diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2019-01-30 15:01:25 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2019-01-30 15:01:25 -0200 |
commit | efd2b4887d30fb9163bb14dffe8312e4a2097b2a (patch) | |
tree | 247cfaa26950d8579abd86a4502ca08d4862cbe8 | |
parent | a5e39bf904e83989b763f001a29adb9053df60f2 (diff) | |
parent | bfb19958de60135f98deec6089cd291b43ba9d9c (diff) | |
download | keyringer-upstream_keyringer_0.5.4.tar.gz keyringer-upstream_keyringer_0.5.4.tar.bz2 |
New upstream version 0.5.4upstream_keyringer_0.5.4
-rw-r--r-- | ChangeLog | 12 | ||||
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | ikiwiki.setup | 216 | ||||
-rw-r--r-- | ikiwiki.yaml | 426 | ||||
-rwxr-xr-x | keyringer | 4 | ||||
-rwxr-xr-x | lib/keyringer/actions/genkeys | 11 | ||||
-rwxr-xr-x | lib/keyringer/actions/shell | 2 | ||||
-rwxr-xr-x | lib/keyringer/functions | 4 |
8 files changed, 451 insertions, 226 deletions
@@ -1,4 +1,14 @@ -2017-11-23 - 0.5.3 - Silvio Rhatto <rhatto@riseup.net> +2019-01-29 - 0.5.4 - Silvio Rhatto <rhatto@riseup.net> + + Use --no-encrypt-to GnuPG option to strictly respect the recipients file + + Fixes BASEDIR evaluation at init action + + Adds history support at shell action + + Fix passphrase entry at genpairs when exporting secret keys + +2018-05-30 - 0.5.3 - Silvio Rhatto <rhatto@riseup.net> Grégoire Jadi <gjadi@omecha.info> Jérémie Courrèges-Anglas <jca@wxcvbn.org> @@ -85,7 +85,7 @@ debian: gbp buildpackage --git-tag-only --git-sign-tags web: - @ikiwiki --setup ikiwiki.setup + @ikiwiki --setup ikiwiki.yaml web_deploy: @rsync -avz --delete www/ blog:/var/sites/keyringer/www/ diff --git a/ikiwiki.setup b/ikiwiki.setup deleted file mode 100644 index f316524..0000000 --- a/ikiwiki.setup +++ /dev/null @@ -1,216 +0,0 @@ -#!/usr/bin/perl -# Configuration file for ikiwiki. -# Passing this to ikiwiki --setup will make ikiwiki generate wrappers and -# build the wiki. -# -# Remember to re-run ikiwiki --setup any time you edit this file. - -use IkiWiki::Setup::Standard { - wikiname => "Keyringer: encrypted and distributed secret sharing software", - adminuser => ["keyringer", ], - adminemail => 'rhatto@keyringer.pw', - - # Be sure to customise these.. - srcdir => ".", - destdir => "www", - - url => "https://keyringer.pw", - cgiurl => "https://keyringer.pw/ikiwiki.cgi", - #templatedir => "/usr/share/ikiwiki/templates", - #underlaydir => "/usr/share/ikiwiki/basewiki", - - # Subversion stuff. - #rcs => "svn", - #historyurl => "http://svn.example.org/trunk/[[file]]", - #diffurl => "http://svn.example.org/trunk/[[file]]?root=wiki&r1=[[r1]]&r2=[[r2]]", - #svnrepo => "/svn/wiki", - #svnpath => "trunk", - - # Git stuff. - rcs => "git", - historyurl => "https://git.fluxo.info/keyringer/log/[[file]]", - diffurl => 'https://git.fluxo.info/keyringer/commit/[[file]]?id=[[sha1_commit]]', - #gitorigin_branch => "origin", - #gitmaster_branch => "master", - # See https://ikiwiki.info/tips/laptop_wiki_with_git/ - gitorigin_branch => '', - - # Tla stuff. - #rcs => "tla" - #historyurl => ??, - #diffurl => ??, - - # Mercurial stuff. - #rcs => "mercurial", - #historyurl => "http://localhost:8000/log/tip/[[file]]", # hg serve'd local repository - #diffurl => "http://localhost:8000/?fd=[[r2]];file=[[file]]", - - # Bazaar stuff. - #rcs => "bzr", - #historyurl => "", - #diffurl => "http://example.com/revision?start_revid=[[r2]]#[[file]]-s", # using loggerhead - - # Monotone stuff - #rcs => "monotone", - #mtnkey => "web\@machine.company.com", - #historyurl => "http://viewmtn.example.com/branch/head/filechanges/com.example.branch/[[file]]", - #diffurl => "http://viewmtn.example.com/revision/diff/[[r1]]/with/[[r2]]/[[file]]", - # Set if you want the wiki to sync on update and commit. - #mtnsync => 0, - # The path to your workspace (defaults to the srcdir itself) - # e.g. use if your srcdir is a subdirectory of the workspace. - #mtnrootdir => "path/to/root/of/workspace", - - wrappers => [ - #{ - # # The cgi wrapper. - # cgi => 0, - # wrapper => "/var/sites/rhatto/ikiwiki/ikiwiki.cgi", - # wrappermode => "06550", - # wrappergroup => "www-data", - #}, - #{ - # # The svn post-commit wrapper. - # # Note that this will overwrite any existing - # # post-commit hook script, which may not be - # # what you want. - # wrapper => "/svn/wikirepo/hooks/post-commit", - # wrappermode => "04755", - # # Log to syslog since svn post-commit hooks - # # hide output and errors. - # syslog => 1, - #}, - #{ - # # The git post-update wrapper. - # # Note that this will overwrite any existing - # # post-update hook script, which may not be - # # what you want. - # wrapper => "/var/git/repositories/rhatto.git/hooks/post-update", - # wrappermode => "06550", - # wrappergroup => "git", - #}, - #{ - # # The monotone netsync hook. - # wrapper => "path/to/root/of/workspace/_MTN/ikiwiki-netsync-hook", - # wrappermode => "06755", - #}, - ], - - # Default to generating rss feeds for pages with feeds? - rss => 1, - # Default to generating atom feeds for pages with feeds? - #atom => 1, - # Allow generating feeds even if not generated by default? - #allowrss => 1, - #allowatom => 1, - # Urls to ping with XML-RPC when feeds are updated - #pingurl => [qw{http://rpc.technorati.com/rpc/ping}], - # Include discussion links on all pages? - discussion => 0, - # To exclude files matching a regexp from processing. This adds to - # the default exclude list. - #exclude => qr/\.wav$/, - exclude => qr/www/, - # To change the extension used for generated html files. - #htmlext => 'htm', - # Time format (for strftime) - #timeformat => '%c', - # Locale to use. Must be a UTF-8 locale. - #locale => 'en_US.UTF-8', - # Only send cookies over SSL connections. - #sslcookie => 1, - # Logging settings: - #verbose => 1, - syslog => 0, - # To link to user pages in a subdirectory of the wiki. - #userdir => "users", - # To create output files named page.html rather than page/index.html. - #usedirs => 0, - # Simple spam prevention: require an account-creation password. - #account_creation_password => "guesswhat", - # Cost of generating a password using Authen::Passphrase::BlowfishCrypt - #password_cost => 8, - # Uncomment to force ikiwiki to run with a particular umask. - umask => 002, - # Default settings for the recentchanges page. - #recentchangespage => "recentchanges", - #recentchangesnum => 100, - # Use new '!'-prefixed preprocessor directive syntax - #prefix_directives => 0, - # Attempt to make hardlinks to source files instead of copying them. - # Useful if the wiki contains large media files. - #hardlink => 1, - # Enable use of multimarkdown features in .mdwn files. - #multimarkdown => 1, - - # To add plugins, list them here. - #add_plugins => [qw{goodstuff search wikitext camelcase - # htmltidy fortune sidebar map rst anonok}], - add_plugins => [qw{goodstuff sidebar}], - # If you want to disable any of the default plugins, list them here. - #disable_plugins => [qw{inline htmlscrubber passwordauth openid}], - disable_plugins => [qw{openid editpage}], - # To add a directory to the perl search path, use this. - #libdir => "/home/me/.ikiwiki/", - - # To override environment variable settings, you can list values here. - #ENV => { - # TZ => "America/New_York", - # PATH => "/home/me/bin:/usr/local/bin:/usr/bin:/bin", - #}, - - # For use with the tag plugin, make all tags be located under a - # base page. - #tagbase => "tag", - - # For use with the search plugin if the omega cgi is located - # somewhere else. - #omega_cgi => "/usr/lib/cgi-bin/omega/omega", - - # For use with the openid plugin, to give an url to a page users - # can use to signup for an OpenID. - #openidsignup => "http://myopenid.com/", - - # For use with the mirrorlist plugin, a list of mirrors. - #mirrorlist => { - # mirror1 => "http://hostname1", - # mirror2 => "http://hostname2/mirror", - #}, - - # For use with the anonok plugin, a PageSpec specifying what - # pages anonymous users can edit - #anonok_pagespec => "*", - - # For use with the aggregate plugin, to allow aggregation to be - # triggered via the web. - #aggregate_webtrigger => 1, - - # For use with the pinger plugin, how many seconds to wait before - # timing out. - #pinger_timeout => 15. - - # For use with the amazon S3 plugin, your public access key id. - #amazon_s3_key_id => 'XXXXXXXXXXXXXXXXXXXX', - # And a file holding your secret key. This file *must* not be - # readable by others! - #amazon_s3_key_file => "/home/me/.hide/.s3_key - # The globally unique name of the bucket to use to store the wiki. - #amazon_s3_bucket => "mywiki", - # A prefix to prepend to each page name. - #amazon_s3_prefix => "wiki/", - # Uncomment to use the S3 European datacenter. - #amazon_s3_location => "EU", - # Uncomment if you need to store each index file twice. - #amazon_s3_dupindex => 1, - - # For use with the attachment plugin, a program that returns - # nonzero if its standard input contains an virus. - #virus_checker => "clamdscan -", - - # See https://ikiwiki.info/plugins/po/ - #po_master_language => 'en|English', - #po_slave_languages => [ 'pt|Portuguese' ], - - # See http://ikiwiki.info/plugins/rsync/ - #rsync_command => 'rsync -qa --delete . keyringer:/var/sites/keyringer/www/', -} diff --git a/ikiwiki.yaml b/ikiwiki.yaml new file mode 100644 index 0000000..3ee0fb8 --- /dev/null +++ b/ikiwiki.yaml @@ -0,0 +1,426 @@ +# IkiWiki::Setup::Yaml - YAML formatted setup file +# +# Setup file for ikiwiki. +# +# Passing this to ikiwiki --setup will make ikiwiki generate +# wrappers and build the wiki. +# +# Remember to re-run ikiwiki --setup any time you edit this file. +# +# name of the wiki +wikiname: 'Keyringer: encrypted and distributed secret sharing software' +# contact email for wiki +adminemail: rhatto@keyringer.pw +# users who are wiki admins +adminuser: +- keyringer +# users who are banned from the wiki +banned_users: [] +# where the source of the wiki is located +srcdir: . +# where to build the wiki +destdir: www +# base url to the wiki +url: https://keyringer.pw +# url to the ikiwiki.cgi +cgiurl: https://keyringer.pw/ikiwiki.cgi +# do not adjust cgiurl if CGI is accessed via different URL +reverse_proxy: 0 +# filename of cgi wrapper to generate +cgi_wrapper: '' +# mode for cgi_wrapper (can safely be made suid) +cgi_wrappermode: 06755 +# number of seconds to delay CGI requests when overloaded +cgi_overload_delay: '' +# message to display when overloaded (may contain html) +cgi_overload_message: '' +# enable optimization of only refreshing committed changes? +only_committed_changes: 0 +# rcs backend to use +rcs: git +# plugins to add to the default configuration +add_plugins: +- goodstuff +- sidebar +# plugins to disable +disable_plugins: +- openid +- editpage +# additional directory to search for template files +templatedir: /usr/share/ikiwiki/templates +# base wiki source location +underlaydir: /usr/share/ikiwiki/basewiki +# display verbose messages? +#verbose: 1 +# log to syslog? +#syslog: 1 +# create output files named page/index.html? +usedirs: 1 +# use '!'-prefixed preprocessor directives? +prefix_directives: 1 +# use page/index.mdwn source files +indexpages: 0 +# enable Discussion pages? +discussion: 0 +# name of Discussion pages +discussionpage: Discussion +# use elements new in HTML5 like <section>? +html5: 0 +# only send cookies over SSL connections? +sslcookie: 0 +# extension to use for new pages +default_pageext: mdwn +# extension to use for html files +htmlext: html +# strftime format string to display date +timeformat: '%c' +# UTF-8 locale to use +#locale: en_US.UTF-8 +# put user pages below specified page +userdir: '' +# how many backlinks to show before hiding excess (0 to show all) +numbacklinks: 10 +# attempt to hardlink source files? (optimisation for large files) +hardlink: 0 +# force ikiwiki to use a particular umask (keywords public, group or private, or a number) +umask: 2 +# group for wrappers to run in +#wrappergroup: ikiwiki +# extra library and plugin directories +libdirs: [] +# extra library and plugin directory (searched after libdirs) +libdir: '' +# environment variables +ENV: {} +# time zone name +timezone: :/etc/localtime +# regexp of normally excluded files to include +#include: ^\.htaccess$ +# regexp of files that should be skipped +exclude: (?^:www) +# specifies the characters that are allowed in source filenames +wiki_file_chars: -[:alnum:]+/.:_ +# allow symlinks in the path leading to the srcdir (potentially insecure) +allow_symlinks_before_srcdir: 0 +# cookie control +cookiejar: + file: /home/rhatto/.ikiwiki/cookies +# set custom user agent string for outbound HTTP requests e.g. when fetching aggregated RSS feeds +useragent: ikiwiki/3.20170111 +# theme has a responsive layout? (mobile-optimized) +responsive_layout: 1 +# try harder to produce deterministic output +deterministic: 0 + +###################################################################### +# core plugins +# (editpage, git, htmlscrubber, inline, link, meta, parentlinks, +# templatebody) +###################################################################### + +# git plugin +# git hook to generate +#git_wrapper: /git/wiki.git/hooks/post-update +# shell command for git_wrapper to run, in the background +#git_wrapper_background_command: git push github +# mode for git_wrapper (can safely be made suid) +#git_wrappermode: 06755 +# git pre-receive hook to generate +#git_test_receive_wrapper: /git/wiki.git/hooks/pre-receive +# unix users whose commits should be checked by the pre-receive hook +#untrusted_committers: [] +# gitweb url to show file history ([[file]] substituted) +historyurl: https://git.fluxo.info/keyringer/log/[[file]] +# gitweb url to show a diff ([[file]], [[sha1_to]], [[sha1_from]], [[sha1_commit]], and [[sha1_parent]] substituted) +diffurl: https://git.fluxo.info/keyringer/commit/[[file]]?id=[[sha1_commit]] +# where to pull and push changes (set to empty string to disable) +gitorigin_branch: '' +# branch that the wiki is stored in +gitmaster_branch: master + +# htmlscrubber plugin +# PageSpec specifying pages not to scrub +#htmlscrubber_skip: '!*/Discussion' + +# inline plugin +# enable rss feeds by default? +rss: 1 +# enable atom feeds by default? +#atom: 0 +# allow rss feeds to be used? +#allowrss: 0 +# allow atom feeds to be used? +#allowatom: 0 +# urls to ping (using XML-RPC) on feed update +pingurl: [] + +###################################################################### +# auth plugins +# (anonok, blogspam, emailauth, httpauth, lockedit, moderatedcomments, +# opendiscussion, openid, passwordauth, signinedit) +###################################################################### + +# anonok plugin +# PageSpec to limit which pages anonymous users can edit +#anonok_pagespec: '*/discussion' + +# blogspam plugin +# PageSpec of pages to check for spam +#blogspam_pagespec: postcomment(*) +# options to send to blogspam server +#blogspam_options: blacklist=1.2.3.4,blacklist=8.7.6.5,max-links=10 +# blogspam server JSON url +#blogspam_server: '' + +# emailauth plugin +# email address to send emailauth mails as (default: adminemail) +#emailauth_sender: '' + +# httpauth plugin +# url to redirect to when authentication is needed +#cgiauthurl: http://example.com/wiki/auth/ikiwiki.cgi +# PageSpec of pages where only httpauth will be used for authentication +#httpauth_pagespec: '!*/Discussion' + +# lockedit plugin +# PageSpec controlling which pages are locked +#locked_pages: '!*/Discussion' + +# moderatedcomments plugin +# PageSpec matching users or comment locations to moderate +#moderate_pagespec: '*' + +# openid plugin +# url pattern of openid realm (default is cgiurl) +#openid_realm: '' +# url to ikiwiki cgi to use for openid authentication (default is cgiurl) +#openid_cgiurl: '' + +# passwordauth plugin +# a password that must be entered when signing up for an account +#account_creation_password: s3cr1t +# cost of generating a password using Authen::Passphrase::BlowfishCrypt +#password_cost: 8 + +###################################################################### +# format plugins +# (creole, highlight, hnb, html, mdwn, otl, po, rawhtml, rst, textile, +# txt) +###################################################################### + +# highlight plugin +# types of source files to syntax highlight +#tohighlight: .c .h .cpp .pl .py Makefile:make +# location of highlight's filetypes.conf +#filetypes_conf: /etc/highlight/filetypes.conf +# location of highlight's langDefs directory +#langdefdir: /usr/share/highlight/langDefs + +# mdwn plugin +# enable multimarkdown features? +#multimarkdown: 0 +# disable use of markdown discount? +#nodiscount: 0 + +# po plugin +# master language (non-PO files) +#po_master_language: en|English +# slave languages (translated via PO files) format: ll|Langname +#po_slave_languages: +#- fr|Français +#- es|Español +#- de|Deutsch +# PageSpec controlling which pages are translatable +#po_translatable_pages: '* and !*/Discussion' +# internal linking behavior (default/current/negotiated) +#po_link_to: current + +###################################################################### +# special-purpose plugins +# (osm, underlay) +###################################################################### + +# osm plugin +# the default zoom when you click on the map link +#osm_default_zoom: 15 +# the icon shown on links and on the main map +#osm_default_icon: ikiwiki/images/osm.png +# the alt tag of links, defaults to empty +#osm_alt: '' +# the output format for waypoints, can be KML, GeoJSON or CSV (one or many, comma-separated) +#osm_format: KML +# the icon attached to a tag, displayed on the map for tagged pages +#osm_tag_default_icon: icon.png +# Url for the OpenLayers.js file +#osm_openlayers_url: http://www.openlayers.org/api/OpenLayers.js +# Layers to use in the map. Can be either the 'OSM' string or a type option for Google maps (GoogleNormal, GoogleSatellite, GoogleHybrid or GooglePhysical). It can also be an arbitrary URL in a syntax acceptable for OpenLayers.Layer.OSM.url parameter. +#osm_layers: +# OSM: GoogleSatellite +# Google maps API key, Google layer not used if missing, see https://code.google.com/apis/console/ to get an API key +#osm_google_apikey: '' + +# underlay plugin +# extra underlay directories to add +#add_underlays: +#- /home/rhatto/wiki.underlay + +###################################################################### +# web plugins +# (404, attachment, comments, editdiff, edittemplate, getsource, google, +# goto, mirrorlist, remove, rename, repolist, search, theme, userlist, +# websetup, wmd) +###################################################################### + +# attachment plugin +# enhanced PageSpec specifying what attachments are allowed +#allowed_attachments: virusfree() and mimetype(image/*) and maxsize(50kb) +# virus checker program (reads STDIN, returns nonzero if virus found) +#virus_checker: clamdscan - + +# comments plugin +# PageSpec of pages where comments are allowed +#comments_pagespec: blog/* and !*/Discussion +# PageSpec of pages where posting new comments is not allowed +#comments_closed_pagespec: blog/controversial or blog/flamewar +# Base name for comments, e.g. "comment_" for pages like "sandbox/comment_12" +#comments_pagename: '' +# Interpret directives in comments? +#comments_allowdirectives: 0 +# Allow anonymous commenters to set an author name? +#comments_allowauthor: 0 +# commit comments to the VCS +#comments_commit: 1 +# Restrict formats for comments to (no restriction if empty) +#comments_allowformats: mdwn txt + +# getsource plugin +# Mime type for returned source. +#getsource_mimetype: text/plain; charset=utf-8 + +# mirrorlist plugin +# list of mirrors +#mirrorlist: {} +# generate links that point to the mirrors' ikiwiki CGI +#mirrorlist_use_cgi: 1 + +# repolist plugin +# URIs of repositories containing the wiki's source +#repositories: +#- svn://svn.example.org/wiki/trunk + +# search plugin +# path to the omega cgi program +#omega_cgi: /usr/lib/cgi-bin/omega/omega +# use google site search rather than internal xapian index? +#google_search: 1 + +# theme plugin +# name of theme to enable +#theme: actiontabs + +# websetup plugin +# list of plugins that cannot be enabled/disabled via the web interface +#websetup_force_plugins: [] +# list of additional setup field keys to treat as unsafe +#websetup_unsafe: [] +# show unsafe settings, read-only, in web interface? +#websetup_show_unsafe: 1 + +###################################################################### +# widget plugins +# (calendar, color, conditional, cutpaste, date, format, fortune, +# graphviz, haiku, headinganchors, img, linkmap, listdirectives, map, +# more, orphans, pagecount, pagestats, poll, polygen, postsparkline, +# progress, shortcut, sparkline, table, template, teximg, toc, toggle, +# version) +###################################################################### + +# calendar plugin +# base of the archives hierarchy +#archivebase: archives +# PageSpec of pages to include in the archives, if option `calendar_autocreate` is true. +#archive_pagespec: page(posts/*) and !*/Discussion +# autocreate new calendar pages? +#calendar_autocreate: 1 +# if set, when building calendar pages, also build pages of year and month when no pages were published (building empty calendars). +#calendar_fill_gaps: 1 + +# img plugin +# Image formats to process (jpeg, png, gif, svg, pdf or 'everything' to accept all) +#img_allowed_formats: '' + +# listdirectives plugin +# directory in srcdir that contains directive descriptions +#directive_description_dir: ikiwiki/directive + +# teximg plugin +# Should teximg use dvipng to render, or dvips and convert? +#teximg_dvipng: '' +# LaTeX prefix for teximg plugin +#teximg_prefix: | +# \documentclass{article} +# \usepackage[utf8]{inputenc} +# \usepackage{amsmath} +# \usepackage{amsfonts} +# \usepackage{amssymb} +# \pagestyle{empty} +# \begin{document} +# LaTeX postfix for teximg plugin +#teximg_postfix: \end{document} + +###################################################################### +# other plugins +# (aggregate, autoindex, brokenlinks, camelcase, ddate, embed, favicon, +# filecheck, flattr, goodstuff, htmlbalance, localstyle, loginselector, +# notifyemail, pagetemplate, pingee, pinger, prettydate, recentchanges, +# recentchangesdiff, relativedate, rsync, sidebar, smiley, +# sortnaturally, tag, testpagespec, trail, transient) +###################################################################### + +# aggregate plugin +# enable aggregation to internal pages? +#aggregateinternal: 1 +# allow aggregation to be triggered via the web? +#aggregate_webtrigger: 0 + +# autoindex plugin +# commit autocreated index pages +#autoindex_commit: 1 + +# camelcase plugin +# list of words to not turn into links +#camelcase_ignore: [] + +# flattr plugin +# userid or user name to use by default for Flattr buttons +#flattr_userid: joeyh + +# pinger plugin +# how many seconds to try pinging before timing out +#pinger_timeout: 15 + +# prettydate plugin +# format to use to display date +#prettydateformat: '%X, %B %o, %Y' + +# recentchanges plugin +# name of the recentchanges page +recentchangespage: recentchanges +# number of changes to track +recentchangesnum: 100 + +# rsync plugin +# command to run to sync updated pages +#rsync_command: rsync -qa --delete . user@host:/path/to/docroot/ + +# sidebar plugin +# show sidebar page on all pages? +#global_sidebars: 1 + +# tag plugin +# parent page tags are located under +#tagbase: tag +# autocreate new tag pages? +#tag_autocreate: 1 +# commit autocreated tag pages +tag_autocreate_commit: 1 @@ -93,7 +93,7 @@ function keyringer_init { fi # Reparse basedir to force absolute folder - BASEDIR="`cd $BASEDIR && pwd`" + BASEDIR="`cd $BASEDIR &> /dev/null && pwd`" # Add entry chmod 700 "$BASEDIR" @@ -140,7 +140,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.5.3" +KEYRINGER_VERSION="0.5.4" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys index deacbfd..addd10d 100755 --- a/lib/keyringer/actions/genkeys +++ b/lib/keyringer/actions/genkeys @@ -52,7 +52,7 @@ function genkeys_gpg { passphrase="`keyringer_exec decrypt "$BASEDIR" "$FILE.passwd"`" # TODO: insert random bytes - # TODO: custom Name-Comment and Name-Email + # TODO: custom Name-Email $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF Key-Type: RSA Key-Length: 4096 @@ -66,8 +66,11 @@ function genkeys_gpg { EOF # Encrypt the result + # See https://superuser.com/questions/1135812/gpg2-asking-for-passphrase-when-importing-secret-keys#1135950 + # https://stackoverflow.com/questions/49072403/suppress-the-passphrase-prompt-in-gpg-command + # https://dev.gnupg.org/T2313 echo "Encrypting secret key into keyringer..." - $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE" + echo -e "${passphrase}\n" | $GPG --armor --homedir "$TMPWORK" --passphrase-fd 0 --batch --no-tty --pinentry-mode=loopback --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE" echo "Encrypting public key into keyringer..." $GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" #echo "Encrypting passphrase into keyringer..." @@ -76,8 +79,8 @@ EOF if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" - $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE" - $GPG --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub" + echo -e "${passphrase}\n" | $GPG --armor --homedir "$TMPWORK" --passphrase-fd 0 --batch --no-tty --pinentry-mode=loopback --export-secret-keys > "$OUTFILE" + $GPG --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub" fi echo "Done" diff --git a/lib/keyringer/actions/shell b/lib/keyringer/actions/shell index 3b98d68..d87a638 100755 --- a/lib/keyringer/actions/shell +++ b/lib/keyringer/actions/shell @@ -15,6 +15,8 @@ keyringer_usage $KEYRING # While a "quit" command isn't entered, read STDIN while read -rep "keyringer:/${KEYRING}${SHELLPATH}> " STDIN; do + history -s "$STDIN" + if [ "$STDIN" == "quit" ] || [ "$STDIN" == "exit" ] || [ "$STDIN" == "bye" ]; then break elif [ "$STDIN" == "shell" ]; then diff --git a/lib/keyringer/functions b/lib/keyringer/functions index d529daf..308d0ea 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -314,9 +314,9 @@ function keyringer_set_env { fi if [ ! -z "$KEYID" ]; then - GPG="gpg --quiet -u $KEYID" + GPG="gpg --quiet --no-encrypt-to -u $KEYID" else - GPG="gpg --quiet" + GPG="gpg --quiet --no-encrypt-to" fi # Check keyring config version |