From d19c5ffa0d2e0fab5c52f738c76d2114ddea2725 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sat, 22 Oct 2016 12:07:24 -0700 Subject: fix spelling errors caught by lintian Gbp-Pq: Name fix-spelling-errors-caught-by-lintian.patch --- keysafe.1 | 2 +- keysafe.hs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/keysafe.1 b/keysafe.1 index c278bb1..c22d337 100644 --- a/keysafe.1 +++ b/keysafe.1 @@ -29,7 +29,7 @@ to decrypt. This makes it hard for an attacker to crack your password, because each guess they make costs them. .PP Keysafe is designed so that it should take millions of dollars of computer -time to crack any fairly good password. With a truely good +time to crack any fairly good password. With a truly good password, such as four random words, the cracking cost should be many trillions of dollars. Keysafe checks your password strength (using the zxcvbn library), and shows an estimate of the cost to crack your password, diff --git a/keysafe.hs b/keysafe.hs index 1e64226..996c0a7 100644 --- a/keysafe.hs +++ b/keysafe.hs @@ -144,7 +144,7 @@ backup cmdline ui tunables distinguisher (secretkeysource, secretkey) = do if queued then do willautostart <- isAutoStartFileInstalled - showInfo ui "Backup queued" $ "Some data was not sucessfully uploaded to servers, and has been queued for later upload." + showInfo ui "Backup queued" $ "Some data was not successfully uploaded to servers, and has been queued for later upload." ++ if willautostart then "" else " Run keysafe --uploadqueued at a later point to finish the backup." else showInfo ui "Backup success" "Your secret key was successfully encrypted and backed up." StoreFailure s -> showError ui ("There was a problem storing your encrypted secret key: " ++ s) -- cgit v1.2.3 From f070024fc5fc2a68c0b8b55d278809223fb4572f Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sat, 22 Oct 2016 12:09:08 -0700 Subject: add keywords to desktop file Gbp-Pq: Name add-keywords-to-desktop-file.patch --- keysafe.desktop | 1 + 1 file changed, 1 insertion(+) diff --git a/keysafe.desktop b/keysafe.desktop index fd82b85..51077c0 100644 --- a/keysafe.desktop +++ b/keysafe.desktop @@ -6,3 +6,4 @@ Comment=Back up or restore your private Gnupg key with Keysafe Terminal=false Exec=/usr/bin/keysafe Categories=Network; +Keywords=backup;key;encryption;gnupg;openpgp;pgp;gpg -- cgit v1.2.3 From 697da17c9245de3adccfa6b8fe5ddc4faa1d330f Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Sat, 22 Oct 2016 12:18:08 -0700 Subject: fix use of .IP macro in manpage "67: warning: numeric expression expected (got `B')" Gbp-Pq: Name fix-use-of-.IP-macro-in-manpage.patch --- keysafe.1 | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/keysafe.1 b/keysafe.1 index c22d337..73d0b4d 100644 --- a/keysafe.1 +++ b/keysafe.1 @@ -64,21 +64,21 @@ and --port and --address to configure how the server listens to connections. It's recommended to only expose keysafe servers over a tor hidden service. .PP -.IP --backup-server BACKUPDIR +.IP "--backup-server BACKUPDIR" Run on a server, populates the BACKUPDIR with a gpg encrypted backup of all the objects stored in the --store-directory. This is designed to be rsynced offsite (with --delete) to back up a keysafe server with minimal information leakage. .PP -.IP --restore-server BACKUPDIR +.IP "--restore-server BACKUPDIR" Restore all objects present in the gpg-encrypted backups in the specified directory. .PP -.IP --chaff HOSTNAME +.IP "--chaff HOSTNAME" Upload random data to a keysafe server. --port can be used to specify the server's port. Continues uploading data until interrupted with ctrl-c. .PP -.IP --chaff-max-delay SECONDS +.IP "--chaff-max-delay SECONDS" Specify a delay between chaff uploads. Will delay a random amount between 0 and this many seconds. .PP @@ -94,17 +94,17 @@ Benchmark speed of keysafe's cryptographic primitives. .IP --test Run test suite. .PP -.IP --gpgkeyid KEYID +.IP "--gpgkeyid KEYID" Specify keyid of gpg key to back up or restore. This is useful if you have multiple gpg keys. But, when this option is used to back up a key, you have to also provide it to restore that key. .PP -.IP --keyfile FILE +.IP "--keyfile FILE" To back up anything other than a gpg secret key, use this option. To restore from the backup, you must use this same option, and pass the exact same filename. .PP -.IP --store-directory dir +.IP "--store-directory dir" Where to store data locally. For the client, data is stored here before it is uploaded to the server. For the server, this is where it stores its data. @@ -115,7 +115,7 @@ Use GUI interface for interaction. Default is to use readline interface when run in a terminal, and GUI otherwise. The GUI currently is implemented using zenity(1). .PP -.IP --totalshares M --neededshares N +.IP "--totalshares M --neededshares N" These options have to be specified together. The default values are --totalshares 3 --neededshares 2. Keysafe uses Shamir secret sharing to create M shares of the encrypted @@ -124,37 +124,37 @@ To restore the data, only N of the shares are needed. If you specify these options when backing up a secret key, you also must specify them with the same values to restore that secret key. .PP -.IP --name N +.IP "--name N" Specify name used for key backup/restore, avoiding the usual prompt. .PP -.IP --othername N +.IP "--othername N" Specify other name used for key backup/restore, avoiding the usual prompt. .PP -.IP --add-storage-directory DIR +.IP "--add-storage-directory DIR" Add the directory to the list of locations keysafe will use for backup/restore of keys. Keysafe will use the directory first, before any of its built-in servers. .PP -.IP --add-server HOST[:PORT] +.IP "--add-server HOST[:PORT]" Add the server to the server list which keysafe will use for backup/restore of keys. Keysafe will use the server first before any of its built-in servers. .PP -.IP --port P +.IP "--port P" Port for server to listen on. (default: 80) .PP -.IP --address A +.IP "--address A" Address for server to bind to. (Use "*" to bind to all addresses.) (default: "127.0.0.1") .PP -.IP --months-to-fill-half-disk N +.IP "--months-to-fill-half-disk N" Server rate-limits requests and requires proof of work, to avoid too many objects being stored. This is an lower bound on how long it could possibly take for half of the current disk space to be filled. (default: 12) .PP -.IP --motd MESSAGE +.IP "--motd MESSAGE" The server's Message Of The Day. .PP .IP --testmode -- cgit v1.2.3 -- cgit v1.2.3 From 98373fc18eba97cb0703737d0e9b56e6c91cc352 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 22 Oct 2016 18:15:20 -0400 Subject: thanks sean! --- CHANGELOG | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 064ae94..9a48ae5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,14 @@ +keysafe (0.20161008) UNRELEASED; urgency=medium + + * Add keywords to desktop file. + Thanks, Sean Whitton + * Fix use of .IP macro in manpage. + Thanks, Sean Whitton + * Fix some mispellings. + Thanks, Sean Whitton + + -- Joey Hess Sat, 22 Oct 2016 18:14:32 -0400 + keysafe (0.20161007) unstable; urgency=medium * Check if --store-local directory is writable. -- cgit v1.2.3 From 62e4db20e12949487b43dc6e3a8f4c1182fb4abc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 22 Oct 2016 18:28:28 -0400 Subject: add Documentation url to service file --- keysafe.service | 1 + 1 file changed, 1 insertion(+) diff --git a/keysafe.service b/keysafe.service index 895fbcf..24eaad2 100644 --- a/keysafe.service +++ b/keysafe.service @@ -1,5 +1,6 @@ [Unit] Description=keysafe server +Documentation=https://joeyh.name/code/keysafe/ [Service] Environment='DAEMON_PARAMS=--port 4242 --store-directory=/var/lib/keysafe/' -- cgit v1.2.3 From 63faaf6ccf624c59293245302cde2e1ddba76f1a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 22 Oct 2016 19:00:56 -0400 Subject: makefile improvements * Makefile: Propigate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. * Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack. --- CHANGELOG | 2 ++ Makefile | 29 ++++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9a48ae5..f67553e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,8 @@ keysafe (0.20161008) UNRELEASED; urgency=medium Thanks, Sean Whitton * Fix some mispellings. Thanks, Sean Whitton + * Makefile: Propigate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. + * Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack. -- Joey Hess Sat, 22 Oct 2016 18:14:32 -0400 diff --git a/Makefile b/Makefile index 3752e24..9b2fcaa 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,35 @@ +# The install target will add this before all paths it writes to. PREFIX?= -# Can be stack or cabal + +# Can be "stack" or "cabal", or "./Setup" to build and use Setup.hs BUILDER?=stack +# Propigate flags through ghc to linker and compiler. +ghc_options=$(shell \ + for w in $(LDFLAGS); do \ + printf -- "-optl%s\n" "$$w"; \ + done; \ + for w in $(CFLAGS); do \ + printf -- "-optc%s\n" "$$w"; \ + done; \ + for w in $(CPPFLAGS); do \ + printf -- "-optc-Wp,%s\n" "$$w"; \ + done; \ + ) + build: rm -f keysafe $(MAKE) keysafe keysafe: - $(BUILDER) build + if [ "$(BUILDER)" = ./Setup ]; then ghc --make Setup; fi + if [ "$(BUILDER)" = stack ]; then \ + $(BUILDER) build --ghc-options="$(ghc_options)"; \ + else \ + $(BUILDER) configure --ghc-options="$(ghc_options)"; \ + $(BUILDER) build; \ + fi + $(BUILDER) build --ghc-options="$(ghc_options)" if [ "$(BUILDER)" = stack ]; then \ ln -sf $$(find .stack-work/ -name keysafe -type f | grep build/keysafe/keysafe | tail -n 1) keysafe; \ else \ @@ -15,7 +37,8 @@ keysafe: fi clean: - rm -rf keysafe dist .stack-work + if [ "$(BUILDER)" != ./Setup ] && [ "$(BUILDER)" != cabal ]; then $(BUILDER) clean; fi + rm -rf keysafe dist .stack-work Setup install: install-files useradd --system keysafe -- cgit v1.2.3 From 5aba9a772f5a9bf2c994bfb69d956ef694ae65df Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 22 Oct 2016 19:02:05 -0400 Subject: prep release --- CHANGELOG | 6 +++--- keysafe.cabal | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index f67553e..281a026 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,4 @@ -keysafe (0.20161008) UNRELEASED; urgency=medium +keysafe (0.20161022) unstable; urgency=medium * Add keywords to desktop file. Thanks, Sean Whitton @@ -6,10 +6,10 @@ keysafe (0.20161008) UNRELEASED; urgency=medium Thanks, Sean Whitton * Fix some mispellings. Thanks, Sean Whitton - * Makefile: Propigate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. + * Makefile: Propagate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. * Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack. - -- Joey Hess Sat, 22 Oct 2016 18:14:32 -0400 + -- Joey Hess Sat, 22 Oct 2016 19:01:24 -0400 keysafe (0.20161007) unstable; urgency=medium diff --git a/keysafe.cabal b/keysafe.cabal index 1bd76b5..335e8a3 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -1,5 +1,5 @@ Name: keysafe -Version: 0.20161007 +Version: 0.20161022 Cabal-Version: >= 1.8 Maintainer: Joey Hess Author: Joey Hess -- cgit v1.2.3 From 3cc43025868fa5115fc9f296f590daa8621e1acf Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 22 Oct 2016 19:16:19 -0400 Subject: Makefile: Allow setting BUILDEROPTIONS=-j1 to avoid concurrent build, which should make build reproducible. (And removed an accidential double $BUILDER build) --- CHANGELOG | 2 ++ Makefile | 9 ++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 281a026..47ced82 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,8 @@ keysafe (0.20161022) unstable; urgency=medium Thanks, Sean Whitton * Makefile: Propagate LDFLAGS, CFLAGS, and CPPFLAGS through ghc. * Makefile: Allow setting BUILDER=./Setup to build w/o cabal or stack. + * Makefile: Allow setting BUILDEROPTIONS=-j1 to avoid concurrent + build, which should make build reproducible. -- Joey Hess Sat, 22 Oct 2016 19:01:24 -0400 diff --git a/Makefile b/Makefile index 9b2fcaa..f7dfb87 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,10 @@ PREFIX?= # Can be "stack" or "cabal", or "./Setup" to build and use Setup.hs BUILDER?=stack +# Options to pass to the BUILDER. +# Using -j1 may result in a reproducible build. +BUILDEROPTIONS?= + # Propigate flags through ghc to linker and compiler. ghc_options=$(shell \ for w in $(LDFLAGS); do \ @@ -24,12 +28,11 @@ build: keysafe: if [ "$(BUILDER)" = ./Setup ]; then ghc --make Setup; fi if [ "$(BUILDER)" = stack ]; then \ - $(BUILDER) build --ghc-options="$(ghc_options)"; \ + $(BUILDER) build --ghc-options="$(ghc_options)" $(BUILDEROPTIONS); \ else \ $(BUILDER) configure --ghc-options="$(ghc_options)"; \ - $(BUILDER) build; \ + $(BUILDER) build $(BUILDEROPTIONS); \ fi - $(BUILDER) build --ghc-options="$(ghc_options)" if [ "$(BUILDER)" = stack ]; then \ ln -sf $$(find .stack-work/ -name keysafe -type f | grep build/keysafe/keysafe | tail -n 1) keysafe; \ else \ -- cgit v1.2.3 From bb3d17615a9ccbd96dbecc0dad335a04d578ba0f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 22 Oct 2016 19:17:17 -0400 Subject: remove Setup build cruft --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f7dfb87..58def76 100644 --- a/Makefile +++ b/Makefile @@ -41,7 +41,7 @@ keysafe: clean: if [ "$(BUILDER)" != ./Setup ] && [ "$(BUILDER)" != cabal ]; then $(BUILDER) clean; fi - rm -rf keysafe dist .stack-work Setup + rm -rf keysafe dist .stack-work Setup Setup.hi Setup.o install: install-files useradd --system keysafe -- cgit v1.2.3