diff options
-rw-r--r-- | .gitignore | 3 | ||||
l--------- | CHANGELOG | 1 | ||||
-rw-r--r-- | README.rst | 20 | ||||
-rw-r--r-- | debian/changelog | 49 | ||||
-rw-r--r-- | debian/control | 11 | ||||
-rw-r--r-- | debian/copyright | 17 | ||||
-rw-r--r-- | debian/docs | 1 | ||||
-rw-r--r-- | debian/gbp.conf | 20 | ||||
-rw-r--r-- | debian/links | 1 | ||||
-rw-r--r-- | debian/patches/0001-Debianise-README.patch | 24 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/source/format | 1 | ||||
-rw-r--r-- | debian/source/lintian-overrides | 2 | ||||
-rwxr-xr-x | git-remote-gcrypt | 27 |
14 files changed, 153 insertions, 25 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2395a05 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/debian/files +/debian/git-remote-gcrypt.substvars +/debian/git-remote-gcrypt diff --git a/CHANGELOG b/CHANGELOG new file mode 120000 index 0000000..d526672 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1 @@ +debian/changelog
\ No newline at end of file @@ -24,14 +24,10 @@ The aim is to provide confidential, authenticated git storage and collaboration using typical untrusted file hosts or services. PLEASE help us evaluate how well we meet this design goal! -.. NOTE:: This is a development version -- Repository format MAY CHANGE. - Quickstart .......... -* Install ``git-remote-gcrypt`` by running the supplied ``install.sh`` script. - -* Create an encrypted remote by pushing to it:: +Create an encrypted remote by pushing to it:: git remote add cryptremote gcrypt::rsync://example.com:repo git push cryptremote master @@ -79,6 +75,9 @@ The following ``git-config(1)`` variables are supported: part of the participant list. You may use the per-remote version to sign different remotes using different keys. +``gcrypt.gpg-args`` + The contents of this setting are passed as arguments to gpg. + E.g. ``--use-agent``. Environment Variables ===================== @@ -86,6 +85,17 @@ Environment Variables *GCRYPT_FULL_REPACK* This environment variable forces full repack when pushing. +Note to users of GnuPG version 2 +================================ + +When a repository was pushed with ``gcrypt.publish-participants`` +false (i.e. the recipient is anonymous), and you are using GnuPG +version 2, you will need to include ``--try-all-secrets`` or +``--try-secret-key ID`` in ``gcrypt.gpg-args``. + +GnuPG version 1 always tries all available secret keys when it +encounters a message with an anonymous recipient. + Examples ======== diff --git a/debian/changelog b/debian/changelog index d7e6620..880d7c1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,46 @@ +git-remote-gcrypt (1.0.0-1) unstable; urgency=medium + + Upstream: + * Taking over as upstream maintainer. + * Remove notice about repository format potentially changing. + * Implement gcrypt.gpg-args git config setting (Closes: #771011). + * Respect git config gpg.program if configured. + Thanks Christian Amsüss. (Closes: #827943) + * Don't reset the remote ID when a gcrypt remote is not available. + Thanks Sebastian Reuße. (Closes: #827943) + * Suppress bogus warning about keyid matching multiple fingerprints. + Based on work by Raphaël Droz. + Closes https://github.com/joeyh/git-remote-gcrypt/pull/2 + * Add "Note to users of GnuPG version 2" section to README.rst. + See https://github.com/joeyh/git-remote-gcrypt/pull/1 + + Debian packaging: + * Drop patch containing changes by Joey Hess: incorporated in release. + - Update d/copyright accordingly. + * Patch README.rst to remove references to installation. + * Add d/links to avoid duplicate changelogs Lintian warning. + * Drop Lintian override of no-upstream-changelog. + * Update URIs in old changelog entries. + * Add a comment to d/source/lintian-overrides. + * Bump standards version to 3.9.8 (no changes required). + + -- Sean Whitton <spwhitton@spwhitton.name> Mon, 04 Jul 2016 19:18:48 +0900 + +git-remote-gcrypt (0.20130908-8) unstable; urgency=medium + + * Adopt git-remote-gcrypt package (Closes: #771020). + * Install man page using rst2man, rather than just installing README.rst + (Closes: #725455). + * Add Vcs-Git: & Vcs-Browser: pointing at my repository. + * Switch dpkg-source format to 3.0 (quilt). + * Move changes by Joey Hess into a quilt patch. + Update debian/copyright accordingly. + * Bump Standards-Version. + * Add debian/gbp.conf. + * Override Lintian tags no-upstream-changelog & debian-watch-file-is-missing. + + -- Sean Whitton <spwhitton@spwhitton.name> Thu, 07 Jan 2016 11:03:01 -0700 + git-remote-gcrypt (0.20130908-7) unstable; urgency=medium * Added gcrypt.publish-participants configuration setting. @@ -16,10 +59,10 @@ git-remote-gcrypt (0.20130908-6) unstable; urgency=medium git-remote-gcrypt (0.20130908-5) unstable; urgency=low * Better signature validation for subkeys. - Closes https://github.com/blake2-ppc/git-remote-gcrypt/pull/7 + Closes https://github.com/bluss/git-remote-gcrypt/pull/7 * Stop passing --fast-list to gpg as this sometimes causes it to not display key fingerprints, which git-remote-gcrpyt needs. - Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/8 + Closes https://github.com/bluss/git-remote-gcrypt/issues/8 -- Joey Hess <joeyh@debian.org> Thu, 26 Sep 2013 15:58:52 -0400 @@ -39,7 +82,7 @@ git-remote-gcrypt (0.20130908-2) unstable; urgency=low * Set --trust-model=always when encrypting. Needed to interoperate with git-annex. - Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/3 + Closes https://github.com/bluss/git-remote-gcrypt/issues/3 -- Joey Hess <joeyh@debian.org> Mon, 16 Sep 2013 15:49:16 -0400 diff --git a/debian/control b/debian/control index e3ec704..6e1410b 100644 --- a/debian/control +++ b/debian/control @@ -1,14 +1,15 @@ Source: git-remote-gcrypt Section: vcs Priority: optional -Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.9.0) -Maintainer: Joey Hess <joeyh@debian.org> -Standards-Version: 3.9.4 -Homepage: https://github.com/blake2-ppc/git-remote-gcrypt +Build-Depends: debhelper (>= 9), python-docutils (>= 0.12+dfsg) +Maintainer: Sean Whitton <spwhitton@spwhitton.name> +Standards-Version: 3.9.8 +Homepage: https://github.com/bluss/git-remote-gcrypt +Vcs-Git: https://git.spwhitton.name/git-remote-gcrypt +Vcs-Browser: https://git.spwhitton.name/?p=git-remote-gcrypt.git;a=summary Package: git-remote-gcrypt Architecture: all -Section: vcs Depends: git, gnupg | gnupg2, ${misc:Depends} Recommends: rsync, curl Description: encrypted git repositories diff --git a/debian/copyright b/debian/copyright index 03bf18a..c5497b4 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,8 +1,17 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Source: https://github.com/blake2-ppc/git-remote-gcrypt +Source: https://git.spwhitton.name/git-remote-gcrypt Files: * -Copyright: 2013 by engla +Copyright: (C) 2013 engla + (C) 2013, 2014 Joey Hess <id@joeyh.name> + (C) 2016 Sean Whitton and contributors License: GPL-2+ - On Debian systems, the complete text of the GPL can be found in - /usr/share/common-licenses/GPL. + +Files: debian/* +Copyright: (C) 2015-2016 Sean Whitton <spwhitton@spwhitton.name> + (C) 2013, 2014 Joey Hess <id@joeyh.name> +License: GPL-2+ + +License: GPL-2+ + On Debian systems, the complete text of the GPL-2 can be found in + /usr/share/common-licenses/GPL-2. diff --git a/debian/docs b/debian/docs deleted file mode 100644 index a1320b1..0000000 --- a/debian/docs +++ /dev/null @@ -1 +0,0 @@ -README.rst diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..ff9c2ec --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,20 @@ +[DEFAULT] + +# Debian package maintainer is upstream project maintainer, so +# everything lives on the master branch (from ver. 1.0.0-1 onwards) +upstream-branch = master +debian-branch = master +# However, separate tags (e.g. one commit tagged both 1.0.0 and +# debian/1.0.0-1) because git-remote-gcrypt is meant to be usable +# outside of Debian +upstream-tag = %(version)s +debian-tag = debian/%(version)s + +# Some standard gbp settings +sign-tags = True +pristine-tar = True +pristine-tar-commit = True + +color = on +compression = xz +compression-level = 9 diff --git a/debian/links b/debian/links new file mode 100644 index 0000000..d61fdf7 --- /dev/null +++ b/debian/links @@ -0,0 +1 @@ +/usr/share/doc/git-remote-gcrypt/changelog /usr/share/doc/git-remote-gcrypt/changelog.Debian diff --git a/debian/patches/0001-Debianise-README.patch b/debian/patches/0001-Debianise-README.patch new file mode 100644 index 0000000..e011664 --- /dev/null +++ b/debian/patches/0001-Debianise-README.patch @@ -0,0 +1,24 @@ +From: Sean Whitton <spwhitton@spwhitton.name> +Date: Sun, 17 Jan 2016 22:47:52 -0700 +Subject: Debianise-README + +Remove reference to installation. +--- + README.rst | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/README.rst b/README.rst +index 148abad..19a9d9d 100644 +--- a/README.rst ++++ b/README.rst +@@ -27,9 +27,7 @@ PLEASE help us evaluate how well we meet this design goal! + Quickstart + .......... + +-* Install ``git-remote-gcrypt`` by running the supplied ``install.sh`` script. +- +-* Create an encrypted remote by pushing to it:: ++Create an encrypted remote by pushing to it:: + + git remote add cryptremote gcrypt::rsync://example.com:repo + git push cryptremote master diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..93971b0 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +0001-Debianise-README.patch diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..43e41b2 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,2 @@ +# upstream maintainer is Debian maintainer +debian-watch-file-is-missing diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 8d68669..61fed76 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -30,6 +30,7 @@ Manifestfile=91bd0c092128cf2e60e1a608c31e92caf1f9c1595f83f2890ef17c0e4881aa0a Hex40="[a-f0-9]" Hex40=$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40 Hex40=$Hex40$Hex40$Hex40$Hex40$Hex40 # Match SHA-1 hexdigest +GPG="$(git config --get "gpg.program" '.+' || echo gpg)" Did_find_repo= # yes for connected, no for no repo Localdir="${GIT_DIR:=.git}/remote-gcrypt" @@ -367,13 +368,16 @@ gpg_hash() rungpg() { + if isnonnull "$Conf_gpg_args"; then + set -- "$Conf_gpg_args" "$@" + fi # gpg will fail to run when there is no controlling tty, # due to trying to print messages to it, even if a gpg agent is set # up. --no-tty fixes this. if [ "x$GPG_AGENT_INFO" != "x" ]; then - gpg --no-tty "$@" + ${GPG} --no-tty "$@" else - gpg "$@" + ${GPG} "$@" fi } @@ -401,13 +405,14 @@ make_new_repo() # $1 return var for goodsig match, $2 return var for signers text read_config() { - local recp_= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_= + local recp_= r_tail= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_= Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' || git config --path user.signingkey || :) conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || git config --get gcrypt.participants '.+' || :) Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' || git config --get --bool gcrypt.publish-participants || :) + Conf_gpg_args=$(git config --get gcrypt.gpg-args '.+' || :) # Figure out which keys we should encrypt to or accept signatures from if isnull "$conf_part" || iseq "$conf_part" simple @@ -423,8 +428,13 @@ read_config() for recp_ in $conf_part do gpg_list=$(rungpg --with-colons --fingerprint -k "$recp_") + r_tail_=$(echo "$recp_" | sed -e 's/^0x//') filter_to @r_keyinfo "pub*" "$gpg_list" - filter_to @r_keyfpr "fpr*" "$gpg_list" + if echo "$recp_" | grep -E -q '^[xA-F0-9]+$'; then # is $recp_ a keyid? + filter_to @r_keyfpr "fpr*$r_tail_*" "$gpg_list" + else + filter_to @r_keyfpr "fpr*" "$gpg_list" + fi isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" || echo_info "WARNING: '$recp_' matches multiple keys, using one" isnull "$r_keyfpr" || isnonnull "${r_keyfpr##*"$Newline"*}" || @@ -505,7 +515,12 @@ ensure_connected() tmp_manifest="$Tempdir/maniF" GET "$URL" "$Manifestfile" "$tmp_manifest" 2>/dev/null || { echo_info "Repository not found: $URL" - return 0 + if ! isnull "$Repoid"; then + echo_info "..but repository ID is set. Aborting." + return 1 + else + return 0 + fi } Did_find_repo=yes @@ -816,8 +831,6 @@ setup() trap cleanup_tmpfiles EXIT trap 'exit 1' 1 2 3 15 - - echo_info "Development version -- Repository format MAY CHANGE" } # handle git-remote-helpers protocol |