| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Downgrade purism's keysafe server from recommended to alternate, mostly
because the server is down, and AFAIK has been down for years, and I don't
currently know if they plan to ever provide it again.
I hope it comes back, especially since they committed to run it through
2027..
This commit was sponsored by Jack Hill on Patreon.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated many dependencies, notably secret-sharing which dropped the dep on
polynomial, and so allows building with ghc 8.x.
Did not try to support building with older ghc because the semigroup-monid
transition would make it nontrivial.
Stackage lts-14.25 is a compromise, since the stack shipped in debian (even
unstable) is not able to handle newer ones.
This commit was sponsored by Eric Drechsel on Patreon.
|
| |
|
|
|
|
|
|
|
| |
New parameters are set to the old values and test suite passes so this
looks good.
This commit was sponsored by Nick Daly on Patreon.
|
| |
|
|
|
|
|
|
| |
Application is exported by Servant 0.8.1, but apparently not by some other
versions that the cabal file allows to be used. Explictly import from
Network.Wai
|
| |
|
|
|
|
| |
This commit was sponsored by John Peloquin on Patreon.
|
| |
|
| |
|
|
|
|
| |
This commit was sponsored by Ignacio on Patreon.
|
|
|
|
|
|
| |
However, the stack.yaml is still using an old LTS version to avoid
polynomial's failure to build with ghc 8.0
(https://github.com/mokus0/polynomial/issues/8)
|
| |
|
|
|
|
|
|
|
|
|
| |
So the user knows why gpg is asking for this secret key to be backed up.
Before, this was done as soon as keysafe started, which didn't give the
user any indication what was going on, unless they had multiple keys and so
picked the key to back up from a list.
This commit was sponsored by Thomas Hochstein on Patreon.
|
|
|
|
|
|
| |
password.
This commit was sponsored by Ignacio on Patreon.
|
|
|
|
|
|
|
|
| |
It's set up meeting all criteria for Recommened, and I've received
a gpg signed statement about it from Todd Weaver.
The server does not yet have backups set up, as far as I know, but
that's not a hard criteria for Recommended.
|
|
|
|
|
|
|
|
|
| |
* --upload-queued: Exit nonzero if unable to upload all queued objects.
* --autostart: If unable to upload all queued objects initially,
delay between 1 and 2 hours and try again.
This way, if tor takes some time to start after login, it will retry
later, when tor is hopefully running.
|
|
|
|
|
|
|
|
| |
on it yet.
Threw an exception because the share directory was not created yet.
This commit was sponsored by Anthony DeRobertis on Patreon.
|
|
|
|
|
|
| |
Hoped this will be Recommended, but it's still being vetted.
This commit was sponsored by Andreas on Patreon.
|
| |
|
|
|
|
|
|
| |
should make build reproducible.
(And removed an accidential double $BUILDER build)
|
| |
|
|
|
|
|
| |
* Makefile: Propigate LDFLAGS, CFLAGS, and CPPFLAGS through ghc.
* Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack.
|
| |
|
| |
|
|
|
|
|
|
| |
script, and contains configuration for the keysafe server.
This commit was sponsored by Ole-Morten Duesund on Patreon.
|
|
|
|
|
|
|
| |
(It currently uses Debian's start-stop-daemon, so would need porting for
other distributions.)
This commit was sponsored by Fernando Jimenez on Patreon.
|
|
|
|
|
|
|
|
| |
Use raaz for random bytestring generation exclusively. It was already used
in all important places, but chaffing was using crypto-random.
Note that System.Random is used for delays during chaffing and
by random-shuffle.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If run with --totalshares larger than the number of servers, and the
--store-local directory is not writable, this causes keysafe to throw out
the unwritable directory and so error out early due to their not being
enough storage locations.
That's better than the old behavior, which was to try to use the
--store-local directory, fail and so proceed to storing the share on a
server. That would eventually fail with "no storage locations" when it runs
out of servers. That was bad, because shares were uploaded to servers, but
perhaps not enough for restore to work, and a new name/othername would be
needed to re-run the backup.
This is not a perfect fix; if the --store-local directory is writable at
first but for some reason the write of the share to it later fails, the
situation described above still happens.
This commit was sponsored by Jochen Bartl on Patreon.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix bugs with entry of gpg keyid in the keysafe.log. Gpg.anyKey was being
used in writing the log, which made the log contain gpg keys with an empty
keyid.
Fix bug in --autostart that caused the full gpg keyid to be
used in the name, so restores would only work when --gpgkeyid was
specifid.
Added a Distinguisher data type rather than the Gpg.anyKey hack.
This commit was sponsored by Thom May on Patreon.
|
|
|
|
|
|
|
|
| |
* New --add-storage-directory and --add-server options, which can be used
to make keysafe backup/restore using additional locations.
* Removed --store-local option; use --add-storage-directory instead.
This commit was sponsored by Thomas Hochstein on Patreon.
|
|
|
|
|
|
| |
Test suite passes.
This commit was sponsored by Ignacio on Patreon
|
| |
|
|
|
|
|
|
|
| |
all messages to the console.
This should protect against all attacks where the server sends back a
malicious message.
|
|
|
|
| |
leaking too much data about when objects are uploaded to servers.
|
|
|
|
|
|
| |
what servers keysafe knows about, and as a cron job.
This commit was sponsored by Jake Vosloo on Patreon.
|
|
|
|
| |
This commit was sponsored by Anthony DeRobertis on Patreon.
|
| |
|
|
|
|
|
|
|
|
|
| |
Don't upload more than neededshares-1 shares to Alternate servers without
asking the user if they want to do this potentially dangerous action.
Never allow uploads to Untrusted servers.
This commit was sponsored by Ignacio on Patreon.
|
|
|
|
|
|
|
| |
May help avoid some correlations. Once there are many servers, will spread
the load out amoung them.
This commit was sponsored by Ethan Aubin.
|
| |
|
|
|
|
| |
This commit was sponsored by Jeff Goeke-Smith on Patreon.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
offer to back them up.
Only ask once per key.
This commit was sponsored by Thomas Hochstein on Patreon.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--autostart mode currently only uploads queued keys, but it will later
be expanded to do more. Including checking the BackupRecord for problems
when necessary.
The autostart file is installed by keysafe --backup, so that when keysafe
is installed with stack, and used, it will make sure it autostarts in the
future.
The autostart file is installed by the Makefile too. This will later
let --autostart check for keys that have not been backed up and prompt
about backing them up. This way, the user won't need to remember to run
keysafe to back things up.
Reused Utility.FreeDesktop from git-annex, and had to add some stuff it
depends on.
This commit was sponsored by Fernando Jimenez on Patreon.
|
| |
|