aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorSean Whitton <spwhitton@spwhitton.name>2016-07-04 03:18:48 -0700
committerSean Whitton <spwhitton@spwhitton.name>2016-07-04 03:18:48 -0700
commit8e1bacb80ec77a92dfc21934f0275697d6e5a0c2 (patch)
treeda4b0f32fb35aee34bad22955ac25abbb25ec229
parentc233ea871b7a45b620e920c5ff0720ecd7e48f4c (diff)
parenta8efd51ae49e223adb5be406bc7f848c3ee825fc (diff)
downloadgit-remote-gcrypt-8e1bacb80ec77a92dfc21934f0275697d6e5a0c2.tar.gz
Record git-remote-gcrypt (1.0.0-1) in archive suite sid
-rw-r--r--.gitignore3
l---------CHANGELOG1
-rw-r--r--README.rst20
-rw-r--r--debian/changelog49
-rw-r--r--debian/control11
-rw-r--r--debian/copyright17
-rw-r--r--debian/docs1
-rw-r--r--debian/gbp.conf20
-rw-r--r--debian/links1
-rw-r--r--debian/patches/0001-Debianise-README.patch24
-rw-r--r--debian/patches/series1
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/lintian-overrides2
-rwxr-xr-xgit-remote-gcrypt27
14 files changed, 153 insertions, 25 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2395a05
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+/debian/files
+/debian/git-remote-gcrypt.substvars
+/debian/git-remote-gcrypt
diff --git a/CHANGELOG b/CHANGELOG
new file mode 120000
index 0000000..d526672
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1 @@
+debian/changelog \ No newline at end of file
diff --git a/README.rst b/README.rst
index ba06259..5019642 100644
--- a/README.rst
+++ b/README.rst
@@ -24,14 +24,10 @@ The aim is to provide confidential, authenticated git storage and
collaboration using typical untrusted file hosts or services.
PLEASE help us evaluate how well we meet this design goal!
-.. NOTE:: This is a development version -- Repository format MAY CHANGE.
-
Quickstart
..........
-* Install ``git-remote-gcrypt`` by running the supplied ``install.sh`` script.
-
-* Create an encrypted remote by pushing to it::
+Create an encrypted remote by pushing to it::
git remote add cryptremote gcrypt::rsync://example.com:repo
git push cryptremote master
@@ -79,6 +75,9 @@ The following ``git-config(1)`` variables are supported:
part of the participant list. You may use the per-remote version
to sign different remotes using different keys.
+``gcrypt.gpg-args``
+ The contents of this setting are passed as arguments to gpg.
+ E.g. ``--use-agent``.
Environment Variables
=====================
@@ -86,6 +85,17 @@ Environment Variables
*GCRYPT_FULL_REPACK*
This environment variable forces full repack when pushing.
+Note to users of GnuPG version 2
+================================
+
+When a repository was pushed with ``gcrypt.publish-participants``
+false (i.e. the recipient is anonymous), and you are using GnuPG
+version 2, you will need to include ``--try-all-secrets`` or
+``--try-secret-key ID`` in ``gcrypt.gpg-args``.
+
+GnuPG version 1 always tries all available secret keys when it
+encounters a message with an anonymous recipient.
+
Examples
========
diff --git a/debian/changelog b/debian/changelog
index d7e6620..880d7c1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,46 @@
+git-remote-gcrypt (1.0.0-1) unstable; urgency=medium
+
+ Upstream:
+ * Taking over as upstream maintainer.
+ * Remove notice about repository format potentially changing.
+ * Implement gcrypt.gpg-args git config setting (Closes: #771011).
+ * Respect git config gpg.program if configured.
+ Thanks Christian Amsüss. (Closes: #827943)
+ * Don't reset the remote ID when a gcrypt remote is not available.
+ Thanks Sebastian Reuße. (Closes: #827943)
+ * Suppress bogus warning about keyid matching multiple fingerprints.
+ Based on work by Raphaël Droz.
+ Closes https://github.com/joeyh/git-remote-gcrypt/pull/2
+ * Add "Note to users of GnuPG version 2" section to README.rst.
+ See https://github.com/joeyh/git-remote-gcrypt/pull/1
+
+ Debian packaging:
+ * Drop patch containing changes by Joey Hess: incorporated in release.
+ - Update d/copyright accordingly.
+ * Patch README.rst to remove references to installation.
+ * Add d/links to avoid duplicate changelogs Lintian warning.
+ * Drop Lintian override of no-upstream-changelog.
+ * Update URIs in old changelog entries.
+ * Add a comment to d/source/lintian-overrides.
+ * Bump standards version to 3.9.8 (no changes required).
+
+ -- Sean Whitton <spwhitton@spwhitton.name> Mon, 04 Jul 2016 19:18:48 +0900
+
+git-remote-gcrypt (0.20130908-8) unstable; urgency=medium
+
+ * Adopt git-remote-gcrypt package (Closes: #771020).
+ * Install man page using rst2man, rather than just installing README.rst
+ (Closes: #725455).
+ * Add Vcs-Git: & Vcs-Browser: pointing at my repository.
+ * Switch dpkg-source format to 3.0 (quilt).
+ * Move changes by Joey Hess into a quilt patch.
+ Update debian/copyright accordingly.
+ * Bump Standards-Version.
+ * Add debian/gbp.conf.
+ * Override Lintian tags no-upstream-changelog & debian-watch-file-is-missing.
+
+ -- Sean Whitton <spwhitton@spwhitton.name> Thu, 07 Jan 2016 11:03:01 -0700
+
git-remote-gcrypt (0.20130908-7) unstable; urgency=medium
* Added gcrypt.publish-participants configuration setting.
@@ -16,10 +59,10 @@ git-remote-gcrypt (0.20130908-6) unstable; urgency=medium
git-remote-gcrypt (0.20130908-5) unstable; urgency=low
* Better signature validation for subkeys.
- Closes https://github.com/blake2-ppc/git-remote-gcrypt/pull/7
+ Closes https://github.com/bluss/git-remote-gcrypt/pull/7
* Stop passing --fast-list to gpg as this sometimes causes it to not
display key fingerprints, which git-remote-gcrpyt needs.
- Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/8
+ Closes https://github.com/bluss/git-remote-gcrypt/issues/8
-- Joey Hess <joeyh@debian.org> Thu, 26 Sep 2013 15:58:52 -0400
@@ -39,7 +82,7 @@ git-remote-gcrypt (0.20130908-2) unstable; urgency=low
* Set --trust-model=always when encrypting.
Needed to interoperate with git-annex.
- Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/3
+ Closes https://github.com/bluss/git-remote-gcrypt/issues/3
-- Joey Hess <joeyh@debian.org> Mon, 16 Sep 2013 15:49:16 -0400
diff --git a/debian/control b/debian/control
index e3ec704..6e1410b 100644
--- a/debian/control
+++ b/debian/control
@@ -1,14 +1,15 @@
Source: git-remote-gcrypt
Section: vcs
Priority: optional
-Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.9.0)
-Maintainer: Joey Hess <joeyh@debian.org>
-Standards-Version: 3.9.4
-Homepage: https://github.com/blake2-ppc/git-remote-gcrypt
+Build-Depends: debhelper (>= 9), python-docutils (>= 0.12+dfsg)
+Maintainer: Sean Whitton <spwhitton@spwhitton.name>
+Standards-Version: 3.9.8
+Homepage: https://github.com/bluss/git-remote-gcrypt
+Vcs-Git: https://git.spwhitton.name/git-remote-gcrypt
+Vcs-Browser: https://git.spwhitton.name/?p=git-remote-gcrypt.git;a=summary
Package: git-remote-gcrypt
Architecture: all
-Section: vcs
Depends: git, gnupg | gnupg2, ${misc:Depends}
Recommends: rsync, curl
Description: encrypted git repositories
diff --git a/debian/copyright b/debian/copyright
index 03bf18a..c5497b4 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,8 +1,17 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Source: https://github.com/blake2-ppc/git-remote-gcrypt
+Source: https://git.spwhitton.name/git-remote-gcrypt
Files: *
-Copyright: 2013 by engla
+Copyright: (C) 2013 engla
+ (C) 2013, 2014 Joey Hess <id@joeyh.name>
+ (C) 2016 Sean Whitton and contributors
License: GPL-2+
- On Debian systems, the complete text of the GPL can be found in
- /usr/share/common-licenses/GPL.
+
+Files: debian/*
+Copyright: (C) 2015-2016 Sean Whitton <spwhitton@spwhitton.name>
+ (C) 2013, 2014 Joey Hess <id@joeyh.name>
+License: GPL-2+
+
+License: GPL-2+
+ On Debian systems, the complete text of the GPL-2 can be found in
+ /usr/share/common-licenses/GPL-2.
diff --git a/debian/docs b/debian/docs
deleted file mode 100644
index a1320b1..0000000
--- a/debian/docs
+++ /dev/null
@@ -1 +0,0 @@
-README.rst
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..ff9c2ec
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,20 @@
+[DEFAULT]
+
+# Debian package maintainer is upstream project maintainer, so
+# everything lives on the master branch (from ver. 1.0.0-1 onwards)
+upstream-branch = master
+debian-branch = master
+# However, separate tags (e.g. one commit tagged both 1.0.0 and
+# debian/1.0.0-1) because git-remote-gcrypt is meant to be usable
+# outside of Debian
+upstream-tag = %(version)s
+debian-tag = debian/%(version)s
+
+# Some standard gbp settings
+sign-tags = True
+pristine-tar = True
+pristine-tar-commit = True
+
+color = on
+compression = xz
+compression-level = 9
diff --git a/debian/links b/debian/links
new file mode 100644
index 0000000..d61fdf7
--- /dev/null
+++ b/debian/links
@@ -0,0 +1 @@
+/usr/share/doc/git-remote-gcrypt/changelog /usr/share/doc/git-remote-gcrypt/changelog.Debian
diff --git a/debian/patches/0001-Debianise-README.patch b/debian/patches/0001-Debianise-README.patch
new file mode 100644
index 0000000..e011664
--- /dev/null
+++ b/debian/patches/0001-Debianise-README.patch
@@ -0,0 +1,24 @@
+From: Sean Whitton <spwhitton@spwhitton.name>
+Date: Sun, 17 Jan 2016 22:47:52 -0700
+Subject: Debianise-README
+
+Remove reference to installation.
+---
+ README.rst | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/README.rst b/README.rst
+index 148abad..19a9d9d 100644
+--- a/README.rst
++++ b/README.rst
+@@ -27,9 +27,7 @@ PLEASE help us evaluate how well we meet this design goal!
+ Quickstart
+ ..........
+
+-* Install ``git-remote-gcrypt`` by running the supplied ``install.sh`` script.
+-
+-* Create an encrypted remote by pushing to it::
++Create an encrypted remote by pushing to it::
+
+ git remote add cryptremote gcrypt::rsync://example.com:repo
+ git push cryptremote master
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..93971b0
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Debianise-README.patch
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..43e41b2
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1,2 @@
+# upstream maintainer is Debian maintainer
+debian-watch-file-is-missing
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 8d68669..61fed76 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -30,6 +30,7 @@ Manifestfile=91bd0c092128cf2e60e1a608c31e92caf1f9c1595f83f2890ef17c0e4881aa0a
Hex40="[a-f0-9]"
Hex40=$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40
Hex40=$Hex40$Hex40$Hex40$Hex40$Hex40 # Match SHA-1 hexdigest
+GPG="$(git config --get "gpg.program" '.+' || echo gpg)"
Did_find_repo= # yes for connected, no for no repo
Localdir="${GIT_DIR:=.git}/remote-gcrypt"
@@ -367,13 +368,16 @@ gpg_hash()
rungpg()
{
+ if isnonnull "$Conf_gpg_args"; then
+ set -- "$Conf_gpg_args" "$@"
+ fi
# gpg will fail to run when there is no controlling tty,
# due to trying to print messages to it, even if a gpg agent is set
# up. --no-tty fixes this.
if [ "x$GPG_AGENT_INFO" != "x" ]; then
- gpg --no-tty "$@"
+ ${GPG} --no-tty "$@"
else
- gpg "$@"
+ ${GPG} "$@"
fi
}
@@ -401,13 +405,14 @@ make_new_repo()
# $1 return var for goodsig match, $2 return var for signers text
read_config()
{
- local recp_= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_=
+ local recp_= r_tail= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_=
Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' ||
git config --path user.signingkey || :)
conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
git config --get gcrypt.participants '.+' || :)
Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' ||
git config --get --bool gcrypt.publish-participants || :)
+ Conf_gpg_args=$(git config --get gcrypt.gpg-args '.+' || :)
# Figure out which keys we should encrypt to or accept signatures from
if isnull "$conf_part" || iseq "$conf_part" simple
@@ -423,8 +428,13 @@ read_config()
for recp_ in $conf_part
do
gpg_list=$(rungpg --with-colons --fingerprint -k "$recp_")
+ r_tail_=$(echo "$recp_" | sed -e 's/^0x//')
filter_to @r_keyinfo "pub*" "$gpg_list"
- filter_to @r_keyfpr "fpr*" "$gpg_list"
+ if echo "$recp_" | grep -E -q '^[xA-F0-9]+$'; then # is $recp_ a keyid?
+ filter_to @r_keyfpr "fpr*$r_tail_*" "$gpg_list"
+ else
+ filter_to @r_keyfpr "fpr*" "$gpg_list"
+ fi
isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" ||
echo_info "WARNING: '$recp_' matches multiple keys, using one"
isnull "$r_keyfpr" || isnonnull "${r_keyfpr##*"$Newline"*}" ||
@@ -505,7 +515,12 @@ ensure_connected()
tmp_manifest="$Tempdir/maniF"
GET "$URL" "$Manifestfile" "$tmp_manifest" 2>/dev/null || {
echo_info "Repository not found: $URL"
- return 0
+ if ! isnull "$Repoid"; then
+ echo_info "..but repository ID is set. Aborting."
+ return 1
+ else
+ return 0
+ fi
}
Did_find_repo=yes
@@ -816,8 +831,6 @@ setup()
trap cleanup_tmpfiles EXIT
trap 'exit 1' 1 2 3 15
-
- echo_info "Development version -- Repository format MAY CHANGE"
}
# handle git-remote-helpers protocol