Set gcrypt-publish-participants when setting up a gcrypt repository, to avoid unncessary passphrase prompts.

This is a security/usability tradeoff. To avoid exposing the gpg key ids
who can decrypt the repository, users can unset
gcrypt-publish-participants.

The gcrypt-publish-participants option is available in my fork of
git-remote-gcrypt.

This commit was sponsored by Christopher Kernahan.

1 files changed, 10 insertions, 2 deletions

diff --git a/Remote/GCrypt.hs b/Remote/GCrypt.hs
index 60c2df73e..b2dd6cdaf 100644
--- a/Remote/GCrypt.hs
+++ b/Remote/GCrypt.hs
@@ -263,10 +263,14 @@ shellOrRsync r ashell arsync = case method of
  - participants, which gcrypt requires is the case, and may not be
  - depending on system configuration.
  -
- - (For shared encryption, gcrypt's default behavior is used.) -}
+ - (For shared encryption, gcrypt's default behavior is used.)
+ -
+ - Also, sets gcrypt-publish-participants to avoid unncessary gpg
+ - passphrase prompts.
+ -}
 setGcryptEncryption :: RemoteConfig -> String -> Annex ()
 setGcryptEncryption c remotename = do
-	let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename
+	let participants = remoteconfig Git.GCrypt.remoteParticipantConfigKey
 	case extractCipher c of
 		Nothing -> noCrypto
 		Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do
@@ -278,6 +282,10 @@ setGcryptEncryption c remotename = do
 				(k:_) -> setConfig signingkey k
 		Just (SharedCipher _) ->
 			unsetConfig participants
+	setConfig (remoteconfig Git.GCrypt.remotePublishParticipantConfigKey)
+		(Git.Config.boolConfig True)
+  where
+	remoteconfig n = ConfigKey $ n remotename
 
 store :: Remote -> Remote.Rsync.RsyncOpts -> (Cipher, Key) -> Key -> MeterUpdate -> Annex Bool
 store r rsyncopts (cipher, enck) k p