Require signed masterkey (REPO FORMAT CHANGE)

author: root <root@localhost> 2013-02-14 00:00:00 +0000
committer: root <root@localhost> 2013-02-14 00:00:00 +0000
commit: a0e16ce7dfb5c282963858bcef20768aa2f3d7f8 (patch)
tree: e19abff1a106ee4f8f2a868b386c4a1555870eaa /git-remote-gcrypt
parent: d03fcad84d65e0951454cb8566e55082c3fb0bbd (diff)
download: git-remote-gcrypt-a0e16ce7dfb5c282963858bcef20768aa2f3d7f8.tar.gz
1 files changed, 36 insertions, 9 deletions
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 4374cb5..9856f19 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -174,6 +174,11 @@ CLEARSIGN()
 	fi
 }
 
+CHECKSIGN()
+{
+	gpg -q --no-default-keyring --keyring "$CONF_KEYRING" -d
+}
+
 DECRYPT()
 {
 	(printf "%s" "$MASTERKEY" | \
@@ -199,6 +204,7 @@ make_new_repo()
 	# The MASTERKEY is encrypted to all RECIPIENTS. The key is a long
 	# ascii-encoded string used for symmetric encryption with GnuPG.
 	local RECIPIENTS
+	local KEYSIGN
 	echo_info "Setting up new repository at $URL"
 	RECIPIENTS="$(gpg --no-default-keyring --keyring "$CONF_KEYRING" \
 		--with-colons -k | xgrep ^pub | cut -f5 -d:)"
@@ -216,10 +222,37 @@ make_new_repo()
 	echo_info "Encrypting to \"$RECIPIENTS\""
 	echo_info "Generating new master key"
 	MASTERKEY="$(genkey)"
-	printf "%s" "$MASTERKEY" | \
-		gpg --compress-algo none -e $RECIPIENTS | PUT "$URL" masterkey
+	KEYSIGN=$(printf "%s\n" "$MASTERKEY" | gpg --output - --clearsign)
+	TMPMASTERKEY_ENC="$LOCALDIR/masterenc.$$"
+	trap 'rm -f "$TMPMASTERKEY_ENC"' EXIT
+	printf "%s" "$KEYSIGN" | gpg --no-default-keyring \
+		--keyring "$CONF_KEYRING" --compress-algo none -e $RECIPIENTS \
+		> "$TMPMASTERKEY_ENC"
+	PUT "$URL" masterkey < "$TMPMASTERKEY_ENC"
+	rm -f "$TMPMASTERKEY_ENC"
+	trap EXIT
+}
+
+get_masterkey()
+{
+	TMPMASTERKEY_ENC="$LOCALDIR/masterenc.$$"
+	trap 'rm -f "$TMPMASTERKEY_ENC"' EXIT
+	echo_info "Verifying masterkey signature"
+	GET "$URL" masterkey 2>/dev/null > "$TMPMASTERKEY_ENC" || return 0
+	#echo_info "Opening Master Key"
+	gpg -q -d < "$TMPMASTERKEY_ENC" | CHECKSIGN || {
+		echo_info "Opening of master key failed!"
+		echo_info "Using keyring $CONF_KEYRING"
+		if [ "$CONF_KEYRING" = "/dev/null" ] ; then
+		echo_info "Please configure gcrypt.keyring"
+		fi
+		exit 1
+	}
+	rm -f "$TMPMASTERKEY_ENC"
+	trap EXIT
 }
 
+
 read_config()
 {
 	CONF_SIGN_MANIFEST=$(git config --bool gcrypt.signmanifest || :)
@@ -250,8 +283,7 @@ ensure_connected()
 	then
 		# Use gpg to verify and strip the signature
 		echo_info "Verifying manifest signature"
-		STRIPDATA="$(printf "%s" "$MANIFESTDATA" | \
-		gpg -q --no-default-keyring --keyring "$CONF_KEYRING" -d || {
+		STRIPDATA="$(printf "%s" "$MANIFESTDATA" | CHECKSIGN || {
 			echo_info "WARNING: Failed to verify signature from $URL"
 			echo_info "WARNING: Using keyring $CONF_KEYRING"
 			if [ "$CONF_KEYRING" = "/dev/null" ] ; then
@@ -269,11 +301,6 @@ ensure_connected()
 	PACKLIST=$(printf "%s\n" "$MANIFESTDATA" | xgrep "^$PACKPFX")
 }
 
-get_masterkey()
-{
-	GET "$URL" masterkey 2>/dev/null | gpg -q -d || :
-}
-
 do_capabilities()
 {
 	echo fetch
author	root <root@localhost>	2013-02-14 00:00:00 +0000
committer	root <root@localhost>	2013-02-14 00:00:00 +0000
commit	a0e16ce7dfb5c282963858bcef20768aa2f3d7f8 (patch)
tree	e19abff1a106ee4f8f2a868b386c4a1555870eaa /git-remote-gcrypt
parent	d03fcad84d65e0951454cb8566e55082c3fb0bbd (diff)
download	git-remote-gcrypt-a0e16ce7dfb5c282963858bcef20768aa2f3d7f8.tar.gz