Merge branch 'release/0.3.4'

8 files changed, 54 insertions, 11 deletions

diff --git a/ChangeLog b/ChangeLog
index 738a1f1..aa63787 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,17 @@
-2014-04-10 - Silvio Rhatto <rhatto@riseup.net>
+2014-05-16 - 0.3.4 - Silvio Rhatto <rhatto@riseup.net>
+
+	Workaround for open/edit action returning instantaneously (#49)
+
+	Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50)
+
+	Find: rollback: use find+grep instead of 'find -iname' (#53)
+
+	Edit/open: wait for background process to finish (#49)
+
+	Edit: use encrypt action
+
+	Encrypt: support for KEYRINGER_ADD_EXTENSION environment variable
+	which controls if file extension should be appended to secret name
 
 	Genpair: generate ssh and ssl keys with 4096 bits size
 
diff --git a/development.mdwn b/development.mdwn
index 957a7f8..67c6456 100644
--- a/development.mdwn
+++ b/development.mdwn
@@ -37,6 +37,13 @@ These steps should be run once in a while to ensure we have an up to date packag
 
     DIST=sid sudo cowbuilder --update
 
+Coding standards
+----------------
+
+  - Respect the existing coding style.
+
+  - Be clear: easy audability must be one of keyringer's requirements.
+
 Development workflow
 --------------------
 
@@ -45,9 +52,10 @@ We use [git-flow](https://github.com/nvie/gitflow) for the development workflow.
 Release workflow
 ----------------
 
-Go to master branch
+Go to develop branch and start a new release
 
-    git checkout master
+    git checkout develop
+    git flow release start VERSION
 
 Prepare the source code:
 
@@ -57,6 +65,8 @@ Prepare the source code:
 
 Create and upload a new release:
 
+    git flow release finish $VERSION
+    git checkout master
     make release
 
 Update the debian branch:
diff --git a/keyringer b/keyringer
index 6a1eda5..e1f405f 100755
--- a/keyringer
+++ b/keyringer
@@ -138,7 +138,7 @@ function keyringer_dispatch {
 
 # Config
 NAME="keyringer"
-KEYRINGER_VERSION="0.3.3"
+KEYRINGER_VERSION="0.3.4"
 CONFIG_VERSION="0.1"
 CONFIG_BASE="$HOME/.$NAME"
 CONFIG="$CONFIG_BASE/config"
diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit
index ff220a1..3ccf977 100755
--- a/lib/keyringer/actions/edit
+++ b/lib/keyringer/actions/edit
@@ -38,12 +38,27 @@ fi
 
 # Prompt
 echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort"
-echo "WARNING: please make sure that $APP doesn't leak data to external applications os files"
-read key
+echo "WARNING: please make sure that $APP doesn't leak data to external applications or files"
+echo "Press ENTER to continue"
+read -s key
 $APP "$TMPWORK"
 
+# Wait for background process to finish
+wait
+
+# Workaround for some applications running in client/server mode, handling open file requests
+# to a daemon and exiting immediatelly, making keyringer guess the editing is over and the file
+# must be encrypted again (See #49).
+#
+# Thus, we cannot just wipe the file and exit keyringer, as the user might have a buffered copy
+# of the unencrypted file in the application, which can lead to information leakage if the user
+# saves the file and leaves the editor.
+echo "Press any key when done using the file and you're sure that $APP is closed."
+read -s -n 1
+
 # Encrypt again
-$GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK"
+export KEYRINGER_ADD_EXTENSION=false
+keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK"
 
 # Check exit status
 errcrypt="$?"
diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt
index e9bf453..7415267 100755
--- a/lib/keyringer/actions/encrypt
+++ b/lib/keyringer/actions/encrypt
@@ -57,9 +57,11 @@ if [ ! -z "$3" ]; then
     #
     # Useful when opening files and the application needs the
     # extension to guess the file type.
-    if ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then
+    if [ "$KEYRINGER_ADD_EXTENSION" != "false" ] && ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then
       echo "Appending '$EXTENSION' into secret name..."
       FILE="$BASEPATH.$EXTENSION"
+    else
+      FILE="$BASEPATH"
     fi
   else
     FILE="$BASEPATH"
diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find
index 21afc7a..9b18d66 100755
--- a/lib/keyringer/actions/find
+++ b/lib/keyringer/actions/find
@@ -15,5 +15,5 @@ shift
 ARGS="`echo "$*" | sed -e "s|^/*||"`"
 
 # Run find command
-cd "$KEYDIR/$RELATIVE_PATH" && find -iname "*$ARGS*" | sed -e 's|^./||g'
+cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g'
 cd "$CWD"
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index ad18f44..50d01db 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -287,7 +287,7 @@ function keyringer_set_env {
   # Avoid viminfo, see https://keyringer.pw/trac/ticket/50
   if $EDITOR --help | grep -q -e "^VIM"; then
     if ! echo $EDITOR | grep -q -- "-i NONE"; then
-      EDITOR="$EDITOR -i NONE"
+      EDITOR="$EDITOR -i NONE '+set nowritebackup' '+set nobackup'"
     fi
   fi
 
@@ -436,7 +436,7 @@ function keyringer_get_file {
   elif [ ! -f "$KEYDIR/$FILE" ]; then
     # Try to find a similar file
     count=0
-    candidates=(`keyringer_exec find "$BASEDIR" "$1*.asc"`)
+    candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`)
 
     if [ ! -z "$candidates" ]; then
       echo "Could not find exact match for \"$1\", please choose one of the following secrets:"
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 3b2fbc0..407baaa 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -135,6 +135,9 @@ edit <*secret*>
 :   Edit a secret by temporarily decrypting it, opening the decrypted copy into the
     text editor defined by the *$EDITOR* environment variable and then re-encrypting it.
 
+    Please make sure to use an *$EDITOR* which does not leak data like history buffers.
+    Keyringer tries to detect if *$EDITOR* is set to VIM and disables the *.viminfo* file.
+
 encrypt <*secret*> [*file*]
 :   Encrypts content from standard input or *file* into *secret* pathname. No spaces
     are supported in the *secret* name. If *file* is actually a folder, keyringer