| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated many dependencies, notably secret-sharing which dropped the dep on
polynomial, and so allows building with ghc 8.x.
Did not try to support building with older ghc because the semigroup-monid
transition would make it nontrivial.
Stackage lts-14.25 is a compromise, since the stack shipped in debian (even
unstable) is not able to handle newer ones.
This commit was sponsored by Eric Drechsel on Patreon.
|
|
|
|
|
|
|
|
|
|
|
|
| |
servant broke backwards compatibility; did not try to maintain
back-compat (would be possible).
New http-client exported some stuff I need; simplified code; did not try
to maintain back-compat, although it would not be hard.
Test suite passes.
This commit was sponsored by Øyvind Andersen Holm.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If run with --totalshares larger than the number of servers, and the
--store-local directory is not writable, this causes keysafe to throw out
the unwritable directory and so error out early due to their not being
enough storage locations.
That's better than the old behavior, which was to try to use the
--store-local directory, fail and so proceed to storing the share on a
server. That would eventually fail with "no storage locations" when it runs
out of servers. That was bad, because shares were uploaded to servers, but
perhaps not enough for restore to work, and a new name/othername would be
needed to re-run the backup.
This is not a perfect fix; if the --store-local directory is writable at
first but for some reason the write of the share to it later fails, the
situation described above still happens.
This commit was sponsored by Jochen Bartl on Patreon.
|
|
|
|
|
|
|
|
| |
* New --add-storage-directory and --add-server options, which can be used
to make keysafe backup/restore using additional locations.
* Removed --store-local option; use --add-storage-directory instead.
This commit was sponsored by Thomas Hochstein on Patreon.
|
|
|
|
|
|
| |
what servers keysafe knows about, and as a cron job.
This commit was sponsored by Jake Vosloo on Patreon.
|
|
|
|
| |
This commit was sponsored by Anthony DeRobertis on Patreon.
|
|
|
|
| |
This commit was sponsored by Jeff Goeke-Smith on Patreon.
|
|
|
|
|
|
|
|
| |
offer to back them up.
Only ask once per key.
This commit was sponsored by Thomas Hochstein on Patreon.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--autostart mode currently only uploads queued keys, but it will later
be expanded to do more. Including checking the BackupRecord for problems
when necessary.
The autostart file is installed by keysafe --backup, so that when keysafe
is installed with stack, and used, it will make sure it autostarts in the
future.
The autostart file is installed by the Makefile too. This will later
let --autostart check for keys that have not been backed up and prompt
about backing them up. This way, the user won't need to remember to run
keysafe to back things up.
Reused Utility.FreeDesktop from git-annex, and had to add some stuff it
depends on.
This commit was sponsored by Fernando Jimenez on Patreon.
|
|
|
|
|
|
| |
To aid in backing up keysafe servers with minimal information leakage.
This commit was sponsored by Andrea Rota.
|
|
|
|
|
|
|
| |
Allow deserializing SecretKeySource so we can later know what gpg keys are
backed up.
Converted KeyId to Text as JSON can't handle ByteString.
|
|
|
|
|
|
|
|
| |
This can be deleted by the user at any time, but it's useful in case a
server is known to be compromised, or a problem is found with keysafe's
implementation that makes a backup insecure.
This commit was sponsored by Nick Daly on Patreon.
|
|
|
|
|
|
|
|
| |
This is useful both to test the server throttling of uploads, and to make
it harder for servers to know if an object actually contains secret key
information.
This commit was sponsored by Brock Spratlen on Patreon.
|
| |
|
| |
|
|
|
|
| |
keysafe does not run as root, so the normal ext2 disk reserve will do
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This way, the tor hidden service using it will be the only way it's
exposed.
|
| |
|
| |
|
|
|
|
|
| |
This seems to install, but stack is not copying it out to the home
directory. Hmm.
|
|
|
|
| |
This makes it clearer that it's not a chunk of data, but a Shamir share.
|
|
|
|
|
|
|
|
|
|
|
| |
There needs to be a 1:1 mapping between upload queues and servers,
otherwise using the upload queue risks two shards for the same object
being uploaded to the same server.
Also, fixed storeShards to give up on StoreAlreadyExists, rather than
trying another storage location. Otherwise, on a name collision,
the shards would be rejected by the servers, and be stored to their upload
queues.
|
|
|
|
| |
also, server upload queues in ~/.keysafe
|
|
|
|
|
| |
User has to remember they did this and use the same configuration on
restore.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|