aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2014-05-16 16:57:27 -0300
committerSilvio Rhatto <rhatto@riseup.net>2014-05-16 16:57:27 -0300
commit3570b454af7f6751c761b75333f432de31fad4e0 (patch)
tree05c749cb452e89956691c15d4ac8f70d082d8712 /lib
parent91504ef19607da26c2b99adf156ba37e2742d54e (diff)
parent03cc454684b152b036cd018e3d3d085759b86f3c (diff)
downloadkeyringer-3570b454af7f6751c761b75333f432de31fad4e0.tar.gz
keyringer-3570b454af7f6751c761b75333f432de31fad4e0.tar.bz2
Merge tag 'upstream_keyringer_0.3.4' into debian
Upstream version 0.3.4
Diffstat (limited to 'lib')
-rwxr-xr-xlib/keyringer/actions/commit14
-rwxr-xr-xlib/keyringer/actions/edit20
-rwxr-xr-xlib/keyringer/actions/encrypt4
-rwxr-xr-xlib/keyringer/actions/find2
-rwxr-xr-xlib/keyringer/actions/genpair4
-rwxr-xr-xlib/keyringer/actions/git3
-rwxr-xr-xlib/keyringer/actions/recrypt6
-rwxr-xr-xlib/keyringer/functions14
8 files changed, 54 insertions, 13 deletions
diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit
new file mode 100755
index 0000000..b124927
--- /dev/null
+++ b/lib/keyringer/actions/commit
@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# Git commit wrapper.
+#
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# Fix positional arguments
+shift
+
+# Run git command
+keyringer_exec git "$BASEDIR" commit $*
diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit
index 03ccdab..3ccf977 100755
--- a/lib/keyringer/actions/edit
+++ b/lib/keyringer/actions/edit
@@ -38,11 +38,27 @@ fi
# Prompt
echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort"
-read key
+echo "WARNING: please make sure that $APP doesn't leak data to external applications or files"
+echo "Press ENTER to continue"
+read -s key
$APP "$TMPWORK"
+# Wait for background process to finish
+wait
+
+# Workaround for some applications running in client/server mode, handling open file requests
+# to a daemon and exiting immediatelly, making keyringer guess the editing is over and the file
+# must be encrypted again (See #49).
+#
+# Thus, we cannot just wipe the file and exit keyringer, as the user might have a buffered copy
+# of the unencrypted file in the application, which can lead to information leakage if the user
+# saves the file and leaves the editor.
+echo "Press any key when done using the file and you're sure that $APP is closed."
+read -s -n 1
+
# Encrypt again
-$GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK"
+export KEYRINGER_ADD_EXTENSION=false
+keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK"
# Check exit status
errcrypt="$?"
diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt
index e9bf453..7415267 100755
--- a/lib/keyringer/actions/encrypt
+++ b/lib/keyringer/actions/encrypt
@@ -57,9 +57,11 @@ if [ ! -z "$3" ]; then
#
# Useful when opening files and the application needs the
# extension to guess the file type.
- if ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then
+ if [ "$KEYRINGER_ADD_EXTENSION" != "false" ] && ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then
echo "Appending '$EXTENSION' into secret name..."
FILE="$BASEPATH.$EXTENSION"
+ else
+ FILE="$BASEPATH"
fi
else
FILE="$BASEPATH"
diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find
index 21afc7a..9b18d66 100755
--- a/lib/keyringer/actions/find
+++ b/lib/keyringer/actions/find
@@ -15,5 +15,5 @@ shift
ARGS="`echo "$*" | sed -e "s|^/*||"`"
# Run find command
-cd "$KEYDIR/$RELATIVE_PATH" && find -iname "*$ARGS*" | sed -e 's|^./||g'
+cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g'
cd "$CWD"
diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair
index 6898b0f..6fc6dcd 100755
--- a/lib/keyringer/actions/genpair
+++ b/lib/keyringer/actions/genpair
@@ -12,7 +12,7 @@ function genpair_ssh {
read -p "Hit ENTER to continue." prompt
# We're using empty passphrases
- ssh-keygen -t rsa -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
+ ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
# Encrypt the result
echo "Encrypting secret key into keyringer..."
@@ -132,7 +132,7 @@ EOF
cat openssl.conf
read -p "Hit ENTER to continue." prompt
- openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \
+ openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \
-keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
openssl req -noout -text -in ${NODE}_csr.pem
diff --git a/lib/keyringer/actions/git b/lib/keyringer/actions/git
index d4e7aa4..059b20e 100755
--- a/lib/keyringer/actions/git
+++ b/lib/keyringer/actions/git
@@ -10,8 +10,9 @@ source "$LIB" || exit 1
# Aditional parameters
CWD="`pwd`"
-# Run git command
+# Fix positional arguments
shift
+# Run git command
mkdir -p "$BASEDIR" && cd "$BASEDIR" && git $*
cd "$CWD"
diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt
index 696399b..30c9254 100755
--- a/lib/keyringer/actions/recrypt
+++ b/lib/keyringer/actions/recrypt
@@ -16,10 +16,10 @@ function keyringer_recrypt {
keyringer_set_recipients "$FILE"
# Decrypt
- decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)"
+ decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE")"
if [ "$?" != "0" ]; then
- echo "Decryption error."
+ echo "Decryption error on $1."
exit 1
fi
@@ -27,7 +27,7 @@ function keyringer_recrypt {
recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`"
if [ "$?" != "0" ]; then
- echo "Recryption error."
+ echo "Recryption error on $1."
exit 1
fi
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index f1af951..50d01db 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -284,6 +284,13 @@ function keyringer_set_env {
fi
fi
+ # Avoid viminfo, see https://keyringer.pw/trac/ticket/50
+ if $EDITOR --help | grep -q -e "^VIM"; then
+ if ! echo $EDITOR | grep -q -- "-i NONE"; then
+ EDITOR="$EDITOR -i NONE '+set nowritebackup' '+set nobackup'"
+ fi
+ fi
+
if [ ! -f "$OPTIONS" ]; then
echo "No option config was found"
exit 1
@@ -429,7 +436,7 @@ function keyringer_get_file {
elif [ ! -f "$KEYDIR/$FILE" ]; then
# Try to find a similar file
count=0
- candidates=(`keyringer_exec find "$BASEDIR" "$1*.asc"`)
+ candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`)
if [ ! -z "$candidates" ]; then
echo "Could not find exact match for \"$1\", please choose one of the following secrets:"
@@ -510,7 +517,7 @@ function keyringer_action_usage {
# Return available actions
function keyringer_show_actions {
- ls $ACTIONS
+ ls -C $ACTIONS
}
# Usage
@@ -518,7 +525,7 @@ function keyringer_usage {
local keyrings="$(ls --color=never `dirname $CONFIG` | sed -e 's/config//' | xargs)"
printf "Keyringer $KEYRINGER_VERSION\n"
- printf "Usage: %s <keyring> <action> [arguments]\n\n" "$BASENAME"
+ printf "Usage: keyringer <keyring> <action> [arguments]\n\n"
# Display only when not in a keyring context
if [ ! -z "$keyrings" ] && [ -z "$1" ]; then
@@ -531,6 +538,7 @@ function keyringer_usage {
printf "\tinit <path> [remote]\n" $BASENAME
fi
keyringer_show_actions | sed -e 's/^/\t/'
+ printf "\n"
}
# Check repository integrity