From fdcf1c06a7aa3cf8e901e7d2b802143af87684f0 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 21 Aug 2014 17:30:26 -0300
Subject: Makefile: spell check

---
 share/man/keyringer.1.mdwn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index af098a3..44ddb81 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -288,7 +288,7 @@ Keyringer currently has the following limitations:
    other storage media.
 
    Pay special attention that keyringer outputs data to stdout, which could
-   be easilly spotted by any agent looking directly at you computer screen.
+   be easily spotted by any agent looking directly at you computer screen.
 
    The xclip action even copies secret data to the X11 clipboard, which can
    be accessed by any application running in the user's X11 session, so use
-- 
cgit v1.2.3


From be12c6d664052258bb15e63d136cc7606971fd7b Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 23 Aug 2014 10:44:33 -0300
Subject: Adding completions for cp and mv actions

---
 lib/keyringer/completions/bash/keyringer | 6 +++++-
 lib/keyringer/completions/zsh/_keyringer | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer
index 27cf919..d2083de 100644
--- a/lib/keyringer/completions/bash/keyringer
+++ b/lib/keyringer/completions/bash/keyringer
@@ -93,7 +93,7 @@ _keyringer() {
       recipients)
         opts="ls edit"
         ;;
-      ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
+      ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find|mv|cp)
         cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
         opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
         ;;
@@ -112,6 +112,10 @@ _keyringer() {
     esac
   elif [ "${#COMP_WORDS[@]}" == "5" ]; then
     case "${command}" in
+      mv|cp)
+        cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
+        opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
+        ;;
       recipients)
         cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
         opts="$(cd $path/config/recipients && ls --color=never -p ${cur}* 2> /dev/null)"
diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer
index ab95c3d..3963b4b 100644
--- a/lib/keyringer/completions/zsh/_keyringer
+++ b/lib/keyringer/completions/zsh/_keyringer
@@ -49,7 +49,7 @@ _keyringer() {
           recipients)
             compadd "$@" ls edit
             ;;
-          ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find)
+          ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find|mv|cp)
             words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash
             compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
             ;;
@@ -68,6 +68,10 @@ _keyringer() {
         ;;
       misc)
         case "$words[3]" in
+          mv|cp)
+            words[5]="`echo $words[5] | sed -e "s|^/*||"`" # avoid leading slash
+            compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
+            ;;
           recipients)
             words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
             compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]* 2> /dev/null)
-- 
cgit v1.2.3


From 2e987d14ca36042fe256702a3f68c491bfe44ac0 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 2 Sep 2014 11:43:44 -0300
Subject: Ensure destination folder exists at 'cp' action

---
 ChangeLog                | 4 ++++
 lib/keyringer/actions/cp | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 683c853..c8708e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2014-09-02 - Silvio Rhatto <rhatto@riseup.net>
+
+	Ensure destination folder exists at 'cp' action
+
 2014-08-21 - 0.3.7 - Silvio Rhatto <rhatto@riseup.net>
 
 	Init: just set git user/mail if needed
diff --git a/lib/keyringer/actions/cp b/lib/keyringer/actions/cp
index 0629b61..f3ae20c 100755
--- a/lib/keyringer/actions/cp
+++ b/lib/keyringer/actions/cp
@@ -27,7 +27,10 @@ if ! echo "$ORIG" | grep -q '*' && [ ! -e "$KEYDIR/$RELATIVE_PATH/$ORIG" ]; then
   exit 1
 fi
 
-# Run move command
+# Ensure destination folder exists
+mkdir -p `dirname "$KEYDIR/$FILE"`
+
+# Run copy command
 cd "$KEYDIR" && cp -a "./$RELATIVE_PATH/$ORIG" "./$FILE"
 keyringer_exec git "$BASEDIR" add "keys/$FILE"
 cd "$CWD"
-- 
cgit v1.2.3


From cda6d3c7ab14e75cbe04e7602425cb51ce55abdd Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Wed, 3 Sep 2014 13:42:59 -0300
Subject: Removing trailing space at doc page

---
 development.mdwn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/development.mdwn b/development.mdwn
index bbc688d..24c65f0 100644
--- a/development.mdwn
+++ b/development.mdwn
@@ -86,7 +86,7 @@ Run lintian (or [add it to your pbuilder hooks](http://askubuntu.com/questions/1
 Notes:
 
 * `git-import-orig` takes care of running `pristine-tar commit`, of merging of the tag and orig tarball into the upstream branch, and then it merges the result into the debian branch. With the above configuration, it also runs git-dch to do the bulk of the work in `debian/changelog`.
-* To build a development package, checkout the debian branch, merge master, run `git-dch --auto --snapshot` and build. 
+* To build a development package, checkout the debian branch, merge master, run `git-dch --auto --snapshot` and build.
 
 Adding or changing a subcommand
 -------------------------------
-- 
cgit v1.2.3


From 1c5cc668ab523a6368c1a87f33f3daaf2d3b7eed Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 11 Sep 2014 23:20:43 -0300
Subject: Updating packaging workflow

---
 development.mdwn | 42 +++++++-----------------------------------
 1 file changed, 7 insertions(+), 35 deletions(-)

diff --git a/development.mdwn b/development.mdwn
index 24c65f0..db67119 100644
--- a/development.mdwn
+++ b/development.mdwn
@@ -5,44 +5,11 @@ Index
 
 [[!toc levels=4]]
 
-Development environment
------------------------
-
-The following steps needs to be run just once for each arch and distro version.
-
-### Create the `debian/` structure
-
-    if [ ! -d "debian" ]; then
-      dh_make -p keyringer_0.1 --createorig
-    fi
-
-### Setup a sid pbuilder chroot
-
-    DIST=sid git-pbuilder create
-
-### Setup a sid cowbuilder chroot
-
-    DIST=sid sudo cowbuilder --create
-
-Environment maintenance
------------------------
-
-These steps should be run once in a while to ensure we have an up to date packaging environment.
-
-### Pbuilder
-
-    DIST=sid git-pbuilder update
-
-### Cowbuilder
-
-    DIST=sid sudo cowbuilder --update
-
 Coding standards
 ----------------
 
-  - Respect the existing coding style.
-
-  - Be clear: easy audability must be one of keyringer's requirements.
+* Respect the existing coding style.
+* Be clear: easy audability must be one of keyringer's requirements.
 
 Development workflow
 --------------------
@@ -88,6 +55,11 @@ Notes:
 * `git-import-orig` takes care of running `pristine-tar commit`, of merging of the tag and orig tarball into the upstream branch, and then it merges the result into the debian branch. With the above configuration, it also runs git-dch to do the bulk of the work in `debian/changelog`.
 * To build a development package, checkout the debian branch, merge master, run `git-dch --auto --snapshot` and build.
 
+Packaging workflow
+------------------
+
+We recommend [this packaging workflow](https://git.sarava.org/?p=debian.git;a=blob;f=README.md;hb=HEAD).
+
 Adding or changing a subcommand
 -------------------------------
 
-- 
cgit v1.2.3


From 53f108e2c5b1c536410d9e57788435b455c7354c Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 17 Mar 2015 11:40:28 -0300
Subject: Renaming genpairs (#69)

---
 lib/keyringer/actions/genkeys | 222 +++++++++++++++++++++++++++++++++++++++++
 lib/keyringer/actions/genpair | 223 +-----------------------------------------
 2 files changed, 223 insertions(+), 222 deletions(-)
 create mode 100755 lib/keyringer/actions/genkeys
 mode change 100755 => 120000 lib/keyringer/actions/genpair

diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
new file mode 100755
index 0000000..6fc6dcd
--- /dev/null
+++ b/lib/keyringer/actions/genkeys
@@ -0,0 +1,222 @@
+#!/bin/bash
+#
+# Generate keypairs.
+#
+# This script is just a wrapper to easily generate keys for
+# automated systems.
+# 
+
+# Generate a keypair, ssh version
+function genpair_ssh {
+  echo "Make sure that $KEYDIR is atop of an encrypted volume."
+  read -p "Hit ENTER to continue." prompt
+
+  # We're using empty passphrases
+  ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
+
+  # Encrypt the result
+  echo "Encrypting secret key into keyringer..."
+  cat "$TMPWORK/id_rsa"     | keyringer_exec encrypt "$BASEDIR" "$FILE"
+  echo "Encrypting public key into keyringer..."
+  cat "$TMPWORK/id_rsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
+
+  if [ ! -z "$OUTFILE" ]; then
+    mkdir -p `dirname $OUTFILE`
+    printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
+    cat "$TMPWORK/id_rsa"     > "$OUTFILE"
+    cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub"
+  fi
+
+  echo "Done"  
+}
+
+# Generate a keypair, gpg version
+function genpair_gpg {
+  echo "Make sure that $KEYDIR is atop of an encrypted volume."
+
+  passphrase="no"
+  passphrase_confirm="confirm"
+
+  while [ "$passphrase" != "$passphrase_confirm" ]; do
+    read -s -p "Enter password for the private key: " passphrase
+    printf "\n"
+    read -s -p "Enter password again: " passphrase_confirm
+    printf "\n"
+
+    if [ "$passphrase" != "$passphrase_confirm" ]; then
+      echo "Password don't match."
+    fi
+  done
+  
+  # TODO: insert random bytes
+  # TODO: custom Name-Comment and Name-Email
+  # TODO: allow for empty passphrases
+  $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF
+    Key-Type: RSA
+    Key-Length: 4096
+    Subkey-Type: ELG-E
+    Subkey-Length: 4096
+    Name-Real: $NODE
+    Name-Email: root@$NODE
+    Expire-Date: 0
+    Passphrase: $passphrase
+    %commit
+EOF
+
+  # Encrypt the result
+  echo "Encrypting secret key into keyringer..."
+  $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE"
+  echo "Encrypting public key into keyringer..."
+  $GPG --armor --homedir "$TMPWORK" --export             | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
+  echo "Encrypting passphrase into keyringer..."
+  echo "Passphrase for $FILE: $passphrase"               | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
+
+  if [ ! -z "$OUTFILE" ]; then
+    mkdir -p `dirname $OUTFILE`
+    printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
+    $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE"
+    $GPG --armor --homedir "$TMPWORK" --export             > "$OUTFILE.pub"
+  fi
+
+  echo "Done"  
+}
+
+# Generate a keypair, ssl version
+function genpair_ssl {
+  echo "Make sure that $KEYDIR is atop of an encrypted volume."
+  read -p "Hit ENTER to continue." prompt
+
+  # Check for wildcard certs
+  if [ "`echo $NODE | cut -d . -f 1`" == "*" ]; then
+    WILDCARD="yes"
+    CNAME="$NODE"
+    NODE="`echo $NODE | sed -e 's/^\*\.//'`"
+  else
+    CNAME="${NODE}"
+  fi
+
+  # Setup
+  cd "$TMPWORK"
+
+  # Generate certificate
+cat <<EOF >> openssl.conf
+[ req ]
+default_keyfile         = ${NODE}_privatekey.pem
+distinguished_name      = req_distinguished_name
+encrypt_key             = no
+req_extensions          = v3_req # Extensions to add to certificate request
+string_mask             = nombstr
+
+[ req_distinguished_name ]
+commonName_default              = ${CNAME}
+organizationName                = Organization Name
+organizationalUnitName          = Organizational Unit Name
+emailAddress                    = Email Address
+localityName                    = Locality
+stateOrProvinceName             = State
+countryName                     = Country Name
+commonName                      = Common Name
+
+[ v3_req ]
+extendedKeyUsage=serverAuth,clientAuth
+EOF
+
+  # Add SubjectAltNames so wildcard certs can work correctly.
+  if [ "$WILDCARD" == "yes" ]; then
+cat <<EOF >> openssl.conf
+subjectAltName=DNS:${NODE}, DNS:${CNAME}
+EOF
+  fi
+
+  echo "Please review your OpenSSL configuration:"
+  cat openssl.conf
+  read -p "Hit ENTER to continue." prompt
+
+  openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \
+          -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
+
+  openssl req -noout -text -in ${NODE}_csr.pem
+
+  # Self-sign
+  if [ "$KEYTYPE" == "ssl-self" ]; then
+    openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365
+    chmod 600 "${NODE}_privatekey.pem"
+  fi
+
+  # Encrypt the result
+  echo "Encrypting private key into keyringer..."
+  cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
+  echo "Encrypting certificate request into keyringer..."
+  cat "${NODE}_csr.pem"        | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
+  
+  if [ "$KEYTYPE" == "ssl-self" ]; then
+    echo "Encrypting certificate into keyringer..."
+    cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
+  elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then
+    # Remove any existing crt
+    keyringer_exec del "$BASEDIR" "$FILE.crt"
+  fi
+
+  cd "$CWD"
+
+  if [ ! -z "$OUTFILE" ]; then
+    mkdir -p `dirname $OUTFILE`
+    printf "Saving copies at %s\n" "`dirname $OUTFILE`"
+    cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem"
+    cat "$TMPWORK/${NODE}_csr.pem"        > "$OUTFILE.csr"
+
+    if [ -f "$TMPWORK/${NODE}.crt" ]; then
+      cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt"
+    fi
+  fi
+
+  # Show cert fingerprint
+  if [ "$KEYTYPE" == "ssl-self" ]; then
+    openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint
+  fi
+
+  echo "Done"
+}
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# Aditional parameters
+KEYTYPE="$2"
+FILE="$RELATIVE_PATH/$3"
+NODE="$4"
+OUTFILE="$5"
+CWD="`pwd`"
+
+# Verify
+if [ -z "$NODE" ]; then
+  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
+  echo -e "Options:"
+  echo -e "\t gpg|ssh|ssl[-self]: key type."
+  echo -e "\t file                      : base file name for encrypted output (relative to keys folder),"
+  echo -e "\t                             without spaces"
+  echo -e "\t hostname                  : host for the key pair"
+  echo -e "\t outfile                   : optional unencrypted output file, useful for deployment,"
+  echo -e "\t                             without spaces"
+  exit 1
+elif [ ! -e "$KEYDIR" ]; then
+  echo "Folder not found: $KEYDIR, leaving"
+  exit 1
+fi
+
+# Set a tmp file
+keyringer_set_tmpfile genpair -d
+
+# Dispatch
+echo "Generating $KEYTYPE key for $NODE..."
+if [ "$KEYTYPE" == "ssl-self" ]; then
+  genpair_ssl
+else
+  genpair_"$KEYTYPE"
+fi
+
+# Cleanup
+cd "$CWD"
+rm -rf "$TMPWORK"
+trap - EXIT
diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair
deleted file mode 100755
index 6fc6dcd..0000000
--- a/lib/keyringer/actions/genpair
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/bash
-#
-# Generate keypairs.
-#
-# This script is just a wrapper to easily generate keys for
-# automated systems.
-# 
-
-# Generate a keypair, ssh version
-function genpair_ssh {
-  echo "Make sure that $KEYDIR is atop of an encrypted volume."
-  read -p "Hit ENTER to continue." prompt
-
-  # We're using empty passphrases
-  ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
-
-  # Encrypt the result
-  echo "Encrypting secret key into keyringer..."
-  cat "$TMPWORK/id_rsa"     | keyringer_exec encrypt "$BASEDIR" "$FILE"
-  echo "Encrypting public key into keyringer..."
-  cat "$TMPWORK/id_rsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
-
-  if [ ! -z "$OUTFILE" ]; then
-    mkdir -p `dirname $OUTFILE`
-    printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
-    cat "$TMPWORK/id_rsa"     > "$OUTFILE"
-    cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub"
-  fi
-
-  echo "Done"  
-}
-
-# Generate a keypair, gpg version
-function genpair_gpg {
-  echo "Make sure that $KEYDIR is atop of an encrypted volume."
-
-  passphrase="no"
-  passphrase_confirm="confirm"
-
-  while [ "$passphrase" != "$passphrase_confirm" ]; do
-    read -s -p "Enter password for the private key: " passphrase
-    printf "\n"
-    read -s -p "Enter password again: " passphrase_confirm
-    printf "\n"
-
-    if [ "$passphrase" != "$passphrase_confirm" ]; then
-      echo "Password don't match."
-    fi
-  done
-  
-  # TODO: insert random bytes
-  # TODO: custom Name-Comment and Name-Email
-  # TODO: allow for empty passphrases
-  $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF
-    Key-Type: RSA
-    Key-Length: 4096
-    Subkey-Type: ELG-E
-    Subkey-Length: 4096
-    Name-Real: $NODE
-    Name-Email: root@$NODE
-    Expire-Date: 0
-    Passphrase: $passphrase
-    %commit
-EOF
-
-  # Encrypt the result
-  echo "Encrypting secret key into keyringer..."
-  $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE"
-  echo "Encrypting public key into keyringer..."
-  $GPG --armor --homedir "$TMPWORK" --export             | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
-  echo "Encrypting passphrase into keyringer..."
-  echo "Passphrase for $FILE: $passphrase"               | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
-
-  if [ ! -z "$OUTFILE" ]; then
-    mkdir -p `dirname $OUTFILE`
-    printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
-    $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE"
-    $GPG --armor --homedir "$TMPWORK" --export             > "$OUTFILE.pub"
-  fi
-
-  echo "Done"  
-}
-
-# Generate a keypair, ssl version
-function genpair_ssl {
-  echo "Make sure that $KEYDIR is atop of an encrypted volume."
-  read -p "Hit ENTER to continue." prompt
-
-  # Check for wildcard certs
-  if [ "`echo $NODE | cut -d . -f 1`" == "*" ]; then
-    WILDCARD="yes"
-    CNAME="$NODE"
-    NODE="`echo $NODE | sed -e 's/^\*\.//'`"
-  else
-    CNAME="${NODE}"
-  fi
-
-  # Setup
-  cd "$TMPWORK"
-
-  # Generate certificate
-cat <<EOF >> openssl.conf
-[ req ]
-default_keyfile         = ${NODE}_privatekey.pem
-distinguished_name      = req_distinguished_name
-encrypt_key             = no
-req_extensions          = v3_req # Extensions to add to certificate request
-string_mask             = nombstr
-
-[ req_distinguished_name ]
-commonName_default              = ${CNAME}
-organizationName                = Organization Name
-organizationalUnitName          = Organizational Unit Name
-emailAddress                    = Email Address
-localityName                    = Locality
-stateOrProvinceName             = State
-countryName                     = Country Name
-commonName                      = Common Name
-
-[ v3_req ]
-extendedKeyUsage=serverAuth,clientAuth
-EOF
-
-  # Add SubjectAltNames so wildcard certs can work correctly.
-  if [ "$WILDCARD" == "yes" ]; then
-cat <<EOF >> openssl.conf
-subjectAltName=DNS:${NODE}, DNS:${CNAME}
-EOF
-  fi
-
-  echo "Please review your OpenSSL configuration:"
-  cat openssl.conf
-  read -p "Hit ENTER to continue." prompt
-
-  openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \
-          -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
-
-  openssl req -noout -text -in ${NODE}_csr.pem
-
-  # Self-sign
-  if [ "$KEYTYPE" == "ssl-self" ]; then
-    openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365
-    chmod 600 "${NODE}_privatekey.pem"
-  fi
-
-  # Encrypt the result
-  echo "Encrypting private key into keyringer..."
-  cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
-  echo "Encrypting certificate request into keyringer..."
-  cat "${NODE}_csr.pem"        | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
-  
-  if [ "$KEYTYPE" == "ssl-self" ]; then
-    echo "Encrypting certificate into keyringer..."
-    cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
-  elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then
-    # Remove any existing crt
-    keyringer_exec del "$BASEDIR" "$FILE.crt"
-  fi
-
-  cd "$CWD"
-
-  if [ ! -z "$OUTFILE" ]; then
-    mkdir -p `dirname $OUTFILE`
-    printf "Saving copies at %s\n" "`dirname $OUTFILE`"
-    cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem"
-    cat "$TMPWORK/${NODE}_csr.pem"        > "$OUTFILE.csr"
-
-    if [ -f "$TMPWORK/${NODE}.crt" ]; then
-      cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt"
-    fi
-  fi
-
-  # Show cert fingerprint
-  if [ "$KEYTYPE" == "ssl-self" ]; then
-    openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint
-  fi
-
-  echo "Done"
-}
-
-# Load functions
-LIB="`dirname $0`/../functions"
-source "$LIB" || exit 1
-
-# Aditional parameters
-KEYTYPE="$2"
-FILE="$RELATIVE_PATH/$3"
-NODE="$4"
-OUTFILE="$5"
-CWD="`pwd`"
-
-# Verify
-if [ -z "$NODE" ]; then
-  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
-  echo -e "Options:"
-  echo -e "\t gpg|ssh|ssl[-self]: key type."
-  echo -e "\t file                      : base file name for encrypted output (relative to keys folder),"
-  echo -e "\t                             without spaces"
-  echo -e "\t hostname                  : host for the key pair"
-  echo -e "\t outfile                   : optional unencrypted output file, useful for deployment,"
-  echo -e "\t                             without spaces"
-  exit 1
-elif [ ! -e "$KEYDIR" ]; then
-  echo "Folder not found: $KEYDIR, leaving"
-  exit 1
-fi
-
-# Set a tmp file
-keyringer_set_tmpfile genpair -d
-
-# Dispatch
-echo "Generating $KEYTYPE key for $NODE..."
-if [ "$KEYTYPE" == "ssl-self" ]; then
-  genpair_ssl
-else
-  genpair_"$KEYTYPE"
-fi
-
-# Cleanup
-cd "$CWD"
-rm -rf "$TMPWORK"
-trap - EXIT
diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair
new file mode 120000
index 0000000..d936499
--- /dev/null
+++ b/lib/keyringer/actions/genpair
@@ -0,0 +1 @@
+genkeys
\ No newline at end of file
-- 
cgit v1.2.3


From 1cbca4d98e14076ac01bedff6ab0e0626c35fbae Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 17 Mar 2015 14:59:09 -0300
Subject: Rename genkeys functions (#69)

---
 lib/keyringer/actions/genkeys | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
index 6fc6dcd..0a33725 100755
--- a/lib/keyringer/actions/genkeys
+++ b/lib/keyringer/actions/genkeys
@@ -4,10 +4,10 @@
 #
 # This script is just a wrapper to easily generate keys for
 # automated systems.
-# 
+#
 
 # Generate a keypair, ssh version
-function genpair_ssh {
+function genkeys_ssh {
   echo "Make sure that $KEYDIR is atop of an encrypted volume."
   read -p "Hit ENTER to continue." prompt
 
@@ -27,11 +27,11 @@ function genpair_ssh {
     cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub"
   fi
 
-  echo "Done"  
+  echo "Done"
 }
 
 # Generate a keypair, gpg version
-function genpair_gpg {
+function genkeys_gpg {
   echo "Make sure that $KEYDIR is atop of an encrypted volume."
 
   passphrase="no"
@@ -47,7 +47,7 @@ function genpair_gpg {
       echo "Password don't match."
     fi
   done
-  
+
   # TODO: insert random bytes
   # TODO: custom Name-Comment and Name-Email
   # TODO: allow for empty passphrases
@@ -78,11 +78,16 @@ EOF
     $GPG --armor --homedir "$TMPWORK" --export             > "$OUTFILE.pub"
   fi
 
-  echo "Done"  
+  echo "Done"
+}
+
+# Alias
+function genkeys_ssl {
+  genkeys_x509 $*
 }
 
 # Generate a keypair, ssl version
-function genpair_ssl {
+function genkeys_x509 {
   echo "Make sure that $KEYDIR is atop of an encrypted volume."
   read -p "Hit ENTER to continue." prompt
 
@@ -148,7 +153,7 @@ EOF
   cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
   echo "Encrypting certificate request into keyringer..."
   cat "${NODE}_csr.pem"        | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
-  
+
   if [ "$KEYTYPE" == "ssl-self" ]; then
     echo "Encrypting certificate into keyringer..."
     cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
@@ -191,9 +196,9 @@ CWD="`pwd`"
 
 # Verify
 if [ -z "$NODE" ]; then
-  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
+  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|x509|x509-self> <file> <hostname> [outfile]"
   echo -e "Options:"
-  echo -e "\t gpg|ssh|ssl[-self]: key type."
+  echo -e "\t gpg|ssh|x509[-self]: key type."
   echo -e "\t file                      : base file name for encrypted output (relative to keys folder),"
   echo -e "\t                             without spaces"
   echo -e "\t hostname                  : host for the key pair"
@@ -210,10 +215,10 @@ keyringer_set_tmpfile genpair -d
 
 # Dispatch
 echo "Generating $KEYTYPE key for $NODE..."
-if [ "$KEYTYPE" == "ssl-self" ]; then
-  genpair_ssl
+if [ "$KEYTYPE" == "ssl-self" ] || [ "$KEYTYPE" == "x509-self" ]; then
+  genkeys_x509
 else
-  genpair_"$KEYTYPE"
+  genkeys_"$KEYTYPE"
 fi
 
 # Cleanup
-- 
cgit v1.2.3


From 2b9a58f4f4b35fb959147f159623d728d5f1b217 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 17 Mar 2015 15:01:35 -0300
Subject: Updates shell completions (#69)

---
 lib/keyringer/actions/genkeys            | 4 ++--
 lib/keyringer/completions/bash/keyringer | 6 +++---
 lib/keyringer/completions/zsh/_keyringer | 6 +++---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
index 0a33725..60f9dfc 100755
--- a/lib/keyringer/actions/genkeys
+++ b/lib/keyringer/actions/genkeys
@@ -196,9 +196,9 @@ CWD="`pwd`"
 
 # Verify
 if [ -z "$NODE" ]; then
-  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|x509|x509-self> <file> <hostname> [outfile]"
+  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|x509|x509-self|ssl|ssl-self> <file> <hostname> [outfile]"
   echo -e "Options:"
-  echo -e "\t gpg|ssh|x509[-self]: key type."
+  echo -e "\t gpg|ssh|x509[-self]|ssl|ssl[-self]: key type."
   echo -e "\t file                      : base file name for encrypted output (relative to keys folder),"
   echo -e "\t                             without spaces"
   echo -e "\t hostname                  : host for the key pair"
diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer
index d2083de..fc952eb 100644
--- a/lib/keyringer/completions/bash/keyringer
+++ b/lib/keyringer/completions/bash/keyringer
@@ -97,8 +97,8 @@ _keyringer() {
         cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
         opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
         ;;
-      genpair)
-        opts="gpg ssh ssl ssl-self"
+      genkeys|genpair)
+        opts="gpg ssh x509 x509-self ssl ssl-self"
         ;;
       git)
         opts="$(_keyringer_git_complete ${cur})"
@@ -120,7 +120,7 @@ _keyringer() {
         cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
         opts="$(cd $path/config/recipients && ls --color=never -p ${cur}* 2> /dev/null)"
         ;;
-      genpair)
+      genkeys|genpair)
         cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash
         opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)"
         ;;
diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer
index 3963b4b..d4b89b1 100644
--- a/lib/keyringer/completions/zsh/_keyringer
+++ b/lib/keyringer/completions/zsh/_keyringer
@@ -53,8 +53,8 @@ _keyringer() {
             words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash
             compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null)
             ;;
-          genpair)
-            compadd "$@" gpg ssh ssl ssl-self
+          genkeys|genpair)
+            compadd "$@" gpg ssh x509 x509-self ssl ssl-self
             ;;
           git)
             compadd "$@" $(_keyringer_git_complete $words[4])
@@ -76,7 +76,7 @@ _keyringer() {
             words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
             compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]* 2> /dev/null)
             ;;
-          genpair)
+          genkeys|genpair)
             words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash
             compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null)
             ;;
-- 
cgit v1.2.3


From 9d916327eae2c4625046ccdbe7474b489517a70e Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 17 Mar 2015 15:05:23 -0300
Subject: Manpage and ChangeLog and help update (#69)

---
 ChangeLog                     |  4 ++++
 lib/keyringer/actions/genkeys | 10 +++++-----
 share/man/keyringer.1.mdwn    |  5 ++++-
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c8708e6..eee4b8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2015-03-17 - Silvio Rhatto <rhatto@riseup.net>
+
+	Rename genpair action and option (#69)
+
 2014-09-02 - Silvio Rhatto <rhatto@riseup.net>
 
 	Ensure destination folder exists at 'cp' action
diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
index 60f9dfc..d4f24d8 100755
--- a/lib/keyringer/actions/genkeys
+++ b/lib/keyringer/actions/genkeys
@@ -199,11 +199,11 @@ if [ -z "$NODE" ]; then
   echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|x509|x509-self|ssl|ssl-self> <file> <hostname> [outfile]"
   echo -e "Options:"
   echo -e "\t gpg|ssh|x509[-self]|ssl|ssl[-self]: key type."
-  echo -e "\t file                      : base file name for encrypted output (relative to keys folder),"
-  echo -e "\t                             without spaces"
-  echo -e "\t hostname                  : host for the key pair"
-  echo -e "\t outfile                   : optional unencrypted output file, useful for deployment,"
-  echo -e "\t                             without spaces"
+  echo -e "\t file                              : base file name for encrypted output (relative to keys folder),"
+  echo -e "\t                                     without spaces"
+  echo -e "\t hostname                          : host for the key pair"
+  echo -e "\t outfile                           : optional unencrypted output file, useful for deployment,"
+  echo -e "\t                                     without spaces"
   exit 1
 elif [ ! -e "$KEYDIR" ]; then
   echo "Folder not found: $KEYDIR, leaving"
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 44ddb81..55ae216 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -150,9 +150,12 @@ encrypt-batch <*secret*> [*file*]
 :   Encrypt content, batch mode. Behavior is identical to *encrypt* action, but less
     verbose. Useful inside scripts.
 
-genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*]
+genkeys <*ssh*|*gpg*|*x509*|*x509-self*|*ssl*|*ssl-self*> [*options*]
 :   Wrapper to generate encryption key-pairs, useful for automated key deployment.
 
+genpair <*ssh*|*gpg*|*x509*|*x509-self*|*ssl*|*ssl-self*> [*options*]
+:   Alias for *genkeys* action.
+
 open <*secret*>
 :   Decrypt a secret into a temporary folder and open it using xdg-open, which
     tries to figure out the file type and then calls the associated application.
-- 
cgit v1.2.3


From 2f86eac334fc26cbc72221458cce4def87b69707 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 30 Mar 2015 09:00:26 -0300
Subject: Eliminates hardcoded bash path (thanks polynomial/github #1)

---
 contrib/pass                      | 2 +-
 keyringer                         | 2 +-
 lib/keyringer/actions/append      | 2 +-
 lib/keyringer/actions/check       | 2 +-
 lib/keyringer/actions/commands    | 2 +-
 lib/keyringer/actions/commit      | 2 +-
 lib/keyringer/actions/cp          | 2 +-
 lib/keyringer/actions/decrypt     | 2 +-
 lib/keyringer/actions/del         | 2 +-
 lib/keyringer/actions/edit        | 2 +-
 lib/keyringer/actions/encrypt     | 2 +-
 lib/keyringer/actions/find        | 2 +-
 lib/keyringer/actions/genkeys     | 2 +-
 lib/keyringer/actions/git         | 2 +-
 lib/keyringer/actions/ls          | 2 +-
 lib/keyringer/actions/mkdir       | 2 +-
 lib/keyringer/actions/mv          | 2 +-
 lib/keyringer/actions/options     | 2 +-
 lib/keyringer/actions/preferences | 2 +-
 lib/keyringer/actions/recipients  | 2 +-
 lib/keyringer/actions/recrypt     | 2 +-
 lib/keyringer/actions/rmdir       | 2 +-
 lib/keyringer/actions/shell       | 2 +-
 lib/keyringer/actions/teardown    | 2 +-
 lib/keyringer/actions/tree        | 2 +-
 lib/keyringer/actions/usage       | 2 +-
 lib/keyringer/actions/xclip       | 2 +-
 lib/keyringer/functions           | 2 +-
 28 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/contrib/pass b/contrib/pass
index b4d5954..80eb744 100755
--- a/contrib/pass
+++ b/contrib/pass
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Sample wrapper program for simplying the use of keyringer.
 # This wrapper assumes you are using one key file with many
diff --git a/keyringer b/keyringer
index 059b157..55563c5 100755
--- a/keyringer
+++ b/keyringer
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Keyringer key management system.
 #
diff --git a/lib/keyringer/actions/append b/lib/keyringer/actions/append
index fbb6c1c..df21e03 100755
--- a/lib/keyringer/actions/append
+++ b/lib/keyringer/actions/append
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Append information into encrypted files.
 #
diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check
index c80fa8f..a647e95 100755
--- a/lib/keyringer/actions/check
+++ b/lib/keyringer/actions/check
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Check a keyring.
 #
diff --git a/lib/keyringer/actions/commands b/lib/keyringer/actions/commands
index cb49c02..4888317 100755
--- a/lib/keyringer/actions/commands
+++ b/lib/keyringer/actions/commands
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Show available commands
 #
diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit
index b124927..84ead14 100755
--- a/lib/keyringer/actions/commit
+++ b/lib/keyringer/actions/commit
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Git commit wrapper.
 #
diff --git a/lib/keyringer/actions/cp b/lib/keyringer/actions/cp
index f3ae20c..1f4ccee 100755
--- a/lib/keyringer/actions/cp
+++ b/lib/keyringer/actions/cp
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Copy secrets.
 #
diff --git a/lib/keyringer/actions/decrypt b/lib/keyringer/actions/decrypt
index b63b74e..c6510ee 100755
--- a/lib/keyringer/actions/decrypt
+++ b/lib/keyringer/actions/decrypt
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Decrypt files.
 #
diff --git a/lib/keyringer/actions/del b/lib/keyringer/actions/del
index d160ac4..2abc414 100755
--- a/lib/keyringer/actions/del
+++ b/lib/keyringer/actions/del
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Remove files.
 #
diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit
index c9f3f12..4338518 100755
--- a/lib/keyringer/actions/edit
+++ b/lib/keyringer/actions/edit
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Edit keys.
 #
diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt
index 7415267..3818fa3 100755
--- a/lib/keyringer/actions/encrypt
+++ b/lib/keyringer/actions/encrypt
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Encrypt files to multiple recipients.
 #
diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find
index 9b18d66..dc9d6d1 100755
--- a/lib/keyringer/actions/find
+++ b/lib/keyringer/actions/find
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Find secrets.
 #
diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
index d4f24d8..f49d6d0 100755
--- a/lib/keyringer/actions/genkeys
+++ b/lib/keyringer/actions/genkeys
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Generate keypairs.
 #
diff --git a/lib/keyringer/actions/git b/lib/keyringer/actions/git
index 059b20e..218273f 100755
--- a/lib/keyringer/actions/git
+++ b/lib/keyringer/actions/git
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Git wrapper.
 #
diff --git a/lib/keyringer/actions/ls b/lib/keyringer/actions/ls
index 93f5f75..b992ad4 100755
--- a/lib/keyringer/actions/ls
+++ b/lib/keyringer/actions/ls
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # List keys.
 #
diff --git a/lib/keyringer/actions/mkdir b/lib/keyringer/actions/mkdir
index b31eb0b..63442a4 100755
--- a/lib/keyringer/actions/mkdir
+++ b/lib/keyringer/actions/mkdir
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Create folders.
 #
diff --git a/lib/keyringer/actions/mv b/lib/keyringer/actions/mv
index daac7b0..2324145 100755
--- a/lib/keyringer/actions/mv
+++ b/lib/keyringer/actions/mv
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Move secrets.
 #
diff --git a/lib/keyringer/actions/options b/lib/keyringer/actions/options
index b210e1a..eea73e8 100755
--- a/lib/keyringer/actions/options
+++ b/lib/keyringer/actions/options
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Repository options management.
 #
diff --git a/lib/keyringer/actions/preferences b/lib/keyringer/actions/preferences
index 114f9ac..6e36ef4 100755
--- a/lib/keyringer/actions/preferences
+++ b/lib/keyringer/actions/preferences
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Manipulate user preferences.
 #
diff --git a/lib/keyringer/actions/recipients b/lib/keyringer/actions/recipients
index 4149786..29f9d38 100755
--- a/lib/keyringer/actions/recipients
+++ b/lib/keyringer/actions/recipients
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Recipient management.
 #
diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt
index 30c9254..5dce1ba 100755
--- a/lib/keyringer/actions/recrypt
+++ b/lib/keyringer/actions/recrypt
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Re-encrypt files to multiple recipients.
 #
diff --git a/lib/keyringer/actions/rmdir b/lib/keyringer/actions/rmdir
index 398cf11..da7abe5 100755
--- a/lib/keyringer/actions/rmdir
+++ b/lib/keyringer/actions/rmdir
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Remove folders.
 #
diff --git a/lib/keyringer/actions/shell b/lib/keyringer/actions/shell
index ab170b1..491fe0a 100755
--- a/lib/keyringer/actions/shell
+++ b/lib/keyringer/actions/shell
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Interactive shell.
 #
diff --git a/lib/keyringer/actions/teardown b/lib/keyringer/actions/teardown
index 64da740..5bfb121 100755
--- a/lib/keyringer/actions/teardown
+++ b/lib/keyringer/actions/teardown
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Remove a keyring.
 #
diff --git a/lib/keyringer/actions/tree b/lib/keyringer/actions/tree
index 8f9d7cd..9c09bfc 100755
--- a/lib/keyringer/actions/tree
+++ b/lib/keyringer/actions/tree
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # List keys, tree version.
 #
diff --git a/lib/keyringer/actions/usage b/lib/keyringer/actions/usage
index 2ca7639..15096a0 100755
--- a/lib/keyringer/actions/usage
+++ b/lib/keyringer/actions/usage
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Show available commands
 #
diff --git a/lib/keyringer/actions/xclip b/lib/keyringer/actions/xclip
index 7afdf05..0e60bbd 100755
--- a/lib/keyringer/actions/xclip
+++ b/lib/keyringer/actions/xclip
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Decrypt secret header to clipboard.
 #
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 42c047d..ab519b2 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Common functions.
 #
-- 
cgit v1.2.3


From 347f255ec06b26a0437b653d87b5753d57d3c998 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 30 Mar 2015 09:04:23 -0300
Subject: Keyringer 0.3.8

---
 ChangeLog             |  7 ++++---
 keyringer             |  2 +-
 share/man/keyringer.1 | 12 ++++++++++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index eee4b8a..2462e45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,9 @@
-2015-03-17 - Silvio Rhatto <rhatto@riseup.net>
+2015-03-30 - 0.3.8 - Silvio Rhatto <rhatto@riseup.net>
 
-	Rename genpair action and option (#69)
+	Eliminates hardcoded bash path, reported and fixed by
+	polynomial (closes https://github.com/rhatto/keyringer/pull/1).
 
-2014-09-02 - Silvio Rhatto <rhatto@riseup.net>
+	Rename genpair action and option (#69)
 
 	Ensure destination folder exists at 'cp' action
 
diff --git a/keyringer b/keyringer
index 55563c5..956bb73 100755
--- a/keyringer
+++ b/keyringer
@@ -140,7 +140,7 @@ function keyringer_dispatch {
 
 # Config
 NAME="keyringer"
-KEYRINGER_VERSION="0.3.7"
+KEYRINGER_VERSION="0.3.8"
 CONFIG_VERSION="0.1"
 CONFIG_BASE="$HOME/.$NAME"
 CONFIG="$CONFIG_BASE/config"
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 82cb520..13de085 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -201,13 +201,21 @@ Useful inside scripts.
 .RS
 .RE
 .TP
-.B genpair <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
+.B genkeys
+<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
 [\f[I]options\f[]]
 Wrapper to generate encryption key-pairs, useful for automated key
 deployment.
 .RS
 .RE
 .TP
+.B genpair
+<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
+[\f[I]options\f[]]
+Alias for \f[I]genkeys\f[] action.
+.RS
+.RE
+.TP
 .B open <\f[I]secret\f[]>
 Decrypt a secret into a temporary folder and open it using xdg-open,
 which tries to figure out the file type and then calls the associated
@@ -377,7 +385,7 @@ so be careful when decrypting secrets and writing them to the disk or
 other storage media.
 .PP
 Pay special attention that keyringer outputs data to stdout, which could
-be easilly spotted by any agent looking directly at you computer screen.
+be easily spotted by any agent looking directly at you computer screen.
 .PP
 The xclip action even copies secret data to the X11 clipboard, which can
 be accessed by any application running in the user\[aq]s X11 session, so
-- 
cgit v1.2.3