| Commit message (Collapse) | Author | Age |
... | |
|
|
|
|
| |
Simply treat absolute paths that do not lead to a HEAD file as local
directory backends, and all other as git backends.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
A separate key per pack is simpler and costs us very little; with
repack changes later it will be possible to change keys regularly.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This way we do not show any sensitive data to the [ program.
|
|
|
|
|
| |
Use cat <<EOF etc for safe output of all data to pipes (mostly that we
don't know what the shell does with echo and printf).
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a simplification and defends at someone maliciously switching
around different sign+encrypted manifest files of the same user. This
way we verify the repository we read is the repository we want.
Repo ID is not secret. Only requirement is that the same user does not
generate the same repo id more than onece.
|
| |
|
|
|
|
|
|
| |
We rely on gpg to exit with success, but we also check the status output
to verify that the expected action (decrypt with privkey or verify) was
performed.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
To verify signatures, we need a small keyring where the user has
selected just the keys who are allowed to access and update the
repository.
|
| |
|
| |
|
|
|
|
|
| |
Make sure we do not overwrite FETCH_HEAD. Using stacked gitception://
URLs was useful to make sure we handle our temporaries in a safe way.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|