diff options
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/keyringer/actions/append | 28 | ||||
| -rwxr-xr-x | lib/keyringer/actions/del | 8 | ||||
| -rwxr-xr-x | lib/keyringer/actions/encrypt | 71 | ||||
| -rwxr-xr-x | lib/keyringer/actions/ls | 7 | ||||
| l--------- | lib/keyringer/actions/rm | 1 | ||||
| -rwxr-xr-x | lib/keyringer/actions/tree | 31 | ||||
| -rw-r--r-- | lib/keyringer/completions/bash/keyringer | 12 | ||||
| -rw-r--r-- | lib/keyringer/completions/zsh/_keyringer | 5 | ||||
| -rwxr-xr-x | lib/keyringer/functions | 34 |
9 files changed, 126 insertions, 71 deletions
diff --git a/lib/keyringer/actions/append b/lib/keyringer/actions/append index e945bff..e307056 100755 --- a/lib/keyringer/actions/append +++ b/lib/keyringer/actions/append @@ -10,29 +10,11 @@ source "$LIB" || exit 1 # Get file keyringer_get_file "$2" -OLDIFS="$IFS" -IFS=$'\n' - -CONTENT=($(keyringer_exec decrypt "$BASEDIR" "$FILE")) - +# Only display directions if we're running append, not append-batch if [ "$BASENAME" == "append" ]; then - # only display directions if we're running append, not append-batch - printf "\n%s currently has %d lines\n\n" "$FILE" "${#CONTENT[@]}" - printf "Now please write the content to be appended on %s, finnishing with Ctrl-D:\n" "$FILE" -fi - -APPEND=($(cat -)) - -NEW=( ${CONTENT[@]} ${APPEND[@]} ) - -for element in $(seq 0 $((${#NEW[@]} - 1))); do - echo ${NEW[$element]} -done | keyringer_exec encrypt-batch $BASEDIR $FILE - -err="$?" - -if [ "$err" != "0" ]; then - exit "$err" + printf "Please write the content to be appended on %s, finnishing with Ctrl-D:\n" "$FILE" fi -IFS="$OLDIFS" +# Append content to an existing secret +( keyringer_exec decrypt "$BASEDIR" "$FILE" && cat ) | \ + keyringer_exec encrypt-batch $BASEDIR $FILE diff --git a/lib/keyringer/actions/del b/lib/keyringer/actions/del index babd212..d160ac4 100755 --- a/lib/keyringer/actions/del +++ b/lib/keyringer/actions/del @@ -10,7 +10,13 @@ source "$LIB" || exit 1 # Get file keyringer_get_file "$2" +# Set options +if [ ! -z "$3" ]; then + shift 2 + OPTS="$*" +fi + # Remove if [ -d "$BASEDIR/.git" ]; then - keyringer_exec git "$BASEDIR" rm "keys/$FILE" + keyringer_exec git "$BASEDIR" rm $OPTS "keys/$FILE" fi diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt index aadb9fa..0a40bc1 100755 --- a/lib/keyringer/actions/encrypt +++ b/lib/keyringer/actions/encrypt @@ -17,6 +17,24 @@ function keyringer_usage_encrypt_batch { keyringer_usage_encrypt $* } +# Encrypt a file into the datastore +function keyringer_encrypt { + local file="$1" + shift + + if [ -z "$1" ]; then + return 1 + fi + + if [ "$*" != "-" ]; then + echo "Encrypting $*..." + fi + + mkdir -p "$KEYDIR/`dirname "$file"`" + $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$file" "$*" + printf "\n" +} + # Usage if [ -z "$2" ]; then keyringer_action_usage @@ -26,26 +44,31 @@ fi # Aditional parameters if [ ! -z "$3" ]; then # Set secret name and original file - FILE="$2" + BASEPATH="$2" shift 2 UNENCRYPTED_FILE="$*" - # Get original file EXTENSION - FILENAME="$(basename "$UNENCRYPTED_FILE")" - EXTENSION="${FILENAME##*.}" - - # Append file extension in the secret name - # - # Useful when opening files and the application needs the - # extension to guess the file type. - if ! echo $FILE | grep -q -e "\.$EXTENSION$"; then - FILE="$FILE.$EXTENSION" + if [ ! -d "$UNENCRYPTED_FILE" ] && echo "$UNENCRYPTED_FILE" | grep -q -e '\.'; then + # Get original file EXTENSION + FILENAME="$(basename "$UNENCRYPTED_FILE")" + EXTENSION="${FILENAME##*.}" + + # Append file extension in the secret name + # + # Useful when opening files and the application needs the + # extension to guess the file type. + if ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then + echo "Appending '$EXTENSION' into secret name..." + FILE="$BASEPATH.$EXTENSION" + fi + else + FILE="$BASEPATH" fi keyringer_get_new_file $FILE - if [ ! -f "$UNENCRYPTED_FILE" ]; then - echo "Error: cannot encrypt $UNENCRYPTED_FILE: file not found." + if [ ! -e "$UNENCRYPTED_FILE" ]; then + echo "Error: cannot encrypt $UNENCRYPTED_FILE: path not found." exit 1 fi else @@ -57,9 +80,7 @@ fi # Set recipients file keyringer_set_recipients "$FILE" -# Encrypt -mkdir -p "$KEYDIR/`dirname $FILE`" - +# Verbosity if [ "$BASENAME" == "encrypt" ]; then # Only display directions if we're running encrypt, not encrypt-batch if [ "$UNENCRYPTED_FILE" == "-" ]; then @@ -67,7 +88,23 @@ if [ "$BASENAME" == "encrypt" ]; then fi fi -$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$FILE" "$UNENCRYPTED_FILE" +# Encrypt +if [ "$UNENCRYPTED_FILE" != "-" ] && [ -d "$UNENCRYPTED_FILE" ]; then + # Time to go recursive + BASEPATH="`basename $FILE .asc`" + FILEPATH="`dirname "$UNENCRYPTED_FILE"`" + find $UNENCRYPTED_FILE | while read file; do + if [ ! -d "$file" ]; then + dir="`dirname "$file" | sed -e "s|^$FILEPATH|$BASEPATH|g"`" + keyringer_get_new_file `basename "$file"` + keyringer_encrypt "$dir/$FILE" $file + fi + done + + FILE="$OLD_FILE" +else + keyringer_encrypt $FILE $UNENCRYPTED_FILE +fi err="$?" diff --git a/lib/keyringer/actions/ls b/lib/keyringer/actions/ls index ec8080b..bb66263 100755 --- a/lib/keyringer/actions/ls +++ b/lib/keyringer/actions/ls @@ -10,7 +10,10 @@ source "$LIB" || exit 1 # Aditional parameters CWD="`pwd`" -# Run list command +# Avoid leading slash shift -cd "$KEYDIR" && ls $* +ARGS="`echo "$*" | sed -e "s|^/*||"`" + +# Run list command +cd "$KEYDIR" && ls $ARGS cd "$CWD" diff --git a/lib/keyringer/actions/rm b/lib/keyringer/actions/rm new file mode 120000 index 0000000..1a7ac23 --- /dev/null +++ b/lib/keyringer/actions/rm @@ -0,0 +1 @@ +del
\ No newline at end of file diff --git a/lib/keyringer/actions/tree b/lib/keyringer/actions/tree new file mode 100755 index 0000000..8e94cb0 --- /dev/null +++ b/lib/keyringer/actions/tree @@ -0,0 +1,31 @@ +#!/bin/bash +# +# List keys. +# + +# Thanks http://www.centerkey.com/tree/ +function keyringer_tree { + ls -R $* | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/' +} + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# Aditional parameters +CWD="`pwd`" + +# Avoid leading slash +shift +ARGS="`echo "$*" | sed -e "s|^/*||"`" + +# Check implementation +if which tree &> /dev/null; then + TREE="tree" +else + TREE="keyringer_tree" +fi + +# Run list command +cd "$KEYDIR" && $TREE $ARGS +cd "$CWD" diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer index 7bfa62f..eeda27f 100644 --- a/lib/keyringer/completions/bash/keyringer +++ b/lib/keyringer/completions/bash/keyringer @@ -46,11 +46,12 @@ _keyringer_git_complete() { function _keyringer_path_complete() { # Thanks http://unix.stackexchange.com/questions/55520/create-bash-completion-script-to-autocomplete-paths-after-is-equal-sign cur=${1//\\ / } - [[ ${cur} == "~/"* ]] && cur=${cur/\~/$HOME} + [[ ${cur} == "~"* ]] && cur=${cur/\~/$HOME} echo ${cur} } +# Main completion _keyringer() { # Standard stuff local cur prev command config path keyrings instances instance opts @@ -93,7 +94,8 @@ _keyringer() { recipients) opts="ls edit" ;; - ls|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|recrypt|open) + ls|tree|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open) + cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(bash -c "set -f && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" ;; genpair) @@ -104,7 +106,7 @@ _keyringer() { ;; init) cur="$(_keyringer_path_complete ${cur})" - opts="$(compgen -o dirnames ${cur})" + opts="`compgen -o default "${cur}"`" ;; *) ;; @@ -112,9 +114,11 @@ _keyringer() { elif [ "${#COMP_WORDS[@]}" == "5" ]; then case "${command}" in recipients) + cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(cd $path/config/recipients && ls --color=never -p ${cur}* 2> /dev/null)" ;; genpair) + cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(bash -c "set -f && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" ;; git) @@ -123,7 +127,7 @@ _keyringer() { ;; encrypt|encrypt-batch) cur="$(_keyringer_path_complete ${cur})" - opts="$(compgen -o dirnames ${cur})" + opts="`compgen -o default "${cur}"`" ;; *) ;; diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer index 50ff433..5717b00 100644 --- a/lib/keyringer/completions/zsh/_keyringer +++ b/lib/keyringer/completions/zsh/_keyringer @@ -50,7 +50,8 @@ _keyringer() { recipients) compadd "$@" ls edit ;; - ls|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|recrypt|open) + ls|tree|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open) + words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash compadd "$@" $(KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null) ;; genpair) @@ -69,9 +70,11 @@ _keyringer() { misc) case "$words[3]" in recipients) + words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]'*' 2> /dev/null) ;; genpair) + words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash compadd "$@" $(KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null) ;; git) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 4c06198..bef00d9 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -59,7 +59,7 @@ function keyringer_has_action { exit 1 fi - if [ -e "$ACTIONS/$1" ]; then + if [ -e "$ACTIONS/$1" ] && [ ! -d "$ACTIONS/$1" ]; then true else false @@ -114,37 +114,23 @@ function keyringer_is_git { # Check the security of a temporary folder function keyringer_check_tmp { local path="$1" - local minor - local mode - - if [ -z "$path" ]; then - return - fi + local mount # Mode check - if [ "`stat -c "%A" $path`" != "drwxrwxrwt" ]; then + if [ -z "$path" ] || [ ! -d "$path" ] || [ ! -w "$path" ] || [ ! -x "$path" ]; then return 1 fi # Ramdisk check - if [ -x "/sbin/udevadm" ]; then - minor="$(/sbin/udevadm info --device-id-of-file "$path" | cut -d : -f 1)" - elif which mountpoint &> /dev/null; then - minor="$(mountpoint -d $(df "$path" | sed -n '$p' | awk '{print $NF}') | cut -d : -f 1)" - fi - - if [ ! -z "$minor" ]; then - return $minor - else - return 1 - fi + mount="`df "$path" | sed -n '$p' | awk '{ print $NF }'`" + mount -l -t tmpfs | awk '{ print $3 }' | grep -q -e "^$mount$" } # Setup a temporary file function keyringer_set_tmpfile { local tmp local candidate - local candidates="/tmp /run/shm $TMP" + local candidates="$TMPDIR $TMP /tmp /run/shm" if [ -z "$BASEDIR" ]; then echo "Please set BASEDIR before creating a tmp file" @@ -166,6 +152,9 @@ function keyringer_set_tmpfile { echo "Press any key to continue, Ctrl-C to abort" read key tmp="$BASEDIR/tmp" + + # Just to be sure + keyringer_git_ignore 'tmp/*' fi # Determine template @@ -176,7 +165,6 @@ function keyringer_set_tmpfile { fi mkdir -p "$tmp" - keyringer_git_ignore 'tmp/*' if [ "$2" == "-d" ]; then TMPWORK="$(mktemp -d "$template")" @@ -431,10 +419,10 @@ function keyringer_get_new_file { fi # Sanitize and complete file name - FILE="`echo $FILE | sed -e s/[^A-Za-z0-9.\/\-]/_/g`" + FILE="`echo $FILE | sed -e 's/[^A-Za-z0-9.\/\-]/_/g'`" # Warn user about file name change - if [ "`basename $*`" != "`basename $FILE`" ]; then + if [ "`basename "$*"`" != "`basename $FILE`" ]; then echo "Sanitizing destination filename to `basename $FILE`" fi |