diff options
author | Joey Hess <joey@kitenet.net> | 2013-09-17 16:06:29 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2013-09-17 16:06:29 -0400 |
commit | 2f47bbdbe03f25ae293b5b5aa3ab944ebebf5d4f (patch) | |
tree | b0d0edfc02bfda428ac6030aa2229628a9d4e8ee /Remote/GCrypt.hs | |
parent | 2442281e413cd52f40bedb6a40a67d0e4461bf39 (diff) |
gcrypt: Ensure that signing key is set to one of the participants keys.
Otherwise gcrypt will fail to pull, since it requires this to be the case.
This needs a patched gcrypt, which is in my forked version.
Diffstat (limited to 'Remote/GCrypt.hs')
-rw-r--r-- | Remote/GCrypt.hs | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/Remote/GCrypt.hs b/Remote/GCrypt.hs index cbe804c2f..70f82f667 100644 --- a/Remote/GCrypt.hs +++ b/Remote/GCrypt.hs @@ -34,6 +34,7 @@ import Annex.Ssh import qualified Remote.Rsync import Utility.Rsync import Logs.Remote +import Utility.Gpg remote :: RemoteType remote = RemoteType { @@ -177,15 +178,24 @@ gCryptSetup mu c = go $ M.lookup "gitrepo" c else error "uuid mismatch" {- Configure gcrypt to use the same list of keyids that - - were passed to initremote. (For shared encryption, - - gcrypt's default behavior is used.) -} + - were passed to initremote as its participants. + - Also, configure it to use a signing key that is in the list of + - participants, which gcrypt requires is the case, and may not be + - depending on system configuration. + - + - (For shared encryption, gcrypt's default behavior is used.) -} setGcryptEncryption :: RemoteConfig -> String -> Annex () setGcryptEncryption c remotename = do let participants = ConfigKey $ Git.GCrypt.remoteParticipantConfigKey remotename case extractCipher c of Nothing -> noCrypto - Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> + Just (EncryptedCipher _ _ (KeyIds { keyIds = ks})) -> do setConfig participants (unwords ks) + let signingkey = ConfigKey $ Git.GCrypt.remoteSigningKey remotename + skeys <- M.keys <$> liftIO secretKeys + case filter (`elem` ks) skeys of + [] -> noop + (k:_) -> setConfig signingkey k Just (SharedCipher _) -> unsetConfig participants |