From c826c392088ab12bedc1b549b58c7a7a91e2153c Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Fri, 27 Sep 2013 16:47:43 -0400
Subject: remove any git config for dummy-gcrypt-check remote

The gcrypt-id is cached to there when running --check
---
 git-remote-gcrypt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 22f19dd..0a382e2 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -865,6 +865,7 @@ then
 	URL=$2
 	setup
 	ensure_connected
+	git remote remove $NAME 2>/dev/null || true
 	if iseq "$Did_find_repo" "no"
 	then
 		exit 100
-- 
cgit v1.2.3


From 8b619df24a503fae088174824e9041d54caf011d Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Thu, 15 May 2014 14:27:56 -0400
Subject: Fix to work when there is no controlling terminal, but GPG_AGENT_INFO
 is set. Pass --no-tty to gpg in this situation. This is needed to
 interoperate with the git-annex assistant, which often runs without a
 controlling terminal, and will in a new version always do so.

Conflicts:
	debian/changelog
---
 git-remote-gcrypt | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 0a382e2..8c1efa6 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -18,7 +18,6 @@
 # See README.rst for usage instructions
 
 set -e # errexit
-set -u # nounset
 set -f # noglob
 set -C # noclobber
 
@@ -313,14 +312,14 @@ CLEAN_FINAL()
 
 ENCRYPT()
 {
-	gpg --batch --force-mdc --compress-algo none --trust-model=always --passphrase-fd 3 -c 3<<EOF
+	rungpg --batch --force-mdc --compress-algo none --trust-model=always --passphrase-fd 3 -c 3<<EOF
 $1
 EOF
 }
 
 DECRYPT()
 {
-	gpg -q --batch --no-default-keyring --secret-keyring /dev/null \
+	rungpg -q --batch --no-default-keyring --secret-keyring /dev/null \
 		--keyring /dev/null --passphrase-fd 3 -d  3<<EOF
 $1
 EOF
@@ -333,7 +332,7 @@ PRIVENCRYPT()
 	if isnonnull "$Conf_signkey"; then
 		set -- "$@" -u "$Conf_signkey"
 	fi
-	gpg --compress-algo none --trust-model=always -se "$@"
+	rungpg --compress-algo none --trust-model=always -se "$@"
 }
 
 # $1 is the match for good signature, $2 is the textual signers list
@@ -341,7 +340,7 @@ PRIVDECRYPT()
 {
 	local status_=
 	exec 4>&1 &&
-	status_=$(gpg  --status-fd 3 -q -d 3>&1 1>&4) &&
+	status_=$(rungpg --status-fd 3 -q -d 3>&1 1>&4) &&
 	xfeed "$status_" grep "^\[GNUPG:\] ENC_TO " >/dev/null &&
 	(xfeed "$status_" grep -e "$1" >/dev/null || {
 		echo_info "Failed to verify manifest signature!" &&
@@ -353,17 +352,29 @@ PRIVDECRYPT()
 # Generate $1 random bytes
 genkey()
 {
-	gpg --armor --gen-rand 1 "$1"
+	rungpg --armor --gen-rand 1 "$1"
 }
 
 gpg_hash()
 {
 	local hash_=
-	hash_=$(gpg --with-colons --print-md "$1" | tr A-F a-f)
+	hash_=$(rungpg --with-colons --print-md "$1" | tr A-F a-f)
 	hash_=${hash_#:*:}
 	xecho "${hash_%:}"
 }
 
+rungpg()
+{
+	# gpg will fail to run when there is no controlling tty,
+	# due to trying to print messages to it, even if a gpg agent is set
+	# up. --no-tty fixes this.
+	if [ "x$GPG_AGENT_INFO" != "x" ]; then
+		gpg --no-tty "$@"
+	else
+		gpg "$@"
+	fi
+}
+
 # Pass the branch/ref by pipe to git
 safe_git_rev_parse()
 {
@@ -407,7 +418,7 @@ read_config()
 
 	for recp_ in $conf_part
 	do
-		gpg_list=$(gpg --with-colons --fingerprint -k "$recp_")
+		gpg_list=$(rungpg --with-colons --fingerprint -k "$recp_")
 		filter_to @r_keyinfo "pub*" "$gpg_list"
 		filter_to @r_keyfpr "fpr*" "$gpg_list"
 		isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" ||
-- 
cgit v1.2.3


From 0ce768c4ddc4f28d18f0b00dd6798f19fd1f7f8e Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Mon, 19 May 2014 18:20:51 -0400
Subject: fix on OSX

set -e causes the xecho to not run if the xgrep fails. At least with OSX's
/bin/sh, which is:

GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)

This didn't happen on Linux with:

GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)

Possibly a bug in bash, or an OSX-specific bug. However, disabling set -e
in the subshell seems a good idea anyway.

fixes https://github.com/blake2-ppc/git-remote-gcrypt/issues/15
---
 git-remote-gcrypt | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 8c1efa6..2295111 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -176,8 +176,10 @@ update_tree()
 {
 	local tab_="	"
 	# $2 is a filename from the repo format
-	(git ls-tree "$1" | xgrep -v -E '\b'"$2"'$';
-		xecho "100644 blob $3$tab_$2") | git mktree
+	(set +e;
+		git ls-tree "$1" | xgrep -v -E '\b'"$2"'$';
+		xecho "100644 blob $3$tab_$2"
+	) | git mktree
 }
 
 # Put giturl $1, file $2
-- 
cgit v1.2.3


From 5dcc77f507d497fe4023e94a47b6a7a1f1146bce Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 15 Jul 2014 17:16:32 -0400
Subject: added gcrypt.publish-participants configuration

Fixes https://github.com/blake2-ppc/git-remote-gcrypt/issues/9
---
 README.rst        | 12 ++++++++++++
 git-remote-gcrypt | 10 +++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index fedd6b0..ba06259 100644
--- a/README.rst
+++ b/README.rst
@@ -60,6 +60,17 @@ The following ``git-config(1)`` variables are supported:
     The ``gcrypt-participants`` setting on the remote takes precedence
     over the repository variable ``gcrypt.participants``.
 
+``remote.<name>.gcrypt-publish-participants``
+    ..
+``gcrypt.publish-participants``
+    By default, the gpg key ids of the participants are obscured by
+    encrypting using `gpg -R`. Setting this option to `true` disables
+    that security measure.
+
+    The problem with using `gpg -R` is that to decrypt, gpg tries each
+    available secret key in turn until it finds a usable key.
+    This can result in unncessary passphrase prompts.
+
 ``remote.<name>.gcrypt-signingkey``
     ..
 ``user.signingkey``
@@ -68,6 +79,7 @@ The following ``git-config(1)`` variables are supported:
     part of the participant list. You may use the per-remote version
     to sign different remotes using different keys.
 
+
 Environment Variables
 =====================
 
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 2295111..8d68669 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -406,6 +406,8 @@ read_config()
 		git config --path user.signingkey || :)
 	conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
 		    git config --get gcrypt.participants '.+' || :)
+	Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' ||
+		git config --get --bool gcrypt.publish-participants || :)
 
 	# Figure out which keys we should encrypt to or accept signatures from
 	if isnull "$conf_part" || iseq "$conf_part" simple
@@ -440,7 +442,13 @@ read_config()
 		}
 		# Check 'E'ncrypt capability
 		cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :)
-		iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_"
+		if ! iseq "${cap_#*E}" "$cap_"; then
+			if [ "$Conf_pubish_participants" = true ]; then
+				Recipients="$Recipients -r $keyid_"
+			else
+				Recipients="$Recipients -R $keyid_"
+			fi
+		fi
 	done
 
 	if isnull "$Recipients"
-- 
cgit v1.2.3