summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--ChangeLog18
-rw-r--r--Makefile22
-rwxr-xr-xkeyringer32
-rwxr-xr-xlib/keyringer/actions/cp33
-rwxr-xr-xlib/keyringer/actions/edit4
-rw-r--r--lib/keyringer/completions/bash/keyringer9
-rw-r--r--lib/keyringer/completions/zsh/_keyringer13
-rwxr-xr-xlib/keyringer/functions11
-rw-r--r--share/keyringer/editors/vim (renamed from lib/keyringer/editors/vim)0
-rw-r--r--share/man/keyringer.112
-rw-r--r--share/man/keyringer.1.mdwn10
12 files changed, 126 insertions, 39 deletions
diff --git a/.gitignore b/.gitignore
index 814194e..55c4e77 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,5 @@ debian/keyringer
debian/files
debian/files
debian/keyringer.substvars
+tarballs
.pc
diff --git a/ChangeLog b/ChangeLog
index 3ded1f5..683c853 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2014-08-21 - 0.3.7 - Silvio Rhatto <rhatto@riseup.net>
+
+ Init: just set git user/mail if needed
+
+ Shell completions: use KEYRINGER_CHECK_RECIPIENTS=false to avoid
+ fatal errors
+
+ Shell completions: minor zsh fixes
+
+ Shell completions: fix handling of keyrings with '-' in their names
+
+ Edit: Unset RELATIVE_PATH before encrypting file
+
+ New 'cp' action
+
+ Reset 'expiry' on keyringer_check_expiration, reported and fixed
+ by Jamie (closes #62)
+
2014-05-20 - 0.3.6 - Silvio Rhatto <rhatto@riseup.net>
Makefile fix
diff --git a/Makefile b/Makefile
index 96742fc..07513f2 100644
--- a/Makefile
+++ b/Makefile
@@ -14,10 +14,11 @@
# Place - Suite 330, Boston, MA 02111-1307, USA
#
-PACKAGE = keyringer
-VERSION = $(shell ./keyringer | head -n 1 | cut -d ' ' -f 2)
-PREFIX ?= /usr/local
-INSTALL = /usr/bin/install
+PACKAGE = keyringer
+VERSION = $(shell ./keyringer | head -n 1 | cut -d ' ' -f 2)
+PREFIX ?= /usr/local
+ARCHIVE ?= tarballs
+INSTALL = /usr/bin/install
clean:
find . -name *~ | xargs rm -f # clean local backups
@@ -26,8 +27,8 @@ install_lib:
$(INSTALL) -D --mode=0755 lib/keyringer/functions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/functions
$(INSTALL) -D --mode=0755 -d lib/keyringer/actions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions
$(INSTALL) -D --mode=0755 lib/keyringer/actions/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions
- $(INSTALL) -D --mode=0755 -d lib/keyringer/editors $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
- $(INSTALL) -D --mode=0755 lib/keyringer/editors/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
+ $(INSTALL) -D --mode=0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
+ $(INSTALL) -D --mode=0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
install_bin:
$(INSTALL) -D --mode=0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer
@@ -53,7 +54,8 @@ build_man:
sed -i -e 's/--/\\-\\-/g' share/man/keyringer.1
tarball:
- git archive --prefix=keyringer-$(VERSION)/ --format=tar HEAD | bzip2 >../tarballs/keyringer-$(VERSION).tar.bz2
+ mkdir -p $(ARCHIVE)
+ git archive --prefix=keyringer-$(VERSION)/ --format=tar HEAD | bzip2 > $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
release:
@make build_man
@@ -65,8 +67,8 @@ release:
git flow release finish -s $(VERSION)
git checkout master
@make tarball
- gpg --use-agent --armor --detach-sign --output ../tarballs/keyringer-$(VERSION).tar.bz2.asc ../tarballs/keyringer-$(VERSION).tar.bz2
- scp ../tarballs/keyringer-$(VERSION).tar.bz2* keyringer:/var/sites/keyringer/releases/
+ gpg --use-agent --armor --detach-sign --output $(ARCHIVE)/keyringer-$(VERSION).tar.bz2.asc $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
+ scp $(ARCHIVE)/keyringer-$(VERSION).tar.bz2* keyringer:/var/sites/keyringer/releases/
# We're doing tagging afterwards:
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568375
#git tag -s $(VERSION) -m "Keyringer $(VERSION)"
@@ -74,7 +76,7 @@ release:
debian:
git checkout debian
- git-import-orig --upstream-vcs-tag=$(VERSION) ../tarballs/keyringer-$(VERSION).tar.bz2
+ git-import-orig --upstream-vcs-tag=$(VERSION) $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
# Fine tune debian/changelog prepared by git-dch
dch -e
git commit -a -m "Updating debian/changelog"
diff --git a/keyringer b/keyringer
index b8edc8e..059b157 100755
--- a/keyringer
+++ b/keyringer
@@ -106,8 +106,10 @@ function keyringer_init {
keyringer_git_ignore 'tmp/*'
# Git configuration
- git config user.email "$email"
- git config user.name "$name"
+ if [ ! -z "$email" ]; then
+ git config user.email "$email"
+ git config user.name "$name"
+ fi
# Edit default recipients
echo "Now you have to edit the default recipient configuration to be able to encrypt secrets."
@@ -138,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.3.6"
+KEYRINGER_VERSION="0.3.7"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
@@ -149,13 +151,6 @@ ACTION="$2"
# Turn off pathname expansion so expansion can work properly
set -f
-# Export globals for other scripts
-export PREFERENCES="`dirname $CONFIG`/$KEYRING"
-export KEYRINGER_VERSION
-export CONFIG_VERSION
-export KEYRING
-export CONFIG
-
# Set functions location
if [ -e "`dirname $(readlink -f $0)`/lib/$NAME/functions" ]; then
# Development or local installation layout
@@ -165,6 +160,15 @@ else
LIB="`dirname $(readlink -f $0)`/../lib/$NAME/functions"
fi
+# Set shared files location
+if [ -e "`dirname $(readlink -f $0)`/share/$NAME" ]; then
+ # Development or local installation layout
+ SHARE="`dirname $(readlink -f $0)`/share/$NAME"
+else
+ # System installation layout
+ SHARE="`dirname $(readlink -f $0)`/../share/$NAME"
+fi
+
# Set actions location
if [ -e "`dirname $(readlink -f $0)`/lib/$NAME/actions" ]; then
# Development or local installation layout
@@ -174,6 +178,14 @@ else
ACTIONS="`dirname $(readlink -f $0)`/../lib/$NAME/actions"
fi
+# Export globals for other scripts
+export PREFERENCES="`dirname $CONFIG`/$KEYRING"
+export KEYRINGER_VERSION
+export CONFIG_VERSION
+export KEYRING
+export CONFIG
+export SHARE
+
# Load functions
source "$LIB" || exit 1
diff --git a/lib/keyringer/actions/cp b/lib/keyringer/actions/cp
new file mode 100755
index 0000000..0629b61
--- /dev/null
+++ b/lib/keyringer/actions/cp
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copy secrets.
+#
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# Aditional parameters
+CWD="`pwd`"
+
+# Avoid leading slash
+ORIG="$(keyringer_filename `echo "$2" | sed -e "s|^/*||"`)"
+DEST="`echo "$3" | sed -e "s|^/*||"`"
+
+# Set destination
+if [ ! -d "$KEYDIR/$RELATIVE_PATH/$DEST" ]; then
+ keyringer_get_new_file $DEST
+else
+ FILE="$DEST"
+fi
+
+# Check if secret exists
+if ! echo "$ORIG" | grep -q '*' && [ ! -e "$KEYDIR/$RELATIVE_PATH/$ORIG" ]; then
+ echo "Secret not found: $ORIG"
+ exit 1
+fi
+
+# Run move command
+cd "$KEYDIR" && cp -a "./$RELATIVE_PATH/$ORIG" "./$FILE"
+keyringer_exec git "$BASEDIR" add "keys/$FILE"
+cd "$CWD"
diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit
index a5f14d4..c9f3f12 100755
--- a/lib/keyringer/actions/edit
+++ b/lib/keyringer/actions/edit
@@ -59,9 +59,9 @@ wait
echo "Press any key when done using the file and you're sure that $APPNAME is closed."
read -s -n 1
-# Encrypt again
+# Encrypt again. Unset RELATIVE_PATH as it was already used to determine FILE path
export KEYRINGER_ADD_EXTENSION=false
-keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK"
+RELATIVE_PATH="" keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK"
# Check exit status
errcrypt="$?"
diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer
index 0f2cb2b..27cf919 100644
--- a/lib/keyringer/completions/bash/keyringer
+++ b/lib/keyringer/completions/bash/keyringer
@@ -69,7 +69,6 @@ _keyringer() {
fi
# Process config
- source $config/config
keyrings="`ls --color=never $config | sed -e '/^config$/d' | xargs`"
# Available instances
@@ -77,13 +76,13 @@ _keyringer() {
# The current instance
instance="${COMP_WORDS[1]}"
- path="`eval echo '$'$instance`"
+ path="`grep -e "^$instance=" "$config/config" | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//'`"
# Command completions
if [ "${#COMP_WORDS[@]}" == "2" ]; then
opts="$keyrings"
elif [ "${#COMP_WORDS[@]}" == "3" ] && echo "${prev}" | grep -qe "$instances"; then
- opts="`export KEYRINGER_CHECK_VERSION=false && keyringer $instance commands`"
+ opts="`export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance commands`"
elif [ "${#COMP_WORDS[@]}" == "3" ]; then
opts="init"
elif [ "${#COMP_WORDS[@]}" == "4" ]; then
@@ -96,7 +95,7 @@ _keyringer() {
;;
ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
- opts="$(bash -c "set -f && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
+ opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
genpair)
opts="gpg ssh ssl ssl-self"
@@ -119,7 +118,7 @@ _keyringer() {
;;
genpair)
cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
- opts="$(bash -c "set -f && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
+ opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
;;
git)
# TODO
diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer
index b4ccdd4..ab95c3d 100644
--- a/lib/keyringer/completions/zsh/_keyringer
+++ b/lib/keyringer/completions/zsh/_keyringer
@@ -19,9 +19,8 @@ _keyringer() {
fi
# Process config
- source $config/config
local keyrings="`ls --color=never $config | sed -e '/^config$/d' | xargs`"
- local keyring_path="`eval echo '$'$words[2]`"
+ local keyring_path="`grep -e "^$words[2]=" "$config/config" | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//'`"
local instances="`echo $keyrings | sed -e 's/ /$\\\|^/g' -e 's/^/^/' -e 's/$/$/'`"
_arguments \
@@ -37,7 +36,7 @@ _keyringer() {
;;
action)
if echo $words[2] | grep -qe "$instances"; then
- compadd "$@" `KEYRINGER_CHECK_VERSION=false keyringer $words[2] commands`
+ compadd "$@" `KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] commands`
else
compadd "$@" "init"
fi
@@ -52,7 +51,7 @@ _keyringer() {
;;
ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash
- compadd "$@" $(KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
+ compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
;;
genpair)
compadd "$@" gpg ssh ssl ssl-self
@@ -71,11 +70,11 @@ _keyringer() {
case "$words[3]" in
recipients)
words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
- compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]'*' 2> /dev/null)
+ compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]* 2> /dev/null)
;;
genpair)
words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
- compadd "$@" $(KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
+ compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
;;
git)
compadd "$@" $(_keyringer_git_complete $words[4] $words[5])
@@ -88,7 +87,7 @@ _keyringer() {
esac
;;
*)
- if [ $words[3] == "git" ]; then
+ if [[ $words[3] == "git" ]]; then
# TODO
true
fi
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index fdd8439..42c047d 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -72,7 +72,7 @@ function keyringer_exec {
action="$1"
basedir="$2"
shift 2
-
+
# Dispatch
if keyringer_has_action "$action"; then
"$ACTIONS/$action" "$basedir" $*
@@ -171,7 +171,7 @@ function keyringer_set_tmpfile {
else
TMPWORK="$(mktemp "$template")"
fi
-
+
if [ "$?" != "0" ]; then
printf "Error: can't set TMPWORK %s\n" "$TMPWORK"
exit 1
@@ -250,7 +250,7 @@ function keyringer_git_ignore {
function keyringer_set_env {
if [ -z "$1" ]; then
echo "Error: missing arguments for keyringer_set_env"
- exit 1
+ exit 1
fi
ACTIONS="`dirname $0`"
@@ -287,7 +287,7 @@ function keyringer_set_env {
# Avoid viminfo, see https://keyringer.pw/trac/ticket/50
if $EDITOR --help | grep -q -e "^VIM"; then
if ! echo $EDITOR | grep -q -- "-i NONE"; then
- EDITOR="$EDITOR -S `dirname $LIB`/editors/vim"
+ EDITOR="$EDITOR -S $SHARE/editors/vim"
fi
fi
@@ -429,7 +429,7 @@ function keyringer_get_option {
# Get a file argument
function keyringer_get_file {
FILE="$(keyringer_filename "$RELATIVE_PATH/$1")"
-
+
if [ -z "$FILE" ]; then
keyringer_action_usage
exit 1
@@ -715,6 +715,7 @@ function keyringer_check_expiration {
fi
# Check the subkeys
+ expiry=""
for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
if [[ "$seconds" -lt "$expiry" ]]; then
not_expired="1"
diff --git a/lib/keyringer/editors/vim b/share/keyringer/editors/vim
index 0f877df..0f877df 100644
--- a/lib/keyringer/editors/vim
+++ b/share/keyringer/editors/vim
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 95c236d..82cb520 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -164,6 +164,11 @@ Alias for \f[I]del\f[] action.
.RS
.RE
.TP
+.B cp <\f[I]secret\f[]> <\f[I]dest\f[]>
+Copy a secret.
+.RS
+.RE
+.TP
.B mv <\f[I]secret\f[]> <\f[I]dest\f[]>
Rename a secret.
.RS
@@ -370,6 +375,13 @@ using the \f[I]git\f[] action.
Keyringer does not protect data which were not encrypted to a keyring,
so be careful when decrypting secrets and writing them to the disk or
other storage media.
+.PP
+Pay special attention that keyringer outputs data to stdout, which could
+be easilly spotted by any agent looking directly at you computer screen.
+.PP
+The xclip action even copies secret data to the X11 clipboard, which can
+be accessed by any application running in the user\[aq]s X11 session, so
+use this feature carefully.
.SH SEE ALSO
.PP
The \f[I]README\f[] file distributed with Keyringer contains full
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 407baaa..af098a3 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -128,6 +128,9 @@ del <*secret*>
rm <*secret*>
: Alias for *del* action.
+cp <*secret*> <*dest*>
+: Copy a secret.
+
mv <*secret*> <*dest*>
: Rename a secret.
@@ -284,6 +287,13 @@ Keyringer currently has the following limitations:
so be careful when decrypting secrets and writing them to the disk or
other storage media.
+ Pay special attention that keyringer outputs data to stdout, which could
+ be easilly spotted by any agent looking directly at you computer screen.
+
+ The xclip action even copies secret data to the X11 clipboard, which can
+ be accessed by any application running in the user's X11 session, so use
+ this feature carefully.
+
# SEE ALSO
The *README* file distributed with Keyringer contains full documentation.