From 912a827570fd01d27c8d6bb8b8aaae8c455488b9 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 16 Sep 2013 15:45:10 -0400 Subject: [PATCH 01/13] set --trust-model=always when encrypting Otherwise gpg may prompt to verify if we want to encrypt to users who do not have a defined trust level. But, the participants setting explicitly listed them, so we know we want to encrypt to them. closes #3 --- git-remote-gcrypt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index bb19652..182c5cb 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -313,7 +313,7 @@ CLEAN_FINAL() ENCRYPT() { - gpg --batch --force-mdc --compress-algo none --passphrase-fd 3 -c 3< Date: Tue, 17 Sep 2013 15:30:25 -0400 Subject: [PATCH 02/13] add remote..gcrypt-signingkey config This is needed by git-annex assistant when it sets up a gcrypt repository, to ensure that the gpg key it was asked to use to encrypt the repo is the same key used to sign it. If it's not, pulling from the repo won't work, due to git-remote-gcrypt's "Only accepting signatories" check. The user may have a global user.signingkey setting (I do), but be setting up a different special-purpose key for encrypting their git repo. The git-annex assistant cannot mess with the global value, so needs this to override it. --- README.rst | 9 ++++++--- git-remote-gcrypt | 3 ++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index f177913..6fc4636 100644 --- a/README.rst +++ b/README.rst @@ -60,10 +60,13 @@ The following ``git-config(1)`` variables are supported: The ``gcrypt-participants`` setting on the remote takes precedence over the repository variable ``gcrypt.participants``. +``remote..gcrypt-signingkey`` + .. ``user.signingkey`` - (From regular git configuration) The key to use for signing. You - should set ``user.signingkey`` if your default signing key is not - part of the participant list. + (The latter from regular git configuration) The key to use for signing. + You should set ``user.signingkey`` if your default signing key is not + part of the participant list. You may use the per-remote version + to sign different remotes using different keys. Environment Variables ===================== diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 182c5cb..bf75777 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -389,7 +389,8 @@ make_new_repo() read_config() { local recp_= r_keyinfo= cap_= conf_part= good_sig= signers_= - Conf_signkey=$(git config --path user.signingkey || :) + Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' || + git config --path user.signingkey || :) conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || git config --get gcrypt.participants '.+' || :) From 4f9883421653a8a3c5ebe3c8f7507af183af0b94 Mon Sep 17 00:00:00 2001 From: Justin Burnham Date: Wed, 18 Sep 2013 23:27:32 -0700 Subject: [PATCH 03/13] Better signature validation for subkeys. --- git-remote-gcrypt | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index bb19652..94e7d58 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -388,7 +388,7 @@ make_new_repo() # $1 return var for goodsig match, $2 return var for signers text read_config() { - local recp_= r_keyinfo= cap_= conf_part= good_sig= signers_= + local recp_= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_= Conf_signkey=$(git config --path user.signingkey || :) conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || git config --get gcrypt.participants '.+' || :) @@ -406,16 +406,21 @@ read_config() for recp_ in $conf_part do - filter_to @r_keyinfo "pub*" \ - "$(gpg --with-colons --fast-list -k "$recp_")" + gpg_list=$(gpg --with-colons --fast-list --fingerprint -k "$recp_") + filter_to @r_keyinfo "pub*" "$gpg_list" + filter_to @r_keyfpr "fpr*" "$gpg_list" isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" || echo_info "WARNING: '$recp_' matches multiple keys, using one" + isnull "$r_keyfpr" || isnonnull "${r_keyfpr##*"$Newline"*}" || + echo_info "WARNING: '$recp_' matches multiple fingerprints, using one" r_keyinfo=${r_keyinfo%%"$Newline"*} + r_keyfpr=${r_keyfpr%%"$Newline"*} keyid_=$(xfeed "$r_keyinfo" cut -f 5 -d :) + fprid_=$(xfeed "$r_keyfpr" cut -f 10 -d :) - isnonnull "$keyid_" && + isnonnull "$fprid_" && signers_="$signers_ $keyid_" && - append_to @good_sig "^\[GNUPG:\] GOODSIG $keyid_" || { + append_to @good_sig "^\[GNUPG:\] VALIDSIG .*$fprid_$" || { echo_info "WARNING: Skipping missing key $recp_" continue } From 83d519179f5611641802b5de2b5f3f155798f61a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 19 Sep 2013 12:03:33 -0400 Subject: [PATCH 04/13] --check option to see if a repo exists and can be decrypted This is to allow programs to determine if a repo uses gcrypt, per #6. Since this program already knows the name of the manifest file and how to download it and decrypt it, it makes sense to do the check here rather than in, eg, git-annex. --- README.rst | 11 +++++++++++ git-remote-gcrypt | 33 +++++++++++++++++++++++++-------- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/README.rst b/README.rst index 6fc4636..3922376 100644 --- a/README.rst +++ b/README.rst @@ -173,6 +173,17 @@ Each item extends until newline, and matches one of the following: ``extn ...`` Extension field, preserved but unused. +Detecting gcrypt repos +====================== + +To detect if a git url is a gcrypt repo, use: git-remote-gcrypt --check url +Exit status if 0 if the repo exists and can be decrypted, 1 if the repo +uses gcrypt but could not be decrypted, and 100 if the repo does not +exist or could not be accessed. + +Note that this has to fetch the repo contents into the local git +repository, the same as is done when using a gcrypt repo. + See Also ======== diff --git a/git-remote-gcrypt b/git-remote-gcrypt index bf75777..67b0f67 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -779,14 +779,8 @@ cleanup_tmpfiles() rm -r -f -- "${Tempdir}" >&2 } -# handle git-remote-helpers protocol -gcrypt_main_loop() +setup() { - local input_= input_inner= r_args= temp_key= - - NAME=$1 # Remote name - URL=$2 # Remote URL - mkdir -p "$Localdir" # Set up a subdirectory in /tmp @@ -798,6 +792,17 @@ gcrypt_main_loop() trap 'exit 1' 1 2 3 15 echo_info "Development version -- Repository format MAY CHANGE" +} + +# handle git-remote-helpers protocol +gcrypt_main_loop() +{ + local input_= input_inner= r_args= temp_key= + + NAME=$1 # Remote name + URL=$2 # Remote URL + + setup while read input_ do @@ -849,4 +854,16 @@ gcrypt_main_loop() done } -gcrypt_main_loop "$@" +if [ "x$1" = x--check ] +then + NAME=dummy-gcrypt-check + URL=$2 + setup + ensure_connected + if iseq "$Did_find_repo" "no" + then + exit 100 + fi +else + gcrypt_main_loop "$@" +fi From 6ddc0589819f6366d4ffc7b650a4957a040d2979 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 19 Sep 2013 12:27:15 -0400 Subject: [PATCH 05/13] improve docs --- README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 3922376..fedd6b0 100644 --- a/README.rst +++ b/README.rst @@ -178,8 +178,8 @@ Detecting gcrypt repos To detect if a git url is a gcrypt repo, use: git-remote-gcrypt --check url Exit status if 0 if the repo exists and can be decrypted, 1 if the repo -uses gcrypt but could not be decrypted, and 100 if the repo does not -exist or could not be accessed. +uses gcrypt but could not be decrypted, and 100 if the repo is not +encrypted with gcrypt (or could not be accessed). Note that this has to fetch the repo contents into the local git repository, the same as is done when using a gcrypt repo. From b0174432a0a4842127560af87e1e0cc7b52581c0 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 26 Sep 2013 15:56:56 -0400 Subject: [PATCH 06/13] stop passing --fast-list For unknown reasons, it makes --list-keys sometimes not show fingerprints of certian keys. --- git-remote-gcrypt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 87db2a1..22f19dd 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -407,7 +407,7 @@ read_config() for recp_ in $conf_part do - gpg_list=$(gpg --with-colons --fast-list --fingerprint -k "$recp_") + gpg_list=$(gpg --with-colons --fingerprint -k "$recp_") filter_to @r_keyinfo "pub*" "$gpg_list" filter_to @r_keyfpr "fpr*" "$gpg_list" isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" || From c826c392088ab12bedc1b549b58c7a7a91e2153c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 27 Sep 2013 16:47:43 -0400 Subject: [PATCH 07/13] remove any git config for dummy-gcrypt-check remote The gcrypt-id is cached to there when running --check --- git-remote-gcrypt | 1 + 1 file changed, 1 insertion(+) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 22f19dd..0a382e2 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -865,6 +865,7 @@ then URL=$2 setup ensure_connected + git remote remove $NAME 2>/dev/null || true if iseq "$Did_find_repo" "no" then exit 100 From 8b619df24a503fae088174824e9041d54caf011d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 15 May 2014 14:27:56 -0400 Subject: [PATCH 08/13] Fix to work when there is no controlling terminal, but GPG_AGENT_INFO is set. Pass --no-tty to gpg in this situation. This is needed to interoperate with the git-annex assistant, which often runs without a controlling terminal, and will in a new version always do so. Conflicts: debian/changelog --- git-remote-gcrypt | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 0a382e2..8c1efa6 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -18,7 +18,6 @@ # See README.rst for usage instructions set -e # errexit -set -u # nounset set -f # noglob set -C # noclobber @@ -313,14 +312,14 @@ CLEAN_FINAL() ENCRYPT() { - gpg --batch --force-mdc --compress-algo none --trust-model=always --passphrase-fd 3 -c 3<&1 && - status_=$(gpg --status-fd 3 -q -d 3>&1 1>&4) && + status_=$(rungpg --status-fd 3 -q -d 3>&1 1>&4) && xfeed "$status_" grep "^\[GNUPG:\] ENC_TO " >/dev/null && (xfeed "$status_" grep -e "$1" >/dev/null || { echo_info "Failed to verify manifest signature!" && @@ -353,17 +352,29 @@ PRIVDECRYPT() # Generate $1 random bytes genkey() { - gpg --armor --gen-rand 1 "$1" + rungpg --armor --gen-rand 1 "$1" } gpg_hash() { local hash_= - hash_=$(gpg --with-colons --print-md "$1" | tr A-F a-f) + hash_=$(rungpg --with-colons --print-md "$1" | tr A-F a-f) hash_=${hash_#:*:} xecho "${hash_%:}" } +rungpg() +{ + # gpg will fail to run when there is no controlling tty, + # due to trying to print messages to it, even if a gpg agent is set + # up. --no-tty fixes this. + if [ "x$GPG_AGENT_INFO" != "x" ]; then + gpg --no-tty "$@" + else + gpg "$@" + fi +} + # Pass the branch/ref by pipe to git safe_git_rev_parse() { @@ -407,7 +418,7 @@ read_config() for recp_ in $conf_part do - gpg_list=$(gpg --with-colons --fingerprint -k "$recp_") + gpg_list=$(rungpg --with-colons --fingerprint -k "$recp_") filter_to @r_keyinfo "pub*" "$gpg_list" filter_to @r_keyfpr "fpr*" "$gpg_list" isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" || From 0ce768c4ddc4f28d18f0b00dd6798f19fd1f7f8e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 19 May 2014 18:20:51 -0400 Subject: [PATCH 09/13] fix on OSX set -e causes the xecho to not run if the xgrep fails. At least with OSX's /bin/sh, which is: GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13) This didn't happen on Linux with: GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu) Possibly a bug in bash, or an OSX-specific bug. However, disabling set -e in the subshell seems a good idea anyway. fixes https://github.com/blake2-ppc/git-remote-gcrypt/issues/15 --- git-remote-gcrypt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 8c1efa6..2295111 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -176,8 +176,10 @@ update_tree() { local tab_=" " # $2 is a filename from the repo format - (git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; - xecho "100644 blob $3$tab_$2") | git mktree + (set +e; + git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; + xecho "100644 blob $3$tab_$2" + ) | git mktree } # Put giturl $1, file $2 From 5dcc77f507d497fe4023e94a47b6a7a1f1146bce Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 15 Jul 2014 17:16:32 -0400 Subject: [PATCH 10/13] added gcrypt.publish-participants configuration Fixes https://github.com/blake2-ppc/git-remote-gcrypt/issues/9 --- README.rst | 12 ++++++++++++ git-remote-gcrypt | 10 +++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index fedd6b0..ba06259 100644 --- a/README.rst +++ b/README.rst @@ -60,6 +60,17 @@ The following ``git-config(1)`` variables are supported: The ``gcrypt-participants`` setting on the remote takes precedence over the repository variable ``gcrypt.participants``. +``remote..gcrypt-publish-participants`` + .. +``gcrypt.publish-participants`` + By default, the gpg key ids of the participants are obscured by + encrypting using `gpg -R`. Setting this option to `true` disables + that security measure. + + The problem with using `gpg -R` is that to decrypt, gpg tries each + available secret key in turn until it finds a usable key. + This can result in unncessary passphrase prompts. + ``remote..gcrypt-signingkey`` .. ``user.signingkey`` @@ -68,6 +79,7 @@ The following ``git-config(1)`` variables are supported: part of the participant list. You may use the per-remote version to sign different remotes using different keys. + Environment Variables ===================== diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 2295111..8d68669 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -406,6 +406,8 @@ read_config() git config --path user.signingkey || :) conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || git config --get gcrypt.participants '.+' || :) + Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' || + git config --get --bool gcrypt.publish-participants || :) # Figure out which keys we should encrypt to or accept signatures from if isnull "$conf_part" || iseq "$conf_part" simple @@ -440,7 +442,13 @@ read_config() } # Check 'E'ncrypt capability cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :) - iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_" + if ! iseq "${cap_#*E}" "$cap_"; then + if [ "$Conf_pubish_participants" = true ]; then + Recipients="$Recipients -r $keyid_" + else + Recipients="$Recipients -R $keyid_" + fi + fi done if isnull "$Recipients" From b86f0a024393cee93d997f61c044edbbfafc53d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Reu=C3=9Fe?= Date: Sun, 27 Dec 2015 11:27:38 +0100 Subject: [PATCH 11/13] Fix #20. When a gcrypt remote is not available, for any reason (network being down, the drive containing it not being mounted, etc), pushing to the remote causes a new repository ID to be created. Instead, we now fail loudly when a remote is unavailable and when the remote ID is already set. https://github.com/bluss/git-remote-gcrypt/issues/20 (cherry picked from commit b46d48af15e0f8b89f2666aff2c045c9306305d6) --- git-remote-gcrypt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 8d68669..9ca9552 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -505,7 +505,12 @@ ensure_connected() tmp_manifest="$Tempdir/maniF" GET "$URL" "$Manifestfile" "$tmp_manifest" 2>/dev/null || { echo_info "Repository not found: $URL" - return 0 + if ! isnull "$Repoid"; then + echo_info "..but repository ID is set. Aborting." + return 1 + else + return 0 + fi } Did_find_repo=yes From 1f5dc63db1c7a0bb45a1d5822142efc98b03c1c3 Mon Sep 17 00:00:00 2001 From: chrysn Date: Tue, 10 Nov 2015 13:52:49 +0100 Subject: [PATCH 12/13] Use git's the gpg.program if configured Keyrings managed with gpg2 can contain secret keys whose public part is unavailable to classic gpg; on the other hand, gpg2 won't see keys created in gpg after an initial import. Situations in which error messages like "gpg: error reading key: public key not found" pop up can now be circumvented by setting the gpg.program git configuration entry to gpg2. --- git-remote-gcrypt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 9ca9552..07e5429 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -30,6 +30,7 @@ Manifestfile=91bd0c092128cf2e60e1a608c31e92caf1f9c1595f83f2890ef17c0e4881aa0a Hex40="[a-f0-9]" Hex40=$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40$Hex40 Hex40=$Hex40$Hex40$Hex40$Hex40$Hex40 # Match SHA-1 hexdigest +GPG="$(git config --get "gpg.program" '.+' || echo gpg)" Did_find_repo= # yes for connected, no for no repo Localdir="${GIT_DIR:=.git}/remote-gcrypt" @@ -371,9 +372,9 @@ rungpg() # due to trying to print messages to it, even if a gpg agent is set # up. --no-tty fixes this. if [ "x$GPG_AGENT_INFO" != "x" ]; then - gpg --no-tty "$@" + ${GPG} --no-tty "$@" else - gpg "$@" + ${GPG} "$@" fi } From 6e3e0cd327d2e2968f2c1449fb5fc03bcaf42d17 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 5 Jul 2016 16:36:12 -0400 Subject: [PATCH 13/13] repository moved --- README.rst | 213 +---------------------------------------------------- 1 file changed, 3 insertions(+), 210 deletions(-) diff --git a/README.rst b/README.rst index ba06259..ba405c6 100644 --- a/README.rst +++ b/README.rst @@ -1,211 +1,4 @@ -================= -git-remote-gcrypt -================= +# This repository has moved! --------------------------------------- -GNU Privacy Guard-encrypted git remote --------------------------------------- - -:Manual section: 1 - -Description -=========== - -Remote helper programs are invoked by git to handle network transport. -This helper handles `gcrypt::` URLs that will access a remote repository -encrypted with GPG, using our custom format. - -Supported locations are `local`, `rsync://` and `sftp://`, where the -repository is stored as a set of files, or instead any `` where -gcrypt will store the same representation in a git repository, bridged -over arbitrary git transport. - -The aim is to provide confidential, authenticated git storage and -collaboration using typical untrusted file hosts or services. -PLEASE help us evaluate how well we meet this design goal! - -.. NOTE:: This is a development version -- Repository format MAY CHANGE. - -Quickstart -.......... - -* Install ``git-remote-gcrypt`` by running the supplied ``install.sh`` script. - -* Create an encrypted remote by pushing to it:: - - git remote add cryptremote gcrypt::rsync://example.com:repo - git push cryptremote master - > gcrypt: Setting up new repository - > gcrypt: Remote ID is :id:7VigUnLVYVtZx8oir34R - > [ more lines .. ] - > To gcrypt::[...] - > * [new branch] master -> master - -Configuration -============= - -The following ``git-config(1)`` variables are supported: - -``remote..gcrypt-participants`` - .. -``gcrypt.participants`` - Space-separated list of GPG key identifiers. The remote is encrypted - to these participants and only signatures from these are accepted. - ``gpg -k`` lists all public keys you know. - - If this option is not set, we encrypt to your default key and accept - any valid signature. This behavior can also be requested explicitly - by setting participants to ``simple``. - - The ``gcrypt-participants`` setting on the remote takes precedence - over the repository variable ``gcrypt.participants``. - -``remote..gcrypt-publish-participants`` - .. -``gcrypt.publish-participants`` - By default, the gpg key ids of the participants are obscured by - encrypting using `gpg -R`. Setting this option to `true` disables - that security measure. - - The problem with using `gpg -R` is that to decrypt, gpg tries each - available secret key in turn until it finds a usable key. - This can result in unncessary passphrase prompts. - -``remote..gcrypt-signingkey`` - .. -``user.signingkey`` - (The latter from regular git configuration) The key to use for signing. - You should set ``user.signingkey`` if your default signing key is not - part of the participant list. You may use the per-remote version - to sign different remotes using different keys. - - -Environment Variables -===================== - -*GCRYPT_FULL_REPACK* - This environment variable forces full repack when pushing. - -Examples -======== - -How to set up a remote for two participants:: - - git remote add cryptremote gcrypt::rsync://example.com:repo - git config remote.cryptremote.gcrypt-participants "KEY1 KEY2" - git push cryptremote master - -How to use a git backend:: - - # notice that the target git repo must already exist and its - # `next` branch will be overwritten! - git remote add gitcrypt gcrypt::git@example.com:repo#next - git push gitcrypt master - -The URL fragment (`#next` here) indicates which backend branch is used. - -Notes -===== - -Collaboration - The encryption of the manifest is updated for each push to match the - participant configuration. Each pushing user must have the public - keys of all collaborators and correct participant config. - -Dependencies - ``rsync`` and ``curl`` for remotes ``rsync:`` and ``sftp:`` - respectively. The main executable requires a POSIX-compliant shell - that supports ``local``. - -GNU Privacy Guard - Both GPG 1.4 and 2 are supported. You need a personal GPG key. GPG - configuration applies to algorithm choices for public-key - encryption, symmetric encryption, and signing. See ``man gpg`` for - more information. - -Remote ID - The Remote ID is not secret; it only ensures that two repositories - signed by the same user can be distinguished. You will see - a warning if the Remote ID changes, which should only happen if the - remote was re-created. - -Repository Format -................. - -| `EncSign(X):` Sign and Encrypt to GPG key holder -| `Encrypt(K,X):` Encrypt using symmetric-key algorithm -| `Hash(X):` SHA-2/256 -| -| `B:` branch list -| `L:` list of the hash (`Hi`) and key (`Ki`) for each packfile -| `R:` Remote ID -| -| To write the repository: -| -| Store each packfile `P` as `Encrypt(Ki, P)` → `P'` in filename `Hi` -| where `Ki` is a new random string and `Hash(P')` → `Hi` -| Store `EncSign(B || L || R)` in the manifest -| -| To read the repository: -| -| Get manifest, decrypt and verify using GPG keyring → `(B, L, R)` -| Warn if `R` does not match previously seen Remote ID -| for each `Hi, Ki` in `L`: -| Get file `Hi` from the server → `P'` -| Verify `Hash(P')` matches `Hi` -| Decrypt `P'` using `Ki` → `P` then open `P` with git - -Manifest file -............. - -Example manifest file (with ellipsis for brevity):: - - $ gpg -d 91bd0c092128cf2e60e1a608c31e92caf1f9c1595f83f2890ef17c0e4881aa0a - 542051c7cd152644e4995bda63cc3ddffd635958 refs/heads/next - 3c9e76484c7596eff70b21cbe58408b2774bedad refs/heads/master - pack :SHA256:f2ad50316...cd4ba67092dc4 z8YoAnFpMlW...3PkI2mND49P1qm - pack :SHA256:a6e17bb4c...426492f379584 82+k2cbiUn7...dgXfyX6wXGpvVa - keep :SHA256:f2ad50316...cd4ba67092dc4 1 - repo :id:OYiSleGirtLubEVqJpFF - -Each item extends until newline, and matches one of the following: - -`` `` - Git object id and its ref - -``pack :: `` - Packfile hash (`Hi`) and corresponding symmetric key (`Ki`). - -``keep :: `` - Packfile hash and its repack generation - -``repo `` - The remote id - -``extn ...`` - Extension field, preserved but unused. - -Detecting gcrypt repos -====================== - -To detect if a git url is a gcrypt repo, use: git-remote-gcrypt --check url -Exit status if 0 if the repo exists and can be decrypted, 1 if the repo -uses gcrypt but could not be decrypted, and 100 if the repo is not -encrypted with gcrypt (or could not be accessed). - -Note that this has to fetch the repo contents into the local git -repository, the same as is done when using a gcrypt repo. - -See Also -======== - -git-remote-helpers(1), gpg(1) - -License -======= - -This document and git-remote-gcrypt are licensed under identical terms, -GPL-3 (or 2+), see the git-remote-gcrypt file. - -.. this document generates a man page with rst2man -.. vim: ft=rst tw=72 sts=4 +Please use instead, +or its mirror on github,