diff options
| author |  Joey Hess <joey@kitenet.net> | 2012-04-29 14:02:18 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2012-04-29 14:02:43 -0400 |
| commit | 1c16f616df9a8469d24cefb6007333df3a35a449 (patch) | |
| tree | 2198232da7d7594d1a8d952724497c08ee22d2ce /Remote/Helper | |
| parent | d7a4a9a66bd51b18a9e5f4427c3492db1adec40d (diff) | |
Added shared cipher mode to encryptable special remotes.
This option avoids gpg key distribution, at the expense of flexability, and
with the requirement that all clones of the git repository be equally
trusted.
Diffstat (limited to 'Remote/Helper')
| -rw-r--r-- | Remote/Helper/Encryptable.hs | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/Remote/Helper/Encryptable.hs b/Remote/Helper/Encryptable.hs index bcecb30cc..a44e6e453 100644 --- a/Remote/Helper/Encryptable.hs +++ b/Remote/Helper/Encryptable.hs @@ -17,17 +17,22 @@ import Config {- Encryption setup for a remote. The user must specify whether to use - an encryption key, or not encrypt. An encrypted cipher is created, or is - - updated to be accessible to an additional encryption key. -} + - updated to be accessible to an additional encryption key. Or the user + - could opt to use a shared cipher, which is stored unencrypted. -} encryptionSetup :: RemoteConfig -> Annex RemoteConfig -encryptionSetup c = - case (M.lookup "encryption" c, extractCipher c) of - (Nothing, Nothing) -> error "Specify encryption=key or encryption=none" - (Just "none", Nothing) -> return c - (Just "none", Just _) -> error "Cannot change encryption type of existing remote." - (Nothing, Just _) -> return c - (Just _, Nothing) -> use "encryption setup" $ genCipher c - (Just _, Just v) -> use "encryption updated" $ updateCipher c v +encryptionSetup c = case (M.lookup "encryption" c, extractCipher c) of + (Nothing, Nothing) -> error "Specify encryption=key or encryption=none or encryption=shared" + (Just "none", Nothing) -> return c + (Nothing, Just _) -> return c + (Just "shared", Just (SharedCipher _)) -> return c + (Just "none", Just _) -> cannotchange + (Just "shared", Just (EncryptedCipher _ _)) -> cannotchange + (Just _, Just (SharedCipher _)) -> cannotchange + (Just "shared", Nothing) -> use "encryption setup" $ genSharedCipher + (Just keyid, Nothing) -> use "encryption setup" $ genEncryptedCipher keyid + (Just keyid, Just v) -> use "encryption updated" $ updateEncryptedCipher keyid v where + cannotchange = error "Cannot change encryption type of existing remote." use m a = do cipher <- liftIO a showNote $ m ++ " " ++ describeCipher cipher @@ -78,7 +83,7 @@ remoteCipher c = go $ extractCipher c Nothing -> decrypt encipher cache decrypt encipher cache = do showNote "gpg" - cipher <- liftIO $ decryptCipher c encipher + cipher <- liftIO $ decryptCipher encipher Annex.changeState (\s -> s { Annex.ciphers = M.insert encipher cipher cache }) return $ Just cipher |