[Pgp-tools-commit] r753 - in trunk: caff debian

Sat Jan 3 11:07:26 UTC 2015

Author: guilhem-guest
Date: 2015-01-03 11:07:11 +0000 (Sat, 03 Jan 2015)
New Revision: 753

Modified:
   trunk/caff/caff
   trunk/debian/changelog
Log:
caff: Deprecate $CONFIG{'secret-keyring'}.

Instead, the secret keyring (secring.gpg for GnuPG < 2.1,
private-keys-v1.d for GnuPG 2.1 or latter) is to be symlinked into
~/.caff/gnupghome.  Symlinks are automatically created if
~/.caff/gnupghome doesn't contain a secret keyring or directory.
Closes: #771857

Modified: trunk/caff/caff
===================================================================

--- trunk/caff/caff	2015-01-03 11:06:17 UTC (rev 752)
+++ trunk/caff/caff	2015-01-03 11:07:11 UTC (rev 753)
@@ -182,10 +182,6 @@
 needed while the upstream GnuPG was not fixed.  Default: what B<gpg>
 is set to.
 
-=item B<secret-keyring> [string]
-
-Path to your secret keyring.  Default: B<$HOME/.gnupg/secring.gpg>.
-
 =item B<also-encrypt-to> [keyid, or list of keyids]
 
 Additional keyids to encrypt messages to. Default: none.
@@ -570,7 +566,20 @@
 	$CONFIG{'gpg-sign'} //= $CONFIG{'gpg'};
 	$CONFIG{'gpg-delsig'} //= $CONFIG{'gpg'};
 	check_executable($_, $CONFIG{$_}) for qw/gpg gpg-sign gpg-delsig/;
-	$CONFIG{'secret-keyring'} //= ($ENV{'GNUPGHOME'} || "$ENV{'HOME'}/.gnupg") . '/secring.gpg';
+	if (defined $CONFIG{'secret-keyring'}) {
+		die ("\$CONFIG{'secret-keyring'} is deprecated and will be removed in a future release. "
+			."Create a symlink to $CONFIG{'secret-keyring'} in $CONFIG{'caffhome'}/gnupghome instead.\n");
+		delete $CONFIG{'secret-keyring'};
+	} else {
+		foreach my $sec (qw/secring.gpg private-keys-v1.d/) {
+			my $osec = ($ENV{'GNUPGHOME'} || "$ENV{'HOME'}/.gnupg") .'/'. $sec;
+			my $nsec = $CONFIG{'caffhome'}.'/gnupghome/'.$sec;
+			unless (-e $nsec) {
+				info ("Creating symlink $nsec to $osec.");
+				symlink $osec, $nsec;
+			}
+		}
+	}
 	$CONFIG{'no-download'} //= 0;
 	$CONFIG{'no-sign'} //= 0;
 	$CONFIG{'key-files'} //= [];
@@ -1134,8 +1143,8 @@
 	$gpg->options->hash_init(
 		'meta_interactive' => 0,
 		'always_trust' => 1,
-		'extra_args' => [ '--secret-keyring', $CONFIG{'secret-keyring'}
-						, qw{ --no-auto-check-trustdb --fingerprint --with-colons --fixed-list-mode } ] );
+		'homedir' => $GNUPGHOME,
+		'extra_args' => [ qw{ --no-auto-check-trustdb --fingerprint --with-colons } ] );
 
 	my $handles = make_gpg_fds( stdin => $NULL, stdout => undef, stderr => $NULL );
 	my $pid = $gpg->list_secret_keys( handles => $handles );
@@ -1147,11 +1156,16 @@
 	waitpid $pid, 0;
 	close $stdout;
 
-	my @failed = import_keys_from_gnupghome(\@fprs, undef, $GNUPGHOME, 'export-minimal');
+	die "Error: No secret key.\nIf an empty secret keyring 'secring.gpg' ('private-keys-v1.d' for GnuPG 2.1 and latter) ".
+		"was automatically created by gpg(1) in $CONFIG{'caffhome'}/gnupghome, you may want to remove it and restart caff to ".
+		"use the secret keyring from your default GnuPGHOME instead.\n" unless @fprs;
+
 	foreach my $keyid (@{$CONFIG{'keyid'}}) {
 		die "Your key $keyid could not be imported from your normal GnuPGHOME.\n"
 			unless grep /\Q$keyid\E$/, @fprs; # not in the private keyring
 	}
+
+	my @failed = import_keys_from_gnupghome(\@fprs, undef, $GNUPGHOME, 'export-minimal');
 	die "Not all keys could be imported from your normal GnuPGHOME.\n" if @failed;
 }
 
@@ -1536,7 +1550,6 @@
 			push @command, $CONFIG{'gpg-sign'};
 			push @command, '--local-user', $local_user if defined $local_user;
 			push @command, "--homedir=$GNUPGHOME";
-			push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
 			push @command, qw/--no-auto-check-trustdb --trust-model=always/;
 			push @command, '--edit-key', $keyid;
 			push @command, 'showphoto' if $CONFIG{'show-photos'};
@@ -1676,7 +1689,6 @@
 				my @command;
 				push @command, $CONFIG{'gpg-sign'};
 				push @command, '--local-user', $local_user if defined $local_user;
-				push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
 				push @command, qw/--no-auto-check-trustdb --trust-model=always/;
 				push @command, '--edit-key', $keyid;
 				push @command, 'showphoto' if $CONFIG{'show-photos'};
@@ -1714,7 +1726,6 @@
 					'command_fd' => 0,
 					'always_trust' => 1,
 					'extra_args' => [ '--local-user', $u
-									, '--secret-keyring', $CONFIG{'secret-keyring'}
 									, '--ask-cert-level'
 									# we know there is a working agent
 									, '--use-agent'

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2015-01-03 11:06:17 UTC (rev 752)
+++ trunk/debian/changelog	2015-01-03 11:07:11 UTC (rev 753)
@@ -1,3 +1,14 @@
+signing-party (1.1.13-1) UNRELEASED; urgency=low
+
+  * caff:
+    + Deprecate $CONFIG{'secret-keyring'}.  Instead, the secret keyring
+      (secring.gpg for GnuPG < 2.1, private-keys-v1.d for GnuPG 2.1 or latter)
+      is to be symlinked into ~/.caff/gnupghome.  Symlinks are automatically
+      created if ~/.caff/gnupghome doesn't contain a secret keyring or
+      directory.  (Closes: #771857)
+
+ -- Guilhem Moulin <guilhem at guilhem.org>  Sat, 03 Jan 2015 11:36:26 +0100
+
 signing-party (1.1.12-1) unstable; urgency=low
 
   * debian.control:


