diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2014-11-25 17:10:55 +0200 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2014-11-25 18:33:13 +0200 |
commit | b012397d0da6190af08518abad3d81b1b1b2adb5 (patch) | |
tree | f48992a8463376afe0b24d656ed5cca06c570eb9 | |
parent | f6a87ee9b7a0c00d3083ef308e478300a473bb1e (diff) |
Fail fast if we cannot get symmetric encryption key.
For example, if user is not recipient, or doesn't have one's private key
set up right. Otherwise, script would proceed to use undecrypted symmetric
key, efficiently scrambling all information in the repo.
Change-Id: I0e1cd78ea7497cd4642354efe8a64fcfdea7574c
-rwxr-xr-x | git-gpgcrypt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/git-gpgcrypt b/git-gpgcrypt index 2b0c6fc..99c90b7 100755 --- a/git-gpgcrypt +++ b/git-gpgcrypt @@ -79,7 +79,16 @@ setup_filters() { } get_key() { + set +e gpg -d -q .gpgcrypt-key + rc=$? + if [ $rc -ne 0 ]; then + echo "*ERROR*: Unable to decrypt key, gpg result: $rc" >/dev/stderr + echo "Are you among recipients of this repository? Is private key" >/dev/stderr + echo "which can prove that available to GPG on this machine?" >/dev/stderr + exit $rc + fi + set -e } get_salt() { @@ -91,6 +100,11 @@ encrypt_key() { mv .gpgcrypt-key.tmp .gpgcrypt-key } +# Try to get symmetric encryption key and fail fast if we +# can't do that, which means that GPG cannot decrypt it +# with user's private key. +get_key + case "$1" in init) init |