From 074e3a2bc4ca97438ca69a3a355747462d931cbd Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Sun, 20 Nov 2022 20:56:17 +0100
Subject: [PATCH] make git-crypt add-gpg-user -k default fool-proof

Unlike most other keys, the default key is encoded using the name
`default` in the file system, but inside the key name is empty. If one
actually stores the key name `default` inside, the key is rejected by
`validate_key_name`.

If one does `git-crypt add-gpg-user` without `-k`, the default key is
being used leaving the key name empty and things work. If one specifies
`-k default` however, it actually stores the invalid key name `default`.
The resulting key file is always rejected by `validate_key_name`.

This commit changes the behaviour of `-k default` to behave as if no
`-k` were given.
---
 commands.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/commands.cpp b/commands.cpp
index 6b3c498..9df8406 100644
--- a/commands.cpp
+++ b/commands.cpp
@@ -677,10 +677,12 @@ static bool decrypt_repo_keys (std::vector<Key_file>& key_files, uint32_t key_ve
 
 static void encrypt_repo_key (const char* key_name, const Key_file::Entry& key, const std::vector<std::pair<std::string, bool> >& collab_keys, const std::string& keys_path, std::vector<std::string>* new_files)
 {
+	if (!key_name)
+		key_name = "default";
 	std::string	key_file_data;
 	{
 		Key_file this_version_key_file;
-		this_version_key_file.set_key_name(key_name);
+		this_version_key_file.set_key_name(std::strcmp(key_name, "default") != 0 ? key_name : nullptr);
 		this_version_key_file.add(key);
 		key_file_data = this_version_key_file.store_to_string();
 	}
@@ -689,7 +691,7 @@ static void encrypt_repo_key (const char* key_name, const Key_file::Entry& key,
 		const std::string&	fingerprint(collab->first);
 		const bool		key_is_trusted(collab->second);
 		std::ostringstream	path_builder;
-		path_builder << keys_path << '/' << (key_name ? key_name : "default") << '/' << key.version << '/' << fingerprint << ".gpg";
+		path_builder << keys_path << '/' << key_name << '/' << key.version << '/' << fingerprint << ".gpg";
 		std::string		path(path_builder.str());
 
 		if (access(path.c_str(), F_OK) == 0) {