summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2013-09-17 16:06:29 -0400
committerGravatar Joey Hess <joey@kitenet.net>2013-09-17 16:06:29 -0400
commit2f47bbdbe03f25ae293b5b5aa3ab944ebebf5d4f (patch)
treeb0d0edfc02bfda428ac6030aa2229628a9d4e8ee
parent2442281e413cd52f40bedb6a40a67d0e4461bf39 (diff)
gcrypt: Ensure that signing key is set to one of the participants keys.
Otherwise gcrypt will fail to pull, since it requires this to be the case. This needs a patched gcrypt, which is in my forked version.
-rw-r--r--Git/GCrypt.hs3
-rw-r--r--Remote/GCrypt.hs16
-rw-r--r--debian/changelog1
3 files changed, 17 insertions, 3 deletions
diff --git a/Git/GCrypt.hs b/Git/GCrypt.hs
index 18d8fa771..1260c2ced 100644
--- a/Git/GCrypt.hs
+++ b/Git/GCrypt.hs
@@ -74,5 +74,8 @@ getParticiantList globalconfigrepo repo remotename = KeyIds $ parse $ firstJust
remoteParticipantConfigKey :: RemoteName -> String
remoteParticipantConfigKey = remoteConfigKey "gcrypt-participants"
+remoteSigningKey :: RemoteName -> String
+remoteSigningKey = remoteConfigKey "gcrypt-signingkey"
+
remoteConfigKey :: String -> RemoteName -> String
remoteConfigKey key remotename = "remote." ++ remotename ++ "." ++ key
diff --git a/Remote/GCrypt.hs b/Remote/GCrypt.hs
index cbe804c2f..70f82f667 100644
--- a/Remote/GCrypt.hs
+++ b/Remote/GCrypt.hs
@@ -34,6 +34,7 @@ import Annex.Ssh
import qualified Remote.Rsync
import Utility.Rsync
import Logs.Remote
+import Utility.Gpg
remote :: RemoteType
remote = RemoteType {
@@ -177,15 +178,24 @@ gCryptSetup mu c = go $ M.lookup "gitrepo" c
else error "uuid mismatch"
{- Configure gcrypt to use the same list of keyids that
- - were passed to initremote. (For shared encryption,
- - gcrypt's default behavior is used.) -}
+ - were passed to initremote as its participants.
+ - Also, configure it to use a signing key that is in the list of
+ - participants, which gcrypt requires is the case, and may not be
+ - depending on system configuration.
+ -
+ - (For shared encryption, gcrypt's default behavior is used.) -}
setGcryptEncryption :: RemoteConfig -> String -> Annex ()
setGcryptEncryption c remotename = do
let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename
case extractCipher c of
Nothing -> noCrypto
- Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) ->
+ Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do
setConfig participants (unwords ks)
+ let signingkey = ConfigKey $ Git.GCrypt.remoteSigningKey remotename
+ skeys <- M.keys <$> liftIO secretKeys
+ case filter (`elem` ks) skeys of
+ [] -> noop
+ (k:_) -> setConfig signingkey k
Just (SharedCipher _) ->
unsetConfig participants
diff --git a/debian/changelog b/debian/changelog
index 31d79676d..6616ea00a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,7 @@ git-annex (4.20130912) UNRELEASED; urgency=low
* addurl: Fix quvi audodetection, broken in last release.
* status: In local mode, displays information about variance from configured
numcopies levels. (--fast avoids calculating these)
+ * gcrypt: Ensure that signing key is set to one of the participants keys.
-- Joey Hess <joeyh@debian.org> Thu, 12 Sep 2013 12:14:46 -0400