Commit cffe8137 authored by Silvio Rhatto's avatar Silvio Rhatto
Browse files

Merge branch 'release/0.3.7'

parents e61a7748 4bc8b8e6
......@@ -3,4 +3,5 @@ debian/keyringer
debian/files
debian/files
debian/keyringer.substvars
tarballs
.pc
2014-08-21 - 0.3.7 - Silvio Rhatto <rhatto@riseup.net>
Init: just set git user/mail if needed
Shell completions: use KEYRINGER_CHECK_RECIPIENTS=false to avoid
fatal errors
Shell completions: minor zsh fixes
Shell completions: fix handling of keyrings with '-' in their names
Edit: Unset RELATIVE_PATH before encrypting file
New 'cp' action
Reset 'expiry' on keyringer_check_expiration, reported and fixed
by Jamie (closes #62)
2014-05-20 - 0.3.6 - Silvio Rhatto <rhatto@riseup.net>
Makefile fix
......
......@@ -14,10 +14,11 @@
# Place - Suite 330, Boston, MA 02111-1307, USA
#
PACKAGE = keyringer
VERSION = $(shell ./keyringer | head -n 1 | cut -d ' ' -f 2)
PREFIX ?= /usr/local
INSTALL = /usr/bin/install
PACKAGE = keyringer
VERSION = $(shell ./keyringer | head -n 1 | cut -d ' ' -f 2)
PREFIX ?= /usr/local
ARCHIVE ?= tarballs
INSTALL = /usr/bin/install
clean:
find . -name *~ | xargs rm -f # clean local backups
......@@ -26,8 +27,8 @@ install_lib:
$(INSTALL) -D --mode=0755 lib/keyringer/functions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/functions
$(INSTALL) -D --mode=0755 -d lib/keyringer/actions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions
$(INSTALL) -D --mode=0755 lib/keyringer/actions/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions
$(INSTALL) -D --mode=0755 -d lib/keyringer/editors $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
$(INSTALL) -D --mode=0755 lib/keyringer/editors/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
$(INSTALL) -D --mode=0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
$(INSTALL) -D --mode=0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
install_bin:
$(INSTALL) -D --mode=0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer
......@@ -53,7 +54,8 @@ build_man:
sed -i -e 's/--/\\-\\-/g' share/man/keyringer.1
tarball:
git archive --prefix=keyringer-$(VERSION)/ --format=tar HEAD | bzip2 >../tarballs/keyringer-$(VERSION).tar.bz2
mkdir -p $(ARCHIVE)
git archive --prefix=keyringer-$(VERSION)/ --format=tar HEAD | bzip2 > $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
release:
@make build_man
......@@ -65,8 +67,8 @@ release:
git flow release finish -s $(VERSION)
git checkout master
@make tarball
gpg --use-agent --armor --detach-sign --output ../tarballs/keyringer-$(VERSION).tar.bz2.asc ../tarballs/keyringer-$(VERSION).tar.bz2
scp ../tarballs/keyringer-$(VERSION).tar.bz2* keyringer:/var/sites/keyringer/releases/
gpg --use-agent --armor --detach-sign --output $(ARCHIVE)/keyringer-$(VERSION).tar.bz2.asc $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
scp $(ARCHIVE)/keyringer-$(VERSION).tar.bz2* keyringer:/var/sites/keyringer/releases/
# We're doing tagging afterwards:
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568375
#git tag -s $(VERSION) -m "Keyringer $(VERSION)"
......@@ -74,7 +76,7 @@ release:
debian:
git checkout debian
git-import-orig --upstream-vcs-tag=$(VERSION) ../tarballs/keyringer-$(VERSION).tar.bz2
git-import-orig --upstream-vcs-tag=$(VERSION) $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
# Fine tune debian/changelog prepared by git-dch
dch -e
git commit -a -m "Updating debian/changelog"
......
......@@ -106,8 +106,10 @@ function keyringer_init {
keyringer_git_ignore 'tmp/*'
# Git configuration
git config user.email "$email"
git config user.name "$name"
if [ ! -z "$email" ]; then
git config user.email "$email"
git config user.name "$name"
fi
# Edit default recipients
echo "Now you have to edit the default recipient configuration to be able to encrypt secrets."
......@@ -138,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
KEYRINGER_VERSION="0.3.6"
KEYRINGER_VERSION="0.3.7"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
......@@ -149,13 +151,6 @@ ACTION="$2"
# Turn off pathname expansion so expansion can work properly
set -f
# Export globals for other scripts
export PREFERENCES="`dirname $CONFIG`/$KEYRING"
export KEYRINGER_VERSION
export CONFIG_VERSION
export KEYRING
export CONFIG
# Set functions location
if [ -e "`dirname $(readlink -f $0)`/lib/$NAME/functions" ]; then
# Development or local installation layout
......@@ -165,6 +160,15 @@ else
LIB="`dirname $(readlink -f $0)`/../lib/$NAME/functions"
fi
# Set shared files location
if [ -e "`dirname $(readlink -f $0)`/share/$NAME" ]; then
# Development or local installation layout
SHARE="`dirname $(readlink -f $0)`/share/$NAME"
else
# System installation layout
SHARE="`dirname $(readlink -f $0)`/../share/$NAME"
fi
# Set actions location
if [ -e "`dirname $(readlink -f $0)`/lib/$NAME/actions" ]; then
# Development or local installation layout
......@@ -174,6 +178,14 @@ else
ACTIONS="`dirname $(readlink -f $0)`/../lib/$NAME/actions"
fi
# Export globals for other scripts
export PREFERENCES="`dirname $CONFIG`/$KEYRING"
export KEYRINGER_VERSION
export CONFIG_VERSION
export KEYRING
export CONFIG
export SHARE
# Load functions
source "$LIB" || exit 1
......
#!/bin/bash
#
# Copy secrets.
#
# Load functions
LIB="`dirname $0`/../functions"
source "$LIB" || exit 1
# Aditional parameters
CWD="`pwd`"
# Avoid leading slash
ORIG="$(keyringer_filename `echo "$2" | sed -e "s|^/*||"`)"
DEST="`echo "$3" | sed -e "s|^/*||"`"
# Set destination
if [ ! -d "$KEYDIR/$RELATIVE_PATH/$DEST" ]; then
keyringer_get_new_file $DEST
else
FILE="$DEST"
fi
# Check if secret exists
if ! echo "$ORIG" | grep -q '*' && [ ! -e "$KEYDIR/$RELATIVE_PATH/$ORIG" ]; then
echo "Secret not found: $ORIG"
exit 1
fi
# Run move command
cd "$KEYDIR" && cp -a "./$RELATIVE_PATH/$ORIG" "./$FILE"
keyringer_exec git "$BASEDIR" add "keys/$FILE"
cd "$CWD"
......@@ -59,9 +59,9 @@ wait
echo "Press any key when done using the file and you're sure that $APPNAME is closed."
read -s -n 1
# Encrypt again
# Encrypt again. Unset RELATIVE_PATH as it was already used to determine FILE path
export KEYRINGER_ADD_EXTENSION=false
keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK"
RELATIVE_PATH="" keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK"
# Check exit status
errcrypt="$?"
......
......@@ -69,7 +69,6 @@ _keyringer() {
fi
# Process config
source $config/config
keyrings="`ls --color=never $config | sed -e '/^config$/d' | xargs`"
# Available instances
......@@ -77,13 +76,13 @@ _keyringer() {
# The current instance
instance="${COMP_WORDS[1]}"
path="`eval echo '$'$instance`"
path="`grep -e "^$instance=" "$config/config" | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//'`"
# Command completions
if [ "${#COMP_WORDS[@]}" == "2" ]; then
opts="$keyrings"
elif [ "${#COMP_WORDS[@]}" == "3" ] && echo "${prev}" | grep -qe "$instances"; then
opts="`export KEYRINGER_CHECK_VERSION=false && keyringer $instance commands`"
opts="`export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance commands`"
elif [ "${#COMP_WORDS[@]}" == "3" ]; then
opts="init"
elif [ "${#COMP_WORDS[@]}" == "4" ]; then
......@@ -96,7 +95,7 @@ _keyringer() {
;;
ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
opts="$(bash -c "set -f && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
genpair)
opts="gpg ssh ssl ssl-self"
......@@ -119,7 +118,7 @@ _keyringer() {
;;
genpair)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
opts="$(bash -c "set -f && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
git)
# TODO
......
......@@ -19,9 +19,8 @@ _keyringer() {
fi
# Process config
source $config/config
local keyrings="`ls --color=never $config | sed -e '/^config$/d' | xargs`"
local keyring_path="`eval echo '$'$words[2]`"
local keyring_path="`grep -e "^$words[2]=" "$config/config" | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//'`"
local instances="`echo $keyrings | sed -e 's/ /$\\\|^/g' -e 's/^/^/' -e 's/$/$/'`"
_arguments \
......@@ -37,7 +36,7 @@ _keyringer() {
;;
action)
if echo $words[2] | grep -qe "$instances"; then
compadd "$@" `KEYRINGER_CHECK_VERSION=false keyringer $words[2] commands`
compadd "$@" `KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] commands`
else
compadd "$@" "init"
fi
......@@ -52,7 +51,7 @@ _keyringer() {
;;
ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash
compadd "$@" $(KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
;;
genpair)
compadd "$@" gpg ssh ssl ssl-self
......@@ -71,11 +70,11 @@ _keyringer() {
case "$words[3]" in
recipients)
words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]'*' 2> /dev/null)
compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]* 2> /dev/null)
;;
genpair)
words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
compadd "$@" $(KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
;;
git)
compadd "$@" $(_keyringer_git_complete $words[4] $words[5])
......@@ -88,7 +87,7 @@ _keyringer() {
esac
;;
*)
if [ $words[3] == "git" ]; then
if [[ $words[3] == "git" ]]; then
# TODO
true
fi
......
......@@ -72,7 +72,7 @@ function keyringer_exec {
action="$1"
basedir="$2"
shift 2
# Dispatch
if keyringer_has_action "$action"; then
"$ACTIONS/$action" "$basedir" $*
......@@ -171,7 +171,7 @@ function keyringer_set_tmpfile {
else
TMPWORK="$(mktemp "$template")"
fi
if [ "$?" != "0" ]; then
printf "Error: can't set TMPWORK %s\n" "$TMPWORK"
exit 1
......@@ -250,7 +250,7 @@ function keyringer_git_ignore {
function keyringer_set_env {
if [ -z "$1" ]; then
echo "Error: missing arguments for keyringer_set_env"
exit 1
exit 1
fi
ACTIONS="`dirname $0`"
......@@ -287,7 +287,7 @@ function keyringer_set_env {
# Avoid viminfo, see https://keyringer.pw/trac/ticket/50
if $EDITOR --help | grep -q -e "^VIM"; then
if ! echo $EDITOR | grep -q -- "-i NONE"; then
EDITOR="$EDITOR -S `dirname $LIB`/editors/vim"
EDITOR="$EDITOR -S $SHARE/editors/vim"
fi
fi
......@@ -429,7 +429,7 @@ function keyringer_get_option {
# Get a file argument
function keyringer_get_file {
FILE="$(keyringer_filename "$RELATIVE_PATH/$1")"
if [ -z "$FILE" ]; then
keyringer_action_usage
exit 1
......@@ -715,6 +715,7 @@ function keyringer_check_expiration {
fi
# Check the subkeys
expiry=""
for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
if [[ "$seconds" -lt "$expiry" ]]; then
not_expired="1"
......
......@@ -164,6 +164,11 @@ Alias for \f[I]del\f[] action.
.RS
.RE
.TP
.B cp <\f[I]secret\f[]> <\f[I]dest\f[]>
Copy a secret.
.RS
.RE
.TP
.B mv <\f[I]secret\f[]> <\f[I]dest\f[]>
Rename a secret.
.RS
......@@ -370,6 +375,13 @@ using the \f[I]git\f[] action.
Keyringer does not protect data which were not encrypted to a keyring,
so be careful when decrypting secrets and writing them to the disk or
other storage media.
.PP
Pay special attention that keyringer outputs data to stdout, which could
be easilly spotted by any agent looking directly at you computer screen.
.PP
The xclip action even copies secret data to the X11 clipboard, which can
be accessed by any application running in the user\[aq]s X11 session, so
use this feature carefully.
.SH SEE ALSO
.PP
The \f[I]README\f[] file distributed with Keyringer contains full
......
......@@ -128,6 +128,9 @@ del <*secret*>
rm <*secret*>
: Alias for *del* action.
cp <*secret*> <*dest*>
: Copy a secret.
mv <*secret*> <*dest*>
: Rename a secret.
......@@ -284,6 +287,13 @@ Keyringer currently has the following limitations:
so be careful when decrypting secrets and writing them to the disk or
other storage media.
Pay special attention that keyringer outputs data to stdout, which could
be easilly spotted by any agent looking directly at you computer screen.
The xclip action even copies secret data to the X11 clipboard, which can
be accessed by any application running in the user's X11 session, so use
this feature carefully.
# SEE ALSO
The *README* file distributed with Keyringer contains full documentation.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment