diff --git a/debian/changelog b/debian/changelog index bc8c9bf0..2fb9416b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ byobu (5.94) unreleased; urgency=medium - * UNRELEASED + * debian/control, usr/bin/vigpg, usr/share/man/man1/vigpg.1: + - after the Lastpass breach, more people could use vigpg, + so move it over to Bybou from Bikeshed -- Dustin Kirkland Thu, 21 May 2015 08:27:06 -0700 diff --git a/debian/control b/debian/control index cb1147ba..9476e8a0 100644 --- a/debian/control +++ b/debian/control @@ -25,6 +25,7 @@ Recommends: Suggests: apport, ccze, + gnupg, lsb-release, po-debconf, ttf-ubuntu-font-family (>= 0.80-0ubuntu1~medium), @@ -40,7 +41,7 @@ Replaces: screen-profiles (<< 2.0), screen-profiles-extras (<< 2.0), byobu-extras (<< 2.17), - bikeshed (<< 1.47) + bikeshed (<< 1.55) Breaks: screen-profiles (<< 2.0), screen-profiles-extras (<< 2.0), diff --git a/usr/bin/vigpg b/usr/bin/vigpg new file mode 100755 index 00000000..904a4837 --- /dev/null +++ b/usr/bin/vigpg @@ -0,0 +1,74 @@ +#!/bin/sh +# +# vigpg - edit an encrypted file +# Copyright (C) 2010-2015 Dustin Kirkland +# +# Authors: Dustin Kirkland +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 3 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +set -e + +# Create a temporary workspace, in memory +# Note that this unfortunately is not mlock(2)-able +cleartext_file=$(mktemp /dev/shm/.vigpg-XXXXXXXXXXXX) + +# Ensure that we always remove the cleartext_file on any exit +trap "shred -f ${cleartext_file} "$cleartext_file".gpg 2>/dev/null || true" EXIT HUP INT QUIT TERM + +# Encrypted file from argv +encrypted_file="$1" + +# Define our bail out function +error() { + # Log to stderr + echo "ERROR: $1" 1>&2 + # Remove our cleartext files, just in case the trap misses them somehow + rm -f "$cleartext_file" "$cleartext_file".gpg + # Exit non-zero to note the error condition + exit 1 +} + +if ! which gpg >/dev/null 2>&1; then + echo "ERROR: gpg not found, hint..." 1>&2 + echo " sudo apt-get install gnupg" 2>&1 + exit 1 +fi + +# Try to decrypt the target file +if [ -e "$encrypted_file" ]; then + (cat "$encrypted_file" | gpg -d > "$cleartext_file") || error "Unable to decrypt target" +fi + +# Grab a checksum of the cleartext data before modification +before=$(sha512sum "$cleartext_file") + +# Open the target cleartext file in your editor of choice +# It's up to this editor to save the file, if edited +sensible-editor "$cleartext_file" || error "Unable to edit target" + +# Calculate a checksum afterward, to dectect modification +after=$(sha512sum "$cleartext_file") + +if [ "$before" != "$after" ]; then + # File was modified, so we need to re-encrypt and overwrite our previous file + run-one-until-success gpg --default-recipient-self -s -e "$cleartext_file" || error "Unable to re-encrypt target" + cat "$cleartext_file".gpg > "$1" || error "Unable to write new encrypted file" + echo + echo "Successfully encrypted update file [$encrypted_file]" +else + # File was not modified, so do not re-encrypt/overwrite + echo + echo "The encrypted file was not modified [$encrypted_file]" +fi diff --git a/usr/share/man/man1/vigpg.1 b/usr/share/man/man1/vigpg.1 new file mode 100644 index 00000000..dfc7be22 --- /dev/null +++ b/usr/share/man/man1/vigpg.1 @@ -0,0 +1,22 @@ +.TH vigpg 1 "25 Apr 2014" byobu "byobbyobuu" +.SH NAME +vigpg \- open and edit an encrypted file + +.SH SYNOPSIS +\fBvigpg\fP [FILE] + +.SH DESCRIPTION +\fBvigpg\fP is a program that wraps your editor and gpg to edit an encrypted file + +This may be useful, for instance, to edit your password file + +.SH EXAMPLE + $ vigpg passwords.txt.gpg + +.SH SEE ALSO +\fBgpg\fP(1)\fP, \fBsensible-editor\fP(1) + +.SH AUTHOR +This manpage and the utility was written by Dustin Kirkland for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3 published by the Free Software Foundation. + +On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL, or on the web at \fIhttp://www.gnu.org/licenses/gpl.txt\fP.