From 610db184b851c21f69db412ce6d1870e0b438789 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 19 Aug 2017 09:06:42 -0300 Subject: Give delay on xdotool at sclip --- lib/keyringer/actions/sclip | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/keyringer/actions/sclip b/lib/keyringer/actions/sclip index 156762a..de9c3b5 100755 --- a/lib/keyringer/actions/sclip +++ b/lib/keyringer/actions/sclip @@ -13,12 +13,14 @@ keyringer $KEYRING xclip $* # Se window switch combo if [ -z "$XDOTOOL_NEXT_WINDOW" ]; then - XDOTOOL_NEXT_WINDOW="alt+Tab" + XDOTOOL_NEXT_WINDOW="Alt_L+Tab" fi # Move to the next window if which xdotool &> /dev/null; then - xdotool key $XDOTOOL_NEXT_WINDOW + # Use a smaller delay otherwise the window + # manager might ignore the key combo + xdotool key --delay 2 $XDOTOOL_NEXT_WINDOW fi # Sleep -- cgit v1.2.3 From 9222f51984ec0d15044da3d14b7f41ee1d8f5abc Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 1 Oct 2017 17:19:35 -0300 Subject: Change markdown extension to .md --- development.md | 110 +++++++++++++++ development.mdwn | 110 --------------- index.md | 281 +++++++++++++++++++++++++++++++++++++++ index.mdwn | 281 --------------------------------------- share/man/keyringer.1.md | 324 +++++++++++++++++++++++++++++++++++++++++++++ share/man/keyringer.1.mdwn | 324 --------------------------------------------- 6 files changed, 715 insertions(+), 715 deletions(-) create mode 100644 development.md delete mode 100644 development.mdwn create mode 100644 index.md delete mode 100644 index.mdwn create mode 100644 share/man/keyringer.1.md delete mode 100644 share/man/keyringer.1.mdwn diff --git a/development.md b/development.md new file mode 100644 index 0000000..2349c84 --- /dev/null +++ b/development.md @@ -0,0 +1,110 @@ +[[!meta title="Keyringer: development guidelines and workflow"]] + +Index +----- + +[[!toc levels=4]] + +Coding standards +---------------- + +* Uses Semantic Versioning. +* Respect the existing coding style. +* Be clear: easy audability must be one of keyringer's requirements. + +Release workflow +---------------- + +Go to develop branch and start a new release + + git checkout develop + +Prepare the source code: + + $EDITOR keyringer # and update KEYRINGER_VERSION + $EDITOR ChangeLog + VERSION="`./keyringer | head -n 1 | cut -d ' ' -f 2`" + +Create and upload a new release: + + make release + +Tag the release: + + git tag -s $VERSION -m "Keyringer $VERSION" + +Update the debian branch: + + make debian + +Push everything: + + git push --tags + +Build the package from the debian Git branch: + + git-buildpackage + +Run lintian (or [add it to your pbuilder hooks](http://askubuntu.com/questions/140697/how-do-i-run-lintian-from-pbuilder-dist)): + + lintian --info --display-info --pedantic --color auto build-area/keyringer_$VERSION*.changes + +Then go back to the develop branch and push everything: + + git checkout develop + git push --all + +Cleanup symlink: + + rm ../keyringer_$VERSION.orig.tar.bz2 + +Notes: + +* `git-import-orig` takes care of running `pristine-tar commit`, of merging of the tag and orig tarball into the upstream branch, and then it merges the result into the debian branch. With the above configuration, it also runs git-dch to do the bulk of the work in `debian/changelog`. +* To build a development package, checkout the debian branch, merge master, run `git-dch --auto --snapshot` and build. + +Packaging workflow +------------------ + +We recommend [this packaging workflow](https://git.sarava.org/?p=debian.git;a=blob;f=README.md;hb=HEAD). + +Adding or changing a subcommand +------------------------------- + +When adding a new subcommand or changing subcommand behavior, ensure: + +* Documentation is updated. +* Manpage is updated. +* Shell completions are updated. + +Test environment +---------------- + +Setup: + + keyringer test init ~/temp/tests/keyringer + +Teardown: + + keyringer test teardown -y + +Translation +----------- + +Run just once: + + cd share/man + po4a-gettextize -f text -m keyringer.1.mdwn -p keyringer.pot + +References +---------- + +* [Using Git for Debian Packaging](http://www.eyrie.org/~eagle/notes/debian/git.html). +* [Building packages from the Git repository](http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.building.html). +* [Cowbuilder](https://wiki.debian.org/cowbuilder). +* [git-pbuilder](https://wiki.debian.org/git-pbuilder). +* [PackagingWithGit - Debian Wiki](https://wiki.debian.org/PackagingWithGit). +* [Generating pristine tarballs from git repositories](http://joeyh.name/blog/entry/generating_pristine_tarballs_from_git_repositories/). +* [Debian Packaging](https://wiki.debian.org/Packaging). +* [Debian Upstream Guide](https://wiki.debian.org/UpstreamGuide). +* [DanielKahnGillmor/preferred_packaging - Debian Wiki](https://wiki.debian.org/DanielKahnGillmor/preferred_packaging). diff --git a/development.mdwn b/development.mdwn deleted file mode 100644 index 2349c84..0000000 --- a/development.mdwn +++ /dev/null @@ -1,110 +0,0 @@ -[[!meta title="Keyringer: development guidelines and workflow"]] - -Index ------ - -[[!toc levels=4]] - -Coding standards ----------------- - -* Uses Semantic Versioning. -* Respect the existing coding style. -* Be clear: easy audability must be one of keyringer's requirements. - -Release workflow ----------------- - -Go to develop branch and start a new release - - git checkout develop - -Prepare the source code: - - $EDITOR keyringer # and update KEYRINGER_VERSION - $EDITOR ChangeLog - VERSION="`./keyringer | head -n 1 | cut -d ' ' -f 2`" - -Create and upload a new release: - - make release - -Tag the release: - - git tag -s $VERSION -m "Keyringer $VERSION" - -Update the debian branch: - - make debian - -Push everything: - - git push --tags - -Build the package from the debian Git branch: - - git-buildpackage - -Run lintian (or [add it to your pbuilder hooks](http://askubuntu.com/questions/140697/how-do-i-run-lintian-from-pbuilder-dist)): - - lintian --info --display-info --pedantic --color auto build-area/keyringer_$VERSION*.changes - -Then go back to the develop branch and push everything: - - git checkout develop - git push --all - -Cleanup symlink: - - rm ../keyringer_$VERSION.orig.tar.bz2 - -Notes: - -* `git-import-orig` takes care of running `pristine-tar commit`, of merging of the tag and orig tarball into the upstream branch, and then it merges the result into the debian branch. With the above configuration, it also runs git-dch to do the bulk of the work in `debian/changelog`. -* To build a development package, checkout the debian branch, merge master, run `git-dch --auto --snapshot` and build. - -Packaging workflow ------------------- - -We recommend [this packaging workflow](https://git.sarava.org/?p=debian.git;a=blob;f=README.md;hb=HEAD). - -Adding or changing a subcommand -------------------------------- - -When adding a new subcommand or changing subcommand behavior, ensure: - -* Documentation is updated. -* Manpage is updated. -* Shell completions are updated. - -Test environment ----------------- - -Setup: - - keyringer test init ~/temp/tests/keyringer - -Teardown: - - keyringer test teardown -y - -Translation ------------ - -Run just once: - - cd share/man - po4a-gettextize -f text -m keyringer.1.mdwn -p keyringer.pot - -References ----------- - -* [Using Git for Debian Packaging](http://www.eyrie.org/~eagle/notes/debian/git.html). -* [Building packages from the Git repository](http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.building.html). -* [Cowbuilder](https://wiki.debian.org/cowbuilder). -* [git-pbuilder](https://wiki.debian.org/git-pbuilder). -* [PackagingWithGit - Debian Wiki](https://wiki.debian.org/PackagingWithGit). -* [Generating pristine tarballs from git repositories](http://joeyh.name/blog/entry/generating_pristine_tarballs_from_git_repositories/). -* [Debian Packaging](https://wiki.debian.org/Packaging). -* [Debian Upstream Guide](https://wiki.debian.org/UpstreamGuide). -* [DanielKahnGillmor/preferred_packaging - Debian Wiki](https://wiki.debian.org/DanielKahnGillmor/preferred_packaging). diff --git a/index.md b/index.md new file mode 100644 index 0000000..6c1849a --- /dev/null +++ b/index.md @@ -0,0 +1,281 @@ +[[!meta title="Keyringer: encrypted and distributed secret sharing software"]] + +Keyringer lets you manage and share secrets using GnuPG and Git with custom +commands to encrypt, decrypt, recrypt, create key pairs, etc. + +- Project page: [https://keyringer.pw](https://keyringer.pw) +- Manpage: [keyringer.1](share/man/keyringer.1) +- License: [GPLv3+](LICENSE) +- Issue tracker: [https://keyringer.pw/trac](https://keyringer.pw/trac) +- Tor hidden service: [http://4qt45wbulqipigwa.onion](http://4qt45wbulqipigwa.onion) +- Releases: [https://keyringer.pw/releases](releases) +- Contact: rhatto at riseup.net + +Index +----- + +[[!toc levels=4]] + +Installation +------------ + +Just clone + + git clone https://git.fluxo.info/keyringer + +You can also verify the latest commit's OpenPGP signature: + + /usr/bin/git -C keyringer verify-commit HEAD + +Note that `/usr/bin/git` is called to avoid any other `git` wrappers or aliases +you might have available on your shell. + +You can also add the `keyringer` script into your `$PATH` environment variable +or package it to your preferred distro. + +If you're using Debian `stable` or newer, just run + + apt-get install keyringer + +Creating a keyringer repository +------------------------------- + +The first step is to setup a keyring. + +Keyringer supports management of multiple isolated keyrings. To start +a new keyring (or register an existing one with your config file), run: + + keyringer init [remote] + +This will + + 1. Add an entry at `$HOME/.keyringer/config` aliasing 'keyring' to 'path'. + 2. Initialize a git repository if needed. + +For example, + + keyringer friends init $HOME/keyrings/friends + +creates an alias "friends" pointing to `$HOME/keyrings/friends`. All +other keyring actions for this keyring should be called using this alias. + +If there is an existing remote keyring git repository and you just +want to checkout it, use + + keyringer friends init $HOME/keyrings/friends + +Managing secrets +---------------- + +Each `secret` has a corresponding file inside `keys` subdirectory from the +keyring folder. Keyringer has plenty of actions to operate in these secrets: + + keyringer commands + +Encrypting a secret + + keyringer encrypt + +Encrypting a secret from a file + + keyringer encrypt + +Decrypting a secret (only to stdout) + + keyringer decrypt + +Re-encrypting a secret or the whole repository + + keyringer recrypt [secret] + +Appending information to a secret + + keyringer append + +Editing a secret + + keyringer edit + +Use this option with caution as it keeps temporary unencrypted data +into a temporary folder. + +Listing secrets + + keyringer ls [arguments] + +Git wrapper +----------- + +Keyringer comes with a simple git wrapper to ease common management tasks: + + keyringer git remote add keyringer + keyringer git push keyringer master + keyringer git pull + +Configuration files, preferences, options and recipients +-------------------------------------------------------- + +Basic keyringer operation depends in a set of configuration files: + + 1. Main config file: `$HOME/.keyringer/config`: store the location of + each keyring. + + 2. User preferences per keyring: `$HOME/.keyringer/`: managed by + "keyringer preferences". Preferences aren't shared among + users, so each user can have it's own set of preferences. + + 3. Custom keyring options: `$KEYRING_FOLDER/config/options`: managed by + "keyringer options". Options are shared among all + keyring users. + + 4. Recipients: `$KEYRING_FOLDER/config/recipients/`: controls the list of + OpenPGP public key fingerprints that should be used when encrypting content. + Multiple recipients are supported, so secrets can be encrypted to + different sets of OpenPGP pubkeys in the same keyring. + +Other configuration parameters used by keyringer and it's actions are stored at +`$KEYRING_FOLDER/config/`. + +Using a non-default OpenPGP key +------------------------------- + +If you want to use a different key other than your default for a given +keyringer, use + + keyringer preferences add KEYID= + +Example: + + keyringer preferences add KEYID=0123456789ABCDEF0123456789ABCDE012345678 + +Managing recipients +------------------- + +Keyringer uses the `default` recipient stored at `$KEYRING_FOLDER/config/recipients/default` +as the standard list of OpenPGP public key fingerprints to which secrets should be encrypted. + +Additionally, keyringer supports multiple `recipient` files which can have a different set +of OpenPGP public key fingerprints used for encryption. + +Recipients are matched against secrets according to it's path. If there exists a recipient +called `accounting`, the following secret will be encrypted using it's OpenPGP public key +fingerprints: + + keyringer encrypt accounting/balance + +In other words, the `accounting` recipient file is used because the secret name begins +with `accounting`. + +So it's the case that recipients listed in the `default` recipient but not in the +`accounting` recipients won't be able to decrypt this secret. + +When you first initalized your keyring, keyringer might have asked you to populate +the `default` recipient list or you cloned a keyring repository which already has +the `default` recipient. + +If you want more recipient files, your next step is tell keyringer the OpenPGP +key IDs to encrypt files to: + + keyringer recipients edit [recipient-name] + keyringer recipients ls + +Remember that keyringer support multiple recipients in a per-folder style. Try +it by creating a sample recipient file: + + keyringer recipients edit closest-friends + +Fill it with your friends key IDs. Now encrypt a secret just for then: + + keyringer encrypt closest-friends/secret + +In other words, if keyringer finds a recipient file matching a given path, +it will use it instead of the global recipients file. + +You can even create recipient files with your friends' key IDs but without +yours: then you shall be able to encrypt secrets for them that even you cannot +access. Try to find an use case for that ;) + +Each recipient list is defined in a file placed at `config/recipients` in your +keyring repository. Take care to add just trustable recipients. + +Design +------ + +Keyringer's basic concepts are as follows: + + - Each secret is encrypted using multiple users's OpenPGP public keys and commit the + output in a git repository we call a "keyring". + + - A "recipient" a list of OpenPGP keys associated with a path in the keyring, so each + keyring can have multiple recipient definitions so secret compartmentalization is + builtin. All encryption should respect recipient definition. + + - Users can keep their keyring copies in sync using any git remote and push/pull + strategy they like, so key sharing gets easy. + + - A secret is not limited to passphrases or text: keyringer supports any file encryption, + so managing private keys, spreadsheets and media files are handled without distinction. + + - Secret is stored with OpenPGP ASCII-armoured output, so one doesn't need any special + program besides GnuPG to actually decrypt information. + + - Keyringer is agnostic about how you store your secrets. You may choose to have + one encrypted file that contains one line for each secret, e.g. a single file called + secrets with lines such as: + + emma : root : secret1 + emma - /dev/hda : : secret2 + + Or you may also have a different encrypted file for each secret, e.g. a file called + `emma.root` that contains the root passphrase for the server named `emma` and + another called `emma.hda` with the passphrase to decrypt `/dev/hda` on `emma`. + + Creating a logical structure to store your secrets is up to you :) + +Workflow +-------- + +Keyringer can be used as a personal or shared password/secret manager: + + - Each keyring is a full git repository used to store encrypted secrets + using ASCII-armoured OpenPGP. + + - Actions like `encrypt` allows you to paste your secrets directly to + GnuPG so no plaintext is written to disk. + + - By commiting, pushing and pulling each keyring repository, you can + easily share secrets with other people and systems and they don't + need to decrypt this information until they need. + +In summary, keyringer data store is basically gpg-encrypted data atop of a git +repository (one can think of a kind of distributed encrypted filesystem). + +Git was chosen to host encrypted info mostly for two reasos: easy to distribute +and its the only VCS known to make easier repository history manipulation. + +Limitations +----------- + + - See the [manpage](share/man/keyringer.1) for details. + + - Check [this page](https://wiki.koumbit.net/PasswordManagementService/SoftwareComparison) + a comparison on different password management tools. + +Requirements +------------ + +Keyringer needs: + + - [Bash](http://tiswww.case.edu/php/chet/bash/bashtop.html) + - [Git](http://git-scm.com) + - [GNU Privacy Guard](http://gnupg.org) + - Grep, awk, tail, cut, sed and other GNU tools + +Optional dependencies if you want to manage ssl keys: + + - [OpenSSL](http://www.openssl.org) + +Development guidelines +---------------------- + +See [development](development). diff --git a/index.mdwn b/index.mdwn deleted file mode 100644 index 6c1849a..0000000 --- a/index.mdwn +++ /dev/null @@ -1,281 +0,0 @@ -[[!meta title="Keyringer: encrypted and distributed secret sharing software"]] - -Keyringer lets you manage and share secrets using GnuPG and Git with custom -commands to encrypt, decrypt, recrypt, create key pairs, etc. - -- Project page: [https://keyringer.pw](https://keyringer.pw) -- Manpage: [keyringer.1](share/man/keyringer.1) -- License: [GPLv3+](LICENSE) -- Issue tracker: [https://keyringer.pw/trac](https://keyringer.pw/trac) -- Tor hidden service: [http://4qt45wbulqipigwa.onion](http://4qt45wbulqipigwa.onion) -- Releases: [https://keyringer.pw/releases](releases) -- Contact: rhatto at riseup.net - -Index ------ - -[[!toc levels=4]] - -Installation ------------- - -Just clone - - git clone https://git.fluxo.info/keyringer - -You can also verify the latest commit's OpenPGP signature: - - /usr/bin/git -C keyringer verify-commit HEAD - -Note that `/usr/bin/git` is called to avoid any other `git` wrappers or aliases -you might have available on your shell. - -You can also add the `keyringer` script into your `$PATH` environment variable -or package it to your preferred distro. - -If you're using Debian `stable` or newer, just run - - apt-get install keyringer - -Creating a keyringer repository -------------------------------- - -The first step is to setup a keyring. - -Keyringer supports management of multiple isolated keyrings. To start -a new keyring (or register an existing one with your config file), run: - - keyringer init [remote] - -This will - - 1. Add an entry at `$HOME/.keyringer/config` aliasing 'keyring' to 'path'. - 2. Initialize a git repository if needed. - -For example, - - keyringer friends init $HOME/keyrings/friends - -creates an alias "friends" pointing to `$HOME/keyrings/friends`. All -other keyring actions for this keyring should be called using this alias. - -If there is an existing remote keyring git repository and you just -want to checkout it, use - - keyringer friends init $HOME/keyrings/friends - -Managing secrets ----------------- - -Each `secret` has a corresponding file inside `keys` subdirectory from the -keyring folder. Keyringer has plenty of actions to operate in these secrets: - - keyringer commands - -Encrypting a secret - - keyringer encrypt - -Encrypting a secret from a file - - keyringer encrypt - -Decrypting a secret (only to stdout) - - keyringer decrypt - -Re-encrypting a secret or the whole repository - - keyringer recrypt [secret] - -Appending information to a secret - - keyringer append - -Editing a secret - - keyringer edit - -Use this option with caution as it keeps temporary unencrypted data -into a temporary folder. - -Listing secrets - - keyringer ls [arguments] - -Git wrapper ------------ - -Keyringer comes with a simple git wrapper to ease common management tasks: - - keyringer git remote add keyringer - keyringer git push keyringer master - keyringer git pull - -Configuration files, preferences, options and recipients --------------------------------------------------------- - -Basic keyringer operation depends in a set of configuration files: - - 1. Main config file: `$HOME/.keyringer/config`: store the location of - each keyring. - - 2. User preferences per keyring: `$HOME/.keyringer/`: managed by - "keyringer preferences". Preferences aren't shared among - users, so each user can have it's own set of preferences. - - 3. Custom keyring options: `$KEYRING_FOLDER/config/options`: managed by - "keyringer options". Options are shared among all - keyring users. - - 4. Recipients: `$KEYRING_FOLDER/config/recipients/`: controls the list of - OpenPGP public key fingerprints that should be used when encrypting content. - Multiple recipients are supported, so secrets can be encrypted to - different sets of OpenPGP pubkeys in the same keyring. - -Other configuration parameters used by keyringer and it's actions are stored at -`$KEYRING_FOLDER/config/`. - -Using a non-default OpenPGP key -------------------------------- - -If you want to use a different key other than your default for a given -keyringer, use - - keyringer preferences add KEYID= - -Example: - - keyringer preferences add KEYID=0123456789ABCDEF0123456789ABCDE012345678 - -Managing recipients -------------------- - -Keyringer uses the `default` recipient stored at `$KEYRING_FOLDER/config/recipients/default` -as the standard list of OpenPGP public key fingerprints to which secrets should be encrypted. - -Additionally, keyringer supports multiple `recipient` files which can have a different set -of OpenPGP public key fingerprints used for encryption. - -Recipients are matched against secrets according to it's path. If there exists a recipient -called `accounting`, the following secret will be encrypted using it's OpenPGP public key -fingerprints: - - keyringer encrypt accounting/balance - -In other words, the `accounting` recipient file is used because the secret name begins -with `accounting`. - -So it's the case that recipients listed in the `default` recipient but not in the -`accounting` recipients won't be able to decrypt this secret. - -When you first initalized your keyring, keyringer might have asked you to populate -the `default` recipient list or you cloned a keyring repository which already has -the `default` recipient. - -If you want more recipient files, your next step is tell keyringer the OpenPGP -key IDs to encrypt files to: - - keyringer recipients edit [recipient-name] - keyringer recipients ls - -Remember that keyringer support multiple recipients in a per-folder style. Try -it by creating a sample recipient file: - - keyringer recipients edit closest-friends - -Fill it with your friends key IDs. Now encrypt a secret just for then: - - keyringer encrypt closest-friends/secret - -In other words, if keyringer finds a recipient file matching a given path, -it will use it instead of the global recipients file. - -You can even create recipient files with your friends' key IDs but without -yours: then you shall be able to encrypt secrets for them that even you cannot -access. Try to find an use case for that ;) - -Each recipient list is defined in a file placed at `config/recipients` in your -keyring repository. Take care to add just trustable recipients. - -Design ------- - -Keyringer's basic concepts are as follows: - - - Each secret is encrypted using multiple users's OpenPGP public keys and commit the - output in a git repository we call a "keyring". - - - A "recipient" a list of OpenPGP keys associated with a path in the keyring, so each - keyring can have multiple recipient definitions so secret compartmentalization is - builtin. All encryption should respect recipient definition. - - - Users can keep their keyring copies in sync using any git remote and push/pull - strategy they like, so key sharing gets easy. - - - A secret is not limited to passphrases or text: keyringer supports any file encryption, - so managing private keys, spreadsheets and media files are handled without distinction. - - - Secret is stored with OpenPGP ASCII-armoured output, so one doesn't need any special - program besides GnuPG to actually decrypt information. - - - Keyringer is agnostic about how you store your secrets. You may choose to have - one encrypted file that contains one line for each secret, e.g. a single file called - secrets with lines such as: - - emma : root : secret1 - emma - /dev/hda : : secret2 - - Or you may also have a different encrypted file for each secret, e.g. a file called - `emma.root` that contains the root passphrase for the server named `emma` and - another called `emma.hda` with the passphrase to decrypt `/dev/hda` on `emma`. - - Creating a logical structure to store your secrets is up to you :) - -Workflow --------- - -Keyringer can be used as a personal or shared password/secret manager: - - - Each keyring is a full git repository used to store encrypted secrets - using ASCII-armoured OpenPGP. - - - Actions like `encrypt` allows you to paste your secrets directly to - GnuPG so no plaintext is written to disk. - - - By commiting, pushing and pulling each keyring repository, you can - easily share secrets with other people and systems and they don't - need to decrypt this information until they need. - -In summary, keyringer data store is basically gpg-encrypted data atop of a git -repository (one can think of a kind of distributed encrypted filesystem). - -Git was chosen to host encrypted info mostly for two reasos: easy to distribute -and its the only VCS known to make easier repository history manipulation. - -Limitations ------------ - - - See the [manpage](share/man/keyringer.1) for details. - - - Check [this page](https://wiki.koumbit.net/PasswordManagementService/SoftwareComparison) - a comparison on different password management tools. - -Requirements ------------- - -Keyringer needs: - - - [Bash](http://tiswww.case.edu/php/chet/bash/bashtop.html) - - [Git](http://git-scm.com) - - [GNU Privacy Guard](http://gnupg.org) - - Grep, awk, tail, cut, sed and other GNU tools - -Optional dependencies if you want to manage ssl keys: - - - [OpenSSL](http://www.openssl.org) - -Development guidelines ----------------------- - -See [development](development). diff --git a/share/man/keyringer.1.md b/share/man/keyringer.1.md new file mode 100644 index 0000000..8acd747 --- /dev/null +++ b/share/man/keyringer.1.md @@ -0,0 +1,324 @@ +% KEYRINGER(1) Keyringer User Manual +% Silvio Rhatto +% Oct 25, 2013 + +# NAME + +keyringer - encrypted and distributed secret sharing software + +# SYNOPSIS + +keyringer <*keyring*> <*action*> [*options*]... + +# DESCRIPTION + +Keyringer lets you manage and share secrets using GnuPG and Git in a +distributed fashion. + +It has custom commands to create key-pairs and to encrypt, decrypt and +re-encrypt secrets. It also supports encryption to multiple recipients +and groups of recipients, to allow a workgroup to share access to a single +repository while restricting some secrets to subsets of the group. + +Secrets are encrypted using OpenPGP and added to a Git tree so that they +can be synced with remote branches later. + +# ACTIONS + +Keyringer has three types of actions: + +1. Repository lookup and manipulation actions, which handle repository initialization, + content tracking and navigation. + +2. Secret manipulation actions, which take care of encrypting, decrypting and other + read/write operations on secrets. + +3. Configuration actions, handling repository metadata. + +# REPOSITORY LOOKUP AND MANIPULATION ACTIONS + +find <*expression*> +: Find secrets in the repository. + +init <*path*> [*remote*] +: Initialize a new keyringer repository. If a *remote* URL is specified, keyringer will + clone an existing repository. + + After initialization, *path* will contain a folder structure for storing secrets + and metadata (user aka recipients, groups of recipients, etc). + + Also, an entry will be added to `$HOME/.keyringer/config` allowing keyringer to + find the keyring by its alias. + +destroy +: Alias for *teardown* action. + +git <*action*> <*options*> +: Git wrapper that operates from the toplevel keyring repository. You can issue any + *GIT(1)* subcommand with this action to have it applied in the keyring repository. + +commit [*arguments*] +: Alias to "git commit". + +ls <*path*> +: List contents from the toplevel repository *keys* folder or from relative paths + if *path* is specified. Like the git wrapper, this is a wrapper around the *LS(1)* + command. + +mkdir <*path*> +: Create a directory inside the repository *keys* folder. + +rmdir <*path*> +: Remove an empty folder inside the repository *keys* folder. + +tree <*path*> +: List contents from the toplevel repository *keys* folder or from relative paths + if *path* is specified using a tree-like format. Like the ls wrapper, this is a + wrapper around the *TREE(1)* command. + +shell +: Run keyringer on interactive mode from a built-in command-line prompt where + all other actions can be called and are operated from the current selected + keyring. + + An additional "cd" internal command is available for directory navigation. + + All <*secret*> parameters from actions invoked from the shell are called + relatively from the current selected directory. + +teardown +: Remove permanently a local copy of a repository, very dangerous if you + have just a single copy. + +check +: Run maintenance checks in a keyring. + +# SECRET MANIPULATION ACTIONS + +All secret manipulation actions operate upon a *secret* which is the pathname +of an encrypted file relative to the keyring with optional `.asc` extension. + +If the `.asc` extension is omitted, keyringer will add it at the end of the +pathname. + +No spaces are allowed in the secret name. + +Secret manipulation actions do not commit changes into the secret repository. +Instead, the user has to manually commit the changes using the git wrapper +action. + +append <*secret*> +: Append contents into a secret by decrypting the secret, appending lines read + from the standard input and encrypting again. + +append-batch <*secret*> +: Append contents into a secret, batch mode. + +decrypt <*secret*> +: Decrypts a secret into standard output. + +del <*secret*> +: Removes a secret using Git. After deleting a secret a git commit and push is still + needed to update remote repositories. + + Please note that this command **does not remove the secret from the Git history.** + To completely remove a file from a keyring, you should also rewrite the Git + history yourself. + +delete <*secret*> +: Alias for *del* action. + +rm <*secret*> +: Alias for *del* action. + +cp <*secret*> <*dest*> +: Copy a secret. + +mv <*secret*> <*dest*> +: Rename a secret. + +edit <*secret*> +: Edit a secret by temporarily decrypting it, opening the decrypted copy into the + text editor defined by the *$EDITOR* environment variable and then re-encrypting it. + + Please make sure to use an *$EDITOR* which does not leak data like history buffers. + Keyringer tries to detect if *$EDITOR* is set to VIM and disables the *.viminfo* file. + +encrypt <*secret*> [*file*] +: Encrypts content from standard input or *file* into *secret* pathname. No spaces + are supported in the *secret* name. If *file* is actually a folder, keyringer + will recursivelly encrypt all it's contents. + +encrypt-batch <*secret*> [*file*] +: Encrypt content, batch mode. Behavior is identical to *encrypt* action, but less + verbose. Useful inside scripts. + +genkeys <*ssh*|*gpg*|*x509*|*x509-self*|*ssl*|*ssl-self*> [*options*] +: Wrapper to generate encryption key-pairs, useful for automated key deployment. + +genpair <*ssh*|*gpg*|*x509*|*x509-self*|*ssl*|*ssl-self*> [*options*] +: Alias for *genkeys* action. + +open <*secret*> +: Decrypt a secret into a temporary folder and open it using xdg-open, which + tries to figure out the file type and then calls the associated application. + + After the application exits, keyringer encrypts the temporary decrypted file + again into the secret file and deletes the temporary file. + +pwgen <*secret*> [*size*] +: Generates a random passphrase and stores into *secret* pathname with optional + entropy size in bytes. Default size is 20. + + Passphrases will be slightly bigger than size due to base64 conversion. + + With this action you can generate and store a passphrase without need to see + it. Combined with clip or sclip action provides an hygienic way to handle + secrets. + +recrypt <*secret*> +: Re-encrypts a secret by decrypting it and encrypting it again. Useful when users are added + into the recipient configuration. If no *secret* is given, all secrets in the repository + are re-encrypted. + +clip <*secret*> +: Copy the first line of a secret to the clipboard, following password-store convention. + +xclip <*secret*> +: Alias to clip action. + +sclip <*secret*> +: Same as clip action, but sleeps five seconds, overwrite clipboard and exit. If xdotool + is available, it also switches to the next window using the alt+Tab shortcut. This action + is useful to be invoked by a custom key combo in a window manager so it becomes easy to + provide keyringer managed passphrases to other applications such as a web browser. + +# CONFIGURATION ACTIONS + +commands +: List available actions, useful for shell completion and syntax check. + +options <*ls*|*edit*|*add*> +: List, edit or add miscellaneous *repository* options. + + Repository options are settings which are saved in the repository as a *global* + configuration stanza for a given keyring, shared by all users with access to + the repository. + + Options are written using the *KEY=VALUE* syntax. All lines starting with the + hash (#) character are interpreted as comments. + +preferences <*ls*|*edit*|*add*> +: List, edit or add *user* preferences for a given repository. + + User preferences are settings which are saved in the user's keyringer folder + (`$HOME/.keyringer/`), and not shared with the other users. + + Preferences are written using the *KEY=VALUE* syntax. All lines starting with the + hash (#) character are interpreted as comments. + +usage +: Show keyringer usage information. + +help +: Alias for usage action. + +recipients <*ls*|*edit*> <*recipients-file*> +: List, create or edit recipients configuration. + + Recipients files are lists of OpenPGP public key fingerprints which are used + by keyringer when encrypting secrets and associated with email aliases. + + Keyringer uses a default recipients file, but specifying a custom *recipients-file* + pathname will override this default. + + For instance, if a user encrypts a secret to a file in the keyring repository's + *accounting* folder, a *recipients-file* under *accounting* will be used. + Encrypting a secret into *accounting/bank-accounts* will result in a file + `$KEYRING_FOLDER/keys/accounting/bank-accounts.asc` encrypted using the public + keys listed in the config file`$KEYRING_FOLDER/config/recipients/accounting`. + + Each line in a recipients file has entries in the format + 'john@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where *john@doe.com* + is an alias for the OpenPGP public key whose fingerprint is + *XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.* + + All lines starting with the hash (#) character are interpreted as comments. + + Parameters to the *recipients* action are: + + *ls* + : List all existing recipients files. + + *edit* + : Create or edit a recipients file. + + Editing happens using the editor specified by the `$EDITOR` + environment variable. + + The required parameter *recipients-file* is interpreted relative + to the `$KEYRING_FOLDER/config/recipients/` folder. + +# FILES + +$HOME/.keyringer/config +: User's main configuration file used to map alias names to keyrings. + +$HOME/.keyringer/*keyring* +: User preferences for the keyringer aliased *keyring* keyring. + +$KEYRING_FOLDER/config/options +: Custom keyring options which will be applied for all users that use + the keyringer repository. + +# LIMITATIONS + +Keyringer currently has the following limitations: + +1. Metadata is not encrypted, meaning that an attacker with access to a keyringer + repository can discover all public key IDs used for encryption, and which secrets + are encrypted to which keys. This can be improved in the future by encrypting + the repository configuration with support for the *--hidden-recipient* GnuPG + option and encrypted repository options. + + To mitigate that, it's possible to keep the repo just atop of an encrypted and + non-public place. + +2. History is not rewritten by default when secrets are removed from a keyringer + repository. After a secret is removed with the *del* action, it will still be + available in the repository history even after a commit. This is by design + for the following reasons: + + - It's the default behavior of the Git content tracker. Forcing the + deletion by default could break the expected behavior and hence limit + the repository's backup features, which can be helpful if someone + mistakenly overwrites a secret. + + - History rewriting cannot be considered a security measure against the + unauthorized access to a secret as it doesn't automatically update all + working copies of the repository. + + In the case that the secret is a passphrase, the recommended measure + against such attacks is to change the passphrase, making useless the + knowledge of the previous secret. + + Users wishing to edit their repository history should proceed manually + using the *git* action. + +3. Keyringer does not protect data which were not encrypted to a keyring, + so be careful when decrypting secrets and writing them to the disk or + other storage media. + + Pay special attention that keyringer outputs data to stdout, which could + be easily spotted by any agent looking directly at you computer screen. + + The xclip action even copies secret data to the X11 clipboard, which can + be accessed by any application running in the user's X11 session, so use + this feature carefully. + +# SEE ALSO + +The *README* file distributed with Keyringer contains full documentation. + +The Keyringer source code and all documentation may be downloaded from +. diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn deleted file mode 100644 index 8acd747..0000000 --- a/share/man/keyringer.1.mdwn +++ /dev/null @@ -1,324 +0,0 @@ -% KEYRINGER(1) Keyringer User Manual -% Silvio Rhatto -% Oct 25, 2013 - -# NAME - -keyringer - encrypted and distributed secret sharing software - -# SYNOPSIS - -keyringer <*keyring*> <*action*> [*options*]... - -# DESCRIPTION - -Keyringer lets you manage and share secrets using GnuPG and Git in a -distributed fashion. - -It has custom commands to create key-pairs and to encrypt, decrypt and -re-encrypt secrets. It also supports encryption to multiple recipients -and groups of recipients, to allow a workgroup to share access to a single -repository while restricting some secrets to subsets of the group. - -Secrets are encrypted using OpenPGP and added to a Git tree so that they -can be synced with remote branches later. - -# ACTIONS - -Keyringer has three types of actions: - -1. Repository lookup and manipulation actions, which handle repository initialization, - content tracking and navigation. - -2. Secret manipulation actions, which take care of encrypting, decrypting and other - read/write operations on secrets. - -3. Configuration actions, handling repository metadata. - -# REPOSITORY LOOKUP AND MANIPULATION ACTIONS - -find <*expression*> -: Find secrets in the repository. - -init <*path*> [*remote*] -: Initialize a new keyringer repository. If a *remote* URL is specified, keyringer will - clone an existing repository. - - After initialization, *path* will contain a folder structure for storing secrets - and metadata (user aka recipients, groups of recipients, etc). - - Also, an entry will be added to `$HOME/.keyringer/config` allowing keyringer to - find the keyring by its alias. - -destroy -: Alias for *teardown* action. - -git <*action*> <*options*> -: Git wrapper that operates from the toplevel keyring repository. You can issue any - *GIT(1)* subcommand with this action to have it applied in the keyring repository. - -commit [*arguments*] -: Alias to "git commit". - -ls <*path*> -: List contents from the toplevel repository *keys* folder or from relative paths - if *path* is specified. Like the git wrapper, this is a wrapper around the *LS(1)* - command. - -mkdir <*path*> -: Create a directory inside the repository *keys* folder. - -rmdir <*path*> -: Remove an empty folder inside the repository *keys* folder. - -tree <*path*> -: List contents from the toplevel repository *keys* folder or from relative paths - if *path* is specified using a tree-like format. Like the ls wrapper, this is a - wrapper around the *TREE(1)* command. - -shell -: Run keyringer on interactive mode from a built-in command-line prompt where - all other actions can be called and are operated from the current selected - keyring. - - An additional "cd" internal command is available for directory navigation. - - All <*secret*> parameters from actions invoked from the shell are called - relatively from the current selected directory. - -teardown -: Remove permanently a local copy of a repository, very dangerous if you - have just a single copy. - -check -: Run maintenance checks in a keyring. - -# SECRET MANIPULATION ACTIONS - -All secret manipulation actions operate upon a *secret* which is the pathname -of an encrypted file relative to the keyring with optional `.asc` extension. - -If the `.asc` extension is omitted, keyringer will add it at the end of the -pathname. - -No spaces are allowed in the secret name. - -Secret manipulation actions do not commit changes into the secret repository. -Instead, the user has to manually commit the changes using the git wrapper -action. - -append <*secret*> -: Append contents into a secret by decrypting the secret, appending lines read - from the standard input and encrypting again. - -append-batch <*secret*> -: Append contents into a secret, batch mode. - -decrypt <*secret*> -: Decrypts a secret into standard output. - -del <*secret*> -: Removes a secret using Git. After deleting a secret a git commit and push is still - needed to update remote repositories. - - Please note that this command **does not remove the secret from the Git history.** - To completely remove a file from a keyring, you should also rewrite the Git - history yourself. - -delete <*secret*> -: Alias for *del* action. - -rm <*secret*> -: Alias for *del* action. - -cp <*secret*> <*dest*> -: Copy a secret. - -mv <*secret*> <*dest*> -: Rename a secret. - -edit <*secret*> -: Edit a secret by temporarily decrypting it, opening the decrypted copy into the - text editor defined by the *$EDITOR* environment variable and then re-encrypting it. - - Please make sure to use an *$EDITOR* which does not leak data like history buffers. - Keyringer tries to detect if *$EDITOR* is set to VIM and disables the *.viminfo* file. - -encrypt <*secret*> [*file*] -: Encrypts content from standard input or *file* into *secret* pathname. No spaces - are supported in the *secret* name. If *file* is actually a folder, keyringer - will recursivelly encrypt all it's contents. - -encrypt-batch <*secret*> [*file*] -: Encrypt content, batch mode. Behavior is identical to *encrypt* action, but less - verbose. Useful inside scripts. - -genkeys <*ssh*|*gpg*|*x509*|*x509-self*|*ssl*|*ssl-self*> [*options*] -: Wrapper to generate encryption key-pairs, useful for automated key deployment. - -genpair <*ssh*|*gpg*|*x509*|*x509-self*|*ssl*|*ssl-self*> [*options*] -: Alias for *genkeys* action. - -open <*secret*> -: Decrypt a secret into a temporary folder and open it using xdg-open, which - tries to figure out the file type and then calls the associated application. - - After the application exits, keyringer encrypts the temporary decrypted file - again into the secret file and deletes the temporary file. - -pwgen <*secret*> [*size*] -: Generates a random passphrase and stores into *secret* pathname with optional - entropy size in bytes. Default size is 20. - - Passphrases will be slightly bigger than size due to base64 conversion. - - With this action you can generate and store a passphrase without need to see - it. Combined with clip or sclip action provides an hygienic way to handle - secrets. - -recrypt <*secret*> -: Re-encrypts a secret by decrypting it and encrypting it again. Useful when users are added - into the recipient configuration. If no *secret* is given, all secrets in the repository - are re-encrypted. - -clip <*secret*> -: Copy the first line of a secret to the clipboard, following password-store convention. - -xclip <*secret*> -: Alias to clip action. - -sclip <*secret*> -: Same as clip action, but sleeps five seconds, overwrite clipboard and exit. If xdotool - is available, it also switches to the next window using the alt+Tab shortcut. This action - is useful to be invoked by a custom key combo in a window manager so it becomes easy to - provide keyringer managed passphrases to other applications such as a web browser. - -# CONFIGURATION ACTIONS - -commands -: List available actions, useful for shell completion and syntax check. - -options <*ls*|*edit*|*add*> -: List, edit or add miscellaneous *repository* options. - - Repository options are settings which are saved in the repository as a *global* - configuration stanza for a given keyring, shared by all users with access to - the repository. - - Options are written using the *KEY=VALUE* syntax. All lines starting with the - hash (#) character are interpreted as comments. - -preferences <*ls*|*edit*|*add*> -: List, edit or add *user* preferences for a given repository. - - User preferences are settings which are saved in the user's keyringer folder - (`$HOME/.keyringer/`), and not shared with the other users. - - Preferences are written using the *KEY=VALUE* syntax. All lines starting with the - hash (#) character are interpreted as comments. - -usage -: Show keyringer usage information. - -help -: Alias for usage action. - -recipients <*ls*|*edit*> <*recipients-file*> -: List, create or edit recipients configuration. - - Recipients files are lists of OpenPGP public key fingerprints which are used - by keyringer when encrypting secrets and associated with email aliases. - - Keyringer uses a default recipients file, but specifying a custom *recipients-file* - pathname will override this default. - - For instance, if a user encrypts a secret to a file in the keyring repository's - *accounting* folder, a *recipients-file* under *accounting* will be used. - Encrypting a secret into *accounting/bank-accounts* will result in a file - `$KEYRING_FOLDER/keys/accounting/bank-accounts.asc` encrypted using the public - keys listed in the config file`$KEYRING_FOLDER/config/recipients/accounting`. - - Each line in a recipients file has entries in the format - 'john@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where *john@doe.com* - is an alias for the OpenPGP public key whose fingerprint is - *XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.* - - All lines starting with the hash (#) character are interpreted as comments. - - Parameters to the *recipients* action are: - - *ls* - : List all existing recipients files. - - *edit* - : Create or edit a recipients file. - - Editing happens using the editor specified by the `$EDITOR` - environment variable. - - The required parameter *recipients-file* is interpreted relative - to the `$KEYRING_FOLDER/config/recipients/` folder. - -# FILES - -$HOME/.keyringer/config -: User's main configuration file used to map alias names to keyrings. - -$HOME/.keyringer/*keyring* -: User preferences for the keyringer aliased *keyring* keyring. - -$KEYRING_FOLDER/config/options -: Custom keyring options which will be applied for all users that use - the keyringer repository. - -# LIMITATIONS - -Keyringer currently has the following limitations: - -1. Metadata is not encrypted, meaning that an attacker with access to a keyringer - repository can discover all public key IDs used for encryption, and which secrets - are encrypted to which keys. This can be improved in the future by encrypting - the repository configuration with support for the *--hidden-recipient* GnuPG - option and encrypted repository options. - - To mitigate that, it's possible to keep the repo just atop of an encrypted and - non-public place. - -2. History is not rewritten by default when secrets are removed from a keyringer - repository. After a secret is removed with the *del* action, it will still be - available in the repository history even after a commit. This is by design - for the following reasons: - - - It's the default behavior of the Git content tracker. Forcing the - deletion by default could break the expected behavior and hence limit - the repository's backup features, which can be helpful if someone - mistakenly overwrites a secret. - - - History rewriting cannot be considered a security measure against the - unauthorized access to a secret as it doesn't automatically update all - working copies of the repository. - - In the case that the secret is a passphrase, the recommended measure - against such attacks is to change the passphrase, making useless the - knowledge of the previous secret. - - Users wishing to edit their repository history should proceed manually - using the *git* action. - -3. Keyringer does not protect data which were not encrypted to a keyring, - so be careful when decrypting secrets and writing them to the disk or - other storage media. - - Pay special attention that keyringer outputs data to stdout, which could - be easily spotted by any agent looking directly at you computer screen. - - The xclip action even copies secret data to the X11 clipboard, which can - be accessed by any application running in the user's X11 session, so use - this feature carefully. - -# SEE ALSO - -The *README* file distributed with Keyringer contains full documentation. - -The Keyringer source code and all documentation may be downloaded from -. -- cgit v1.2.3 From 1016e50bf46192166938b612e516f556ac674ebf Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 3 Oct 2017 15:14:21 -0300 Subject: Fixes README symlink --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9f2fbdb..dd0ea36 120000 --- a/README.md +++ b/README.md @@ -1 +1 @@ -index.mdwn \ No newline at end of file +index.md \ No newline at end of file -- cgit v1.2.3 From 7f134279b78d6fa66e6ca271f95ba3633163edf8 Mon Sep 17 00:00:00 2001 From: rysiek Date: Fri, 3 Nov 2017 10:26:44 -0200 Subject: functions: handling vi better (no spurious error output --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 0d96288..e3f89d9 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -293,7 +293,7 @@ function keyringer_set_env { fi # Avoid viminfo, see https://keyringer.pw/trac/ticket/50 - if $EDITOR --help | grep -q -e "^VIM"; then + if $EDITOR --help 2>&1 | grep -q -e "^VIM"; then if ! echo $EDITOR | grep -q -- "-i NONE"; then EDITOR="$EDITOR -S $SHARE/editors/vim" fi -- cgit v1.2.3 From 171a0799e7d57bc121b0efe766a2e215c7afccba Mon Sep 17 00:00:00 2001 From: rysiek Date: Fri, 3 Nov 2017 10:29:40 -0200 Subject: pwgen action now uses encrypt-batch, informs user of success --- lib/keyringer/actions/pwgen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen index 1ca3829..3c03681 100755 --- a/lib/keyringer/actions/pwgen +++ b/lib/keyringer/actions/pwgen @@ -32,4 +32,4 @@ elif [ ! -z "$SIZE" ] && ! echo $SIZE | egrep -q '^[0-9]+$'; then fi # Encrypt and store a randomly-generated secret -keyringer_pwgen $SIZE | keyringer_exec encrypt "$BASEDIR" "$FILE" +keyringer_pwgen $SIZE | keyringer_exec encrypt-batch "$BASEDIR" "$FILE" && echo "Secret generated and stored." -- cgit v1.2.3 From 4a0d2bdc2ba611dd177454b73ebb480e15be300d Mon Sep 17 00:00:00 2001 From: rysiek Date: Fri, 3 Nov 2017 10:36:14 -0200 Subject: recrypt's use of find fixed on FreeBSD --- lib/keyringer/actions/recrypt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt index d88a749..0e2f6a0 100755 --- a/lib/keyringer/actions/recrypt +++ b/lib/keyringer/actions/recrypt @@ -9,6 +9,7 @@ source "$LIB" readwrite $* || exit 1 # Recrypt a single secret function keyringer_recrypt { + # Get file keyringer_get_file "$1" @@ -39,7 +40,7 @@ function keyringer_recrypt { if [ ! -z "$2" ]; then keyringer_recrypt $2 else - cd $KEYDIR && find | while read file; do + cd $KEYDIR && find ./ | while read file; do if [ ! -d "$KEYDIR/$file" ]; then keyringer_recrypt "$file" fi -- cgit v1.2.3 From 497a6302db1000b6b00ef708043c3f86feb14b11 Mon Sep 17 00:00:00 2001 From: rysiek Date: Fri, 3 Nov 2017 10:36:42 -0200 Subject: keyringer_tree fixed on FreeBSD; also, prettier everywhere else --- lib/keyringer/actions/tree | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/keyringer/actions/tree b/lib/keyringer/actions/tree index 7bf173d..a877548 100755 --- a/lib/keyringer/actions/tree +++ b/lib/keyringer/actions/tree @@ -5,7 +5,7 @@ # Thanks http://www.centerkey.com/tree/ function keyringer_tree { - ls -R $* | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/' + find $* | sed -e 's/[^-][^\/]*\//| /g' | sed -r -e 's/\| ([^|])/|- \1/' } # Load functions @@ -19,6 +19,11 @@ CWD="`pwd`" shift ARGS="`echo "$*" | sed -e "s|^/*||"`" +# on *BSD, find expects at least one argument with the path +if [ "$ARGS" == "" ]; then + ARGS="./" +fi + # Check implementation if which tree &> /dev/null; then TREE="tree" -- cgit v1.2.3 From 1895a47f2bdf4064787b57b5a68d6b3656a620d0 Mon Sep 17 00:00:00 2001 From: rysiek Date: Fri, 3 Nov 2017 10:37:41 -0200 Subject: another find usage fixed on *BSD --- lib/keyringer/actions/find | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find index 043e80d..45b4f11 100755 --- a/lib/keyringer/actions/find +++ b/lib/keyringer/actions/find @@ -15,5 +15,5 @@ shift ARGS="`echo "$*" | sed -e "s|^/*||"`" # Run find command -cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g' +cd "$KEYDIR/$RELATIVE_PATH" && find ./ | grep -i "$ARGS" | sed -e 's|^./||g' cd "$CWD" -- cgit v1.2.3 From 9363e1fa91b23297f13d51139203baf5a0090fc0 Mon Sep 17 00:00:00 2001 From: rysiek Date: Fri, 3 Nov 2017 10:38:46 -0200 Subject: \t is a GNU extension in sed regexes; fixed / use --color only when ls supports it --- lib/keyringer/actions/recipients | 4 +++- lib/keyringer/functions | 11 +++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/keyringer/actions/recipients b/lib/keyringer/actions/recipients index 3c18516..889f73e 100755 --- a/lib/keyringer/actions/recipients +++ b/lib/keyringer/actions/recipients @@ -38,7 +38,9 @@ elif [ "$COMMAND" == "edit" ]; then keyringer_exec git "$BASEDIR" add "$RECIPIENTS_FILE_BASE" else echo "Please specify one recipient to edit among the available:" - ls $RECIPIENTS | sed -e 's/^/\t/' + # \t is a GNU extension + # https://stackoverflow.com/questions/8400602/sed-replace-literal-tab + ls $RECIPIENTS | sed -e "`printf 's/^/\t/'`" exit 1 fi else diff --git a/lib/keyringer/functions b/lib/keyringer/functions index e3f89d9..b1e2e08 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -537,7 +537,12 @@ function keyringer_show_actions { # Usage function keyringer_usage { - local keyrings="$(ls --color=never `dirname $CONFIG` | sed -e 's/config//' | xargs)" + # are we're using an `ls` that supports `--color`? + if ls --version 2>/dev/null; then + local keyrings="$(ls --color=never `dirname $CONFIG` | sed -e 's/config//' | xargs)" + else + local keyrings="$(ls `dirname $CONFIG` | sed -e 's/config//' | xargs)" + fi printf "Keyringer $KEYRINGER_VERSION\n" printf "Usage: keyringer [arguments]\n\n" @@ -552,7 +557,9 @@ function keyringer_usage { if [ ! -z "$keyrings" ] && [ -z "$1" ]; then printf "\tinit [remote]\n" $BASENAME fi - keyringer_show_actions | sed -e 's/^/\t/' + # \t is a GNU extension + # https://stackoverflow.com/questions/8400602/sed-replace-literal-tab + keyringer_show_actions | sed -e "`printf 's/^/\t/'`" printf "\n" } -- cgit v1.2.3 From 89dd8486d3c525dfaf5239938fc4358915e3c2e6 Mon Sep 17 00:00:00 2001 From: rysiek Date: Fri, 3 Nov 2017 10:39:55 -0200 Subject: teardown: more unambiguous info on confirmation; added information when teardown cancelled --- lib/keyringer/actions/teardown | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/keyringer/actions/teardown b/lib/keyringer/actions/teardown index 2e8725b..55de3d6 100755 --- a/lib/keyringer/actions/teardown +++ b/lib/keyringer/actions/teardown @@ -16,8 +16,9 @@ if [ -z "$CONFIRM" ] || [ "$CONFIRM" != "-y" ]; then echo "WARNING: This will irrevocably destroy $KEYDIR" echo "WARNING: the action cannot be undone!" - read -rep "Are you sure to WIPE keyring $KEYRING (type YES to confirm)? " key + read -rep "Are you sure to WIPE keyring $KEYRING (type uppercase YES to confirm)? " key if [ "$key" != "YES" ]; then + echo "CANCELLED!" exit 1 fi fi -- cgit v1.2.3 From f534b40b7eb598cffcc9378c4520d5210552e0d5 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 3 Nov 2017 10:42:01 -0200 Subject: Removes incorrect exit command (#79) --- lib/keyringer/actions/append | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/keyringer/actions/append b/lib/keyringer/actions/append index 905867a..ccb25fb 100755 --- a/lib/keyringer/actions/append +++ b/lib/keyringer/actions/append @@ -6,7 +6,6 @@ # Load functions LIB="`dirname $0`/../functions" source "$LIB" readwrite $* || exit 1 -exit # Get file keyringer_get_file "$2" -- cgit v1.2.3 From dbc0b92c6e32a0b9ca41e57aa58f76e61c71a9cd Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 3 Nov 2017 10:44:03 -0200 Subject: Fix failure to properly decrypt the file in actions/decrypt (#80) --- lib/keyringer/actions/decrypt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/actions/decrypt b/lib/keyringer/actions/decrypt index e17f0e0..7442b29 100755 --- a/lib/keyringer/actions/decrypt +++ b/lib/keyringer/actions/decrypt @@ -11,7 +11,7 @@ source "$LIB" read $* || exit 1 keyringer_get_file "$2" # Decrypt -$GPG --use-agent -d "$KEYDIR/$FILE" +cat "$KEYDIR/$FILE" | $GPG --use-agent -d - # Exit exit "$?" -- cgit v1.2.3 From 20d8b1f626207d9731586ff11975a142befb399c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 3 Nov 2017 10:53:11 -0200 Subject: Redirect both outputs when checking 'ls' version --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index b1e2e08..6f9a5e3 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -538,7 +538,7 @@ function keyringer_show_actions { # Usage function keyringer_usage { # are we're using an `ls` that supports `--color`? - if ls --version 2>/dev/null; then + if ls --version > /dev/null 2>&1; then local keyrings="$(ls --color=never `dirname $CONFIG` | sed -e 's/config//' | xargs)" else local keyrings="$(ls `dirname $CONFIG` | sed -e 's/config//' | xargs)" -- cgit v1.2.3 From d3ca92a6b7ef5ae3cf97bd988c14dac5852343b7 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 3 Nov 2017 10:55:07 -0200 Subject: Makefile: update files to the new .md markdown extension --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b503b68..5d46fc6 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ install_bin: $(INSTALL) -D --mode=0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer install_doc: - $(INSTALL) -D --mode=0644 index.mdwn $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/README.md + $(INSTALL) -D --mode=0644 index.md $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/README.md $(INSTALL) -D --mode=0644 LICENSE $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/LICENSE install_man: @@ -50,7 +50,7 @@ install: clean build_man: # Pipe output to sed to avoid http://lintian.debian.org/tags/hyphen-used-as-minus-sign.html # Fixed in http://johnmacfarlane.net/pandoc/releases.html#pandoc-1.10-2013-01-19 - pandoc -s -w man share/man/keyringer.1.mdwn -o share/man/keyringer.1 + pandoc -s -w man share/man/keyringer.1.md -o share/man/keyringer.1 sed -i -e 's/--/\\-\\-/g' share/man/keyringer.1 tarball: -- cgit v1.2.3 From 7fca7cd0433e6f97080ecf12bee64ec4f38948ba Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 3 Nov 2017 10:55:25 -0200 Subject: Keyringer 0.5.2 --- ChangeLog | 8 ++++++++ keyringer | 2 +- share/man/keyringer.1 | 30 ++++++++++++++++++++---------- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b55279..69a4751 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2017-11-03 - 0.5.2 - Silvio Rhatto + + Fixed incorrect exit statement on append, thanks jamie (#79) + + Fixed possible race condition on append-batch/decrypt, thanks jamie (#80) + + Various fixes for running keyringer on *BSD systems, thanks rysiek + 2017-05-31 - 0.5.1 - Silvio Rhatto Do not abort when keys are expired on actions that are diff --git a/keyringer b/keyringer index 3b4cdc0..6d4b035 100755 --- a/keyringer +++ b/keyringer @@ -140,7 +140,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.5.1" +KEYRINGER_VERSION="0.5.2" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 7b1b030..16cceb7 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -1,4 +1,7 @@ +.\" Automatically generated by Pandoc 1.17.2 +.\" .TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" "" +.hy .SH NAME .PP keyringer \- encrypted and distributed secret sharing software @@ -186,7 +189,7 @@ variable and then re\-encrypting it. .RS .PP Please make sure to use an -\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[] +\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[]*EDITOR\f[] is set to VIM and disables the \f[I]\&.viminfo\f[] file. .RE .TP @@ -359,15 +362,22 @@ to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder. .RE .RE .SH FILES -.PP -$HOME/.keyringer/config : User\[aq]s main configuration file used to map -alias names to keyrings. -.PP -$HOME/.keyringer/\f[I]keyring\f[] : User preferences for the keyringer -aliased \f[I]keyring\f[] keyring. -.PP -$KEYRING_FOLDER/config/options : Custom keyring options which will be -applied for all users that use the keyringer repository. +.TP +.B $HOME/.keyringer/config +User\[aq]s main configuration file used to map alias names to keyrings. +.RS +.RE +.TP +.B $HOME/.keyringer/\f[I]keyring\f[] +User preferences for the keyringer aliased \f[I]keyring\f[] keyring. +.RS +.RE +.TP +.B $KEYRING_FOLDER/config/options +Custom keyring options which will be applied for all users that use the +keyringer repository. +.RS +.RE .SH LIMITATIONS .PP Keyringer currently has the following limitations: -- cgit v1.2.3