diff options
| author |  Joey Hess <joey@kitenet.net> | 2013-09-17 16:06:29 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2013-09-17 16:06:29 -0400 |
| commit | 2f47bbdbe03f25ae293b5b5aa3ab944ebebf5d4f (patch) | |
| tree | b0d0edfc02bfda428ac6030aa2229628a9d4e8ee | |
| parent | 2442281e413cd52f40bedb6a40a67d0e4461bf39 (diff) | |
gcrypt: Ensure that signing key is set to one of the participants keys.
Otherwise gcrypt will fail to pull, since it requires this to be the case.
This needs a patched gcrypt, which is in my forked version.
| -rw-r--r-- | Git/GCrypt.hs | 3 | ||||
| -rw-r--r-- | Remote/GCrypt.hs | 16 | ||||
| -rw-r--r-- | debian/changelog | 1 |
3 files changed, 17 insertions, 3 deletions
diff --git a/Git/GCrypt.hs b/Git/GCrypt.hs index 18d8fa771..1260c2ced 100644 --- a/Git/GCrypt.hs +++ b/Git/GCrypt.hs @@ -74,5 +74,8 @@ getParticiantList globalconfigrepo repo remotename = KeyIds $ parse $ firstJust remoteParticipantConfigKey :: RemoteName -> String remoteParticipantConfigKey = remoteConfigKey "gcrypt-participants" +remoteSigningKey :: RemoteName -> String +remoteSigningKey = remoteConfigKey "gcrypt-signingkey" + remoteConfigKey :: String -> RemoteName -> String remoteConfigKey key remotename = "remote." ++ remotename ++ "." ++ key diff --git a/Remote/GCrypt.hs b/Remote/GCrypt.hs index cbe804c2f..70f82f667 100644 --- a/Remote/GCrypt.hs +++ b/Remote/GCrypt.hs @@ -34,6 +34,7 @@ import Annex.Ssh import qualified Remote.Rsync import Utility.Rsync import Logs.Remote +import Utility.Gpg remote :: RemoteType remote = RemoteType { @@ -177,15 +178,24 @@ gCryptSetup mu c = go $ M.lookup "gitrepo" c else error "uuid mismatch" {- Configure gcrypt to use the same list of keyids that - - were passed to initremote. (For shared encryption, - - gcrypt's default behavior is used.) -} + - were passed to initremote as its participants. + - Also, configure it to use a signing key that is in the list of + - participants, which gcrypt requires is the case, and may not be + - depending on system configuration. + - + - (For shared encryption, gcrypt's default behavior is used.) -} setGcryptEncryption :: RemoteConfig -> String -> Annex () setGcryptEncryption c remotename = do let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename case extractCipher c of Nothing -> noCrypto - Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> + Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do setConfig participants (unwords ks) + let signingkey = ConfigKey $ Git.GCrypt.remoteSigningKey remotename + skeys <- M.keys <$> liftIO secretKeys + case filter (`elem` ks) skeys of + [] -> noop + (k:_) -> setConfig signingkey k Just (SharedCipher _) -> unsetConfig participants diff --git a/debian/changelog b/debian/changelog index 31d79676d..6616ea00a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,7 @@ git-annex (4.20130912) UNRELEASED; urgency=low * addurl: Fix quvi audodetection, broken in last release. * status: In local mode, displays information about variance from configured numcopies levels. (--fast avoids calculating these) + * gcrypt: Ensure that signing key is set to one of the participants keys. -- Joey Hess <joeyh@debian.org> Thu, 12 Sep 2013 12:14:46 -0400 |