]>
Git — Sourcephile - git-remote-gpg.git/blob - git-remote-gpg
2 our $VERSION = '2014.04.29';
4 # This file is a git-remote-helpers(1) to use a gpg(1)
5 # as a cryptographic layer below git(1)'s objects.
6 # Copyright (C) 2014 Julien Moutinho
8 # This program is free software: you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published
10 # by the Free Software Foundation, either version 3 of the License,
11 # or any later version.
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty
15 # of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16 # See the GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 use warnings FATAL
=> qw(all);
28 use File
::Spec
::Functions
qw(:ALL);
32 # NOTE: to debug: IPCRUNDEBUG=basic|data|details|gory
35 use POSIX
qw(WNOHANG);
42 foreach my $msg (@_) {
48 my $call = (caller(1))[3];
52 , "\e[30m\e[1m.", join('.', $call."\e[m")
56 : Data
::Dumper
::Dumper
($_)
63 my $call = (caller(1))[3];
66 , "\e[30m\e[1m.", join('.', $call."\e[m")
67 , " ", (ref $_ eq 'CODE'?(join("\n ", $_->()), "\n"):(@_, "\n"))
71 local $Carp::CarpLevel
= 1;
72 carp
("\e[33mWARNING\e[m ", @_, "\n\t");
75 local $Carp::CarpLevel
= 1;
76 croak
("\e[31mERROR\e[m ", @_, "\n\t");
80 foreach my $file (@_) {
81 debug
(sub{"file=$file\n"});
89 foreach my $dir (@_) {
90 debug
(sub{"dir=$dir\n"});
91 File
::Path
::make_path
($dir, {verbose
=>0, error
=> \
my $error});
93 for my $diag (@$error) {
94 my ($dir, $message) = %$diag;
95 error
("dir=$dir: $message");
102 my ($ctx, $size) = @_;
104 IPC
::Run
::run
([@{$ctx->{config
}->{gpg
}}
105 , '--armor', '--gen-rand', '1', $size]
107 or error
("failed to get random bits");
111 sub grg_hash
($$;$) {
112 my ($ctx, $algo, $run) = @_;
113 $run = sub {return @_} unless defined $run;
115 IPC
::Run
::run
($run->([@{$ctx->{config
}->{gpg
}}
116 , '--with-colons', '--print-md', $algo]
118 or error
("failed to hash data");
119 return ((split(':', $hash))[2]);
121 sub gpg_fingerprint
($$$) {
122 my ($ctx, $id, $caps_needed) = @_;
125 if (IPC
::Run
::run
([@{$ctx->{config
}->{gpg
}}
126 , '--fixed-list-mode', '--with-colons', '--with-fingerprint', '--list-keys', $id]
128 my @lines = split(/\n/,$output);
129 while (my $line = shift @lines) {
130 if (my ($longkeyid, $caps) = $line =~ m/^pub:[^:]*:[^:]*:[^:]*:([^:]*):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([^:]+):.*$/) {
132 foreach my $cap (@$caps_needed) {
133 if (not ($caps =~ m/$cap/)) {
134 warning
("skipping key 0x$longkeyid which has not usable capability: $cap, but matches: `$id'");
141 while ((not defined $fpr or not defined $uid)
142 and $line = shift @lines) {
143 (not defined $fpr and (($fpr) = $line =~ m/^fpr:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([0-9A-F]+):.*$/)) or
144 (not defined $uid and (($uid) = $line =~ m/^uid:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([^:]+):.*$/)) or
147 error
("unable to extract fingerprint and user ID")
155 error
("unable to find any OpenPGP key with usable capability: ".join('', @$caps_needed)." for: `$id'")
156 unless scalar(%h) gt 0;
157 debug
(sub{"$id -> "}, \
%h);
160 sub grg_encrypt_symmetric
($$$;$) {
161 my ($ctx, $clear, $key, $run) = @_;
162 $run = sub {return @_} unless defined $run;
163 IPC
::Run
::run
($run->([@{$ctx->{config
}->{gpg
}}
165 , '--compress-algo', 'none'
167 , '--passphrase-fd', '3'
169 , '--trust-model', 'always'
171 , '<', \
$clear, '3<', \
$key))
172 or error
("failed to encrypt symmetrically data");
174 sub grg_decrypt_symmetric
($$$;$) {
175 my ($ctx, $key, $run) = @_;
176 $run = sub {return @_} unless defined $run;
177 IPC
::Run
::run
($run->([@{$ctx->{config
}->{gpg
}}
178 , '--batch', '--no-default-keyring', '--keyring', '/dev/null', '--secret-keyring', '/dev/null'
179 , '--passphrase-fd', '3', '--quiet', '--decrypt']
181 or error
("failed to decrypt symmetrically data");
183 sub grg_encrypt_asymmetric
($$;$) {
184 my ($ctx, $clear, $run) = @_;
185 $run = sub {return @_} unless defined $run;
187 ( (map { ('--recipient', '0x'.$_) } (keys %{$ctx->{config
}->{keys}}))
188 , (map { ('--hidden-recipient', '0x'.$_) } (keys %{$ctx->{config
}->{'hidden-keys'}})) );
189 @recipients = ('--default-recipient-self')
191 IPC
::Run
::run
($run->([@{$ctx->{config
}->{gpg
}}
193 , '--compress-algo', 'none'
194 , '--trust-model', 'always'
195 , '--sign', '--encrypt'
196 , ($ctx->{config
}->{signingkey
}->{fpr
} ? ('--local-user', $ctx->{config
}->{signingkey
}->{fpr
}) : ())
199 or error
("failed to encrypt asymmetrically data");
201 sub grg_decrypt_asymmetric
($$;$) {
202 my ($ctx, $run) = @_;
203 my ($clear, $status);
204 $run = sub {return @_} unless defined $run;
205 IPC
::Run
::run
($run->([@{$ctx->{config
}->{gpg
}}
206 , '--batch', '--no-default-keyring',
207 , '--status-fd', '3', '--quiet', '--decrypt']
208 , '>', \
$clear, '3>', \
$status))
209 or error
("failed to decrypt asymmetrically data");
210 debug
(sub{"status=\n$status"});
211 my @lines = split(/\n/,$status);
212 my ($enc_to, $goodsig, $validsig, $validpub, $goodmdc);
213 foreach my $line (@lines) {
214 (not defined $enc_to and (($enc_to) = $line =~ m/^\[GNUPG:\] ENC_TO ([0-9A-F]+).*$/)) or
215 (not defined $goodsig and (($goodsig) = $line =~ m/^\[GNUPG:\] GOODSIG ([0-9A-F]+).*$/)) or
216 (not defined $goodmdc and (($goodmdc) = $line =~ m/^\[GNUPG:\] (GOODMDC)$/)) or
217 (not defined $validsig and not defined $validpub and (($validsig, $validpub)
218 = $line =~ m/^\[GNUPG:\] VALIDSIG ([0-9A-F]+) [^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+ ([0-9A-F]+).*$/)) or
221 error
("data expected to be encrypted")
223 debug
(sub{"enc_to=$enc_to\n"});
224 error
("data expected to be signed")
226 debug
(sub{"goodsig=$goodsig\n"});
227 error
("modification detection code incorrect")
229 debug
(sub{"good_mdc=$goodmdc\n"});
230 error
("data signature invalid")
231 unless $validsig and $validpub;
232 debug
(sub{"validsig=$validsig\n"});
233 debug
(sub{"validpub=$validpub\n"});
234 error
("data signature refused")
235 unless exists $ctx->{config
}->{keys}->{$validpub}
236 or exists $ctx->{config
}->{'hidden-keys'}->{$validpub};
237 debug
(sub{"accepted:$validpub\n"});
241 sub grg_remote_fetch_file
($) {
243 # NOTE: avoid File::Copy::copy().
244 while (my ($file, undef) = each %{$ctx->{remote
}->{fetch
}}) {
245 my $path = File
::Spec-
>catfile($ctx->{remote
}->{uri
}->file, $file);
247 my $h = $ctx->{remote
}->{fetch
}->{$file};
255 sub grg_remote_fetch_rsync
($) {
257 my $uri = $ctx->{remote
}->{uri
}->clone;
259 if ($uri->opaque =~ m{^//}) {
260 $uri->fragment(undef);
262 @src = map { $uri->path($_); $uri->as_string; }
263 (keys %{$ctx->{remote
}->{fetch
}});
266 my ($authority, $path, $fragment)
267 = $uri->as_string =~ m
|^rsync
:(?:([^/#:]+):)?([^?#]*)(?:#(.*))?$|;
268 @src = map { "$authority:$path/$_" }
269 (keys %{$ctx->{remote
}->{fetch
}});
271 IPC
::Run
::run
([@{$ctx->{config
}->{rsync
}}
272 , '-i', '--ignore-times', '--inplace', '--progress'
274 , $ctx->{'dir-cache'}.'/']
277 sub grg_remote_fetch_sftp
($) {
279 IPC
::Run
::run
([@{$ctx->{config
}->{curl
}}
281 , '--output', File
::Spec-
>catfile($ctx->{'dir-cache'}, '#1')
282 , File
::Spec-
>catfile($ctx->{remote
}->{uri
}->as_string
283 , '{'.join(',', (keys %{$ctx->{remote
}->{fetch
}})).'}') ])
285 sub grg_remote_fetch
($$) {
286 my ($ctx, $files) = @_;
287 debug
(sub{'files='}, $files);
288 my $scheme = $ctx->{remote
}->{uri
}->scheme;
289 $ctx->{remote
}->{fetch
}
291 { path
=> File
::Spec-
>catfile($ctx->{'dir-cache'}, $_)
295 { file
=> \
&grg_remote_fetch_file
296 , rsync
=> \
&grg_remote_fetch_rsync
297 , sftp
=> \
&grg_remote_fetch_sftp
299 error
("URL scheme not supported: `$scheme'")
302 or $ctx->{remote
}->{fetch
} = {};
303 return $ctx->{remote
}->{fetch
};
305 sub grg_remote_init_file
($) {
307 my $dst = $ctx->{remote
}->{uri
}->file;
311 sub grg_remote_init_rsync
($) {
313 my $tmp = File
::Temp-
>tempdir('grg_rsync_XXXXXXXX', CLEANUP
=> 1);
314 my $uri = $ctx->{remote
}->{uri
}->clone;
316 if ($uri->opaque =~ m{^//}) {
317 $uri->fragment(undef);
320 $dst = $uri->as_string;
323 my ($authority, $fragment);
324 ($authority, $path, $fragment)
325 = $uri->as_string =~ m
|^rsync
:(?:([^/#:]+):)?([^?#]*)(?:#(.*))?$|;
326 $dst = "$authority:";
328 &mkdir(File
::Spec-
>catdir($tmp, $path));
329 IPC
::Run
::run
([@{$ctx->{config
}->{rsync
}}
330 , '-i', '--recursive', '--relative'
334 , init
=> sub { chdir $tmp or die $!; })
336 sub grg_remote_init_sftp
($) {
338 my $path = $ctx->{remote
}->{uri
}->path;
339 my $uri = $ctx->{remote
}->{uri
}->clone;
340 $uri->fragment(undef);
343 IPC
::Run
::run
([@{$ctx->{config
}->{curl
}}
344 , '--show-error', '--ftp-create-dirs'
345 , '-Q', "+mkdir ".$path
348 sub grg_remote_init
($) {
350 my $scheme = $ctx->{remote
}->{uri
}->scheme;
352 { file
=> \
&grg_remote_init_file
353 , rsync
=> \
&grg_remote_init_rsync
354 , sftp
=> \
&grg_remote_init_sftp
356 error
("URL scheme not supported: `$scheme'")
359 or error
("remote init failed");
362 sub grg_remote_push_file
($) {
365 foreach my $file (@{$ctx->{remote
}->{push}}) {
366 my $src = File
::Spec-
>catfile($ctx->{'dir-cache'}, $file);
367 my $dst = File
::Spec-
>catfile($ctx->{remote
}->{uri
}->file, $file);
368 debug
(sub{"File::Copy::move('$src', '$dst')\n"});
369 if (not File
::Copy
::move
($src, $dst)) {
376 sub grg_remote_push_rsync
($) {
378 my $uri = $ctx->{remote
}->{uri
}->clone;
379 $uri->fragment(undef);
382 if ($uri->opaque =~ m{^//}) {
383 $uri->fragment(undef);
385 $dst = $uri->as_string;
388 my ($authority, $path, $fragment)
389 = $uri->as_string =~ m
|^rsync
:(?:([^/#:]+):)?([^?#]*)(?:#(.*))?$|;
390 $dst = "$authority:$path/";
392 IPC
::Run
::run
([@{$ctx->{config
}->{rsync
}}
394 , (@{$ctx->{remote
}->{push}})
397 , init
=> sub { chdir $ctx->{'dir-cache'} or die $!; });
399 sub grg_remote_push_sftp
($) {
401 my $uri = $ctx->{remote
}->{uri
}->clone;
404 IPC
::Run
::run
([@{$ctx->{config
}->{curl
}}
405 , '--show-error', '--ftp-create-dirs', '--upload-file'
406 , '{'.join(',', @{$ctx->{remote
}->{push}}).'}'
407 , $uri->as_string.'/'])
409 sub grg_remote_push
($) {
411 my $scheme = $ctx->{remote
}->{uri
}->scheme;
412 grg_remote_init
($ctx)
413 unless $ctx->{remote
}->{checked
};
415 if @{$ctx->{remote
}->{push}} == 0;
417 { file
=> \
&grg_remote_push_file
418 , rsync
=> \
&grg_remote_push_rsync
419 , sftp
=> \
&grg_remote_push_sftp
421 error
("URL scheme not supported: `$scheme'")
424 or error
("remote push failed");
425 rm
(map {File
::Spec-
>catfile($ctx->{'dir-cache'}, $_)} @{$ctx->{remote
}->{push}});
428 sub grg_remote_remove
($) {
430 #my $scheme = $ctx->{remote}->{uri}->scheme;
433 # File::Copy::remove_tree
434 # ( map { File::Spec->catfile($ctx->{remote}->{uri}->path, $_) } @$files
438 # IPC::Run::run([@{$ctx->{config}->{rsync}}
439 # , '--verbose', '--ignore-times', '--recursive', '--delete'
441 # , $ctx->{remote}->{uri}])
444 # IPC::Run::run([@{$ctx->{config}->{curl}}
446 # , map { ('-Q', 'rm '.$_) } @$files
447 # , $ctx->{remote}->{uri}])
450 #error("URL scheme not supported: `$scheme'")
452 #$fct->($ctx, $ctx->{remote}->{remove})
453 # or error("remote remove failed");
457 sub grg_pack_fetch
($$) {
458 my ($ctx, $fetch_objects) = @_;
461 my %remote_objects = ();
462 while (my ($pack_id, $pack) = each %{$ctx->{manifest
}->{packs
}}) {
463 foreach my $obj (@{$pack->{objects
}}) {
464 $remote_objects{$obj} = $pack_id;
468 my %packs_to_fetch = ();
469 foreach my $obj (@$fetch_objects) {
470 my @packs = ($remote_objects{$obj});
471 while (my $pack_id = shift @packs) {
472 if (not exists $packs_to_fetch{$pack_id}) {
473 $packs_to_fetch{$pack_id} = 1;
474 my $manifest_pack = $ctx->{manifest
}->{packs
}->{$pack_id};
475 error
("manifest is missing a dependency pack: $pack_id")
476 unless defined $manifest_pack;
477 @packs = (@packs, @{$manifest_pack->{deps
}});
481 my @packs_to_fetch = keys %packs_to_fetch;
482 my $packs_fetched = grg_remote_fetch
($ctx, [@packs_to_fetch]);
483 foreach my $pack_id (@packs_to_fetch) {
485 = exists $packs_fetched->{$pack_id}
486 ? $packs_fetched->{$pack_id}
487 : {path
=> File
::Spec-
>catfile($ctx->{'dir-cache'}, $pack_id), preserve
=> 0};
488 my $manifest_pack = $ctx->{manifest
}->{packs
}->{$pack_id};
489 my $pack_key = $manifest_pack->{key
};
491 grg_decrypt_symmetric
($ctx, $pack_key, sub {
492 push @{$_[0]}, ($pack_fetched->{path
});
493 return (@_, '>', \
$pack_data);
495 my $pack_hash_algo = $manifest_pack->{hash_algo
};
496 my $pack_hash = grg_hash
($ctx
498 , sub { return (@_, '<', \
$pack_data); });
499 error
("pack data hash differs from pack manifest hash")
500 unless $pack_hash eq $manifest_pack->{hash
};
502 unless $pack_fetched->{preserve
};
503 IPC
::Run
::run
(['git', 'index-pack', '-v', '--stdin']
508 sub grg_pack_push
($$) {
509 my ($ctx, $push_objects) = @_;
511 debug
(sub{"push_objects=\n"}, $push_objects);
513 my %remote_objects = ();
514 while (my ($pack_id, $pack) = each %{$ctx->{manifest
}->{packs
}}) {
515 foreach my $obj (@{$pack->{objects
}}) {
516 $remote_objects{$obj} = $pack_id;
520 IPC
::Run
::run
(['git', 'cat-file', '--batch-check']
521 , '<', \
join("\n", keys %remote_objects)
523 or error
("failed to query local git objects");
526 if ($_ =~ m/ missing$/) { () }
529 # @pack_objects, @pack_deps_objects
530 IPC
::Run
::run
(['git', 'rev-list', '--objects-edge', '--stdin', '--']
531 , '<', \
join("\n", ((map {'^'.$_} @common_objects), @$push_objects))
533 or error
("failed to query objects to pack");
534 my @pack_objects_edge = split(/\n/, $_);
535 foreach (@pack_objects_edge) {s/ .*//}
536 my @pack_objects = grep {m/^[^-]/} @pack_objects_edge;
537 my @pack_deps_objects = grep {s/^-//} @pack_objects_edge;
540 foreach my $obj (@pack_deps_objects) {
541 my $pack = $remote_objects{$obj};
542 error
("manifest is missing object dependencies")
543 unless defined $pack;
544 $pack_deps{$pack} = 1;
546 if (@pack_objects > 0) {
550 while (not defined $pack_id
551 or exists $ctx->{manifest
}->{packs
}->{$pack_id}) {
552 $pack_id = grg_rand
($ctx, $ctx->{config
}->{'pack-filename-size'});
553 $pack_id =~ s{/}{-}g;
554 error
("failed to pick an unused random pack filename after 512 tries; retry or increase grg.pack-filename-size")
555 if $pack_id_try++ >= 512;
557 my $pack_key = grg_rand
($ctx, $ctx->{config
}->{'pack-key-size'});
559 IPC
::Run
::run
(['git', 'pack-objects', '--stdout']
560 , '<', \
join("\n", @pack_objects)
562 or error
("failed to pack objects to push");
563 my $pack_hash = grg_hash
($ctx
564 , $ctx->{config
}->{'pack-hash-algo'}
565 , sub { return (@_, '<', \
$pack_data); });
566 grg_encrypt_symmetric
($ctx, $pack_data, $pack_key, sub {
567 push @{$_[0]}, ('--output', File
::Spec-
>catfile($ctx->{'dir-cache'}, $pack_id));
570 push @{$ctx->{remote
}->{push}}, $pack_id;
571 $ctx->{manifest
}->{packs
}->{$pack_id} =
572 { deps
=> [keys %pack_deps]
574 , hash_algo
=> $ctx->{config
}->{'pack-hash-algo'}
576 , objects
=> \
@pack_objects
581 sub grg_manifest_fetch
($) {
584 { 'hidden-keys' => {}
590 my $fetched = grg_remote_fetch
($ctx, [$ctx->{'manifest-file'}]);
591 my $crypt = $fetched->{$ctx->{'manifest-file'}}->{path
};
592 if (defined $crypt) {
593 $ctx->{remote
}->{checked
} = 1;
595 grg_decrypt_asymmetric
($ctx, sub {
596 push @{$_[0]}, $crypt;
597 return (@_, '>', \
$json); });
598 rm
($fetched->{$ctx->{'manifest-file'}}->{path
})
599 unless $fetched->{$ctx->{'manifest-file'}}->{preserve
};
601 ($manifest = JSON
::decode_json
($json) and ref $manifest eq 'HASH')
602 or error
("failed to decode JSON manifest");
603 $ctx->{manifest
} = {%{$ctx->{manifest
}}, %$manifest};
604 foreach my $slot (qw(keys hidden-keys)) {
605 while (my ($fpr, $uid) = each %{$ctx->{manifest
}->{$slot}}) {
606 my %keys = gpg_fingerprint
($ctx, '0x'.$fpr, ['E']);
607 my ($fpr, $uid) = each %keys;
608 $ctx->{config
}->{$slot}->{$fpr} = $uid;
613 if ($ctx->{command
} eq 'push' or $ctx->{command
} eq 'list for-push') {
614 $ctx->{remote
}->{checked
} = 0;
616 elsif ($ctx->{remote
}->{checking
}) {
620 error
("remote checking failed");
624 sub grg_manifest_push
($) {
626 foreach my $slot (qw(keys hidden-keys)) {
627 $ctx->{manifest
}->{$slot} = {};
628 while (my ($fpr, $uid) = each %{$ctx->{config
}->{$slot}}) {
629 $ctx->{manifest
}->{$slot}->{$fpr} = $uid;
632 my $json = JSON
::encode_json
($ctx->{manifest
})
633 or error
("failed to encode JSON manifest");
634 grg_encrypt_asymmetric
($ctx, $json, sub {
636 , ('--output', File
::Spec-
>catfile($ctx->{'dir-cache'}, $ctx->{'manifest-file'}));
638 push @{$ctx->{remote
}->{push}}, $ctx->{'manifest-file'};
641 sub grg_config_read
($) {
643 my $cfg = $ctx->{config
};
646 foreach my $name (qw(gpg signingkey keys)
647 , grep { !m/^(gpg|signingkey|keys)$/ } (keys %$cfg)) {
649 IPC
::Run
::run
(['git', 'config', '--get', 'remote.'.$ctx->{remote
}->{name
}.'.'.$name, '.+'], '>', \
$value) or
650 IPC
::Run
::run
(['git', 'config', '--get', 'grg.'.$name, '.+'], '>', \
$value) or 1;
651 if ($name eq 'signingkey') {
652 IPC
::Run
::run
(['git', 'config', '--get', 'user.'.$name, '.+'], '>', \
$value)
655 my %keys = gpg_fingerprint
($ctx, $value, ['S']);
656 warning
("signing key ID is not matching a unique key: taking only one")
657 unless scalar(keys %keys) == 1;
658 my ($fpr, $uid) = each %keys;
659 $cfg->{$name} = {fpr
=> $fpr, uid
=> $uid};
661 elsif ($name eq 'keys' or $name eq 'hidden-keys') {
662 IPC
::Run
::run
(['git', 'config', '--get', 'user.'.$name, '.+'], '>', \
$value)
665 my @ids = split(/,/, $value);
667 foreach my $key (@ids) {
668 my %keys = gpg_fingerprint
($ctx, $key, ['E']);
669 while (my ($fpr, $uid) = each %keys) {
670 $cfg->{$name}->{$fpr} = $uid;
675 elsif (grep(/^$name$/, qw(curl gpg rsync))) {
676 IPC
::Run
::run
(['git', 'config', '--get', $name.'.program', '.+'], '>', \
$value)
678 $cfg->{$name} = [split(' ', $value)]
683 $cfg->{$name} = $value
687 error
("no signingkey configured; to do so you may use one of following commands:\n"
688 , "\t\$ git config remote.'$ctx->{remote}->{name}'.signingkey \$your_openpgp_id\n"
689 , "\t\$ git config grg.signingkey \$your_openpgp_id\n"
690 , "\t\$ git config user.signingkey \$your_openpgp_id"
691 ) unless defined $cfg->{signingkey
};
692 if ( (scalar (keys %{$cfg->{keys}}) == 0)
693 and (scalar (keys %{$cfg->{'hidden-keys'}}) == 0) ) {
694 $cfg->{keys} = { $cfg->{signingkey
}->{fpr
} => $cfg->{signingkey
}->{uid
} };
697 debug
(sub{'config='},$cfg);
700 sub grg_connect
($) {
702 grg_config_read
($ctx);
703 grg_manifest_fetch
($ctx);
705 sub grg_disconnect
($) {
707 grg_remote_push
($ctx);
710 sub gpg_command_answer
($) {
712 debug
(sub{join('', @cmd)."\n"});
713 print STDOUT
(@cmd, "\n");
715 sub grg_command_capabilities
($) {
717 $ctx->{command
} = 'capabilities';
718 gpg_command_answer
("fetch");
719 gpg_command_answer
("push");
720 gpg_command_answer
("");
723 sub grg_command_fetch
($$) {
724 my ($ctx, $fetch_refs) = @_;
725 $ctx->{command
} = 'fetch';
726 debug
(sub{"fetch_refs="}, $fetch_refs);
729 my @fetch_objects= ();
730 foreach my $ref (@$fetch_refs) {
731 push @fetch_objects, $ref->{sha1
};
733 grg_pack_fetch
($ctx, \
@fetch_objects);
735 sub grg_command_list
($$) {
736 my ($ctx, $command) = @_;
737 $ctx->{command
} = $command;
739 while (my ($ref, $obj) = each %{$ctx->{manifest
}->{refs
}}) {
740 gpg_command_answer
("$obj $ref");
742 gpg_command_answer
("");
744 sub grg_command_push
($$) {
745 my ($ctx, $push_refs) = @_;
747 $ctx->{command
} = 'push';
748 debug
(sub{"push_refs="}, $push_refs);
751 my @push_objects= ();
752 foreach my $ref (@$push_refs) {
753 IPC
::Run
::run
(['git', 'rev-list', '--ignore-missing', '--max-count=1', $ref->{src
}, '--']
755 or error
("failed to dereference ref to push: ".$ref->{src
});
757 $ref->{src_obj
} = $_;
758 push @push_objects, $_;
760 grg_pack_push
($ctx, \
@push_objects);
761 my $manifest_refs = $ctx->{manifest
}->{refs
};
762 foreach my $ref (@$push_refs) {
763 $manifest_refs->{$ref->{dst
}} = $ref->{src_obj
};
765 $manifest_refs->{HEAD
}
766 = $push_refs->[-1]->{src_obj
}
767 unless @$push_refs == 0;
768 grg_manifest_push
($ctx);
769 grg_disconnect
($ctx);
771 sub grg_commands
(@) {
775 #STDOUT->autoflush(1);
776 while (defined $line or (not eof(*STDIN
) and
777 (defined($line = readline(*STDIN
)))
779 : error
("readline failed: $!")
781 debug
(sub{"line=\"",$line,"\"\n"});
782 $ctx->{command
} = undef;
783 if ($line eq 'capabilities') {
784 grg_command_capabilities
($ctx);
787 elsif ($line =~ m/^fetch .*$/) {
790 while ((defined $line or (not eof(*STDIN
) and
791 ((defined($line = readline(*STDIN
)))
793 : error
("readline failed: $!")))) and
794 (($sha1, $name) = ($line =~ m/^fetch ([0-9a-f]{40}) (.+)$/))
796 debug
(sub{"fetch line=\"",$line,"\"\n"});
797 push @refs, {sha1
=>$sha1, name
=>$name};
800 error
("failed to parse command: $line")
802 grg_command_fetch
($ctx, \
@refs);
804 elsif ($line eq 'list' or $line eq 'list for-push') {
805 grg_command_list
($ctx, $line);
808 elsif ($line =~ m/^push .*$/) {
810 my ($force, $src, $dst);
811 while ((defined $line or (not eof(*STDIN
) and
812 ((defined($line = readline(*STDIN
)))
814 : error
("readline failed: $!")))) and
815 (($force, $src, $dst) = ($line =~ m/^push (\+)?([^:]+):(.+)$/))
817 debug
(sub{"push line=\"",$line,"\"\n"});
818 push @refs, {force
=>(defined $force), src
=>$src, dst
=>$dst};
821 error
("failed to parse command: $line")
823 grg_command_push
($ctx, \
@refs);
825 elsif ($line =~ m/^$/) {
828 local $SIG{'PIPE'} = 'IGNORE';
829 gpg_command_answer
("");
834 warning
("unsupported command supplied: `$line'");
840 $ENV{GIT_DIR
} = $ENV{GIT_DIR
} || '.git';
841 $ENV{GITCEPTION
} = ($ENV{GITCEPTION
} || '') . '+';
848 , 'hidden-keys' => {}
849 , 'manifest-hash-algo' => 'SHA224' # NOTE: SHA512, SHA384, SHA256, SHA224 supported.
850 , 'pack-filename-size' => 42
851 , 'pack-hash-algo' => 'SHA224' # NOTE: SHA512, SHA384, SHA256, SHA224 supported.
852 , 'pack-key-size' => 64
853 , signingkey
=> undef
856 , 'dir-cache' => undef
858 , 'manifest-file' => undef
867 Getopt
::Long
::Configure
872 Getopt
::Long
::GetOptions
873 ( help
=> sub { Pod
::Usage
::pod2usage
875 , -sections
=> ['SYNOPSIS', 'OPTIONS', 'REMOTES', 'CONFIG']
876 , -verbose
=> 99 ); }
877 , man
=> sub { Pod
::Usage
::pod2usage
(-verbose
=> 2); }
879 $ctx->{remote
}->{checking
} = 1;
882 if (not $ctx->{remote
}->{checking
}) {
883 my $name = shift @ARGV;
884 Pod
::Usage
::pod2usage
(-verbose
=> 1)
885 unless defined $name;
886 ($ctx->{remote
}->{name
}) = ($name =~ m/^((\w|-)+)$/);
887 error
("valid name of remote Git required, got: `$name'")
888 unless $ctx->{remote
}->{name
};
890 my $uri = shift @ARGV;
891 Pod
::Usage
::pod2usage
(-verbose
=> 1)
893 $ctx->{remote
}->{uri
} = URI-
>new($uri);
894 error
("valid URL of remote Git required, got: `$uri'")
895 unless $ctx->{remote
}->{uri
};
896 my $fragment = $ctx->{remote
}->{uri
}->fragment;
898 unless defined $fragment;
899 $ctx->{'manifest-file'} = grg_hash
($ctx
900 , $ctx->{config
}->{'manifest-hash-algo'}
901 , sub { return (@_, '<', \
$fragment); });
902 if (-d
$ENV{GIT_DIR
}) {
903 $ctx->{'dir-cache'} = File
::Spec-
>catdir
904 ( $ENV{GIT_DIR
}, 'cache', 'remotes'
905 , $ctx->{remote
}->{name
}, 'gpg');
906 &mkdir($ctx->{'dir-cache'});
909 $ctx->{'dir-cache'} = File
::Temp-
>tempdir('grg_cache_XXXXXXXX', CLEANUP
=> 1);
911 debug
(sub{"ctx="},$ctx);
922 git-remote-gpg - git-remote-helpers(1) to encrypt remote repository through gpg(1)
926 =item git-remote-gpg $gpg_remote $gpg_url
928 =item git-remote-gpg --check $gpg_url
934 =item B<-h>, B<--help>
944 =item git remote add $remote gpg::rsync:${user:+$user@}$host:$path
946 =item git remote add $remote gpg::rsync://${user:+$user@}$host${port:+:$port}/$path
950 =item git remote add $remote gpg::sftp://${user:+$user@}$host${port:+:$port}/$path
952 =head2 Via File::Copy(3pm)
954 =item git remote add $remote gpg::file://$path
968 =item B<grg.hidden-keys>
970 =item B<grg.manifest-hash-algo>
972 =item B<grg.pack-filename-size>
974 =item B<grg.pack-hash-algo>
976 =item B<grg.pack-key-size>
978 =item B<grg.signingkey>