jigen/git-remote-gcrypt
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
No description
34 commits 1 branch 0 tags 151 KiB
Shell 100%
Find a file
root 1227529ff5 Use gpg --with-colons --print-md
2013-02-14 00:00:00 +00:00
git-remote-gcrypt Use gpg --with-colons --print-md 2013-02-14 00:00:00 +00:00
README README, describe new option gcrypt.keyring 2013-02-14 00:00:00 +00:00

README 

# git-remote-gcrypt
# Copyright 2013  by Ulrik Sverdrup
# License: GPLv2 or any later version, see http://www.gnu.org/licenses/
# Use GnuPG to use encrypted git remotes

WARNING: This is a proof of concept
WARNING: Repository format WILL change, incompatibly

INTRODUCTION

Install as `git-remote-gcrypt` in $PATH

Supports local, ssh:// and sftp:// remotes at the moment,
as well as the special gitception://<giturl> remote type::

    git config --global gcrypt.recipients KEYID1
    git remote add gcryptrepo gcrypt::ssh://hostname.com:MyNewRepo
     ( or maybe:
       git remote add gcryptrepo gcrypt::gitception://git://host.com/repo.git
     )
    git push --all gcryptrepo

CONFIGURATION

 * You must set up a small gpg keyring for the repository::

     gpg --export KEYID1 > <path-to-keyring>
     git config gcrypt.keyring <path-to-keyring>

   New repositories will be created to allow access for the keys in
   `gcrypt.keyring`. The keyring is used to verify the authenticity of the
   repository when it is read or written to.

 * Set `git config gcrypt.signmanifest 1` to also sign the manifest (the
   list of branches and packfiles) when pushing.
 * Set `git config gcrypt.requiresign 1` to fail and stop if no valid
   signature is found on the manifest.
 
 * NOTE: We use the users gnupg configuration for cipher-algo and so on!
         Configure your gnupg to use a strong crypto -- see `man gpg`.


REPOSITORY FORMAT

 * masterkey is first signed, then encrypted using `gpg -e` with hidden
   recipients
 * manifest contains the branches and the list of packfiles

    $ cd MyCryptedRemote
    $ ls 
    -rw-- 11K 00ef27cc2c5b76365e1a46479ed7429e16572c543cdff0a8bf745c7c
    -rw-- 41K b934d8d6c0f48e71b9d7a4d5ea56f024a9bed4f6f2c6f8e688695bee
    -rw-- 577 manifest
    -rw-- 495 masterkey
    
    $ gpg -d masterkey | gpg --passphrase-fd 0 -d manifest 
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    b4a4a39365d19282810c19d0f3f24d04dd2d179f refs/tags/something
    1d323ddadf4cf1d80fced447e637ab3766b168b7 refs/heads/master
    pack :SHA224:00ef27cc2c5b76365e1a46479ed7429e16572c543cdff0a8bf745c7c
    pack :SHA224:b934d8d6c0f48e71b9d7a4d5ea56f024a9bed4f6f2c6f8e688695bee
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)
    
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXX
    -----END PGP SIGNATURE-----