jigen/git-remote-gcrypt
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

When decrypting or verifying the master key, check input type

Browse source 
We rely on gpg to exit with success, but we also check the status output
to verify that the expected action (decrypt with privkey or verify) was
performed.
This commit is contained in:
root 2013-02-14 00:00:00 +00:00
parent 1112174651
commit d96f17b02d
1 changed files with 34 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
git-remote-gcrypt
View file

@ -164,6 +164,14 @@ ENCRYPT()
--passphrase-fd 0 --output - -c /dev/fd/3) 3<&0 --passphrase-fd 0 --output - -c /dev/fd/3) 3<&0
} }
DECRYPT()
{
(printf "%s" "$MASTERKEY" | \
gpg -q --batch --no-default-keyring --secret-keyring /dev/null \
--keyring /dev/null \
--passphrase-fd 0 --output - -d /dev/fd/3) 3<&0
}
CLEARSIGN() CLEARSIGN()
{ {
if [ "$CONF_SIGN_MANIFEST" = "true" ] if [ "$CONF_SIGN_MANIFEST" = "true" ]
@ -175,20 +183,28 @@ CLEARSIGN()
fi fi
} }
CHECKSIGN() # Require both gpg success and status word $1
gpg_check_status()
{ {
gpg -q --batch --no-default-keyring \ local STATUS
local ARG
ARG=$1 ; shift;
STATUS=$(gpg --status-fd 3 "$@" 3>&1 1>&4) 4>&1 &&
printf "%s" "$STATUS" | grep "^\[GNUPG:\] $ARG " >/dev/null
}
VERIFYSIGN()
{
gpg_check_status "GOODSIG" -q --batch --no-default-keyring \
--secret-keyring /dev/null --keyring "$CONF_KEYRING" -d --secret-keyring /dev/null --keyring "$CONF_KEYRING" -d
} }
DECRYPT() PRIVDECRYPT()
{ {
(printf "%s" "$MASTERKEY" | \ gpg_check_status "ENC_TO" -q -d
gpg -q --batch --no-default-keyring --secret-keyring /dev/null \
--keyring /dev/null \
--passphrase-fd 0 --output - -d /dev/fd/3) 3<&0
} }
# Append $2 to $1 with a newline separator # Append $2 to $1 with a newline separator
append() append()
{ {
@ -239,12 +255,19 @@ make_new_repo()
get_masterkey() get_masterkey()
{ {
# The master key and its clearsigned versions are safe to keep
# as text in variables
local MASTERKEYDEC
TMPMASTERKEY_ENC="$LOCALDIR/masterenc.$$" TMPMASTERKEY_ENC="$LOCALDIR/masterenc.$$"
trap 'rm -f "$TMPMASTERKEY_ENC"' EXIT trap 'rm -f "$TMPMASTERKEY_ENC"' EXIT
GET "$URL" masterkey 2>/dev/null > "$TMPMASTERKEY_ENC" || return 0 GET "$URL" masterkey 2>/dev/null > "$TMPMASTERKEY_ENC" || return 0
MASTERKEYDEC=$(PRIVDECRYPT < "$TMPMASTERKEY_ENC") || {
echo_info "Decryption of master key failed!"
exit 1
}
echo_info "Verifying master key signature" echo_info "Verifying master key signature"
gpg -q -d < "$TMPMASTERKEY_ENC" | CHECKSIGN || { printf "%s" "$MASTERKEYDEC" | VERIFYSIGN || {
echo_info "Opening of master key failed!" echo_info "Failed to verify master key signature!"
echo_info "Using keyring $CONF_KEYRING" echo_info "Using keyring $CONF_KEYRING"
if [ "$CONF_KEYRING" = "/dev/null" ] ; then if [ "$CONF_KEYRING" = "/dev/null" ] ; then
echo_info "Please configure gcrypt.keyring" echo_info "Please configure gcrypt.keyring"
@ -286,8 +309,8 @@ ensure_connected()
then then
# Use gpg to verify and strip the signature # Use gpg to verify and strip the signature
echo_info "Verifying manifest signature" echo_info "Verifying manifest signature"
STRIPDATA="$(printf "%s" "$MANIFESTDATA" | CHECKSIGN || { STRIPDATA="$(printf "%s" "$MANIFESTDATA" | VERIFYSIGN || {
echo_info "WARNING: Failed to verify signature from $URL" echo_info "WARNING: Failed to verify manifest signature"
echo_info "WARNING: Using keyring $CONF_KEYRING" echo_info "WARNING: Using keyring $CONF_KEYRING"
if [ "$CONF_KEYRING" = "/dev/null" ] ; then if [ "$CONF_KEYRING" = "/dev/null" ] ; then
echo_info "WARNING: Please configure gcrypt.keyring" echo_info "WARNING: Please configure gcrypt.keyring"