aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2014-07-15 17:40:16 -0400
committerJoey Hess <joey@kitenet.net>2014-07-15 17:40:16 -0400
commit802b0d7f6ee48a0bf41625a3b9f33e545f8e5259 (patch)
tree7d55430ff03e7d6322c73eeb958902c171149ec9
parentce32004ddc44fbd565b96a3cb351a88640268972 (diff)
parent5dcc77f507d497fe4023e94a47b6a7a1f1146bce (diff)
downloadgit-remote-gcrypt-802b0d7f6ee48a0bf41625a3b9f33e545f8e5259.tar.gz
Merge branch 'master' into dgit/sid
-rw-r--r--README.rst12
-rwxr-xr-xgit-remote-gcrypt17
2 files changed, 26 insertions, 3 deletions
diff --git a/README.rst b/README.rst
index fedd6b0..ba06259 100644
--- a/README.rst
+++ b/README.rst
@@ -60,6 +60,17 @@ The following ``git-config(1)`` variables are supported:
The ``gcrypt-participants`` setting on the remote takes precedence
over the repository variable ``gcrypt.participants``.
+``remote.<name>.gcrypt-publish-participants``
+ ..
+``gcrypt.publish-participants``
+ By default, the gpg key ids of the participants are obscured by
+ encrypting using `gpg -R`. Setting this option to `true` disables
+ that security measure.
+
+ The problem with using `gpg -R` is that to decrypt, gpg tries each
+ available secret key in turn until it finds a usable key.
+ This can result in unncessary passphrase prompts.
+
``remote.<name>.gcrypt-signingkey``
..
``user.signingkey``
@@ -68,6 +79,7 @@ The following ``git-config(1)`` variables are supported:
part of the participant list. You may use the per-remote version
to sign different remotes using different keys.
+
Environment Variables
=====================
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index d4407b1..8d68669 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -176,8 +176,10 @@ update_tree()
{
local tab_=" "
# $2 is a filename from the repo format
- (git ls-tree "$1" | xgrep -v -E '\b'"$2"'$';
- xecho "100644 blob $3$tab_$2") | git mktree
+ (set +e;
+ git ls-tree "$1" | xgrep -v -E '\b'"$2"'$';
+ xecho "100644 blob $3$tab_$2"
+ ) | git mktree
}
# Put giturl $1, file $2
@@ -404,6 +406,8 @@ read_config()
git config --path user.signingkey || :)
conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
git config --get gcrypt.participants '.+' || :)
+ Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' ||
+ git config --get --bool gcrypt.publish-participants || :)
# Figure out which keys we should encrypt to or accept signatures from
if isnull "$conf_part" || iseq "$conf_part" simple
@@ -438,7 +442,13 @@ read_config()
}
# Check 'E'ncrypt capability
cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :)
- iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_"
+ if ! iseq "${cap_#*E}" "$cap_"; then
+ if [ "$Conf_pubish_participants" = true ]; then
+ Recipients="$Recipients -r $keyid_"
+ else
+ Recipients="$Recipients -R $keyid_"
+ fi
+ fi
done
if isnull "$Recipients"
@@ -876,6 +886,7 @@ then
URL=$2
setup
ensure_connected
+ git remote remove $NAME 2>/dev/null || true
if iseq "$Did_find_repo" "no"
then
exit 100