diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2014-05-16 16:46:54 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2014-05-16 16:46:54 -0300 |
commit | eae903f8a412ced8dfa0454b658f0305eb1971f7 (patch) | |
tree | 26ed0eb9ab0ff54a70d6252dd35ca7f7e5cb5e6a | |
parent | 778cab6307cf870d7913aea9a2afcdb68594155e (diff) | |
parent | 4edea3d52e0c04651508fba9bae6ed0d81ccaa01 (diff) | |
download | keyringer-eae903f8a412ced8dfa0454b658f0305eb1971f7.tar.gz keyringer-eae903f8a412ced8dfa0454b658f0305eb1971f7.tar.bz2 |
Merge branch 'release/0.3.4'
-rw-r--r-- | ChangeLog | 15 | ||||
-rw-r--r-- | development.mdwn | 14 | ||||
-rwxr-xr-x | keyringer | 2 | ||||
-rwxr-xr-x | lib/keyringer/actions/edit | 21 | ||||
-rwxr-xr-x | lib/keyringer/actions/encrypt | 4 | ||||
-rwxr-xr-x | lib/keyringer/actions/find | 2 | ||||
-rwxr-xr-x | lib/keyringer/functions | 4 | ||||
-rw-r--r-- | share/man/keyringer.1.mdwn | 3 |
8 files changed, 54 insertions, 11 deletions
@@ -1,4 +1,17 @@ -2014-04-10 - Silvio Rhatto <rhatto@riseup.net> +2014-05-16 - 0.3.4 - Silvio Rhatto <rhatto@riseup.net> + + Workaround for open/edit action returning instantaneously (#49) + + Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50) + + Find: rollback: use find+grep instead of 'find -iname' (#53) + + Edit/open: wait for background process to finish (#49) + + Edit: use encrypt action + + Encrypt: support for KEYRINGER_ADD_EXTENSION environment variable + which controls if file extension should be appended to secret name Genpair: generate ssh and ssl keys with 4096 bits size diff --git a/development.mdwn b/development.mdwn index 957a7f8..67c6456 100644 --- a/development.mdwn +++ b/development.mdwn @@ -37,6 +37,13 @@ These steps should be run once in a while to ensure we have an up to date packag DIST=sid sudo cowbuilder --update +Coding standards +---------------- + + - Respect the existing coding style. + + - Be clear: easy audability must be one of keyringer's requirements. + Development workflow -------------------- @@ -45,9 +52,10 @@ We use [git-flow](https://github.com/nvie/gitflow) for the development workflow. Release workflow ---------------- -Go to master branch +Go to develop branch and start a new release - git checkout master + git checkout develop + git flow release start VERSION Prepare the source code: @@ -57,6 +65,8 @@ Prepare the source code: Create and upload a new release: + git flow release finish $VERSION + git checkout master make release Update the debian branch: @@ -138,7 +138,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.3.3" +KEYRINGER_VERSION="0.3.4" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index ff220a1..3ccf977 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -38,12 +38,27 @@ fi # Prompt echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" -echo "WARNING: please make sure that $APP doesn't leak data to external applications os files" -read key +echo "WARNING: please make sure that $APP doesn't leak data to external applications or files" +echo "Press ENTER to continue" +read -s key $APP "$TMPWORK" +# Wait for background process to finish +wait + +# Workaround for some applications running in client/server mode, handling open file requests +# to a daemon and exiting immediatelly, making keyringer guess the editing is over and the file +# must be encrypted again (See #49). +# +# Thus, we cannot just wipe the file and exit keyringer, as the user might have a buffered copy +# of the unencrypted file in the application, which can lead to information leakage if the user +# saves the file and leaves the editor. +echo "Press any key when done using the file and you're sure that $APP is closed." +read -s -n 1 + # Encrypt again -$GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK" +export KEYRINGER_ADD_EXTENSION=false +keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK" # Check exit status errcrypt="$?" diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt index e9bf453..7415267 100755 --- a/lib/keyringer/actions/encrypt +++ b/lib/keyringer/actions/encrypt @@ -57,9 +57,11 @@ if [ ! -z "$3" ]; then # # Useful when opening files and the application needs the # extension to guess the file type. - if ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then + if [ "$KEYRINGER_ADD_EXTENSION" != "false" ] && ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then echo "Appending '$EXTENSION' into secret name..." FILE="$BASEPATH.$EXTENSION" + else + FILE="$BASEPATH" fi else FILE="$BASEPATH" diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find index 21afc7a..9b18d66 100755 --- a/lib/keyringer/actions/find +++ b/lib/keyringer/actions/find @@ -15,5 +15,5 @@ shift ARGS="`echo "$*" | sed -e "s|^/*||"`" # Run find command -cd "$KEYDIR/$RELATIVE_PATH" && find -iname "*$ARGS*" | sed -e 's|^./||g' +cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g' cd "$CWD" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index ad18f44..50d01db 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -287,7 +287,7 @@ function keyringer_set_env { # Avoid viminfo, see https://keyringer.pw/trac/ticket/50 if $EDITOR --help | grep -q -e "^VIM"; then if ! echo $EDITOR | grep -q -- "-i NONE"; then - EDITOR="$EDITOR -i NONE" + EDITOR="$EDITOR -i NONE '+set nowritebackup' '+set nobackup'" fi fi @@ -436,7 +436,7 @@ function keyringer_get_file { elif [ ! -f "$KEYDIR/$FILE" ]; then # Try to find a similar file count=0 - candidates=(`keyringer_exec find "$BASEDIR" "$1*.asc"`) + candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`) if [ ! -z "$candidates" ]; then echo "Could not find exact match for \"$1\", please choose one of the following secrets:" diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 3b2fbc0..407baaa 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -135,6 +135,9 @@ edit <*secret*> : Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the *$EDITOR* environment variable and then re-encrypting it. + Please make sure to use an *$EDITOR* which does not leak data like history buffers. + Keyringer tries to detect if *$EDITOR* is set to VIM and disables the *.viminfo* file. + encrypt <*secret*> [*file*] : Encrypts content from standard input or *file* into *secret* pathname. No spaces are supported in the *secret* name. If *file* is actually a folder, keyringer |