jigen/git-remote-gcrypt
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

README, describe new option gcrypt.keyring

Browse source
This commit is contained in:
root 2013-02-14 00:00:00 +00:00
parent a0e16ce7df
commit d390ee8611
1 changed files with 18 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
README
View file

@ -16,19 +16,25 @@ as well as the special gitception://<giturl> remote type::
git config --global gcrypt.recipients KEYID1 git config --global gcrypt.recipients KEYID1
git remote add gcryptrepo gcrypt::ssh://hostname.com:MyNewRepo git remote add gcryptrepo gcrypt::ssh://hostname.com:MyNewRepo
( or maybe: ( or maybe:
git remote add gcryptrepo gcrypt::gitception://git@github.com/Secrets git remote add gcryptrepo gcrypt::gitception://git://host.com/repo.git
) )
git push --all gcryptrepo git push --all gcryptrepo
CONFIGURATION CONFIGURATION
* Repository read access is set up from `git config gcrypt.recipients` * You must set up a small gpg keyring for the repository::
when creating new repositories.
* Set `git config gcrypt.signmanifest` to apply your signature to the gpg --export KEYID1 > <path-to-keyring>
manifest when pushing. git config gcrypt.keyring <path-to-keyring>
* Set `git config gcrypt.requiresign` to always fail and stop if no
valid signature is found on the manifest. New repositories will be created to allow access for the keys in
`gcrypt.keyring`. The keyring is used to verify the authenticity of the
repository when it is read or written to.
* Set `git config gcrypt.signmanifest 1` to also sign the manifest (the
list of branches and packfiles) when pushing.
* Set `git config gcrypt.requiresign 1` to fail and stop if no valid
signature is found on the manifest.
* NOTE: We use the users gnupg configuration for cipher-algo and so on! * NOTE: We use the users gnupg configuration for cipher-algo and so on!
Configure your gnupg to use a strong crypto -- see `man gpg`. Configure your gnupg to use a strong crypto -- see `man gpg`.
@ -36,8 +42,9 @@ CONFIGURATION
REPOSITORY FORMAT REPOSITORY FORMAT
* masterkey is encrypted-to all gcrypt.recipients using `gpg -e` * masterkey is first signed, then encrypted using `gpg -e` with hidden
* manifest contains the branches and the pack list recipients
* manifest contains the branches and the list of packfiles
$ cd MyCryptedRemote $ cd MyCryptedRemote
$ ls $ ls
@ -48,7 +55,7 @@ REPOSITORY FORMAT
$ gpg -d masterkey | gpg --passphrase-fd 0 -d manifest $ gpg -d masterkey | gpg --passphrase-fd 0 -d manifest
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA576 Hash: SHA512
b4a4a39365d19282810c19d0f3f24d04dd2d179f refs/tags/something b4a4a39365d19282810c19d0f3f24d04dd2d179f refs/tags/something
1d323ddadf4cf1d80fced447e637ab3766b168b7 refs/heads/master 1d323ddadf4cf1d80fced447e637ab3766b168b7 refs/heads/master