diff options
author | Joey Hess <joeyh@debian.org> | 2014-04-02 21:42:53 +0100 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2014-04-02 21:42:53 +0100 |
commit | 6da7cdf0fbf26f1faf7d5710e6ed488f1a4e9589 (patch) | |
tree | 7a903e2eca579335b7ce73d0220854e7a25c3bb9 /doc/bugs/Using_a_revoked_GPG_key.mdwn |
git-annex (5.20140402) unstable; urgency=medium
* unannex, uninit: Avoid committing after every file is unannexed,
for massive speedup.
* --notify-finish switch will cause desktop notifications after each
file upload/download/drop completes
(using the dbus Desktop Notifications Specification)
* --notify-start switch will show desktop notifications when each
file upload/download starts.
* webapp: Automatically install Nautilus integration scripts
to get and drop files.
* tahoe: Pass -d parameter before subcommand; putting it after
the subcommand no longer works with tahoe-lafs version 1.10.
(Thanks, Alberto Berti)
* forget --drop-dead: Avoid removing the dead remote from the trust.log,
so that if git remotes for it still exist anywhere, git annex info
will still know it's dead and not show it.
* git-annex-shell: Make configlist automatically initialize
a remote git repository, as long as a git-annex branch has
been pushed to it, to simplify setup of remote git repositories,
including via gitolite.
* add --include-dotfiles: New option, perhaps useful for backups.
* Version 5.20140227 broke creation of glacier repositories,
not including the datacenter and vault in their configuration.
This bug is fixed, but glacier repositories set up with the broken
version of git-annex need to have the datacenter and vault set
in order to be usable. This can be done using git annex enableremote
to add the missing settings. For details, see
http://git-annex.branchable.com/bugs/problems_with_glacier/
* Added required content configuration.
* assistant: Improve ssh authorized keys line generated in local pairing
or for a remote ssh server to set environment variables in an
alternative way that works with the non-POSIX fish shell, as well
as POSIX shells.
# imported from the archive
Diffstat (limited to 'doc/bugs/Using_a_revoked_GPG_key.mdwn')
-rw-r--r-- | doc/bugs/Using_a_revoked_GPG_key.mdwn | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/doc/bugs/Using_a_revoked_GPG_key.mdwn b/doc/bugs/Using_a_revoked_GPG_key.mdwn new file mode 100644 index 000000000..4e522ab78 --- /dev/null +++ b/doc/bugs/Using_a_revoked_GPG_key.mdwn @@ -0,0 +1,34 @@ +### Please describe the problem. +git-annex refuses to use revoked GPG keys. This may be understandable for the initial remote setup, but it hit me when I tried to add a new key to a remote. The previous key has been revoked (because it has been superseded by the new one), and git-annex refused to reinvoke the shared key with both keys because one of them was revoked. + +Given the encryption model does not allow key replacement, it should not refuse to reencrypt using a revoked key. Maybe using `--expert` would help. + +### What steps will reproduce the problem? +Encrypt a special remote with a key K1. Revoke key K1. Try to add key K2 with enableremote. git-annex will refuse to encrypt the shared key with the revoked one. + +### What version of git-annex are you using? On what operating system? +git-annex version: 4.20130802-g1452ac3 + +### Please provide any additional information below. + +[[!format sh """ +% git annex enableremote zoidberg-crypted encryption=42B8F7C2 +enableremote zoidberg-crypted (encryption update) +You need a passphrase to unlock the secret key for +user: "Samuel Tardieu <sam@rfc1149.net>" +2048-bit ELG key, ID F0D70BAF, created 2002-05-31 (main key ID 1B80ADE6) + +gpg: NOTE: key has been revoked +gpg: reason for revocation: Key is superseded +gpg: revocation comment: Key superseded by 42B8F7C2 +gpg: revocation comment: (fingerprint 1D36 D924 8B33 DCAB 7BA5 BA44 7A30 BCF4 42B8 F7C2) +gpg: F13322411B80ADE6: skipped: Unusable public key +gpg: [stdin]: encryption failed: Unusable public key + +git-annex: user error (gpg ["--quiet","--trust-model","always","--encrypt","--no-encrypt-to","--no-default-recipient","--recipient","7A30BCF442B8F7C2","--recipient","F13322411B80ADE6"] exited 2) +failed +git-annex: enableremote: 1 failed +"""]] + +> [[done]]; can now use: `git annex enableremote foo keyid-=REVOKEDKEY +> keyid+=NEWKEY` to remove it, and add a new key. --[[Joey]] |