Require signed masterkey (REPO FORMAT CHANGE)

diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 4374cb5f2e6b716a12980de27c35a34b380a10fa..9856f1986cc53168a2acf31a6cb0f5317e35ed5a 100755 (executable)
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -174,6 +174,11 @@ CLEARSIGN()
        fi
 }
 
+CHECKSIGN()
+{
+       gpg -q --no-default-keyring --keyring "$CONF_KEYRING" -d
+}
+
 DECRYPT()
 {
        (printf "%s" "$MASTERKEY" | \
@@ -199,6 +204,7 @@ make_new_repo()
        # The MASTERKEY is encrypted to all RECIPIENTS. The key is a long
        # ascii-encoded string used for symmetric encryption with GnuPG.
        local RECIPIENTS
+       local KEYSIGN
        echo_info "Setting up new repository at $URL"
        RECIPIENTS="$(gpg --no-default-keyring --keyring "$CONF_KEYRING" \
                --with-colons -k | xgrep ^pub | cut -f5 -d:)"
@@ -216,10 +222,37 @@ make_new_repo()
        echo_info "Encrypting to \"$RECIPIENTS\""
        echo_info "Generating new master key"
        MASTERKEY="$(genkey)"
-       printf "%s" "$MASTERKEY" | \
-               gpg --compress-algo none -e $RECIPIENTS | PUT "$URL" masterkey
+       KEYSIGN=$(printf "%s\n" "$MASTERKEY" | gpg --output - --clearsign)
+       TMPMASTERKEY_ENC="$LOCALDIR/masterenc.$$"
+       trap 'rm -f "$TMPMASTERKEY_ENC"' EXIT
+       printf "%s" "$KEYSIGN" | gpg --no-default-keyring \
+               --keyring "$CONF_KEYRING" --compress-algo none -e $RECIPIENTS \
+               > "$TMPMASTERKEY_ENC"
+       PUT "$URL" masterkey < "$TMPMASTERKEY_ENC"
+       rm -f "$TMPMASTERKEY_ENC"
+       trap EXIT
+}
+
+get_masterkey()
+{
+       TMPMASTERKEY_ENC="$LOCALDIR/masterenc.$$"
+       trap 'rm -f "$TMPMASTERKEY_ENC"' EXIT
+       echo_info "Verifying masterkey signature"
+       GET "$URL" masterkey 2>/dev/null > "$TMPMASTERKEY_ENC" || return 0
+       #echo_info "Opening Master Key"
+       gpg -q -d < "$TMPMASTERKEY_ENC" | CHECKSIGN || {
+               echo_info "Opening of master key failed!"
+               echo_info "Using keyring $CONF_KEYRING"
+               if [ "$CONF_KEYRING" = "/dev/null" ] ; then
+               echo_info "Please configure gcrypt.keyring"
+               fi
+               exit 1
+       }
+       rm -f "$TMPMASTERKEY_ENC"
+       trap EXIT
 }
 
+
 read_config()
 {
        CONF_SIGN_MANIFEST=$(git config --bool gcrypt.signmanifest || :)
@@ -250,8 +283,7 @@ ensure_connected()
        then
                # Use gpg to verify and strip the signature
                echo_info "Verifying manifest signature"
-               STRIPDATA="$(printf "%s" "$MANIFESTDATA" | \
-               gpg -q --no-default-keyring --keyring "$CONF_KEYRING" -d || {
+               STRIPDATA="$(printf "%s" "$MANIFESTDATA" | CHECKSIGN || {
                        echo_info "WARNING: Failed to verify signature from $URL"
                        echo_info "WARNING: Using keyring $CONF_KEYRING"
                        if [ "$CONF_KEYRING" = "/dev/null" ] ; then
@@ -269,11 +301,6 @@ ensure_connected()
        PACKLIST=$(printf "%s\n" "$MANIFESTDATA" | xgrep "^$PACKPFX")
 }
 
-get_masterkey()
-{
-       GET "$URL" masterkey 2>/dev/null | gpg -q -d || :
-}
-
 do_capabilities()
 {
        echo fetch