[Pgp-tools-commit] r753 - in trunk: caff debian
Guilhem Moulin
guilhem-guest at moszumanska.debian.org
Sat Jan 3 11:07:26 UTC 2015
Author: guilhem-guest
Date: 2015-01-03 11:07:11 +0000 (Sat, 03 Jan 2015)
New Revision: 753
Modified:
trunk/caff/caff
trunk/debian/changelog
Log:
caff: Deprecate $CONFIG{'secret-keyring'}.
Instead, the secret keyring (secring.gpg for GnuPG < 2.1,
private-keys-v1.d for GnuPG 2.1 or latter) is to be symlinked into
~/.caff/gnupghome. Symlinks are automatically created if
~/.caff/gnupghome doesn't contain a secret keyring or directory.
Closes: #771857
Modified: trunk/caff/caff
===================================================================
--- trunk/caff/caff 2015-01-03 11:06:17 UTC (rev 752)
+++ trunk/caff/caff 2015-01-03 11:07:11 UTC (rev 753)
@@ -182,10 +182,6 @@
needed while the upstream GnuPG was not fixed. Default: what B<gpg>
is set to.
-=item B<secret-keyring> [string]
-
-Path to your secret keyring. Default: B<$HOME/.gnupg/secring.gpg>.
-
=item B<also-encrypt-to> [keyid, or list of keyids]
Additional keyids to encrypt messages to. Default: none.
@@ -570,7 +566,20 @@
$CONFIG{'gpg-sign'} //= $CONFIG{'gpg'};
$CONFIG{'gpg-delsig'} //= $CONFIG{'gpg'};
check_executable($_, $CONFIG{$_}) for qw/gpg gpg-sign gpg-delsig/;
- $CONFIG{'secret-keyring'} //= ($ENV{'GNUPGHOME'} || "$ENV{'HOME'}/.gnupg") . '/secring.gpg';
+ if (defined $CONFIG{'secret-keyring'}) {
+ die ("\$CONFIG{'secret-keyring'} is deprecated and will be removed in a future release. "
+ ."Create a symlink to $CONFIG{'secret-keyring'} in $CONFIG{'caffhome'}/gnupghome instead.\n");
+ delete $CONFIG{'secret-keyring'};
+ } else {
+ foreach my $sec (qw/secring.gpg private-keys-v1.d/) {
+ my $osec = ($ENV{'GNUPGHOME'} || "$ENV{'HOME'}/.gnupg") .'/'. $sec;
+ my $nsec = $CONFIG{'caffhome'}.'/gnupghome/'.$sec;
+ unless (-e $nsec) {
+ info ("Creating symlink $nsec to $osec.");
+ symlink $osec, $nsec;
+ }
+ }
+ }
$CONFIG{'no-download'} //= 0;
$CONFIG{'no-sign'} //= 0;
$CONFIG{'key-files'} //= [];
@@ -1134,8 +1143,8 @@
$gpg->options->hash_init(
'meta_interactive' => 0,
'always_trust' => 1,
- 'extra_args' => [ '--secret-keyring', $CONFIG{'secret-keyring'}
- , qw{ --no-auto-check-trustdb --fingerprint --with-colons --fixed-list-mode } ] );
+ 'homedir' => $GNUPGHOME,
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --fingerprint --with-colons } ] );
my $handles = make_gpg_fds( stdin => $NULL, stdout => undef, stderr => $NULL );
my $pid = $gpg->list_secret_keys( handles => $handles );
@@ -1147,11 +1156,16 @@
waitpid $pid, 0;
close $stdout;
- my @failed = import_keys_from_gnupghome(\@fprs, undef, $GNUPGHOME, 'export-minimal');
+ die "Error: No secret key.\nIf an empty secret keyring 'secring.gpg' ('private-keys-v1.d' for GnuPG 2.1 and latter) ".
+ "was automatically created by gpg(1) in $CONFIG{'caffhome'}/gnupghome, you may want to remove it and restart caff to ".
+ "use the secret keyring from your default GnuPGHOME instead.\n" unless @fprs;
+
foreach my $keyid (@{$CONFIG{'keyid'}}) {
die "Your key $keyid could not be imported from your normal GnuPGHOME.\n"
unless grep /\Q$keyid\E$/, @fprs; # not in the private keyring
}
+
+ my @failed = import_keys_from_gnupghome(\@fprs, undef, $GNUPGHOME, 'export-minimal');
die "Not all keys could be imported from your normal GnuPGHOME.\n" if @failed;
}
@@ -1536,7 +1550,6 @@
push @command, $CONFIG{'gpg-sign'};
push @command, '--local-user', $local_user if defined $local_user;
push @command, "--homedir=$GNUPGHOME";
- push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
push @command, qw/--no-auto-check-trustdb --trust-model=always/;
push @command, '--edit-key', $keyid;
push @command, 'showphoto' if $CONFIG{'show-photos'};
@@ -1676,7 +1689,6 @@
my @command;
push @command, $CONFIG{'gpg-sign'};
push @command, '--local-user', $local_user if defined $local_user;
- push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
push @command, qw/--no-auto-check-trustdb --trust-model=always/;
push @command, '--edit-key', $keyid;
push @command, 'showphoto' if $CONFIG{'show-photos'};
@@ -1714,7 +1726,6 @@
'command_fd' => 0,
'always_trust' => 1,
'extra_args' => [ '--local-user', $u
- , '--secret-keyring', $CONFIG{'secret-keyring'}
, '--ask-cert-level'
# we know there is a working agent
, '--use-agent'
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2015-01-03 11:06:17 UTC (rev 752)
+++ trunk/debian/changelog 2015-01-03 11:07:11 UTC (rev 753)
@@ -1,3 +1,14 @@
+signing-party (1.1.13-1) UNRELEASED; urgency=low
+
+ * caff:
+ + Deprecate $CONFIG{'secret-keyring'}. Instead, the secret keyring
+ (secring.gpg for GnuPG < 2.1, private-keys-v1.d for GnuPG 2.1 or latter)
+ is to be symlinked into ~/.caff/gnupghome. Symlinks are automatically
+ created if ~/.caff/gnupghome doesn't contain a secret keyring or
+ directory. (Closes: #771857)
+
+ -- Guilhem Moulin <guilhem at guilhem.org> Sat, 03 Jan 2015 11:36:26 +0100
+
signing-party (1.1.12-1) unstable; urgency=low
* debian.control:
More information about the Pgp-tools-commit
mailing list