summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-11-09 10:22:20 -0200
committerSilvio Rhatto <rhatto@riseup.net>2016-11-09 10:22:20 -0200
commitdc4c62e5bffc41a3a128440341078de9075bd856 (patch)
tree12339fea83da2d359131a53a657ccc8ecbd9ff99
parent880a35bbb1ad613255a38a228ba53a7820e11846 (diff)
downloadkeyringer-0.4.0.tar.gz
keyringer-0.4.0.tar.bz2
Keyringer 0.4.00.4.0
-rw-r--r--ChangeLog16
-rw-r--r--Makefile3
-rw-r--r--development.mdwn12
-rwxr-xr-xkeyringer2
-rw-r--r--share/man/keyringer.154
5 files changed, 50 insertions, 37 deletions
diff --git a/ChangeLog b/ChangeLog
index 2462e45..5bd3530 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2016-11-09 - 0.4.0 - Silvio Rhatto <rhatto@riseup.net>
+
+ Adopts Semantic Versioning
+
+ Do not rely on git-flow
+
+ Adds sclip action
+
+ Ensure destination path exists at mv action
+
+ Allow @ at file names
+
+ Slightly more interactive keyringer_get_file
+
+ Updates URLs and static site generation.
+
2015-03-30 - 0.3.8 - Silvio Rhatto <rhatto@riseup.net>
Eliminates hardcoded bash path, reported and fixed by
diff --git a/Makefile b/Makefile
index 73be8f5..b503b68 100644
--- a/Makefile
+++ b/Makefile
@@ -64,8 +64,9 @@ release:
# https://github.com/nvie/gitflow/pull/160
# https://github.com/nvie/gitflow/issues/50
#git flow release finish -s -m "Keyringer $(VERSION)" $(VERSION)
- git flow release finish -s $(VERSION)
+ #git flow release finish -s $(VERSION)
git checkout master
+ git merge develop
@make tarball
gpg --use-agent --armor --detach-sign --output $(ARCHIVE)/keyringer-$(VERSION).tar.bz2.asc $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
scp $(ARCHIVE)/keyringer-$(VERSION).tar.bz2* keyringer:/var/sites/keyringer/releases/
diff --git a/development.mdwn b/development.mdwn
index 1788ba1..49a224c 100644
--- a/development.mdwn
+++ b/development.mdwn
@@ -8,20 +8,16 @@ Index
Coding standards
----------------
+* Uses Semantic Versioning.
* Respect the existing coding style.
* Be clear: easy audability must be one of keyringer's requirements.
-Development workflow
---------------------
-
-We use [git-flow](https://github.com/nvie/gitflow) for the development workflow.
-
Release workflow
----------------
Go to develop branch and start a new release
- git flow release start VERSION
+ git checkout develop
Prepare the source code:
@@ -33,6 +29,10 @@ Create and upload a new release:
make release
+Tag the release:
+
+ git tag -s $(VERSION) -m "Keyringer $(VERSION)"
+
Update the debian branch:
make debian
diff --git a/keyringer b/keyringer
index 956bb73..a5ecd67 100755
--- a/keyringer
+++ b/keyringer
@@ -140,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.3.8"
+KEYRINGER_VERSION="0.4.0"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 13de085..39669b6 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -1,7 +1,7 @@
-.TH KEYRINGER 1 "Oct 25, 2013" "Keyringer User Manual"
+.TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" ""
.SH NAME
.PP
-keyringer - encrypted and distributed secret sharing software
+keyringer \- encrypted and distributed secret sharing software
.SH SYNOPSIS
.PP
keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]...
@@ -10,8 +10,8 @@ keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]...
Keyringer lets you manage and share secrets using GnuPG and Git in a
distributed fashion.
.PP
-It has custom commands to create key-pairs and to encrypt, decrypt and
-re-encrypt secrets.
+It has custom commands to create key\-pairs and to encrypt, decrypt and
+re\-encrypt secrets.
It also supports encryption to multiple recipients and groups of
recipients, to allow a workgroup to share access to a single repository
while restricting some secrets to subsets of the group.
@@ -87,14 +87,14 @@ Remove an empty folder inside the repository \f[I]keys\f[] folder.
.TP
.B tree <\f[I]path\f[]>
List contents from the toplevel repository \f[I]keys\f[] folder or from
-relative paths if \f[I]path\f[] is specified using a tree-like format.
+relative paths if \f[I]path\f[] is specified using a tree\-like format.
Like the ls wrapper, this is a wrapper around the \f[I]TREE(1)\f[]
command.
.RS
.RE
.TP
.B shell
-Run keyringer on interactive mode from a built-in command-line prompt
+Run keyringer on interactive mode from a built\-in command\-line prompt
where all other actions can be called and are operated from the current
selected keyring.
.RS
@@ -138,7 +138,7 @@ read from the standard input and encrypting again.
.RS
.RE
.TP
-.B append-batch <\f[I]secret\f[]>
+.B append\-batch <\f[I]secret\f[]>
Append contents into a secret, batch mode.
.RS
.RE
@@ -177,11 +177,11 @@ Rename a secret.
.B edit <\f[I]secret\f[]>
Edit a secret by temporarily decrypting it, opening the decrypted copy
into the text editor defined by the \f[I]$EDITOR\f[] environment
-variable and then re-encrypting it.
+variable and then re\-encrypting it.
.RS
.PP
Please make sure to use an
-\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[]. \f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[]
+\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[]
is set to VIM and disables the \f[I]\&.viminfo\f[] file.
.RE
.TP
@@ -194,30 +194,26 @@ encrypt all it\[aq]s contents.
.RS
.RE
.TP
-.B encrypt-batch <\f[I]secret\f[]> [\f[I]file\f[]]
+.B encrypt\-batch <\f[I]secret\f[]> [\f[I]file\f[]]
Encrypt content, batch mode.
Behavior is identical to \f[I]encrypt\f[] action, but less verbose.
Useful inside scripts.
.RS
.RE
.TP
-.B genkeys
-<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
-[\f[I]options\f[]]
-Wrapper to generate encryption key-pairs, useful for automated key
+.B genkeys <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509\-self\f[]|\f[I]ssl\f[]|\f[I]ssl\-self\f[]> [\f[I]options\f[]]
+Wrapper to generate encryption key\-pairs, useful for automated key
deployment.
.RS
.RE
.TP
-.B genpair
-<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
-[\f[I]options\f[]]
+.B genpair <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509\-self\f[]|\f[I]ssl\f[]|\f[I]ssl\-self\f[]> [\f[I]options\f[]]
Alias for \f[I]genkeys\f[] action.
.RS
.RE
.TP
.B open <\f[I]secret\f[]>
-Decrypt a secret into a temporary folder and open it using xdg-open,
+Decrypt a secret into a temporary folder and open it using xdg\-open,
which tries to figure out the file type and then calls the associated
application.
.RS
@@ -227,16 +223,16 @@ file again into the secret file and deletes the temporary file.
.RE
.TP
.B recrypt <\f[I]secret\f[]>
-Re-encrypts a secret by decrypting it and encrypting it again.
+Re\-encrypts a secret by decrypting it and encrypting it again.
Useful when users are added into the recipient configuration.
If no \f[I]secret\f[] is given, all secrets in the repository are
-re-encrypted.
+re\-encrypted.
.RS
.RE
.TP
.B clip <\f[I]secret\f[]>
Copy the first line of a secret to the clipboard, following
-password-store convention.
+password\-store convention.
.RS
.RE
.TP
@@ -287,7 +283,7 @@ Alias for usage action.
.RS
.RE
.TP
-.B recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipients-file\f[]>
+.B recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipients\-file\f[]>
List, create or edit recipients configuration.
.RS
.PP
@@ -296,13 +292,13 @@ used by keyringer when encrypting secrets and associated with email
aliases.
.PP
Keyringer uses a default recipients file, but specifying a custom
-\f[I]recipients-file\f[] pathname will override this default.
+\f[I]recipients\-file\f[] pathname will override this default.
.PP
For instance, if a user encrypts a secret to a file in the keyring
-repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients-file\f[]
+repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[]
under \f[I]accounting\f[] will be used.
-Encrypting a secret into \f[I]accounting/bank-accounts\f[] will result
-in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[]
+Encrypting a secret into \f[I]accounting/bank\-accounts\f[] will result
+in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[]
encrypted using the public keys listed in the config
file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[].
.PP
@@ -328,7 +324,7 @@ Create or edit a recipients file.
Editing happens using the editor specified by the \f[C]$EDITOR\f[]
environment variable.
.PP
-The required parameter \f[I]recipients-file\f[] is interpreted relative
+The required parameter \f[I]recipients\-file\f[] is interpreted relative
to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder.
.RE
.RE
@@ -350,11 +346,11 @@ Metadata is not encrypted, meaning that an attacker with access to a
keyringer repository can discover all public key IDs used for
encryption, and which secrets are encrypted to which keys.
This can be improved in the future by encrypting the repository
-configuration with support for the \f[I]\-\-hidden-recipient\f[] GnuPG
+configuration with support for the \f[I]\-\-hidden\-recipient\f[] GnuPG
option and encrypted repository options.
.PP
To mitigate that, it\[aq]s possible to keep the repo just atop of an
-encrypted and non-public place.
+encrypted and non\-public place.
.IP "2." 3
History is not rewritten by default when secrets are removed from a
keyringer repository.