diff options
| author |  Joey Hess <joeyh@joeyh.name> | 2016-05-23 17:03:20 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-05-23 17:03:20 -0400 |
| commit | d5f672ddd59b43cb9b1bac8f836864165c8931f2 (patch) | |
| tree | 6a020605b69d22252d2b9d619115326848a779c1 /Crypto.hs | |
| parent | 7e637c86630b65621d301afb174cd95efe567130 (diff) | |
Pass the various gnupg-options configs to gpg in several cases where they were not before.
Removed the instance LensGpgEncParams RemoteConfig because it encouraged
code that does not take the RemoteGitConfig into account.
RemoteType's setup was changed to take a RemoteGitConfig,
although the only place that is able to provide a non-empty one is
enableremote, when it's changing an existing remote. This led to several
folow-on changes, and got RemoteGitConfig plumbed through.
Diffstat (limited to 'Crypto.hs')
| -rw-r--r-- | Crypto.hs | 41 |
1 files changed, 17 insertions, 24 deletions
@@ -28,8 +28,7 @@ module Crypto ( readBytes, encrypt, decrypt, - getGpgEncParams, - getGpgDecParams, + LensGpgEncParams(..), prop_HmacSha1WithCipher_sane ) where @@ -179,24 +178,24 @@ readBytes a h = liftIO (L.hGetContents h) >>= a {- Runs a Feeder action, that generates content that is symmetrically - encrypted with the Cipher (unless it is empty, in which case - public-key encryption is used) using the given gpg options, and then - - read by the Reader action. Note: For public-key encryption, - - recipients MUST be included in 'params' (for instance using - - 'getGpgEncParams'). -} -encrypt :: (MonadIO m, MonadMask m) => Gpg.GpgCmd -> [CommandParam] -> Cipher -> Feeder -> Reader m a -> m a -encrypt cmd params cipher = case cipher of + - read by the Reader action. -} +encrypt :: (MonadIO m, MonadMask m, LensGpgEncParams c) => Gpg.GpgCmd -> c -> Cipher -> Feeder -> Reader m a -> m a +encrypt cmd c cipher = case cipher of Cipher{} -> Gpg.feedRead cmd (params ++ Gpg.stdEncryptionParams True) $ cipherPassphrase cipher MacOnlyCipher{} -> Gpg.pipeLazy cmd $ params ++ Gpg.stdEncryptionParams False + where + params = getGpgEncParams c {- Runs a Feeder action, that generates content that is decrypted with the - Cipher (or using a private key if the Cipher is empty), and read by the - Reader action. -} -decrypt :: (MonadIO m, MonadMask m) => Gpg.GpgCmd -> [CommandParam] -> Cipher -> Feeder -> Reader m a -> m a -decrypt cmd params cipher = case cipher of +decrypt :: (MonadIO m, MonadMask m, LensGpgEncParams c) => Gpg.GpgCmd -> c -> Cipher -> Feeder -> Reader m a -> m a +decrypt cmd c cipher = case cipher of Cipher{} -> Gpg.feedRead cmd params' $ cipherPassphrase cipher MacOnlyCipher{} -> Gpg.pipeLazy cmd params' where - params' = Param "--decrypt" : params + params' = Param "--decrypt" : getGpgDecParams c macWithCipher :: Mac -> Cipher -> String -> String macWithCipher mac c = macWithCipher' mac (cipherMac c) @@ -218,20 +217,14 @@ class LensGpgEncParams a where {- Extract the GnuPG options from a pair of a Remote Config and a Remote - Git Config. -} instance LensGpgEncParams (RemoteConfig, RemoteGitConfig) where - getGpgEncParams (c,gc) = map Param (remoteAnnexGnupgOptions gc) ++ getGpgEncParams c - getGpgDecParams (c,gc) = map Param (remoteAnnexGnupgDecryptOptions gc) ++ getGpgDecParams c - -{- Extract the GnuPG options from a Remote Config, ignoring any - - git config settings. (Which is ok if the remote is just being set up - - and so doesn't have any.) -} -instance LensGpgEncParams RemoteConfig where - {- If the remote is configured to use public-key encryption, - - look up the recipient keys and add them to the option list. -} - getGpgEncParams c = case M.lookup "encryption" c of - Just "pubkey" -> Gpg.pkEncTo $ maybe [] (split ",") $ M.lookup "cipherkeys" c - Just "sharedpubkey" -> Gpg.pkEncTo $ maybe [] (split ",") $ M.lookup "pubkeys" c - _ -> [] - getGpgDecParams _ = [] + getGpgEncParams (c,gc) = map Param (remoteAnnexGnupgOptions gc) ++ + {- When the remote is configured to use public-key encryption, + - look up the recipient keys and add them to the option list. -} + case M.lookup "encryption" c of + Just "pubkey" -> Gpg.pkEncTo $ maybe [] (split ",") $ M.lookup "cipherkeys" c + Just "sharedpubkey" -> Gpg.pkEncTo $ maybe [] (split ",") $ M.lookup "pubkeys" c + _ -> [] + getGpgDecParams (_c,gc) = map Param (remoteAnnexGnupgDecryptOptions gc) {- Extract the GnuPG options from a Remote. -} instance LensGpgEncParams (RemoteA a) where |