decrypting manifest" echo_info "Decrypting manifest"
manifest_=$(PRIVDECRYPT < "$TmpManifest_Enc") && manifest_=$(PRIVDECRYPT < "$TmpManifest_Enc") &&
isnonnull "$manifest_" || { isnonnull "$manifest_" ||
echo_info "Failed to decrypt manifest!" echo_die "Failed to decrypt manifest!"
echo_info "Using keyring $Conf_keyring"
if iseq "$Conf_keyring" "/dev/null"
then
echo_info "NOTE: Please configure gcrypt.keyring"
fi
exit 1
}
rm -f "$TmpManifest_Enc" rm -f "$TmpManifest_Enc"
trap - EXIT trap - EXIT
@ -453,7 +465,6 @@ do_push()
del_hash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx del_hash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ensure_connected ensure_connected
check_recipients
if iseq "$Did_find_repo" "no" if iseq "$Did_find_repo" "no"
then then