summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2022-08-19 12:17:46 -0300
committerSilvio Rhatto <rhatto@riseup.net>2022-08-19 12:17:46 -0300
commite608e752fc2f0c36b457803ed3d85edcc24e5c31 (patch)
tree3d13e290d8bd7882de27979d481ade17b37bd6be
parent65301e5129d9776a39de4e83d3f76be4c4d8749b (diff)
parent0bce87704b1ca134880067942e3eb64f548a0e32 (diff)
downloadkeyringer-e608e752fc2f0c36b457803ed3d85edcc24e5c31.tar.gz
keyringer-e608e752fc2f0c36b457803ed3d85edcc24e5c31.tar.bz2
Merge branch 'develop'
-rw-r--r--ChangeLog6
-rwxr-xr-xkeyringer2
-rwxr-xr-xlib/keyringer/actions/recrypt59
-rwxr-xr-xlib/keyringer/actions/xclip2
4 files changed, 56 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 7b6fae2..81e4d25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2022-08-19 - 0.5.8 - Silvio Rhatto <rhatto@riseup.net>
+
+ Fix re-encryption when the secret hass NULL bytes
+
+ Attempt to fix xclip message 'Error: target STRING not available'
+
2022-06-07 - 0.5.7 - Silvio Rhatto <rhatto@riseup.net>
New upstream URLs
diff --git a/keyringer b/keyringer
index f28c8f3..878d5d1 100755
--- a/keyringer
+++ b/keyringer
@@ -140,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.5.7"
+KEYRINGER_VERSION="0.5.8"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt
index 0e2f6a0..5542bfc 100755
--- a/lib/keyringer/actions/recrypt
+++ b/lib/keyringer/actions/recrypt
@@ -9,33 +9,66 @@ source "$LIB" readwrite $* || exit 1
# Recrypt a single secret
function keyringer_recrypt {
-
# Get file
keyringer_get_file "$1"
# Set recipients file
keyringer_set_recipients "$FILE"
- # Decrypt
- decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE")"
+ # Verbosity
+ echo "Processing $FILE..."
- if [ "$?" != "0" ]; then
- echo "Decryption error on $1."
- exit 1
- fi
+ # Recrypt in stages. This approach will fail for secrets that have NULL bytes, since
+ # bash can't hold those as variables.
+ #
+ # In that case, it would lead to the following warning:
+ #
+ # lib/keyringer/actions/recrypt: line 20: warning: command substitution: ignored null byte in input
+ #
+ # See https://stackoverflow.com/a/42493691
+ #
+ ## Decrypt
+ #decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE")"
+
+ #if [ "$?" != "0" ]; then
+ # echo "Decryption error on $1."
+ # exit 1
+ #fi
+
+ ## Recrypt
+ #recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`"
+
+ #if [ "$?" != "0" ]; then
+ # echo "Recryption error on $1."
+ # exit 1
+ #fi
- # Recrypt
- recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`"
+ #unset decrypted
+ #echo "$recrypted" > "$KEYDIR/$FILE"
+
+ # As we can't use variables as the secret material can contain NULL bytes, we
+ # use a temporary file instead
+ set -o pipefail
+ mkdir -p -m 700 "$TMPWORK/`dirname $FILE`"
+ $GPG --use-agent -d "$KEYDIR/$FILE" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") -o "$TMPWORK/$FILE.recrypted"
if [ "$?" != "0" ]; then
echo "Recryption error on $1."
+
+ if [ -e "$TMPWORK/$FILE.recrypted" ]; then
+ keyringer_shred "$TMPWORK/$FILE.recrypted"
+ fi
+
exit 1
fi
- unset decrypted
- echo "$recrypted" > "$KEYDIR/$FILE"
+ # Move the re-encrypted secret only if there was no error
+ mv "$TMPWORK/$FILE.recrypted" "$KEYDIR/$FILE"
}
+# Set a tmp file
+keyringer_set_tmpfile recrypt -d
+
# Syntax check and dispatcher
if [ ! -z "$2" ]; then
keyringer_recrypt $2
@@ -46,3 +79,7 @@ else
fi
done
fi
+
+# Cleanup
+rm -rf "$TMPWORK"
+trap - EXIT
diff --git a/lib/keyringer/actions/xclip b/lib/keyringer/actions/xclip
index f63fdb5..0e36dae 100755
--- a/lib/keyringer/actions/xclip
+++ b/lib/keyringer/actions/xclip
@@ -20,7 +20,7 @@ clip() {
# Avoid "Error: target STRING not available"
# https://github.com/astrand/xclip/issues/38
- echo "$RANDOM" | $xclip
+ echo "$RANDOM" | $xclip &> /dev/null
# Copy text into clipboard
echo -n "$1" | $xclip