diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-12-21 10:19:49 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-12-21 10:19:49 -0200 |
commit | 46654f78de44630d8ea7f247ad65bb15908c2479 (patch) | |
tree | 58b07a5ac1f051287d28d27f34e7aa10571909f2 | |
parent | 4386b9572591046e75dd98adbcaa518319873dca (diff) | |
parent | 491ea8e72879c9c9244c2740e8a428b97249b58a (diff) | |
download | keyringer-46654f78de44630d8ea7f247ad65bb15908c2479.tar.gz keyringer-46654f78de44630d8ea7f247ad65bb15908c2479.tar.bz2 |
Merge tag 'upstream_keyringer_0.5.0' into debian
Upstream version 0.5.0
-rw-r--r-- | ChangeLog | 14 | ||||
-rw-r--r-- | development.mdwn | 7 | ||||
-rw-r--r-- | index.mdwn | 6 | ||||
-rwxr-xr-x | keyringer | 2 | ||||
-rwxr-xr-x | lib/keyringer/actions/preferences | 2 | ||||
-rwxr-xr-x | lib/keyringer/actions/pwgen | 35 | ||||
-rwxr-xr-x | lib/keyringer/actions/sclip | 9 | ||||
-rw-r--r-- | lib/keyringer/completions/bash/keyringer | 4 | ||||
-rw-r--r-- | lib/keyringer/completions/zsh/_keyringer | 4 | ||||
-rwxr-xr-x | lib/keyringer/functions | 14 | ||||
-rw-r--r-- | share/man/keyringer.1 | 14 | ||||
-rw-r--r-- | share/man/keyringer.1.mdwn | 10 |
12 files changed, 105 insertions, 16 deletions
@@ -1,3 +1,17 @@ +2016-12-21 - 0.5.0 - Silvio Rhatto <rhatto@riseup.net> + + Fixes keyringer_check_expiration failure if a public key is listed multiple + times (#77 and Debian #847964) + + Make keyringer_check_expiration not fail on subkeys which do not have an + expiration date (#76 and Debian #847963) + + Adds pwgen action + + Fixes sclip clipboard overwrite procedure + + Adds XDOTOOL_NEXT_WINDOW config into sclip + 2016-11-17 - 0.4.1 - Silvio Rhatto <rhatto@riseup.net> Adds sclip into completions diff --git a/development.mdwn b/development.mdwn index 3a1ed34..2349c84 100644 --- a/development.mdwn +++ b/development.mdwn @@ -49,9 +49,14 @@ Run lintian (or [add it to your pbuilder hooks](http://askubuntu.com/questions/1 lintian --info --display-info --pedantic --color auto build-area/keyringer_$VERSION*.changes -Then go back to the develop branch: +Then go back to the develop branch and push everything: git checkout develop + git push --all + +Cleanup symlink: + + rm ../keyringer_$VERSION.orig.tar.bz2 Notes: @@ -21,7 +21,7 @@ Installation Just clone - git clone https//git.fluxo.info/keyringer + git clone https://git.fluxo.info/keyringer And then leave it somewhere, optionally adding it to your `$PATH` environment variable or package it to your preferred distro. @@ -216,8 +216,8 @@ Keyringer's basic concepts are as follows: one encrypted file that contains one line for each secret, e.g. a single file called secrets with lines such as: - emma : root : secret1 - emma - /dev/hda : : secret2 + emma : root : secret1 + emma - /dev/hda : : secret2 Or you may also have a different encrypted file for each secret, e.g. a file called `emma.root` that contains the root passphrase for the server named `emma` and @@ -140,7 +140,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.4.1" +KEYRINGER_VERSION="0.5.0" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/lib/keyringer/actions/preferences b/lib/keyringer/actions/preferences index 6e36ef4..ffabc4c 100755 --- a/lib/keyringer/actions/preferences +++ b/lib/keyringer/actions/preferences @@ -30,7 +30,7 @@ fi if [ "$COMMAND" == "ls" ]; then cat "$PREFERENCES" elif [ "$COMMAND" == "edit" ]; then - "$EDITOR" "$PREFERENCES" + $EDITOR "$PREFERENCES" elif [ "$COMMAND" == "add" ]; then shift 2 [[ -n $* ]] && echo $* >> "$PREFERENCES" diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen new file mode 100755 index 0000000..45d2bf9 --- /dev/null +++ b/lib/keyringer/actions/pwgen @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +# +# Generates passphrases. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# Parameters +SIZE="$3" +FILE="$2" + +# Generates a random passphrase +function keyringer_pwgen { + ENTROPY_BYTES=${1:-20} # in bytes + ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}" + + # Strip possible newlines if output is wrapped. + # Also strip trailing = signs as they add nothing to the password's entropy. + head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n=' + echo +} + +# Check +if [ -z "$FILE" ]; then + echo "Usage: keyringer <keyring> $BASENAME <secret> [size]" + exit 1 +elif [ ! -z "$SIZE" ] && ! echo $SIZE | egrep -q '^[0-9]+$'; then + echo "$SIZE is not a number" + exit 1 +fi + +# Encrypt and store a randomly-generated secret +keyringer_pwgen $SIZE | keyringer_exec encrypt "$BASEDIR" "$FILE" diff --git a/lib/keyringer/actions/sclip b/lib/keyringer/actions/sclip index e4c88fa..6016f2b 100755 --- a/lib/keyringer/actions/sclip +++ b/lib/keyringer/actions/sclip @@ -11,13 +11,18 @@ source "$LIB" || exit 1 shift keyringer $KEYRING xclip $* +# Se window switch combo +if [ -z "$XDOTOOL_NEXT_WINDOW" ]; then + XDOTOOL_NEXT_WINDOW="alt+Tab" +fi + # Move to the next window if which xdotool &> /dev/null; then - xdotool key alt+Tab + xdotool key $XDOTOOL_NEXT_WINDOW fi # Sleep sleep 5 # Overwrite clipboard -cat $RANDOM | sha256sum | base64 -d | xclip +echo $RANDOM | sha256sum | base64 | xclip diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer index ccc8fb9..10b852e 100644 --- a/lib/keyringer/completions/bash/keyringer +++ b/lib/keyringer/completions/bash/keyringer @@ -93,7 +93,7 @@ _keyringer() { recipients) opts="ls edit" ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) + ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" ;; @@ -128,7 +128,7 @@ _keyringer() { # TODO opts="$(_keyringer_git_complete ${prev} ${cur})" ;; - encrypt|encrypt-batch) + encrypt|encrypt-batch|pwgen) cur="$(_keyringer_path_complete ${cur})" opts="`compgen -o default "${cur}"`" ;; diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer index ff74933..7562352 100644 --- a/lib/keyringer/completions/zsh/_keyringer +++ b/lib/keyringer/completions/zsh/_keyringer @@ -49,7 +49,7 @@ _keyringer() { recipients) compadd "$@" ls edit ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) + ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null) ;; @@ -83,7 +83,7 @@ _keyringer() { git) compadd "$@" $(_keyringer_git_complete $words[4] $words[5]) ;; - encrypt|encrypt-batch) + encrypt|encrypt-batch|pwgen) _files ;; *) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 09b004d..bd87fd6 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -703,7 +703,7 @@ function keyringer_check_expiration { seconds="`date +%s`" # Check the main key - expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`" + expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | head -n1 | cut -d : -f 7`" # TODO: Time to expire can be configured via repository options. ahead="$((86400 * 30 + $seconds))" @@ -722,8 +722,14 @@ function keyringer_check_expiration { fi # Check the subkeys - expiry="" - for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do + local subkey="" + for subkey in $(gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub); do + local expiry=$(cut -d : -f 7 <<< "$subkey") + + if [[ -z "$expiry" ]]; then + not_expired=1 + fi + if [[ "$seconds" -lt "$expiry" ]]; then not_expired="1" @@ -734,7 +740,7 @@ function keyringer_check_expiration { done # All subkeys are expired - if [ ! -z "$expiry" ] && [ "$not_expired" != "1" ]; then + if [ ! -z "$subkey" ] && [ "$not_expired" != "1" ]; then echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired." exit 1 fi diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 74bcf1f..fe17968 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -222,6 +222,20 @@ After the application exits, keyringer encrypts the temporary decrypted file again into the secret file and deletes the temporary file. .RE .TP +.B pwgen <\f[I]secret\f[]> [\f[I]size\f[]] +Generates a random passphrase and stores into \f[I]secret\f[] pathname +with optional entropy size in bytes. +Default size is 20. +.RS +.PP +Passphrases will be slightly bigger than size due to base64 conversion. +.PP +With this action you can generate and store a passphrase without need to +see it. +Combined with clip or sclip action provides an hygienic way to handle +secrets. +.RE +.TP .B recrypt <\f[I]secret\f[]> Re\-encrypts a secret by decrypting it and encrypting it again. Useful when users are added into the recipient configuration. diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 8f024d1..afe7e99 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -163,6 +163,16 @@ open <*secret*> After the application exits, keyringer encrypts the temporary decrypted file again into the secret file and deletes the temporary file. +pwgen <*secret*> [*size*] +: Generates a random passphrase and stores into *secret* pathname with optional + entropy size in bytes. Default size is 20. + + Passphrases will be slightly bigger than size due to base64 conversion. + + With this action you can generate and store a passphrase without need to see + it. Combined with clip or sclip action provides an hygienic way to handle + secrets. + recrypt <*secret*> : Re-encrypts a secret by decrypting it and encrypting it again. Useful when users are added into the recipient configuration. If no *secret* is given, all secrets in the repository |