From 048544a56742f9fc342b6fbca309c6a4f47f78d6 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 18 Mar 2023 10:55:47 -0300 Subject: Fix: add --git-ignore-new into gbp invocations --- Makefile | 2 +- development.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 7311363..59b9bc6 100644 --- a/Makefile +++ b/Makefile @@ -82,7 +82,7 @@ debian: # Fine tune debian/changelog prepared by git-dch dch -e git commit -a -m "Updating debian/changelog" - gbp buildpackage --git-tag-only --git-sign-tags + gbp buildpackage --git-tag-only --git-sign-tags --git-ignore-new web: @ikiwiki --setup ikiwiki.yaml diff --git a/development.md b/development.md index d439742..00c1c66 100644 --- a/development.md +++ b/development.md @@ -43,7 +43,7 @@ Push everything: Build the package from the debian Git branch: - gbp buildpackage + gbp buildpackage --git-ignore-new Run lintian (or [add it to your pbuilder hooks](http://askubuntu.com/questions/140697/how-do-i-run-lintian-from-pbuilder-dist)): -- cgit v1.2.3 From e0cdcdaddcf809dedfd331315909532c7e29a82f Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 6 Sep 2024 17:11:05 -0300 Subject: Adds a TODO file --- TODO.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 TODO.md diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..c2b79a4 --- /dev/null +++ b/TODO.md @@ -0,0 +1,20 @@ +# TODO + +* [ ] Support for external sources: + * [ ] Files with `.external.asc` extension are handled especially. + + * [ ] Datas sources to be configured (`config/` folder in the keyring). + + * [ ] External commands supported (such as KeePassXC CLI and + `password-store`). + +* [ ] Support for exporting data: + * [ ] Into `password-store`. + + * [ ] Into KeePassXC files. + +* [ ] Support for secrets templates. + +* [ ] Document recommended organizational schemes for password management. + +* [ ] A `grep` action for filtering secret outputs. -- cgit v1.2.3 From d9e8b357758639f568a82f74e9dd0e3f649aceb6 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 13:07:36 -0300 Subject: Fix: removes TODO (#1) --- TODO.md | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 TODO.md diff --git a/TODO.md b/TODO.md deleted file mode 100644 index c2b79a4..0000000 --- a/TODO.md +++ /dev/null @@ -1,20 +0,0 @@ -# TODO - -* [ ] Support for external sources: - * [ ] Files with `.external.asc` extension are handled especially. - - * [ ] Datas sources to be configured (`config/` folder in the keyring). - - * [ ] External commands supported (such as KeePassXC CLI and - `password-store`). - -* [ ] Support for exporting data: - * [ ] Into `password-store`. - - * [ ] Into KeePassXC files. - -* [ ] Support for secrets templates. - -* [ ] Document recommended organizational schemes for password management. - -* [ ] A `grep` action for filtering secret outputs. -- cgit v1.2.3 From d8b8bc12289a7da31eaec87345803e1a9459b30a Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 13:53:09 -0300 Subject: Chore: tests: initial GitLab CI/CD integration --- .gitlab-ci.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..7a052d7 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,18 @@ +--- +debian: + image: debian:testing + script: + - apt-get update + - apt-get install -y git + - apt-get install -y git-buildpackage lintian piuparts + - git checkout debian + - gbp buildpackage --git-ignore-new + #- lintian --allow-root -v --pedantic ../keyringer_*.deb + #- piuparts ../keyringer*.deb + #- mkdir -p dist + #- mv ../onionprobe_* dist + artifacts: + paths: + - dist + #only: + # - main -- cgit v1.2.3 From b9eee2c6e44b24ae6488498e83ff24e9864813b3 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 14:30:35 -0300 Subject: Fix: CI: debian: pbuilder configuration (#10) --- .gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7a052d7..004a983 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,10 +1,12 @@ --- debian: - image: debian:testing + image: debian:stable script: - apt-get update - apt-get install -y git - apt-get install -y git-buildpackage lintian piuparts + - echo 'DISTRIBUTION=sid' > ~/.pbuilderrc + - echo 'MIRRORSITE="ftp.us.debian.org/debian"' >> ~/.pbuilderrc - git checkout debian - gbp buildpackage --git-ignore-new #- lintian --allow-root -v --pedantic ../keyringer_*.deb -- cgit v1.2.3 From 8ccc51dd279a7c2636df5e22e7f3a1effd38bbd6 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:01:08 -0300 Subject: Fix: CI: debian: pbuilder configuration (#10) (1) --- .gitlab-ci.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 004a983..a9680b9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,19 +2,26 @@ debian: image: debian:stable script: + # Configure pbuilder + - echo 'DISTRIBUTION=sid' > /etc/pbuilderrc + - echo 'MIRRORSITE=http://http.debian.net/debian/' >> /etc/pbuilderrc + + # Install dependencies - apt-get update - apt-get install -y git - apt-get install -y git-buildpackage lintian piuparts - - echo 'DISTRIBUTION=sid' > ~/.pbuilderrc - - echo 'MIRRORSITE="ftp.us.debian.org/debian"' >> ~/.pbuilderrc + + # Build the package - git checkout debian - gbp buildpackage --git-ignore-new + + # Run lintian and piuparts #- lintian --allow-root -v --pedantic ../keyringer_*.deb #- piuparts ../keyringer*.deb + + # Save artifacts #- mkdir -p dist #- mv ../onionprobe_* dist artifacts: paths: - dist - #only: - # - main -- cgit v1.2.3 From 1e0f16d44972193968e206590f10ed0c9e887a78 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:07:52 -0300 Subject: fix: CI: debian: create the debian branch --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a9680b9..91c302c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,6 +12,8 @@ debian: - apt-get install -y git-buildpackage lintian piuparts # Build the package + - git fetch --all + - git branch debian --track origin/debian - git checkout debian - gbp buildpackage --git-ignore-new -- cgit v1.2.3 From ad5fa07606783b91a8a014de5287f137aa51987b Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:12:43 -0300 Subject: Fix: CI: debian: comment about the pbuilder configuration (#10) --- .gitlab-ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 91c302c..4dfa4d2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,6 +3,28 @@ debian: image: debian:stable script: # Configure pbuilder + # + # This should be done before pbuilder is installed. + # Pbuilder is a dependency of git-buildpackage. + # + # With doing this, pbuilder may fail to detect MIRRORSITE during package installation, + # giving errors like + # + # Configuring pbuilder + # -------------------- + # Default mirror not found + # Mirror information detection failed and the user provided no mirror + # information. + # Please enter valid mirror information. + # Please enter the default mirror you want to be used by pbuilder. + # If you leave this field blank, there will be one attempt to autodetect this + # information. If this attempt fails, you will be prompted again to insert some + # valid mirror information. + # Here is a valid mirror example: http://deb.debian.org/debian + # Default mirror site: + # Use of uninitialized value $_[1] in join or string at + # /usr/share/perl5/Debconf/DbDriver/Stack.pm line 112. + # - echo 'DISTRIBUTION=sid' > /etc/pbuilderrc - echo 'MIRRORSITE=http://http.debian.net/debian/' >> /etc/pbuilderrc -- cgit v1.2.3 From fd78e81618f14d57cd48265c57c89b58290b43dd Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:25:25 -0300 Subject: fix: CI: debian: gbp: do not sign things (#10) --- .gitlab-ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4dfa4d2..d06e62b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,6 +25,7 @@ debian: # Use of uninitialized value $_[1] in join or string at # /usr/share/perl5/Debconf/DbDriver/Stack.pm line 112. # + # As of 2025-01-04, it seems this bug was still not reported upstream. - echo 'DISTRIBUTION=sid' > /etc/pbuilderrc - echo 'MIRRORSITE=http://http.debian.net/debian/' >> /etc/pbuilderrc @@ -37,10 +38,12 @@ debian: - git fetch --all - git branch debian --track origin/debian - git checkout debian - - gbp buildpackage --git-ignore-new + - gbp buildpackage --git-ignore-new --git-upstream-signatures=no --git-no-sign-tags - # Run lintian and piuparts + # Run lintian #- lintian --allow-root -v --pedantic ../keyringer_*.deb + + # Run piuparts #- piuparts ../keyringer*.deb # Save artifacts -- cgit v1.2.3 From 77342298bab03db8ed417dbe2d9621cdcef820e7 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:25:40 -0300 Subject: fix: CI: debian: run piuparts (#10) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d06e62b..7b03803 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,7 +44,7 @@ debian: #- lintian --allow-root -v --pedantic ../keyringer_*.deb # Run piuparts - #- piuparts ../keyringer*.deb + - piuparts ../keyringer*.deb # Save artifacts #- mkdir -p dist -- cgit v1.2.3 From dd4882c391ef187f2b0a46a6330a92faa551928c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:34:12 -0300 Subject: Fix: CI: debian: ignore error if the debian branch already exists (#10) --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7b03803..b0d7235 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -36,7 +36,7 @@ debian: # Build the package - git fetch --all - - git branch debian --track origin/debian + - git branch debian --track origin/debian || true - git checkout debian - gbp buildpackage --git-ignore-new --git-upstream-signatures=no --git-no-sign-tags @@ -48,7 +48,7 @@ debian: # Save artifacts #- mkdir -p dist - #- mv ../onionprobe_* dist + #- mv ../keyringer* dist artifacts: paths: - dist -- cgit v1.2.3 From d6c5adff35e0ab1920f3b0fc4cbb511e5d64c86e Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:45:38 -0300 Subject: fix: CI: debian: gbp: do not sign things (#10) (1) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b0d7235..1943674 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,7 +38,7 @@ debian: - git fetch --all - git branch debian --track origin/debian || true - git checkout debian - - gbp buildpackage --git-ignore-new --git-upstream-signatures=no --git-no-sign-tags + - gbp buildpackage --git-ignore-new --git-upstream-signatures=no --git-no-sign-tags -us -uc # Run lintian #- lintian --allow-root -v --pedantic ../keyringer_*.deb -- cgit v1.2.3 From 77ad450f44bdc15fff59c88e9bcaf07e7251a5ce Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:54:30 -0300 Subject: Fix: CI: use debian:testing (#10) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1943674..b9e7c9e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,6 @@ --- debian: - image: debian:stable + image: debian:testing script: # Configure pbuilder # -- cgit v1.2.3 From be35f8c39f7f0bfcab8cc1576813c43e67368f59 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 15:55:16 -0300 Subject: Feat: CI: test job (#10) --- .gitlab-ci.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b9e7c9e..ee65ddb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -52,3 +52,29 @@ debian: artifacts: paths: - dist + +test: + image: debian:testing + script: + # Install keyringer from the distro packaging system + # This ensures the needed dependencies are installed + - apt-get update + - apt-get install -y keyringer + + # Import debian/upstream/signing-key.asc + - git fetch --all + - git branch debian --track origin/debian || true + - git checkout debian + - gpg --import < debian/upstream/signing-key.asc + + # Test in the develop branch + - git branch develop --track origin/develop || true + - git checkout develop + - mkdir ~/temp/tests/keyringer + - ./keyringer test init ~/temp/tests/keyringer + - gpg --with-colons --list-keys | grep uid | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default + - ./keyringer test check + - ./keyringer test teardown -y + + # Test in the main branch + # ... -- cgit v1.2.3 From 608867b75e68ce5e45d395ef515a93682620409b Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 16:09:08 -0300 Subject: Fix: CI: disable piuparts for now --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ee65ddb..9ae9f63 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,7 +44,7 @@ debian: #- lintian --allow-root -v --pedantic ../keyringer_*.deb # Run piuparts - - piuparts ../keyringer*.deb + #- piuparts ../keyringer*.deb # Save artifacts #- mkdir -p dist -- cgit v1.2.3 From 6845c63eb3a694880701807f2946d842a8e92897 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 16:09:53 -0300 Subject: Fix: CI: test: minor fix (#10) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9ae9f63..57fb2c5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -70,7 +70,7 @@ test: # Test in the develop branch - git branch develop --track origin/develop || true - git checkout develop - - mkdir ~/temp/tests/keyringer + - mkdir -p ~/temp/tests/keyringer - ./keyringer test init ~/temp/tests/keyringer - gpg --with-colons --list-keys | grep uid | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default - ./keyringer test check -- cgit v1.2.3 From e41242688800bcce367a04a0b0ac9f47e243ab96 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 16:23:57 -0300 Subject: Feat: CI: debian: save artifacts (#10) --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 57fb2c5..bee6467 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -47,8 +47,8 @@ debian: #- piuparts ../keyringer*.deb # Save artifacts - #- mkdir -p dist - #- mv ../keyringer* dist + - mkdir -p dist + - mv ../keyringer* dist artifacts: paths: - dist -- cgit v1.2.3 From dbcd163547608f0b15133b11b8e8fe8ddc1d7a53 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 16:24:21 -0300 Subject: Fix: CI: test: git config (#10) --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bee6467..303e7a7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -71,6 +71,8 @@ test: - git branch develop --track origin/develop || true - git checkout develop - mkdir -p ~/temp/tests/keyringer + - git config --global user.name 'Test' + - git config --global user.email 'test@example.org' - ./keyringer test init ~/temp/tests/keyringer - gpg --with-colons --list-keys | grep uid | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default - ./keyringer test check -- cgit v1.2.3 From 51c3d64cf957e98ea77a37af53d8a479b5c2c0ed Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 16:35:53 -0300 Subject: Fix: CI: debian: artifact globbing (#10) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 303e7a7..d2e7352 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,7 @@ debian: # Save artifacts - mkdir -p dist - - mv ../keyringer* dist + - mv ../keyringer*.* dist artifacts: paths: - dist -- cgit v1.2.3 From 72a062987ba9bca557f17dbeb3b2aa4acbf84ca5 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 16:43:57 -0300 Subject: Fix: CI: debian: artifact globbing (#10) (1) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d2e7352..14205fb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,7 @@ debian: # Save artifacts - mkdir -p dist - - mv ../keyringer*.* dist + - mv ../keyringer_*.* dist artifacts: paths: - dist -- cgit v1.2.3 From d70574440fbe7a3e70f5c3fd640e994ede69126c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 17:23:26 -0300 Subject: Fix: CI: test: do not create the keyring folder in advance (#10) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 14205fb..4967378 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -70,7 +70,7 @@ test: # Test in the develop branch - git branch develop --track origin/develop || true - git checkout develop - - mkdir -p ~/temp/tests/keyringer + - mkdir -p ~/temp/tests - git config --global user.name 'Test' - git config --global user.email 'test@example.org' - ./keyringer test init ~/temp/tests/keyringer -- cgit v1.2.3 From 162944bc4919579dfae34a59b9c04a86f3509316 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 17:24:15 -0300 Subject: Feat: init: allow for non-interactive mode, useful for automated tests (#10) --- .gitlab-ci.yml | 2 +- keyringer | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4967378..2881afb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -73,7 +73,7 @@ test: - mkdir -p ~/temp/tests - git config --global user.name 'Test' - git config --global user.email 'test@example.org' - - ./keyringer test init ~/temp/tests/keyringer + - KEYRINGER_NON_INTERACTIVE=1 ./keyringer test init ~/temp/tests/keyringer - gpg --with-colons --list-keys | grep uid | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default - ./keyringer test check - ./keyringer test teardown -y diff --git a/keyringer b/keyringer index 938216b..75d704f 100755 --- a/keyringer +++ b/keyringer @@ -112,10 +112,12 @@ function keyringer_init { fi # Edit default recipients - echo "Now you have to edit the default recipient configuration to be able to encrypt secrets." - echo "Press any key to proceed editing..." - read key - keyringer_exec recipients "$BASEDIR" edit default + if [ "$KEYRINGER_NON_INTERACTIVE" != "1" ]; then + echo "Now you have to edit the default recipient configuration to be able to encrypt secrets." + echo "Press any key to proceed editing..." + read key + keyringer_exec recipients "$BASEDIR" edit default + fi # Stage and commit keyringer_exec git "$BASEDIR" add . -- cgit v1.2.3 From f86a76e2cf2b84c63adb258b1aecad10bb11bb49 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 17:27:49 -0300 Subject: Fix: check: non-zero exit status when there's a warning --- lib/keyringer/actions/check | 5 +++++ lib/keyringer/functions | 2 ++ 2 files changed, 7 insertions(+) diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check index 8722381..58adaf5 100755 --- a/lib/keyringer/actions/check +++ b/lib/keyringer/actions/check @@ -27,3 +27,8 @@ source "$LIB" maintenance $* || exit 1 # This should be done here: # TODO: Check canaries' timestamps, warning by mail if configured by user preferences. + +# Since this is the check action, it should exit whenever there's a warning +if [ "$KEYRINGER_HAS_EXPIRING_KEYS" == "1" ]; then + exit 1 +fi diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 308d0ea..0a5ad57 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -766,6 +766,8 @@ function keyringer_check_expiration { if [[ "$ahead" -gt "$expiry" ]] && [ "$BASENAME" == "check" ]; then echo "Warning: subkey from $recipient will expire soon, on `date --date="@$expiry"`" + + KEYRINGER_HAS_EXPIRING_KEYS="1" fi fi done -- cgit v1.2.3 From 0ef95ec0e234d2064f33c5e9fd57bfc20baaa4b2 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 17:28:30 -0300 Subject: Fix: CI: test: explanatory comments (#10) --- .gitlab-ci.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2881afb..f6df338 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -67,7 +67,7 @@ test: - git checkout debian - gpg --import < debian/upstream/signing-key.asc - # Test in the develop branch + # Create a test keyring in the develop branch - git branch develop --track origin/develop || true - git checkout develop - mkdir -p ~/temp/tests @@ -75,7 +75,12 @@ test: - git config --global user.email 'test@example.org' - KEYRINGER_NON_INTERACTIVE=1 ./keyringer test init ~/temp/tests/keyringer - gpg --with-colons --list-keys | grep uid | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default + + # Test the keyring in the develop branch + # This will also test the expiration of the upstream signing key - ./keyringer test check + + # Tear down the keyring in the develop branch - ./keyringer test teardown -y # Test in the main branch -- cgit v1.2.3 From 7b4ee962c58b873df2013834cc1aac9b57bfce81 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 17:29:15 -0300 Subject: Fix: completion: remove shebang from the bash completion file (#9) --- lib/keyringer/completions/bash/keyringer | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer index 10b852e..4aa4b75 100644 --- a/lib/keyringer/completions/bash/keyringer +++ b/lib/keyringer/completions/bash/keyringer @@ -1,4 +1,3 @@ -#!bash # # Keyringer bash completion # -- cgit v1.2.3 From 5084a7305ec2684e8b8957da888788be99b3efeb Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 17:46:37 -0300 Subject: Fix: CI: some adjustments (#10) --- .gitlab-ci.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f6df338..6a27e8b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,7 @@ --- +variables: + KEYRINGER_NON_INTERACTIVE: "1" + debian: image: debian:testing script: @@ -41,7 +44,8 @@ debian: - gbp buildpackage --git-ignore-new --git-upstream-signatures=no --git-no-sign-tags -us -uc # Run lintian - #- lintian --allow-root -v --pedantic ../keyringer_*.deb + # Usually gbp-buildpackage already calls lintian, but we run it again just to make sure + - lintian --allow-root -v --pedantic ../keyringer_*.deb # Run piuparts #- piuparts ../keyringer*.deb @@ -73,8 +77,9 @@ test: - mkdir -p ~/temp/tests - git config --global user.name 'Test' - git config --global user.email 'test@example.org' - - KEYRINGER_NON_INTERACTIVE=1 ./keyringer test init ~/temp/tests/keyringer - - gpg --with-colons --list-keys | grep uid | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default + - ./keyringer test init ~/temp/tests/keyringer + - gpg --with-colons --list-keys | grep "^uid" | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default + - ./keyringer test recipients ls # Test the keyring in the develop branch # This will also test the expiration of the upstream signing key @@ -82,6 +87,3 @@ test: # Tear down the keyring in the develop branch - ./keyringer test teardown -y - - # Test in the main branch - # ... -- cgit v1.2.3 From b0bf21b02ec2cd08881562d6abbd0fbed1e40539 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 18:07:23 -0300 Subject: Fix: CI: test: recipient creation procedure (#10) --- .gitlab-ci.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a27e8b..11e580b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -78,7 +78,13 @@ test: - git config --global user.name 'Test' - git config --global user.email 'test@example.org' - ./keyringer test init ~/temp/tests/keyringer - - gpg --with-colons --list-keys | grep "^uid" | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x, $8; }' >> ~/temp/tests/keyringer/config/recipients/default + + # Build the recipients configuration + # Explanation on the "paste" syntax is available at https://stackoverflow.com/a/9605450 + - gpg --with-colons --list-keys | grep "^uid" | head -1 | awk -F ':' '{ x = $10; gsub(/.*/, "", x); print x; }' > ~/temp/tests/recipients + - gpg --with-colons --list-public-keys --with-fingerprint | grep "^fpr" | head -1 | awk -F ':' '{ print $10 }' >> ~/temp/tests/recipients + - paste -d " " - - < ~/temp/tests/recipients > ~/temp/tests/keyringer/config/recipients/default + - rm ~/temp/tests/recipients - ./keyringer test recipients ls # Test the keyring in the develop branch -- cgit v1.2.3 From 4ae38614ff762ba02545f8aab8cbd006df318487 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 18:20:09 -0300 Subject: Fix: CI: run git pull to update local copies (#10) --- .gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 11e580b..281d60f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -41,6 +41,7 @@ debian: - git fetch --all - git branch debian --track origin/debian || true - git checkout debian + - git pull - gbp buildpackage --git-ignore-new --git-upstream-signatures=no --git-no-sign-tags -us -uc # Run lintian @@ -69,11 +70,13 @@ test: - git fetch --all - git branch debian --track origin/debian || true - git checkout debian + - git pull - gpg --import < debian/upstream/signing-key.asc # Create a test keyring in the develop branch - git branch develop --track origin/develop || true - git checkout develop + - git pull - mkdir -p ~/temp/tests - git config --global user.name 'Test' - git config --global user.email 'test@example.org' -- cgit v1.2.3 From 9359e299d6930dc3e48ce6cf267fc2d9e85548ef Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 4 Jan 2025 18:38:24 -0300 Subject: Keyringer 0.6.0 --- ChangeLog | 14 ++++++++++++++ keyringer | 2 +- share/man/keyringer.1 | 32 +++++++++++++++++++++++--------- 3 files changed, 38 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index ee407c4..2805106 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +2025-01-04 - 0.6.0 - Silvio Rhatto + + Fix: check action now exits with non-zero status if there are expiring keys + in the keyring. + + Fix: removed shebang from the bash completion file (#9). + + Feat: GitLab CI support (#10). + + Feat: init: allow for non-interactive keyring creation, useful for + tests (#10). This is controlled by the KEYRINGER_NON_INTERACTIVE + environment variable: when set to "1", keyringer won't do any + interactive procedure related to the keyring initialization. + 2022-08-19 - 0.5.9 - Silvio Rhatto Fix: edit: check whether decryption suceeded diff --git a/keyringer b/keyringer index 75d704f..512a001 100755 --- a/keyringer +++ b/keyringer @@ -142,7 +142,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.5.9" +KEYRINGER_VERSION="0.6.0" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 9e60ae0..0ef1530 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -1,5 +1,19 @@ -.\" Automatically generated by Pandoc 2.9.2.1 +.\" Automatically generated by Pandoc 2.17.1.1 .\" +.\" Define V font for inline verbatim, using C font in formats +.\" that render this, and otherwise B font. +.ie "\f[CB]x\f[]"x" \{\ +. ftr V B +. ftr VI BI +. ftr VB B +. ftr VBI BI +.\} +.el \{\ +. ftr V CR +. ftr VI CI +. ftr VB CB +. ftr VBI CBI +.\} .TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" "" .hy .SH NAME @@ -48,7 +62,7 @@ After initialization, \f[I]path\f[R] will contain a folder structure for storing secrets and metadata (user aka recipients, groups of recipients, etc). .PP -Also, an entry will be added to \f[C]$HOME/.keyringer/config\f[R] +Also, an entry will be added to \f[V]$HOME/.keyringer/config\f[R] allowing keyringer to find the keyring by its alias. .RE .TP @@ -104,9 +118,9 @@ Run maintenance checks in a keyring. .PP All secret manipulation actions operate upon a \f[I]secret\f[R] which is the pathname of an encrypted file relative to the keyring with optional -\f[C].asc\f[R] extension. +\f[V].asc\f[R] extension. .PP -If the \f[C].asc\f[R] extension is omitted, keyringer will add it at the +If the \f[V].asc\f[R] extension is omitted, keyringer will add it at the end of the pathname. .PP No spaces are allowed in the secret name. @@ -247,7 +261,7 @@ List, edit or add \f[I]user\f[R] preferences for a given repository. .RS .PP User preferences are settings which are saved in the user\[cq]s -keyringer folder (\f[C]$HOME/.keyringer/\f[R]), and not shared with the +keyringer folder (\f[V]$HOME/.keyringer/\f[R]), and not shared with the other users. .PP Preferences are written using the \f[I]KEY=VALUE\f[R] syntax. @@ -276,9 +290,9 @@ For instance, if a user encrypts a secret to a file in the keyring repository\[cq]s \f[I]accounting\f[R] folder, a \f[I]recipients-file\f[R] under \f[I]accounting\f[R] will be used. Encrypting a secret into \f[I]accounting/bank-accounts\f[R] will result -in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[R] +in a file \f[V]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[R] encrypted using the public keys listed in the config -file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[R]. +file\f[V]$KEYRING_FOLDER/config/recipients/accounting\f[R]. .PP Each line in a recipients file has entries in the format `john\[at]doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where @@ -297,11 +311,11 @@ List all existing recipients files. Create or edit a recipients file. .RS .PP -Editing happens using the editor specified by the \f[C]$EDITOR\f[R] +Editing happens using the editor specified by the \f[V]$EDITOR\f[R] environment variable. .PP The required parameter \f[I]recipients-file\f[R] is interpreted relative -to the \f[C]$KEYRING_FOLDER/config/recipients/\f[R] folder. +to the \f[V]$KEYRING_FOLDER/config/recipients/\f[R] folder. .RE .RE .SH FILES -- cgit v1.2.3