diff options
| author | root <root@localhost> | 2013-02-14 00:00:00 +0000 |
|---|---|---|
| committer | root <root@localhost> | 2013-02-14 00:00:00 +0000 |
| commit | d03fcad84d65e0951454cb8566e55082c3fb0bbd (patch) | |
| tree | 7ad20c19f7cac64694bccd411ef240115452852e /git-remote-gcrypt | |
| parent | 3d90c4ab16805654a2e64682d94798971b80f484 (diff) | |
| download | git-remote-gcrypt-d03fcad84d65e0951454cb8566e55082c3fb0bbd.tar.gz | |
Use git config gcrypt.keyring for repository security
To verify signatures, we need a small keyring where the user has
selected just the keys who are allowed to access and update the
repository.
Diffstat (limited to 'git-remote-gcrypt')
| -rwxr-xr-x | git-remote-gcrypt | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 2bdfbfb..4374cb5 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -200,16 +200,20 @@ make_new_repo() # ascii-encoded string used for symmetric encryption with GnuPG. local RECIPIENTS echo_info "Setting up new repository at $URL" + RECIPIENTS="$(gpg --no-default-keyring --keyring "$CONF_KEYRING" \ + --with-colons -k | xgrep ^pub | cut -f5 -d:)" # Split recipients by space, example "a b c" => -R a -R b -R c - RECIPIENTS=$(git config gcrypt.recipients | sed -e 's/\([^ ]\+\)/-R &/g') + RECIPIENTS=$(printf "%s" $RECIPIENTS | sed -e 's/\([^ ]\+\)/-R &/g') if [ -z "$RECIPIENTS" ] then - echo_info "You must configure which GnuPG recipients can access the repository." - echo_info "To setup for all your git repositories, use::" - echo_info " git config --global gcrypt.recipients KEYID" + echo_info "You must configure a keyring for the repository." + echo_info "Use ::" + echo_info " gpg --export KEYID1 > <path-to-keyring>" + echo_info " git config gcrypt.keyring <path-to-keyring>" exit 1 fi PUTREPO "$URL" + echo_info "Encrypting to \"$RECIPIENTS\"" echo_info "Generating new master key" MASTERKEY="$(genkey)" printf "%s" "$MASTERKEY" | \ @@ -220,6 +224,7 @@ read_config() { CONF_SIGN_MANIFEST=$(git config --bool gcrypt.signmanifest || :) CONF_REQUIRE_SIGN=$(git config --bool gcrypt.requiresign || :) + CONF_KEYRING=$(git config --path gcrypt.keyring || printf "/dev/null") } ensure_connected() @@ -245,8 +250,13 @@ ensure_connected() then # Use gpg to verify and strip the signature echo_info "Verifying manifest signature" - STRIPDATA="$(printf "%s" "$MANIFESTDATA" | gpg --batch || { + STRIPDATA="$(printf "%s" "$MANIFESTDATA" | \ + gpg -q --no-default-keyring --keyring "$CONF_KEYRING" -d || { echo_info "WARNING: Failed to verify signature from $URL" + echo_info "WARNING: Using keyring $CONF_KEYRING" + if [ "$CONF_KEYRING" = "/dev/null" ] ; then + echo_info "WARNING: Please configure gcrypt.keyring" + fi if [ "$CONF_REQUIRE_SIGN" = "true" ] ; then echo_info "Exiting per gcrypt.requiresign" && exit 1 fi |