diff options
author | Joey Hess <joey@kitenet.net> | 2014-07-21 13:12:59 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2014-07-21 13:12:59 -0400 |
commit | ece7513208114b11fcb7fbfa6cefc8813383e27d (patch) | |
tree | 750cff1c4e47a3d957efb61879650d3bff9e654e | |
parent | 1ac7a039972dfb398dcbee5f54bb8afa5240186f (diff) | |
parent | c233ea871b7a45b620e920c5ff0720ecd7e48f4c (diff) | |
download | git-remote-gcrypt-ece7513208114b11fcb7fbfa6cefc8813383e27d.tar.gz |
Merge branch 'dgit/sid' into HEAD
Conflicts:
debian/changelog
-rw-r--r-- | README.rst | 12 | ||||
-rw-r--r-- | debian/changelog | 6 | ||||
-rwxr-xr-x | git-remote-gcrypt | 17 |
3 files changed, 32 insertions, 3 deletions
@@ -60,6 +60,17 @@ The following ``git-config(1)`` variables are supported: The ``gcrypt-participants`` setting on the remote takes precedence over the repository variable ``gcrypt.participants``. +``remote.<name>.gcrypt-publish-participants`` + .. +``gcrypt.publish-participants`` + By default, the gpg key ids of the participants are obscured by + encrypting using `gpg -R`. Setting this option to `true` disables + that security measure. + + The problem with using `gpg -R` is that to decrypt, gpg tries each + available secret key in turn until it finds a usable key. + This can result in unncessary passphrase prompts. + ``remote.<name>.gcrypt-signingkey`` .. ``user.signingkey`` @@ -68,6 +79,7 @@ The following ``git-config(1)`` variables are supported: part of the participant list. You may use the per-remote version to sign different remotes using different keys. + Environment Variables ===================== diff --git a/debian/changelog b/debian/changelog index a99f099..1b4180d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +git-remote-gcrypt (0.20130908-7) unstable; urgency=medium + + * Added gcrypt.publish-participants configuration setting. + + -- Joey Hess <joeyh@debian.org> Tue, 15 Jul 2014 17:40:22 -0400 + git-remote-gcrypt (0.20130908-6~bpo70+1) wheezy-backports; urgency=medium * Updating wheezy backport, for git-annex. diff --git a/git-remote-gcrypt b/git-remote-gcrypt index d4407b1..8d68669 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -176,8 +176,10 @@ update_tree() { local tab_=" " # $2 is a filename from the repo format - (git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; - xecho "100644 blob $3$tab_$2") | git mktree + (set +e; + git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; + xecho "100644 blob $3$tab_$2" + ) | git mktree } # Put giturl $1, file $2 @@ -404,6 +406,8 @@ read_config() git config --path user.signingkey || :) conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || git config --get gcrypt.participants '.+' || :) + Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' || + git config --get --bool gcrypt.publish-participants || :) # Figure out which keys we should encrypt to or accept signatures from if isnull "$conf_part" || iseq "$conf_part" simple @@ -438,7 +442,13 @@ read_config() } # Check 'E'ncrypt capability cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :) - iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_" + if ! iseq "${cap_#*E}" "$cap_"; then + if [ "$Conf_pubish_participants" = true ]; then + Recipients="$Recipients -r $keyid_" + else + Recipients="$Recipients -R $keyid_" + fi + fi done if isnull "$Recipients" @@ -876,6 +886,7 @@ then URL=$2 setup ensure_connected + git remote remove $NAME 2>/dev/null || true if iseq "$Did_find_repo" "no" then exit 100 |