From d6a8172b34f6db44737c4346e8271fa5a88e4a23 Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 14 Mar 2014 14:17:34 -0300 Subject: Minor doc change --- index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index ee3870a..82adabf 100644 --- a/index.mdwn +++ b/index.mdwn @@ -172,7 +172,7 @@ Basic idea is: - Let users keep it in sync with the repository and the secrets are shared :) -For "secrets" it's meant anything as the script work with stdin and output things to +Secrets can be any regular file as the script work with stdin and output things to files, so it can be passphrases, private keys or other kind of information. With theses scripts, the workflow is more or less like this: -- cgit v1.2.3 From 2ed71b5f451abfd1a72f0b4836b3f44a642ee32a Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 14 Mar 2014 14:32:59 -0300 Subject: Another minor doc change --- index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index 82adabf..9bf82ab 100644 --- a/index.mdwn +++ b/index.mdwn @@ -196,7 +196,7 @@ Git was chosen to host encrypted info mostly for two reasos: easy to distribute and its the only VCS known to make easier repository history manipulation. One possible drawback: the repo has pubkey information attached, which can be -linked to real ppl (and then disclose the information about who has access to a +linked to real people (and then disclose the information about who has access to a given key), but it's possible to: - Keep the repo just atop of an encrypted and non-public place. -- cgit v1.2.3 From 1978f8d1c93e4030c621281c55fdfb916e41a84a Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 14 Mar 2014 14:54:43 -0300 Subject: Another minor doc change (2) --- index.mdwn | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index 9bf82ab..ca6734c 100644 --- a/index.mdwn +++ b/index.mdwn @@ -197,7 +197,9 @@ and its the only VCS known to make easier repository history manipulation. One possible drawback: the repo has pubkey information attached, which can be linked to real people (and then disclose the information about who has access to a -given key), but it's possible to: +given key). + +To mitigate that, it's possible to: - Keep the repo just atop of an encrypted and non-public place. -- cgit v1.2.3 From 0e170c6c6ae4e0de65052c461d50862971627594 Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 14 Mar 2014 14:56:36 -0300 Subject: OpenPGP --- index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index ca6734c..e1d2b8e 100644 --- a/index.mdwn +++ b/index.mdwn @@ -168,7 +168,7 @@ Concepts Basic idea is: - - Encrypt screts using multiple users's gpg public keys and commit the output in a git repo. + - Encrypt screts using multiple users's OpenPGP public keys and commit the output in a git repo. - Let users keep it in sync with the repository and the secrets are shared :) -- cgit v1.2.3 From f06955268f921266e7283ac67758762b8677faae Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 14 Mar 2014 14:57:50 -0300 Subject: Minor doc change (gitolite test) --- index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index e1d2b8e..1475b98 100644 --- a/index.mdwn +++ b/index.mdwn @@ -168,7 +168,7 @@ Concepts Basic idea is: - - Encrypt screts using multiple users's OpenPGP public keys and commit the output in a git repo. + - Encrypt screts using multiple users's OpenPGP public keys and commit the output in a git repository. - Let users keep it in sync with the repository and the secrets are shared :) -- cgit v1.2.3 From 23b810b99f9db4d058b6d75fae2504767f23bfac Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 14 Mar 2014 15:02:19 -0300 Subject: Minor doc change 2 (gitolite test) --- index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index 1475b98..4b82085 100644 --- a/index.mdwn +++ b/index.mdwn @@ -180,7 +180,7 @@ With theses scripts, the workflow is more or less like this: - You have a git repo for secret keys. - You run the "encrypt" command and paste your private key to this - command (so no plaintext disk write). + command (so no plaintext is written to disk). - The encrypt command writes an encrypted file to the repo. -- cgit v1.2.3 From b5378493968b2ed72f3b5f0d38377afc0b0049cd Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 14 Mar 2014 15:03:43 -0300 Subject: Minor doc change 3 (gitolite test) --- index.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.mdwn b/index.mdwn index 4b82085..23a70e5 100644 --- a/index.mdwn +++ b/index.mdwn @@ -189,8 +189,8 @@ With theses scripts, the workflow is more or less like this: - Optionally, other users pulls the changes but they dont need to decrypt anything until they need to use the keys. -So it's just gpg-encrypted data atop of a git repository (one can think of a -kind of distributed encrypted filesystem). +In summary, keyringer data store is basically gpg-encrypted data atop of a git +repository (one can think of a kind of distributed encrypted filesystem). Git was chosen to host encrypted info mostly for two reasos: easy to distribute and its the only VCS known to make easier repository history manipulation. -- cgit v1.2.3 From 018bddbdbb8239b830301bccde9719cb948c0e4c Mon Sep 17 00:00:00 2001 From: rhatto Date: Mon, 17 Mar 2014 11:14:50 -0300 Subject: Spell checking as suggested by Debian #741644 --- index.mdwn | 4 ++-- lib/keyringer/functions | 6 +++--- share/man/keyringer.1.mdwn | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/index.mdwn b/index.mdwn index 23a70e5..f9df557 100644 --- a/index.mdwn +++ b/index.mdwn @@ -26,7 +26,7 @@ Just clone And then leave it somewhere, optionally adding it to your `$PATH` environment variable or package it to your preferred distro. -If you're using debian `jessie` or `unstable`, just run +If you're using Debian `jessie` or `unstable`, just run apt-get install keyringer @@ -60,7 +60,7 @@ want to checkout it, use Managing recipients ------------------- -Your next step is tell keyringer the GPG key ids to encrypt files to: +Your next step is tell keyringer the OpenPGP key IDs to encrypt files to: keyringer recipients edit [recipient-name] keyringer recipients ls diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 832385e..b8e4bc7 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -581,7 +581,7 @@ function keyringer_check_recipient_size { local size=$(echo "$recipient" | wc -c) if (( $size < 41 )); then - echo "Fatal: please set the full GPG signature hash for key ID $recipient:" + echo "Fatal: please set the full OpenPGP fingerprint for key ID $recipient:" cat <<-EOF Please provide a full OpenPGP fingerprint, for example: @@ -671,8 +671,8 @@ function keyringer_check_recipient_key { fi echo "" else - echo "Fatal: no such key $recipient on your GPG keyring." - echo "Please check for this key or fix the recipient file." + echo "Fatal: no such key $recipient on your OpenPGP keyring." + echo "Please retrieve this key yourself or fix the recipient file." exit 1 fi diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 84895c2..adbaaa2 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -20,8 +20,8 @@ re-encrypt secrets. It also supports encryption to multiple recipients and groups of recipients, to allow a workgroup to share access to a single repository while restricting some secrets to subsets of the group. -Secrets are encrypted using GPG and added to a Git tree so that they can be -synced with remote branches later. +Secrets are encrypted using OpenPGP and added to a Git tree so that they +can be synced with remote branches later. # ACTIONS @@ -160,7 +160,7 @@ clip <*secret*> : Copy the first line of a secret to the clipboard, following password-store convention. xclip <*secret*> -: Alis to clip action. +: Alias to clip action. # CONFIGURATION ACTIONS @@ -209,7 +209,7 @@ recipients <*ls*|*edit*> <*recipients-file*> Each line in a recipients file has entries in the format 'john@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where *john@doe.com* - is an alias for the GPG public key whose fingerprint is + is an alias for the OpenPGP public key whose fingerprint is *XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.* All lines starting with the hash (#) character are interpreted as comments. -- cgit v1.2.3 From dccfd2ba85988f52584ad6cb4ff91ab6aa6007bd Mon Sep 17 00:00:00 2001 From: rhatto Date: Mon, 17 Mar 2014 11:16:04 -0300 Subject: Renaming --prune from git gc --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index b8e4bc7..5936ff0 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -544,7 +544,7 @@ function keyringer_check_repository { # Git maintenance operations echo "Running git maintenance operations..." keyringer_exec git "$BASEDIR" fsck - keyringer_exec git "$BASEDIR" gc --prune=all + keyringer_exec git "$BASEDIR" gc echo "" # Sync the repository -- cgit v1.2.3 From c3cb9ea4b3f65b95001d2ff07e68f7733a3b78a1 Mon Sep 17 00:00:00 2001 From: rhatto Date: Mon, 17 Mar 2014 18:37:59 -0300 Subject: Spell check --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 5936ff0..42850b9 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -432,7 +432,7 @@ function keyringer_get_file { candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`) if [ ! -z "$candidates" ]; then - echo "Could not find exact match \"$1\", please chose one of the following secrets:" + echo "Could not find exact match for \"$1\", please choose one of the following secrets:" echo "" for candidate in ${candidates[@]}; do -- cgit v1.2.3 From c77565e1e2ac774659c125b2ca14f18d9f56f0cf Mon Sep 17 00:00:00 2001 From: rhatto Date: Mon, 17 Mar 2014 21:10:10 -0300 Subject: Using -iname at find action --- lib/keyringer/actions/find | 2 +- lib/keyringer/functions | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find index 9b18d66..21afc7a 100755 --- a/lib/keyringer/actions/find +++ b/lib/keyringer/actions/find @@ -15,5 +15,5 @@ shift ARGS="`echo "$*" | sed -e "s|^/*||"`" # Run find command -cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g' +cd "$KEYDIR/$RELATIVE_PATH" && find -iname "*$ARGS*" | sed -e 's|^./||g' cd "$CWD" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 42850b9..7840b04 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -429,7 +429,7 @@ function keyringer_get_file { elif [ ! -f "$KEYDIR/$FILE" ]; then # Try to find a similar file count=0 - candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`) + candidates=(`keyringer_exec find "$BASEDIR" "$1*.asc"`) if [ ! -z "$candidates" ]; then echo "Could not find exact match for \"$1\", please choose one of the following secrets:" -- cgit v1.2.3 From 82ec9c59d31a429335d1f953927775a80bb10808 Mon Sep 17 00:00:00 2001 From: rhatto Date: Sat, 22 Mar 2014 16:42:28 -0300 Subject: Use --recv-keys instead of --refresh-keys and minor text change --- lib/keyringer/functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 7840b04..e2d23ac 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -572,7 +572,7 @@ function keyringer_refresh_keys { local recipient="$1" echo "Trying to refresh key $recipient..." - gpg --batch --refresh-keys "$recipient" + gpg --batch --recv-keys "$recipient" } # Check recipient size @@ -671,7 +671,7 @@ function keyringer_check_recipient_key { fi echo "" else - echo "Fatal: no such key $recipient on your OpenPGP keyring." + echo "Fatal: no such key $recipient on your GnuPG keyring." echo "Please retrieve this key yourself or fix the recipient file." exit 1 -- cgit v1.2.3 From fc9954384ee5543d742395c5b9245e83d6e9fd07 Mon Sep 17 00:00:00 2001 From: rhatto Date: Sat, 22 Mar 2014 16:47:22 -0300 Subject: Keyringer 0.3.3 --- ChangeLog | 10 ++++++++++ keyringer | 2 +- lib/keyringer/functions | 1 - share/man/keyringer.1 | 8 ++++---- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6d53db7..5b1c53e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2014-03-22 - 0.3.3 - Silvio Rhatto + + Use --recv-keys instead of --refresh-keys + + Use -iname at find action + + Removing --prune from git gc + + Spell checking as suggested by Debian #741644 + 2014-03-14 - 0.3.2 - Silvio Rhatto Subkey expiration date check shall not happen with expired keys diff --git a/keyringer b/keyringer index 7ea9752..6a1eda5 100755 --- a/keyringer +++ b/keyringer @@ -138,7 +138,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.3.2" +KEYRINGER_VERSION="0.3.3" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index e2d23ac..f1af951 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -652,7 +652,6 @@ function keyringer_check_recipients { # Check key expiration keyringer_check_expiration "$recipient" - done } diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 29c618b..f460cbf 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -16,8 +16,8 @@ It also supports encryption to multiple recipients and groups of recipients, to allow a workgroup to share access to a single repository while restricting some secrets to subsets of the group. .PP -Secrets are encrypted using GPG and added to a Git tree so that they can -be synced with remote branches later. +Secrets are encrypted using OpenPGP and added to a Git tree so that they +can be synced with remote branches later. .SH ACTIONS .PP Keyringer has three types of actions: @@ -219,7 +219,7 @@ password-store convention. .RE .TP .B xclip <\f[I]secret\f[]> -Alis to clip action. +Alias to clip action. .RS .RE .SH CONFIGURATION ACTIONS @@ -286,7 +286,7 @@ file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. .PP Each line in a recipients file has entries in the format \[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where -\f[I]john\@doe.com\f[] is an alias for the GPG public key whose +\f[I]john\@doe.com\f[] is an alias for the OpenPGP public key whose fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] .PP All lines starting with the hash (#) character are interpreted as -- cgit v1.2.3