diff options
| -rw-r--r-- | README.rst | 6 | ||||
| -rwxr-xr-x | git-remote-gcrypt | 13 |
2 files changed, 16 insertions, 3 deletions
@@ -52,14 +52,16 @@ Configuration gpg --export KEYID1 > <path-to-keyring> git config gcrypt.keyring <path-to-keyring> - .. NOTE:: The user's gnupg configuration for encryption algorithms are used. - Check your keys and preferences, see `man gpg`. + .. NOTE:: GnuPG's configuration applies. Check your key and general + preferences, see `man gpg`. + All readers of the repository must have their pubkey included in the keyring used when pushing. All writers must have the complete set of pubkeys available. You can commit the keyring to the repo, further key management features do not yet exist. ++ gcrypt obeys `user.signingkey` + Repository Format ----------------- diff --git a/git-remote-gcrypt b/git-remote-gcrypt index db47673..14a2fe8 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -184,6 +184,16 @@ CLEAN_FINAL() isurl gitception "$1" && git update-ref -d "$Gref" || : } +addsignkeyparam() +{ + if isnull "$Conf_signkey"; then + "$@" + else + "$@" -u "$Conf_signkey" + fi +} + + ENCRYPT() { gpg --batch --force-mdc --compress-algo none --passphrase-fd 3 -c 3<<EOF @@ -202,7 +212,7 @@ EOF # Encrypt to recipients $1 PRIVENCRYPT() { - gpg --no-default-keyring --keyring "$Conf_keyring" \ + addsignkeyparam gpg --no-default-keyring --keyring "$Conf_keyring" \ --compress-algo none -se $1 } @@ -282,6 +292,7 @@ make_new_repo() read_config() { Conf_keyring=$(git config --path gcrypt.keyring || xecho "/dev/null") + Conf_signkey=$(git config --path user.signingkey || :) } ensure_connected() |