aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Sokolovsky <paul.sokolovsky@linaro.org>2014-11-25 17:10:55 +0200
committerPaul Sokolovsky <paul.sokolovsky@linaro.org>2014-11-25 18:33:13 +0200
commitb012397d0da6190af08518abad3d81b1b1b2adb5 (patch)
treef48992a8463376afe0b24d656ed5cca06c570eb9
parentf6a87ee9b7a0c00d3083ef308e478300a473bb1e (diff)
downloadgit-gpgcrypt-b012397d0da6190af08518abad3d81b1b1b2adb5.tar.gz
Fail fast if we cannot get symmetric encryption key.
For example, if user is not recipient, or doesn't have one's private key set up right. Otherwise, script would proceed to use undecrypted symmetric key, efficiently scrambling all information in the repo. Change-Id: I0e1cd78ea7497cd4642354efe8a64fcfdea7574c
-rwxr-xr-xgit-gpgcrypt14
1 files changed, 14 insertions, 0 deletions
diff --git a/git-gpgcrypt b/git-gpgcrypt
index 2b0c6fc..99c90b7 100755
--- a/git-gpgcrypt
+++ b/git-gpgcrypt
@@ -79,7 +79,16 @@ setup_filters() {
}
get_key() {
+ set +e
gpg -d -q .gpgcrypt-key
+ rc=$?
+ if [ $rc -ne 0 ]; then
+ echo "*ERROR*: Unable to decrypt key, gpg result: $rc" >/dev/stderr
+ echo "Are you among recipients of this repository? Is private key" >/dev/stderr
+ echo "which can prove that available to GPG on this machine?" >/dev/stderr
+ exit $rc
+ fi
+ set -e
}
get_salt() {
@@ -91,6 +100,11 @@ encrypt_key() {
mv .gpgcrypt-key.tmp .gpgcrypt-key
}
+# Try to get symmetric encryption key and fail fast if we
+# can't do that, which means that GPG cannot decrypt it
+# with user's private key.
+get_key
+
case "$1" in
init)
init