gridfire
This commit is contained in:
parent
ba45bc5a3e
commit
e1c072cf16
152
roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile
Executable file
152
roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile
Executable file
@ -0,0 +1,152 @@
|
||||
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PROG=gridfire
|
||||
BOX_OS_FLAVOR="$$(cat /etc/hostname)"
|
||||
OVERLAY=/var/local/share/genkernel/overlay/
|
||||
PYVER=3
|
||||
ROLE=gpgkey
|
||||
|
||||
TMPDIR=/mnt/tmp/Pentoo19/pyi
|
||||
build=${TMPDIR}/build/build-$(BOX_OS_FLAVOR)
|
||||
dist=dist/dist-$(BOX_OS_FLAVOR)
|
||||
|
||||
BINS=\
|
||||
gridfire \
|
||||
gridfire.bash \
|
||||
truecrypt-console.bash \
|
||||
veracrypt-console.bash \
|
||||
truecrypt.bash \
|
||||
veracrypt.bash \
|
||||
veracrypt-create.bash \
|
||||
keepassxc-cli.bash \
|
||||
pinentry_gridfire.bash \
|
||||
pinentry3.bash \
|
||||
pyassuan_password.bash \
|
||||
pyassuan_keepassxc-cli.bash \
|
||||
gridfire_ansible-vault.py \
|
||||
gridfire_ansible-vault.bash \
|
||||
gridfire_keepassxc-cli.bash \
|
||||
gridfire_keepassxc.bash \
|
||||
keyring_gridfire.bash \
|
||||
gridfire_kpsh.bash \
|
||||
gridfire_openssl.bash \
|
||||
gridfire_secret-tool.bash \
|
||||
gridfire_staticgpg.bash \
|
||||
gridfire_tomb.bash \
|
||||
gridfire_truecrypt.bash \
|
||||
gridfire_veracrypt.bash \
|
||||
gridfire_truecrypt-console.bash \
|
||||
gridfire_veracrypt-console.bash \
|
||||
pinentry_gridfire.py \
|
||||
gpgkey_pinentry_test.exp
|
||||
|
||||
refresh:: install_bins
|
||||
|
||||
install:: $(dist)/$(PROG).pex
|
||||
sh pykeepass.bash
|
||||
python3.sh -c 'from keyring_keyutils import backend' || \
|
||||
python-keyring-keyutils.bash
|
||||
cd keepassxc_cmd2 && env PWD=${PWD}/keepassxc_cmd2 $(MAKE) $(FLAGS) $@
|
||||
# sh pyassuan.bash
|
||||
[ -f /usr/local/bin/get-info.py -a /usr/local/bin/pinentry.py -a \
|
||||
-e /usr/local/lib/python3.8/site-packages/pyassuan-0.2-py3.8.egg-info ] || \
|
||||
( cd /usr/local/src/gridfire/TremilyUsPyassuan && \
|
||||
python3.sh setup.py install --prefix=/usr/local ) \
|
||||
2>&1|tee install.log
|
||||
$(MAKE) $(MFLAGS) overlay
|
||||
|
||||
update:: install install_bins pyi # cxFreeze pex
|
||||
|
||||
$(PROG).spec.Linux::
|
||||
[ -f $(PROG).spec ] || pyi-makespec ./$(PROG).py -F -c
|
||||
[ -f $(PROG).spec.Linux ] || cp -p $(PROG).spec $(PROG).spec.Linux
|
||||
|
||||
$(PROG).spec.Msys:: $(PROG).spec.Linux
|
||||
grep -q $$PWD $(PROG).spec || sed -e "s@pathex=.'.*'.@pathex=['$$PWD']@" \
|
||||
< $(PROG).spec.Linux > $(PROG).spec.Msys
|
||||
|
||||
pyi:: $(dist)/$(PROG).pyi
|
||||
$(dist)/$(PROG).pyi::
|
||||
[ -d $(build) ] || mkdir -p $(build)
|
||||
[ -d $(dist) ] || mkdir -p $(dist)
|
||||
[ -e $(dist)/$(PROG).pyi -a $(dist)/$(PROG).pyi -nt ./$(PROG).py ] || \
|
||||
pyinstaller --distpath $(dist) --workpath $(build) \
|
||||
--exclude tkinter --exclude matplotlib --exclude ctypes \
|
||||
--exclude twisted --exclude jedi --exclude jaraco \
|
||||
--exclude sphinx --exclude coverage --exclude nose \
|
||||
--exclude PIL --exclude numpy --exclude OpenGL \
|
||||
--exclude PySide2 --exclude PyQt5 --exclude IPython \
|
||||
--onefile -c --ascii \
|
||||
--name $(PROG)_pyi-$(BOX_OS_FLAVOR) $(PROG).py \
|
||||
>> $(dist)/$(PROG).log 2>&1
|
||||
[ ! -f $(dist)/$(PROG).log ] || ! grep ERROR: $(dist)/$(PROG).log
|
||||
|
||||
overlay::
|
||||
[ -x $(OVERLAY)/bin/$(PROG) -a $(OVERLAY)/bin/$(PROG) -nt $(dist)/$(PROG) ] || \
|
||||
cp -p $(dist)/$(PROG) $(OVERLAY)/bin/$(PROG)
|
||||
[ -x $(OVERLAY)/bin/keyctl -a $(OVERLAY)/bin/keyctl -nt /bin/keyctl ] || \
|
||||
cp -p /bin/keyctl $(OVERLAY)/bin/keyctl
|
||||
|
||||
dont_install::
|
||||
[ -f ../../bin/$(PROG).sh -a ../../bin/$(PROG).sh -nt ./bin/$(PROG).sh ] || \
|
||||
cp -p ./bin/$(PROG).sh ../../bin/$(PROG).sh
|
||||
|
||||
install_bins:: install bins
|
||||
$(MAKE) $(MFLAGS) -C keepassxc_cmd2 $@
|
||||
|
||||
bins::
|
||||
for elt in ${BINS} ; do \
|
||||
[ -f ../../bin/$$elt -a ../../bin/$$elt -nt bin/$$elt ] || \
|
||||
{ cp -p bin/$$elt ../../bin/$$elt ; \
|
||||
echo bin/$$elt ; \
|
||||
chmod 775 ../../bin/$$elt ; } ; \
|
||||
done
|
||||
[ ! -x dist/dist-$(BOX_OS_FLAVOR)/gridfire_pyi-$(BOX_OS_FLAVOR) ] || \
|
||||
[ -x $(dist)/$(PROG) -a -f ../../bin/$(PROG) -a ../../bin/$(PROG) -nt $(dist)/$(PROG) ] || \
|
||||
cp -p dist/dist-$(BOX_OS_FLAVOR)/gridfire_pyi-$(BOX_OS_FLAVOR) /usr/local/bin/gridfire3.pyi
|
||||
# $(dist)/$(PROG) ../../bin/$(PROG)
|
||||
[ ! -x dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
|
||||
[ -x dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex -a -f ../../bin/$(PROG) -a ../../bin/$(PROG) -nt dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
|
||||
cp -p dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex /usr/local/bin/gridfire.pex
|
||||
# $(dist)/$(PROG) ../../bin/$(PROG)
|
||||
cp -p TremilyUsPyassuan/bin/pinentry.py ../../bin/pinentry_.py
|
||||
[ -d /boot ] || cp -pi bin/gridfire.rc.win ../../bin/gridfire.rc
|
||||
[ -d /boot ] && cp -ip bin/gridfire.rc.lin ../../bin/gridfire.rc
|
||||
|
||||
pex:: # keepassxc_cmd2/keepassxc_cmd2.pex
|
||||
$(MAKE) $(MFLAGS) -f Makefile.$@
|
||||
$(MAKE) $(MFLAGS) -C keepassxc_cmd2 $@
|
||||
|
||||
test:: # pex
|
||||
$(MAKE) $(FLAGS) -C keepassxc_cmd2 $@
|
||||
[ ! -f dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
|
||||
{ echo 0 | dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex test ; \
|
||||
echo INFO tested dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ; }
|
||||
sh pykeepass.bash test
|
||||
$(MAKE) $(FLAGS) doctest
|
||||
|
||||
DOC_TESTS=tomb3.txt # keyutils3.txt keyring3.txt pykeepass3.txt keyctl3.txt
|
||||
doctest::
|
||||
for file in $(DOC_TESTS) ; do \
|
||||
/var/local/bin/testforge_python_doctest3.bash \
|
||||
doc/txt/$$file ; \
|
||||
done
|
||||
/var/local/share/doc/txt/pykeepass3.bash
|
||||
|
||||
clean::
|
||||
rm -f */*~ *~
|
||||
|
||||
down:: clean
|
||||
( cd /o/data/TestForge/src/ansible ; \
|
||||
rsync -vax --exclude \*.pyc --exclude __pycache__ --exclude \*~ \
|
||||
--exclude _Old --exclude build --exclude dist \
|
||||
--delete /usr/local/src/gridfire/ \
|
||||
roles/gpgkey/o*/L*/usr/local/src/gridfire/ )
|
||||
up::
|
||||
( rsync -vax --exclude \*.pyc --exclude __pycache__ --exclude \*~ \
|
||||
--exclude _Old --exclude build --exclude dist \
|
||||
--exclude /usr/local/src/gridfire/dist \
|
||||
--exclude /usr/local/src/gridfire/build \
|
||||
--delete /usr/local/src/gridfire/ \
|
||||
/q/Pg64/Msys64/usr/local/src/gridfire/ )
|
||||
|
@ -0,0 +1,21 @@
|
||||
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PROG=gridfire
|
||||
BOX_OS_FLAVOR=`cat /etc/hostname`
|
||||
|
||||
cxFreeze:: cxFreeze-$(BOX_OS_FLAVOR)
|
||||
cxFreeze-$(BOX_OS_FLAVOR):: $(PROG).spec.Linux cxFreeze-$(BOX_OS_FLAVOR)/exe.linux-x86_64-$(PYTHON_MINOR)/$(PROG)
|
||||
|
||||
#setup.py::
|
||||
# cxfreeze-quickstart
|
||||
|
||||
cxFreeze-$(BOX_OS_FLAVOR)/exe.linux-x86_64-$(PYTHON_MINOR)/$(PROG):: $(PROG).py # setup.py
|
||||
[ -d build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR) ] || \
|
||||
mkdir -p build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR)
|
||||
# python3.bash setup.py build -b cxFreeze-$(BOX_OS_FLAVOR) 2>&1|tee cxFreeze-$(BOX_OS_FLAVOR)_build.log
|
||||
# TypeError: __init__() missing 1 required positional argument: 'constantsModule'
|
||||
# cxfreeze --compress $(PROG).py 2>&1|tee cxFreeze-$(BOX_OS_FLAVOR).log
|
||||
python3 cxfreeze_main.py -c --zip-include-packages \* \
|
||||
--include-path ${PWD}/pyassuan/bin/ \
|
||||
--target-dir build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR) \
|
||||
$(PROG).py 2>&1|tee build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR).log
|
@ -0,0 +1,22 @@
|
||||
|
||||
pyinstaller_keyring-$(BOX_OS_FLAVOR):: $(dist)_keyring/keyring
|
||||
$(dist)_keyring/keyring:: Makefile /usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py
|
||||
[ -d $(build)_keyring ] || mkdir $(build)_keyring
|
||||
[ -d $(dist)_keyring ] || mkdir $(dist)_keyring
|
||||
[ -f keyring.log -a \
|
||||
-e $(dist)_keyring/keyring -a \
|
||||
$(dist)_keyring/keyring -nt /usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py ] || \
|
||||
python$(PYVER).bash -m PyInstaller --clean \
|
||||
--distpath $(dist)_keyring --workpath $(build)_keyring \
|
||||
--onefile -c --ascii \
|
||||
--name keyring_pyi-$(BOX_OS_FLAVOR) \
|
||||
--additional-hooks-dir packaging/pyinstaller \
|
||||
--hidden-import keyring.backends \
|
||||
--hidden-import keyutils.keys \
|
||||
--hidden-import keyutils.backend \
|
||||
--exclude-module macOS \
|
||||
/usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py \
|
||||
> keyring.log 2>&1
|
||||
! grep ERROR: keyring.log
|
||||
[ -e $(dist)_keyring/keyring -a -e $(dist)_keyring/keyring_pyi-$(BOX_OS_FLAVOR) ] || \
|
||||
ln $(dist)_keyring/keyring_pyi-$(BOX_OS_FLAVOR) $(dist)_keyring/keyring
|
55
roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.pex
Executable file
55
roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.pex
Executable file
@ -0,0 +1,55 @@
|
||||
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PROG=gridfire
|
||||
BOX_OS_FLAVOR=`cat /etc/hostname`
|
||||
|
||||
pex:: gridfire.py Makefile
|
||||
$(MAKE) $(MFLAGS) -f Makefile.pex dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex
|
||||
|
||||
# No bundling of so's - not a freezer
|
||||
dist/dist-Windows/gridfire.pex:: gridfire.py Makefile
|
||||
[ -d dist/dist-$(BOX_OS_FLAVOR) ] ||mkdir -p dist/dist-$(BOX_OS_FLAVOR)
|
||||
/usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
-r gridfire.reqs --no-index \
|
||||
--platform windows_x86_64-cp-37-cp37mu
|
||||
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-$(BOX_OS_FLAVOR)\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
dist/dist-Kick150154/gridfire.pex:: gridfire.py Makefile
|
||||
/usr/local/bin/python3.sh -c 'import pex' || \
|
||||
apt-get install python3-pex || \
|
||||
/usr/local/bin/pip3.sh install pex
|
||||
[ -d dist/dist-Kick150154/ ]||mkdir -p dist/dist-Kick150154
|
||||
/usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
|
||||
-f /usr/lib/python3/dist-packages/ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
--platform linux_x86_64-cp-27-cp27mu \
|
||||
--platform linux_x86_64-cp-37-cp37mu
|
||||
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-Kick150154\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
dist/dist-pentoo/gridfire.pex:: gridfire.py Makefile
|
||||
/usr/local/bin/python3.sh -c 'import pex' || /usr/local/bin/pip3.sh install pex
|
||||
[ -d dist/dist-pentoo/ ]||mkdir -p dist/dist-pentoo
|
||||
PYTHONPATH=${PWD} /usr/local/bin/pex3.bash -D $(PWD) -m gridfire:iMain -o $@ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
--platform linux_x86_64-cp-27-cp27mu \
|
||||
--platform linux_x86_64-cp-38-cp38mu
|
||||
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-pentoo\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
dist/dist-devuan/gridfire.pex:: gridfire.py Makefile
|
||||
/usr/local/bin/python3.sh -c 'import pex' || apt-get install python3-pex
|
||||
[ -d dist/dist-devuan/ ]||mkdir -p dist/dist-devuan
|
||||
/usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
--platform linux_x86_64-cp-39-cp39mu
|
||||
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-devuan\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
clean::
|
||||
rm *~
|
||||
|
||||
veryclean:: clean
|
||||
rm -f dist/dist-`cat /etc/hostname`/gridfire.pex
|
@ -0,0 +1,674 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The GNU General Public License is a free, copyleft license for
|
||||
software and other kinds of works.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
the GNU General Public License is intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains free
|
||||
software for all its users. We, the Free Software Foundation, use the
|
||||
GNU General Public License for most of our software; it applies also to
|
||||
any other work released this way by its authors. You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to prevent others from denying you
|
||||
these rights or asking you to surrender the rights. Therefore, you have
|
||||
certain responsibilities if you distribute copies of the software, or if
|
||||
you modify it: responsibilities to respect the freedom of others.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must pass on to the recipients the same
|
||||
freedoms that you received. You must make sure that they, too, receive
|
||||
or can get the source code. And you must show them these terms so they
|
||||
know their rights.
|
||||
|
||||
Developers that use the GNU GPL protect your rights with two steps:
|
||||
(1) assert copyright on the software, and (2) offer you this License
|
||||
giving you legal permission to copy, distribute and/or modify it.
|
||||
|
||||
For the developers' and authors' protection, the GPL clearly explains
|
||||
that there is no warranty for this free software. For both users' and
|
||||
authors' sake, the GPL requires that modified versions be marked as
|
||||
changed, so that their problems will not be attributed erroneously to
|
||||
authors of previous versions.
|
||||
|
||||
Some devices are designed to deny users access to install or run
|
||||
modified versions of the software inside them, although the manufacturer
|
||||
can do so. This is fundamentally incompatible with the aim of
|
||||
protecting users' freedom to change the software. The systematic
|
||||
pattern of such abuse occurs in the area of products for individuals to
|
||||
use, which is precisely where it is most unacceptable. Therefore, we
|
||||
have designed this version of the GPL to prohibit the practice for those
|
||||
products. If such problems arise substantially in other domains, we
|
||||
stand ready to extend this provision to those domains in future versions
|
||||
of the GPL, as needed to protect the freedom of users.
|
||||
|
||||
Finally, every program is threatened constantly by software patents.
|
||||
States should not allow patents to restrict development and use of
|
||||
software on general-purpose computers, but in those that do, we wish to
|
||||
avoid the special danger that patents applied to a free program could
|
||||
make it effectively proprietary. To prevent this, the GPL assures that
|
||||
patents cannot be used to render the program non-free.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
TERMS AND CONDITIONS
|
||||
|
||||
0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU General Public License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||
works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of an
|
||||
exact copy. The resulting work is called a "modified version" of the
|
||||
earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user through
|
||||
a computer network, with no transfer of a copy, is not conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices"
|
||||
to the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work
|
||||
for making modifications to it. "Object code" means any non-source
|
||||
form of a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users
|
||||
can regenerate automatically from other parts of the Corresponding
|
||||
Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that
|
||||
same work.
|
||||
|
||||
2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not
|
||||
convey, without conditions so long as your license otherwise remains
|
||||
in force. You may convey covered works to others for the sole purpose
|
||||
of having them make modifications exclusively for you, or provide you
|
||||
with facilities for running those works, provided that you comply with
|
||||
the terms of this License in conveying all material for which you do
|
||||
not control copyright. Those thus making or running the covered works
|
||||
for you must do so exclusively on your behalf, under your direction
|
||||
and control, on terms that prohibit them from making any copies of
|
||||
your copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under
|
||||
the conditions stated below. Sublicensing is not allowed; section 10
|
||||
makes it unnecessary.
|
||||
|
||||
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such circumvention
|
||||
is effected by exercising rights under this License with respect to
|
||||
the covered work, and you disclaim any intention to limit operation or
|
||||
modification of the work as a means of enforcing, against the work's
|
||||
users, your or third parties' legal rights to forbid circumvention of
|
||||
technological measures.
|
||||
|
||||
4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these conditions:
|
||||
|
||||
a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
|
||||
b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under section
|
||||
7. This requirement modifies the requirement in section 4 to
|
||||
"keep intact all notices".
|
||||
|
||||
c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
|
||||
d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms
|
||||
of sections 4 and 5, provided that you also convey the
|
||||
machine-readable Corresponding Source under the terms of this License,
|
||||
in one of these ways:
|
||||
|
||||
a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
|
||||
b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the
|
||||
Corresponding Source from a network server at no charge.
|
||||
|
||||
c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
|
||||
d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
|
||||
e) Convey the object code using peer-to-peer transmission, provided
|
||||
you inform other peers where the object code and Corresponding
|
||||
Source of the work are being offered to the general public at no
|
||||
charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal, family,
|
||||
or household purposes, or (2) anything designed or sold for incorporation
|
||||
into a dwelling. In determining whether a product is a consumer product,
|
||||
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||
product received by a particular user, "normally used" refers to a
|
||||
typical or common use of that class of product, regardless of the status
|
||||
of the particular user or of the way in which the particular user
|
||||
actually uses, or expects or is expected to use, the product. A product
|
||||
is a consumer product regardless of whether the product has substantial
|
||||
commercial, industrial or non-consumer uses, unless such uses represent
|
||||
the only significant mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to install
|
||||
and execute modified versions of a covered work in that User Product from
|
||||
a modified version of its Corresponding Source. The information must
|
||||
suffice to ensure that the continued functioning of the modified object
|
||||
code is in no case prevented or interfered with solely because
|
||||
modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or updates
|
||||
for a work that has been modified or installed by the recipient, or for
|
||||
the User Product in which it has been modified or installed. Access to a
|
||||
network may be denied when the modification itself materially and
|
||||
adversely affects the operation of the network or violates the rules and
|
||||
protocols for communication across the network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders of
|
||||
that material) supplement the terms of this License with terms:
|
||||
|
||||
a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
|
||||
b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
|
||||
c) Prohibiting misrepresentation of the origin of that material, or
|
||||
requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
|
||||
d) Limiting the use for publicity purposes of names of licensors or
|
||||
authors of the material; or
|
||||
|
||||
e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
|
||||
f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions of
|
||||
it) with contractual assumptions of liability to the recipient, for
|
||||
any liability that these contractual assumptions directly impose on
|
||||
those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions;
|
||||
the above requirements apply either way.
|
||||
|
||||
8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your
|
||||
license from a particular copyright holder is reinstated (a)
|
||||
provisionally, unless and until the copyright holder explicitly and
|
||||
finally terminates your license, and (b) permanently, if the copyright
|
||||
holder fails to notify you of the violation by some reasonable means
|
||||
prior to 60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or
|
||||
run a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims
|
||||
owned or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within
|
||||
the scope of its coverage, prohibits the exercise of, or is
|
||||
conditioned on the non-exercise of one or more of the rights that are
|
||||
specifically granted under this License. You may not convey a covered
|
||||
work if you are a party to an arrangement with a third party that is
|
||||
in the business of distributing software, under which you make payment
|
||||
to the third party based on the extent of your activity of conveying
|
||||
the work, and under which the third party grants, to any of the
|
||||
parties who would receive the covered work from you, a discriminatory
|
||||
patent license (a) in connection with copies of the covered work
|
||||
conveyed by you (or copies made from those copies), or (b) primarily
|
||||
for and in connection with specific products or compilations that
|
||||
contain the covered work, unless you entered into that arrangement,
|
||||
or that patent license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you may
|
||||
not convey it at all. For example, if you agree to terms that obligate you
|
||||
to collect a royalty for further conveying from those to whom you convey
|
||||
the Program, the only way you could satisfy both those terms and this
|
||||
License would be to refrain entirely from conveying the Program.
|
||||
|
||||
13. Use with the GNU Affero General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU Affero General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the special requirements of the GNU Affero General Public License,
|
||||
section 13, concerning interaction through a network will apply to the
|
||||
combination as such.
|
||||
|
||||
14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of
|
||||
the GNU General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Program specifies that a certain numbered version of the GNU General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU General Public License, you may choose any version ever published
|
||||
by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future
|
||||
versions of the GNU General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
|
||||
16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGES.
|
||||
|
||||
17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
state the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program does terminal interaction, make it output a short
|
||||
notice like this when it starts in an interactive mode:
|
||||
|
||||
<program> Copyright (C) <year> <name of author>
|
||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, your program's commands
|
||||
might be different; for a GUI interface, you would use an "about box".
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||
For more information on this, and how to apply and follow the GNU GPL, see
|
||||
<http://www.gnu.org/licenses/>.
|
||||
|
||||
The GNU General Public License does not permit incorporating your program
|
||||
into proprietary programs. If your program is a subroutine library, you
|
||||
may consider it more useful to permit linking proprietary applications with
|
||||
the library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License. But first, please read
|
||||
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
@ -0,0 +1,91 @@
|
||||
Python module and tools for communicating in the Assuan_ protocol.
|
||||
|
||||
There are a number of GnuPG_ wrappers for python `out there`__, but
|
||||
they mostly work via the ``gpg`` executable. This is an attempt to
|
||||
cut to the chase and speak directly to ``gpgme-tool`` (source__) over
|
||||
a well-defined socket protocol.
|
||||
|
||||
__ wrappers_
|
||||
__ gpgme-tool_
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
Packages
|
||||
--------
|
||||
|
||||
Gentoo
|
||||
~~~~~~
|
||||
|
||||
I've packaged ``pyassuan`` for Gentoo_. You need layman_ and
|
||||
my `wtk overlay`_. Install with::
|
||||
|
||||
# emerge -av app-portage/layman
|
||||
# layman --add wtk
|
||||
# emerge -av dev-python/pyassuan
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
``pyassuan`` is a simple package with no external dependencies outside
|
||||
the Python 3.3+ standard library.
|
||||
|
||||
Installing by hand
|
||||
------------------
|
||||
|
||||
``pyassuan`` is available as a Git_ repository::
|
||||
|
||||
$ git clone git://tremily.us/pyassuan.git
|
||||
|
||||
See the homepage_ for details. To install the checkout, run the
|
||||
standard::
|
||||
|
||||
$ python setup.py install
|
||||
|
||||
Usage
|
||||
=====
|
||||
|
||||
Checkout the docstrings and the examples in ``bin``.
|
||||
|
||||
Testing
|
||||
=======
|
||||
|
||||
Run the internal unit tests with `Python 3.2+'s unittest discovery`__::
|
||||
|
||||
$ python -m unittest discover
|
||||
|
||||
To test running servers by hand, you can use `gpg-connect-agent`_.
|
||||
Despite the name, this program can connect to any Assuan server::
|
||||
|
||||
$ gpg-connect-agent --raw-socket name
|
||||
|
||||
__ unittest-discovery_
|
||||
|
||||
Licence
|
||||
=======
|
||||
|
||||
This project is distributed under the `GNU General Public License
|
||||
Version 3`_ or greater.
|
||||
|
||||
Author
|
||||
======
|
||||
|
||||
W. Trevor King
|
||||
wking@tremily.us
|
||||
|
||||
|
||||
.. _Assuan: http://www.gnupg.org/documentation/manuals/assuan/
|
||||
.. _GnuPG: http://www.gnupg.org/
|
||||
.. _wrappers: http://wiki.python.org/moin/GnuPrivacyGuard
|
||||
.. _gpgme-tool:
|
||||
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD
|
||||
.. _Gentoo: http://www.gentoo.org/
|
||||
.. _layman: http://layman.sourceforge.net/
|
||||
.. _wtk overlay: http://blog.tremily.us/posts/Gentoo_overlay/
|
||||
.. _Git: http://git-scm.com/
|
||||
.. _homepage: http://blog.tremily.us/posts/pyassuan/
|
||||
.. _gpg-connect-agent:
|
||||
http://www.gnupg.org/documentation/manuals/gnupg-devel/gpg_002dconnect_002dagent.html
|
||||
.. _unittest-discovery:
|
||||
https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery
|
||||
.. _GNU General Public License Version 3: http://www.gnu.org/licenses/gpl.html
|
@ -0,0 +1,67 @@
|
||||
#!/usr/bin/env python3
|
||||
#
|
||||
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
"""Simple pinentry program for getting server info.
|
||||
"""
|
||||
|
||||
from pyassuan import __version__
|
||||
from pyassuan import client as _client
|
||||
from pyassuan import common as _common
|
||||
from pyassuan import error as _error
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
import argparse
|
||||
import logging
|
||||
|
||||
parser = argparse.ArgumentParser(description=__doc__)
|
||||
parser.add_argument(
|
||||
'-v', '--version', action='version',
|
||||
version='%(prog)s {}'.format(__version__))
|
||||
parser.add_argument(
|
||||
'-V', '--verbose', action='count', default=0,
|
||||
help='increase verbosity')
|
||||
parser.add_argument(
|
||||
'filename',
|
||||
help="path to server's unix socket")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
client = _client.AssuanClient(name='get-info', close_on_disconnect=True)
|
||||
|
||||
if args.verbose:
|
||||
client.logger.setLevel(max(
|
||||
logging.DEBUG, client.logger.level - 10*args.verbose))
|
||||
|
||||
client.connect(socket_path=args.filename)
|
||||
try:
|
||||
response = client.read_response()
|
||||
assert response.type == 'OK', response
|
||||
client.make_request(_common.Request('HELP'))
|
||||
client.make_request(_common.Request('HELP GETINFO'))
|
||||
for attribute in ['version', 'pid', 'socket_name', 'ssh_socket_name']:
|
||||
try:
|
||||
client.make_request(_common.Request('GETINFO', attribute))
|
||||
except _error.AssuanError as e:
|
||||
if e.message.startswith('No data'):
|
||||
pass
|
||||
else:
|
||||
raise
|
||||
finally:
|
||||
client.make_request(_common.Request('BYE'))
|
||||
client.disconnect()
|
@ -0,0 +1,397 @@
|
||||
#!/usr/bin/python3.8
|
||||
#
|
||||
# Copyright (C) 2012-2017 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
"""Simple pinentry program for getting pins from a terminal.
|
||||
"""
|
||||
|
||||
import copy as _copy
|
||||
import os as _os
|
||||
import os.path as _os_path
|
||||
import pprint as _pprint
|
||||
import re as _re
|
||||
import signal as _signal
|
||||
import sys as _sys
|
||||
import termios as _termios
|
||||
|
||||
from pyassuan import __version__
|
||||
from pyassuan import server as _server
|
||||
from pyassuan import common as _common
|
||||
from pyassuan import error as _error
|
||||
|
||||
|
||||
class PinEntry (_server.AssuanServer):
|
||||
"""pinentry protocol server
|
||||
|
||||
See ``pinentry-0.8.0/doc/pinentry.texi`` at::
|
||||
|
||||
ftp://ftp.gnupg.org/gcrypt/pinentry/
|
||||
http://www.gnupg.org/aegypten/
|
||||
|
||||
for details on the pinentry interface.
|
||||
|
||||
Alternatively, you can just watch the logs and guess ;). Here's a
|
||||
trace when driven by GnuPG 2.0.28 (libgcrypt 1.6.3)::
|
||||
|
||||
S: OK Your orders please
|
||||
C: OPTION grab
|
||||
S: OK
|
||||
C: OPTION ttyname=/dev/pts/6
|
||||
S: OK
|
||||
C: OPTION ttytype=xterm
|
||||
S: OK
|
||||
C: OPTION lc-ctype=en_US.UTF-8
|
||||
S: OK
|
||||
C: OPTION lc-messages=en_US.UTF-8
|
||||
S: OK
|
||||
C: OPTION allow-external-password-cache
|
||||
S: OK
|
||||
C: OPTION default-ok=_OK
|
||||
S: OK
|
||||
C: OPTION default-cancel=_Cancel
|
||||
S: OK
|
||||
C: OPTION default-yes=_Yes
|
||||
S: OK
|
||||
C: OPTION default-no=_No
|
||||
S: OK
|
||||
C: OPTION default-prompt=PIN:
|
||||
S: OK
|
||||
C: OPTION default-pwmngr=_Save in password manager
|
||||
S: OK
|
||||
C: OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
|
||||
S: OK
|
||||
C: OPTION default-tt-visi=Make passphrase visible
|
||||
S: OK
|
||||
C: OPTION default-tt-hide=Hide passphrase
|
||||
S: OK
|
||||
C: GETINFO pid
|
||||
S: D 14309
|
||||
S: OK
|
||||
C: SETKEYINFO u/S9464F2C2825D2FE3
|
||||
S: OK
|
||||
C: SETDESC Enter passphrase%0A
|
||||
S: OK
|
||||
C: SETPROMPT Passphrase
|
||||
S: OK
|
||||
C: GETPIN
|
||||
S: D testing!
|
||||
S: OK
|
||||
C: BYE
|
||||
S: OK closing connection
|
||||
"""
|
||||
_digit_regexp = _re.compile(r'\d+')
|
||||
|
||||
# from proc(5): pid comm state ppid pgrp session tty_nr tpgid
|
||||
_tpgrp_regexp = _re.compile(r'\d+ \(\S+\) . \d+ \d+ \d+ \d+ (\d+)')
|
||||
|
||||
def __init__(self, name='pinentry', strict_options=False,
|
||||
single_request=True, **kwargs):
|
||||
self.strings = {}
|
||||
self.connection = {}
|
||||
super(PinEntry, self).__init__(
|
||||
name=name, strict_options=strict_options,
|
||||
single_request=single_request, **kwargs)
|
||||
self.valid_options.append('ttyname')
|
||||
|
||||
def reset(self):
|
||||
super(PinEntry, self).reset()
|
||||
self.strings.clear()
|
||||
self.connection.clear()
|
||||
|
||||
# user interface
|
||||
|
||||
def _connect(self):
|
||||
self.logger.info('connecting to user')
|
||||
self.logger.debug('options:\n{}'.format(_pprint.pformat(self.options)))
|
||||
tty_name = self.options.get('ttyname', None)
|
||||
if tty_name:
|
||||
self.connection['tpgrp'] = self._get_pgrp(tty_name)
|
||||
self.logger.info(
|
||||
'open to-user output stream for {}'.format(tty_name))
|
||||
self.connection['to_user'] = open(tty_name, 'w')
|
||||
self.logger.info(
|
||||
'open from-user input stream for {}'.format(tty_name))
|
||||
self.connection['from_user'] = open(tty_name, 'r')
|
||||
self.logger.info('get current termios line discipline')
|
||||
self.connection['original termios'] = _termios.tcgetattr(
|
||||
self.connection['to_user']) # [iflag, oflag, cflag, lflag, ...]
|
||||
new_termios = _copy.deepcopy(self.connection['original termios'])
|
||||
# translate carriage return to newline on input
|
||||
new_termios[0] |= _termios.ICRNL
|
||||
# do not ignore carriage return on input
|
||||
new_termios[0] &= ~_termios.IGNCR
|
||||
# do not echo input characters
|
||||
new_termios[3] &= ~_termios.ECHO
|
||||
# echo input characters
|
||||
#new_termios[3] |= _termios.ECHO
|
||||
# echo the NL character even if ECHO is not set
|
||||
new_termios[3] |= _termios.ECHONL
|
||||
# enable canonical mode
|
||||
new_termios[3] |= _termios.ICANON
|
||||
self.logger.info('adjust termios line discipline')
|
||||
_termios.tcsetattr(
|
||||
self.connection['to_user'], _termios.TCSANOW, new_termios)
|
||||
self.logger.info('send SIGSTOP to pgrp {}'.format(
|
||||
self.connection['tpgrp']))
|
||||
#_os.killpg(self.connection['tpgrp'], _signal.SIGSTOP)
|
||||
_os.kill(-self.connection['tpgrp'], _signal.SIGSTOP)
|
||||
self.connection['tpgrp stopped'] = True
|
||||
else:
|
||||
self.logger.info('no TTY name given; use stdin/stdout for I/O')
|
||||
self.connection['to_user'] = _sys.stdout
|
||||
self.connection['from_user'] = _sys.stdin
|
||||
self.logger.info('connected to user')
|
||||
self.connection['to_user'].write('\n') # give a clean line to work on
|
||||
self.connection['active'] = True
|
||||
|
||||
def _disconnect(self):
|
||||
self.logger.info('disconnecting from user')
|
||||
try:
|
||||
if self.connection.get('original termios', None):
|
||||
self.logger.info('restore original termios line discipline')
|
||||
_termios.tcsetattr(
|
||||
self.connection['to_user'], _termios.TCSANOW,
|
||||
self.connection['original termios'])
|
||||
if self.connection.get('tpgrp stopped', None) is True:
|
||||
self.logger.info(
|
||||
'send SIGCONT to pgrp {}'.format(self.connection['tpgrp']))
|
||||
#_os.killpg(self.connection['tpgrp'], _signal.SIGCONT)
|
||||
_os.kill(-self.connection['tpgrp'], _signal.SIGCONT)
|
||||
if self.connection.get('to_user', None) not in [None, _sys.stdout]:
|
||||
self.logger.info('close to-user output stream')
|
||||
self.connection['to_user'].close()
|
||||
if self.connection.get('from_user',None) not in [None,_sys.stdout]:
|
||||
self.logger.info('close from-user input stream')
|
||||
self.connection['from_user'].close()
|
||||
finally:
|
||||
self.connection = {'active': False}
|
||||
self.logger.info('disconnected from user')
|
||||
|
||||
def _get_pgrp(self, tty_name):
|
||||
self.logger.info('find process group contolling {}'.format(tty_name))
|
||||
proc = '/proc'
|
||||
for name in _os.listdir(proc):
|
||||
path = _os_path.join(proc, name)
|
||||
if not (self._digit_regexp.match(name) and _os_path.isdir(path)):
|
||||
continue # not a process directory
|
||||
self.logger.debug('checking process {}'.format(name))
|
||||
fd_path = _os_path.join(path, 'fd', '0')
|
||||
try:
|
||||
link = _os.readlink(fd_path)
|
||||
except OSError as e:
|
||||
self.logger.debug('not our process: {}'.format(e))
|
||||
continue # permission denied (not one of our processes)
|
||||
if link != tty_name:
|
||||
self.logger.debug('wrong tty: {}'.format(link))
|
||||
continue # not attached to our target tty
|
||||
stat_path = _os_path.join(path, 'stat')
|
||||
stat = open(stat_path, 'r').read()
|
||||
self.logger.debug('check stat for pgrp: {}'.format(stat))
|
||||
match = self._tpgrp_regexp.match(stat)
|
||||
assert match != None, stat
|
||||
pgrp = int(match.group(1))
|
||||
self.logger.info('found pgrp {} for {}'.format(pgrp, tty_name))
|
||||
return pgrp
|
||||
raise ValueError(tty_name)
|
||||
|
||||
def _write(self, string):
|
||||
"Write text to the user's terminal."
|
||||
self.connection['to_user'].write(string + '\n')
|
||||
self.connection['to_user'].flush()
|
||||
|
||||
def _read(self):
|
||||
"Read and return a line from the user's terminal."
|
||||
# drop trailing newline
|
||||
return self.connection['from_user'].readline()[:-1]
|
||||
|
||||
def _prompt(self, prompt='?', error=None, add_colon=True):
|
||||
if add_colon:
|
||||
prompt += ':'
|
||||
if error:
|
||||
self.connection['to_user'].write(error)
|
||||
self.connection['to_user'].write('\n')
|
||||
self.connection['to_user'].write(prompt)
|
||||
self.connection['to_user'].write(' ')
|
||||
self.connection['to_user'].flush()
|
||||
return self._read()
|
||||
|
||||
# assuan handlers
|
||||
|
||||
def _handle_GETINFO(self, arg):
|
||||
if arg == 'pid':
|
||||
yield _common.Response('D', str(_os.getpid()).encode('ascii'))
|
||||
elif arg == 'version':
|
||||
yield _common.Response('D', __version__.encode('ascii'))
|
||||
else:
|
||||
raise _error.AssuanError(message='Invalid parameter')
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETKEYINFO(self, arg):
|
||||
self.strings['key info'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_CLEARPASSPHRASE(self, arg):
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETDESC(self, arg):
|
||||
self.strings['description'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETPROMPT(self, arg):
|
||||
self.strings['prompt'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETERROR(self, arg):
|
||||
self.strings['error'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETTITLE(self, arg):
|
||||
self.strings['title'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETOK(self, arg):
|
||||
self.strings['ok'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETCANCEL(self, arg):
|
||||
self.strings['cancel'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETNOTOK(self, arg):
|
||||
self.strings['not ok'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETQUALITYBAR(self, arg):
|
||||
"""Adds a quality indicator to the GETPIN window.
|
||||
|
||||
This indicator is updated as the passphrase is typed. The
|
||||
clients needs to implement an inquiry named "QUALITY" which
|
||||
gets passed the current passphrase (percent-plus escaped) and
|
||||
should send back a string with a single numerical vauelue
|
||||
between -100 and 100. Negative values will be displayed in
|
||||
red.
|
||||
|
||||
If a custom label for the quality bar is required, just add
|
||||
that label as an argument as percent escaped string. You will
|
||||
need this feature to translate the label because pinentry has
|
||||
no internal gettext except for stock strings from the toolkit
|
||||
library.
|
||||
|
||||
If you want to show a tooltip for the quality bar, you may use
|
||||
|
||||
C: SETQUALITYBAR_TT string
|
||||
S: OK
|
||||
|
||||
With STRING being a percent escaped string shown as the tooltip.
|
||||
|
||||
Here is a real world example of these commands in use:
|
||||
|
||||
C: SETQUALITYBAR Quality%3a
|
||||
S: OK
|
||||
C: SETQUALITYBAR_TT The quality of the text entered above.%0aPlease ask your administrator for details about the criteria.
|
||||
S: OK
|
||||
"""
|
||||
self.strings['qualitybar'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_SETQUALITYBAR_TT(self, arg):
|
||||
self.strings['qualitybar_tooltip'] = arg
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_GETPIN(self, arg):
|
||||
try:
|
||||
self._connect()
|
||||
if 'description' in self.strings and self.strings['description'].strip():
|
||||
self._write(self.strings['description'])
|
||||
if 'key info' in self.strings:
|
||||
self._write('key: {}'.format(self.strings['key info']))
|
||||
if 'qualitybar' in self.strings:
|
||||
self._write(self.strings['qualitybar'])
|
||||
pin = self._prompt(
|
||||
prompt=self.strings.get('prompt','prompt:'),
|
||||
error=self.strings.get('error'),
|
||||
add_colon=False)
|
||||
finally:
|
||||
self._disconnect()
|
||||
yield _common.Response('D', pin.encode('ascii'))
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_CONFIRM(self, arg):
|
||||
try:
|
||||
self._connect()
|
||||
self._write(self.strings['description'])
|
||||
self._write('1) '+self.strings['ok'])
|
||||
self._write('2) '+self.strings['not ok'])
|
||||
value = self._prompt('?')
|
||||
finally:
|
||||
self._disconnect()
|
||||
if value == '1':
|
||||
yield _common.Response('OK')
|
||||
else:
|
||||
raise _error.AssuanError(message='Not confirmed')
|
||||
|
||||
def _handle_MESSAGE(self, arg):
|
||||
self._write(self.strings['description'])
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_CONFIRM(self, args):
|
||||
assert args == '--one-button', args
|
||||
try:
|
||||
self._connect()
|
||||
self._write(self.strings['description'])
|
||||
self._write('1) '+self.strings['ok'])
|
||||
value = self._prompt('?')
|
||||
finally:
|
||||
self._disconnect()
|
||||
assert value == '1', value
|
||||
yield _common.Response('OK')
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
import argparse
|
||||
import logging
|
||||
import traceback
|
||||
|
||||
parser = argparse.ArgumentParser(description=__doc__)
|
||||
parser.add_argument(
|
||||
'-v', '--version', action='version',
|
||||
version='%(prog)s {}'.format(__version__))
|
||||
parser.add_argument(
|
||||
'-V', '--verbose', action='count', default=0,
|
||||
help='increase verbosity')
|
||||
parser.add_argument(
|
||||
'--display',
|
||||
help='set X display (ignored by this implementation)')
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
p = PinEntry()
|
||||
|
||||
if args.verbose:
|
||||
p.logger.setLevel(max(
|
||||
logging.DEBUG, p.logger.level - 10*args.verbose))
|
||||
|
||||
try:
|
||||
p.run()
|
||||
except ValueError:
|
||||
# readline of closed file
|
||||
pass
|
||||
except:
|
||||
p.logger.error(
|
||||
'exiting due to exception:\n{}'.format(
|
||||
traceback.format_exc().rstrip()))
|
||||
raise
|
@ -0,0 +1,34 @@
|
||||
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
"""A Python implementation of the `Assuan protocol`_.
|
||||
|
||||
.. _Assuan protocol: http://www.gnupg.org/documentation/manuals/assuan/
|
||||
"""
|
||||
|
||||
import logging as _logging
|
||||
import logging.handlers as _logging_handlers
|
||||
|
||||
|
||||
__version__ = '0.2'
|
||||
|
||||
LOG = _logging.getLogger('pyassuan')
|
||||
LOG.setLevel(_logging.ERROR)
|
||||
LOG.addHandler(_logging.StreamHandler())
|
||||
#LOG.addHandler(_logging.FileHandler('/tmp/pinentry.log'))
|
||||
#LOG.addHandler(_logging_handlers.SysLogHandler(address='/dev/log'))
|
||||
LOG.handlers[0].setFormatter(
|
||||
_logging.Formatter('%(name)s: %(levelname)s: %(message)s'))
|
@ -0,0 +1,190 @@
|
||||
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import logging as _logging
|
||||
import socket as _socket
|
||||
import sys as _sys
|
||||
|
||||
from . import LOG as _LOG
|
||||
from . import common as _common
|
||||
from . import error as _error
|
||||
|
||||
|
||||
class AssuanClient (object):
|
||||
"""A single-threaded Assuan client based on the `development suggestions`_
|
||||
|
||||
.. _development suggestions:
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html
|
||||
"""
|
||||
def __init__(self, name, logger=_LOG, use_sublogger=True,
|
||||
close_on_disconnect=False):
|
||||
self.name = name
|
||||
if use_sublogger:
|
||||
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
|
||||
self.logger = logger
|
||||
self.close_on_disconnect = close_on_disconnect
|
||||
self.input = self.output = self.socket = None
|
||||
|
||||
def connect(self, socket_path=None):
|
||||
if socket_path:
|
||||
self.logger.info(
|
||||
'connect to Unix socket at {}'.format(socket_path))
|
||||
self.socket = _socket.socket(_socket.AF_UNIX, _socket.SOCK_STREAM)
|
||||
self.socket.connect(socket_path)
|
||||
self.input = self.socket.makefile('rb')
|
||||
self.output = self.socket.makefile('wb')
|
||||
else:
|
||||
if not self.input:
|
||||
self.logger.info('read from stdin')
|
||||
self.input = _sys.stdin.buffer
|
||||
if not self.output:
|
||||
self.logger.info('write to stdout')
|
||||
self.output = _sys.stdout.buffer
|
||||
|
||||
def disconnect(self):
|
||||
if self.close_on_disconnect:
|
||||
self.logger.info('disconnecting')
|
||||
if self.input is not None:
|
||||
self.input.close()
|
||||
self.input = None
|
||||
if self.output is not None:
|
||||
self.output.close()
|
||||
self.output = None
|
||||
if self.socket is not None:
|
||||
self.socket.shutdown(_socket.SHUT_RDWR)
|
||||
self.socket.close()
|
||||
self.socket = None
|
||||
|
||||
def raise_error(self, error):
|
||||
self.logger.error(str(error))
|
||||
raise(error)
|
||||
|
||||
def read_response(self):
|
||||
line = self.input.readline()
|
||||
if not line:
|
||||
self.raise_error(
|
||||
_error.AssuanError(message='IPC accept call failed'))
|
||||
if len(line) > _common.LINE_LENGTH:
|
||||
self.raise_error(
|
||||
_error.AssuanError(message='Line too long'))
|
||||
if not line.endswith(b'\n'):
|
||||
self.logger.info('S: {}'.format(line))
|
||||
self.raise_error(
|
||||
_error.AssuanError(message='Invalid response'))
|
||||
line = line[:-1] # remove trailing newline
|
||||
response = _common.Response()
|
||||
try:
|
||||
response.from_bytes(line)
|
||||
except _error.AssuanError as e:
|
||||
self.logger.error(str(e))
|
||||
raise
|
||||
self.logger.info('S: {}'.format(response))
|
||||
return response
|
||||
|
||||
def _write_request(self, request):
|
||||
self.logger.info('C: {}'.format(request))
|
||||
self.output.write(bytes(request))
|
||||
self.output.write(b'\n')
|
||||
try:
|
||||
self.output.flush()
|
||||
except IOError:
|
||||
raise
|
||||
|
||||
def make_request(self, request, response=True, expect=['OK']):
|
||||
self._write_request(request=request)
|
||||
if response:
|
||||
return self.get_responses(requests=[request], expect=expect)
|
||||
|
||||
def get_responses(self, requests=None, expect=['OK']):
|
||||
responses = list(self.responses())
|
||||
if responses[-1].type == 'ERR':
|
||||
eresponse = responses[-1]
|
||||
fields = eresponse.parameters.split(' ', 1)
|
||||
code = int(fields[0])
|
||||
if len(fields) > 1:
|
||||
message = fields[1].strip()
|
||||
else:
|
||||
message = None
|
||||
error = _error.AssuanError(code=code, message=message)
|
||||
if requests is not None:
|
||||
error.requests = requests
|
||||
error.responses = responses
|
||||
raise error
|
||||
if expect:
|
||||
assert responses[-1].type in expect, [str(r) for r in responses]
|
||||
data = []
|
||||
for response in responses:
|
||||
if response.type == 'D':
|
||||
data.append(response.parameters)
|
||||
if data:
|
||||
data = b''.join(data)
|
||||
else:
|
||||
data = None
|
||||
return (responses, data)
|
||||
|
||||
def responses(self):
|
||||
while True:
|
||||
response = self.read_response()
|
||||
yield response
|
||||
if response.type not in ['S', '#', 'D']:
|
||||
break
|
||||
|
||||
def send_data(self, data=None, response=True, expect=['OK']):
|
||||
"""Iterate through requests necessary to send ``data`` to a server.
|
||||
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
|
||||
"""
|
||||
requests = []
|
||||
if data:
|
||||
encoded_data = _common.encode(data)
|
||||
start = 0
|
||||
stop = min(_common.LINE_LENGTH-4, len(encoded_data)) # 'D ', CR, CL
|
||||
self.logger.debug('sending {} bytes of encoded data'.format(
|
||||
len(encoded_data)))
|
||||
while stop > start:
|
||||
d = encoded_data[start:stop]
|
||||
request = _common.Request(
|
||||
command='D', parameters=encoded_data[start:stop],
|
||||
encoded=True)
|
||||
requests.append(request)
|
||||
self.logger.debug('send {} byte chunk'.format(stop-start))
|
||||
self._write_request(request=request)
|
||||
start = stop
|
||||
stop = start + min(_common.LINE_LENGTH-4,
|
||||
len(encoded_data) - start)
|
||||
request = _common.Request('END')
|
||||
requests.append(request)
|
||||
self._write_request(request=request)
|
||||
if response:
|
||||
return self.get_responses(requests=requests, expect=expect)
|
||||
|
||||
def send_fds(self, fds):
|
||||
"""Send a file descriptor over a Unix socket.
|
||||
"""
|
||||
msg = '# descriptors in flight: {}\n'.format(fds)
|
||||
self.logger.info('C: {}'.format(msg.rstrip('\n')))
|
||||
msg = msg.encode('ascii')
|
||||
return _common.send_fds(
|
||||
socket=self.socket, msg=msg, fds=fds, logger=None)
|
||||
|
||||
def receive_fds(self, msglen=200, maxfds=10):
|
||||
"""Receive file descriptors over a Unix socket.
|
||||
"""
|
||||
msg,fds = _common.receive_fds(
|
||||
socket=self.socket, msglen=msglen, maxfds=maxfds, logger=None)
|
||||
msg = str(msg, 'utf-8')
|
||||
self.logger.info('S: {}'.format(msg.rstrip('\n')))
|
||||
return fds
|
@ -0,0 +1,314 @@
|
||||
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
"""Items common to both the client and server
|
||||
"""
|
||||
|
||||
import array as _array
|
||||
import re as _re
|
||||
import socket as _socket
|
||||
|
||||
from . import LOG as _LOG
|
||||
from . import error as _error
|
||||
|
||||
|
||||
LINE_LENGTH = 1002 # 1000 + [CR,]LF
|
||||
_ENCODE_PATTERN = '(' + '|'.join(['%', '\r', '\n']) + ')'
|
||||
_ENCODE_STR_REGEXP = _re.compile(_ENCODE_PATTERN)
|
||||
_ENCODE_BYTE_REGEXP = _re.compile(_ENCODE_PATTERN.encode('ascii'))
|
||||
_DECODE_STR_REGEXP = _re.compile('(%[0-9A-Fa-f]{2})')
|
||||
_DECODE_BYTE_REGEXP = _re.compile(b'(%[0-9A-Fa-f]{2})')
|
||||
_REQUEST_REGEXP = _re.compile('^(\w+)( *)(.*)\Z')
|
||||
|
||||
|
||||
def encode(data):
|
||||
r"""
|
||||
|
||||
>>> encode('It grew by 5%!\n')
|
||||
'It grew by 5%25!%0A'
|
||||
>>> encode(b'It grew by 5%!\n')
|
||||
b'It grew by 5%25!%0A'
|
||||
"""
|
||||
if isinstance(data, bytes):
|
||||
regexp = _ENCODE_BYTE_REGEXP
|
||||
else:
|
||||
regexp = _ENCODE_STR_REGEXP
|
||||
return regexp.sub(
|
||||
lambda x : to_hex(x.group()), data)
|
||||
|
||||
def decode(data):
|
||||
r"""
|
||||
|
||||
>>> decode('%22Look out!%22%0AWhere%3F')
|
||||
'"Look out!"\nWhere?'
|
||||
>>> decode(b'%22Look out!%22%0AWhere%3F')
|
||||
b'"Look out!"\nWhere?'
|
||||
"""
|
||||
if isinstance(data, bytes):
|
||||
regexp = _DECODE_BYTE_REGEXP
|
||||
else:
|
||||
regexp = _DECODE_STR_REGEXP
|
||||
return regexp.sub(
|
||||
lambda x : from_hex(x.group()), data)
|
||||
|
||||
def from_hex(code):
|
||||
r"""
|
||||
|
||||
>>> from_hex('%22')
|
||||
'"'
|
||||
>>> from_hex('%0A')
|
||||
'\n'
|
||||
>>> from_hex(b'%0A')
|
||||
b'\n'
|
||||
"""
|
||||
c = chr(int(code[1:], 16))
|
||||
if isinstance(code, bytes):
|
||||
c =c.encode('ascii')
|
||||
return c
|
||||
|
||||
def to_hex(char):
|
||||
r"""
|
||||
|
||||
>>> to_hex('"')
|
||||
'%22'
|
||||
>>> to_hex('\n')
|
||||
'%0A'
|
||||
>>> to_hex(b'\n')
|
||||
b'%0A'
|
||||
"""
|
||||
hx = '%{:02X}'.format(ord(char))
|
||||
if isinstance(char, bytes):
|
||||
hx = hx.encode('ascii')
|
||||
return hx
|
||||
|
||||
|
||||
class Request (object):
|
||||
"""A client request
|
||||
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
|
||||
|
||||
>>> r = Request(command='BYE')
|
||||
>>> str(r)
|
||||
'BYE'
|
||||
>>> r = Request(command='OPTION', parameters='testing at 5%')
|
||||
>>> str(r)
|
||||
'OPTION testing at 5%25'
|
||||
>>> bytes(r)
|
||||
b'OPTION testing at 5%25'
|
||||
>>> r.from_bytes(b'BYE')
|
||||
>>> r.command
|
||||
'BYE'
|
||||
>>> print(r.parameters)
|
||||
None
|
||||
>>> r.from_bytes(b'OPTION testing at 5%25')
|
||||
>>> r.command
|
||||
'OPTION'
|
||||
>>> print(r.parameters)
|
||||
testing at 5%
|
||||
>>> r.from_bytes(b' invalid')
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
pyassuan.error.AssuanError: 170 Invalid request
|
||||
>>> r.from_bytes(b'in-valid')
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
pyassuan.error.AssuanError: 170 Invalid request
|
||||
"""
|
||||
def __init__(self, command=None, parameters=None, encoded=False):
|
||||
self.command = command
|
||||
self.parameters = parameters
|
||||
self.encoded = encoded
|
||||
|
||||
def __str__(self):
|
||||
if self.parameters:
|
||||
if self.encoded:
|
||||
encoded_parameters = self.parameters
|
||||
else:
|
||||
encoded_parameters = encode(self.parameters)
|
||||
return '{} {}'.format(self.command, encoded_parameters)
|
||||
return self.command
|
||||
|
||||
def __bytes__(self):
|
||||
if self.parameters:
|
||||
if self.encoded:
|
||||
encoded_parameters = self.parameters
|
||||
else:
|
||||
encoded_parameters = encode(self.parameters)
|
||||
return '{} {}'.format(
|
||||
self.command, encoded_parameters).encode('utf-8')
|
||||
return self.command.encode('utf-8')
|
||||
|
||||
def from_bytes(self, line):
|
||||
if len(line) > 1000: # TODO: byte-vs-str and newlines?
|
||||
raise _error.AssuanError(message='Line too long')
|
||||
line = str(line, encoding='utf-8')
|
||||
match = _REQUEST_REGEXP.match(line)
|
||||
if not match:
|
||||
raise _error.AssuanError(message='Invalid request')
|
||||
self.command = match.group(1)
|
||||
if match.group(3):
|
||||
if match.group(2):
|
||||
self.parameters = decode(match.group(3))
|
||||
else:
|
||||
raise _error.AssuanError(message='Invalid request')
|
||||
else:
|
||||
self.parameters = None
|
||||
|
||||
|
||||
class Response (object):
|
||||
"""A server response
|
||||
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
|
||||
|
||||
>>> r = Response(type='OK')
|
||||
>>> str(r)
|
||||
'OK'
|
||||
>>> r = Response(type='ERR', parameters='1 General error')
|
||||
>>> str(r)
|
||||
'ERR 1 General error'
|
||||
>>> bytes(r)
|
||||
b'ERR 1 General error'
|
||||
>>> r.from_bytes(b'OK')
|
||||
>>> r.type
|
||||
'OK'
|
||||
>>> print(r.parameters)
|
||||
None
|
||||
>>> r.from_bytes(b'ERR 1 General error')
|
||||
>>> r.type
|
||||
'ERR'
|
||||
>>> print(r.parameters)
|
||||
1 General error
|
||||
>>> r.from_bytes(b' invalid')
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
pyassuan.error.AssuanError: 76 Invalid response
|
||||
>>> r.from_bytes(b'in-valid')
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
pyassuan.error.AssuanError: 76 Invalid response
|
||||
"""
|
||||
types = {
|
||||
'O': 'OK',
|
||||
'E': 'ERR',
|
||||
'S': 'S',
|
||||
'#': '#',
|
||||
'D': 'D',
|
||||
'I': 'INQUIRE',
|
||||
}
|
||||
|
||||
def __init__(self, type=None, parameters=None):
|
||||
self.type = type
|
||||
self.parameters = parameters
|
||||
|
||||
def __str__(self):
|
||||
if self.parameters:
|
||||
return '{} {}'.format(self.type, encode(self.parameters))
|
||||
return self.type
|
||||
|
||||
def __bytes__(self):
|
||||
if self.parameters:
|
||||
if self.type == 'D':
|
||||
return b' '.join((b'D', self.parameters))
|
||||
else:
|
||||
return '{} {}'.format(
|
||||
self.type, encode(self.parameters)).encode('utf-8')
|
||||
return self.type.encode('utf-8')
|
||||
|
||||
def from_bytes(self, line):
|
||||
if len(line) > 1000: # TODO: byte-vs-str and newlines?
|
||||
raise _error.AssuanError(message='Line too long')
|
||||
if line.startswith(b'D'):
|
||||
self.command = t = 'D'
|
||||
else:
|
||||
line = str(line, encoding='utf-8')
|
||||
t = line[0]
|
||||
try:
|
||||
type = self.types[t]
|
||||
except KeyError:
|
||||
raise _error.AssuanError(message='Invalid response')
|
||||
self.type = type
|
||||
if type == 'D': # data
|
||||
self.parameters = decode(line[2:])
|
||||
elif type == '#': # comment
|
||||
self.parameters = decode(line[2:])
|
||||
else:
|
||||
match = _REQUEST_REGEXP.match(line)
|
||||
if not match:
|
||||
raise _error.AssuanError(message='Invalid request')
|
||||
if match.group(3):
|
||||
if match.group(2):
|
||||
self.parameters = decode(match.group(3))
|
||||
else:
|
||||
raise _error.AssuanError(message='Invalid request')
|
||||
else:
|
||||
self.parameters = None
|
||||
|
||||
|
||||
def error_response(error):
|
||||
"""
|
||||
|
||||
>>> from pyassuan.error import AssuanError
|
||||
>>> error = AssuanError(1)
|
||||
>>> response = error_response(error)
|
||||
>>> print(response)
|
||||
ERR 1 General error
|
||||
"""
|
||||
return Response(type='ERR', parameters=str(error))
|
||||
|
||||
|
||||
def send_fds(socket, msg=None, fds=None, logger=_LOG):
|
||||
"""Send a file descriptor over a Unix socket using ``sendmsg``.
|
||||
|
||||
``sendmsg`` suport requires Python >= 3.3.
|
||||
|
||||
Code from
|
||||
http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg
|
||||
|
||||
Assuan equivalent is
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#function-assuan_005fsendfd
|
||||
"""
|
||||
if msg is None:
|
||||
msg = b''.join(
|
||||
[b'# descriptors in flight: ', str(fds).encode('ascii'), b'\n'])
|
||||
if logger is not None:
|
||||
logger.debug('sending file descriptors {} down {}'.format(fds, socket))
|
||||
return socket.sendmsg(
|
||||
[msg],
|
||||
[(_socket.SOL_SOCKET, _socket.SCM_RIGHTS, _array.array('i', fds))])
|
||||
|
||||
def receive_fds(socket, msglen=200, maxfds=10, logger=_LOG):
|
||||
"""Recieve file descriptors using ``recvmsg``.
|
||||
|
||||
``recvmsg`` suport requires Python >= 3.3.
|
||||
|
||||
Code from http://docs.python.org/dev/library/socket.html
|
||||
|
||||
Assuan equivalent is
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#fun_002dassuan_005freceivedfd
|
||||
"""
|
||||
fds = _array.array('i') # Array of ints
|
||||
msg,ancdata,flags,addr = socket.recvmsg(
|
||||
msglen, _socket.CMSG_LEN(maxfds * fds.itemsize))
|
||||
for cmsg_level,cmsg_type,cmsg_data in ancdata:
|
||||
if (cmsg_level == _socket.SOL_SOCKET and
|
||||
cmsg_type == _socket.SCM_RIGHTS):
|
||||
# Append data, ignoring any truncated integers at the end.
|
||||
fds.fromstring(
|
||||
cmsg_data[:len(cmsg_data) - (len(cmsg_data) % fds.itemsize)])
|
||||
if logger is not None:
|
||||
logger.debug('receiving file descriptors {} from {} ({})'.format(
|
||||
fds, socket, msg))
|
||||
return (msg, list(fds))
|
@ -0,0 +1,302 @@
|
||||
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
"""Assuan errors as defined in `libgpg-error`_.
|
||||
|
||||
The Assuan_ docs_ suggest these error codes.
|
||||
|
||||
.. _libgpg-error: http://www.gnupg.org/related_software/libgpg-error/
|
||||
.. _Assuan:
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
|
||||
.. _docs: http://www.gnupg.org/documentation/manuals/assuan/Error-codes.html
|
||||
"""
|
||||
|
||||
MESSAGE = { # extracted from libgpg-error-1.10/src/err-codes.h and gpg-error.h
|
||||
0: 'Success',
|
||||
1: 'General error',
|
||||
2: 'Unknown packet',
|
||||
3: 'Unknown version in packet',
|
||||
4: 'Invalid public key algorithm',
|
||||
5: 'Invalid digest algorithm',
|
||||
6: 'Bad public key',
|
||||
7: 'Bad secret key',
|
||||
8: 'Bad signature',
|
||||
9: 'No public key',
|
||||
10: 'Checksum error',
|
||||
11: 'Bad passphrase',
|
||||
12: 'Invalid cipher algorithm',
|
||||
13: 'Keyring open',
|
||||
14: 'Invalid packet',
|
||||
15: 'Invalid armor',
|
||||
16: 'No user ID',
|
||||
17: 'No secret key',
|
||||
18: 'Wrong secret key used',
|
||||
19: 'Bad session key',
|
||||
20: 'Unknown compression algorithm',
|
||||
21: 'Number is not prime',
|
||||
22: 'Invalid encoding method',
|
||||
23: 'Invalid encryption scheme',
|
||||
24: 'Invalid signature scheme',
|
||||
25: 'Invalid attribute',
|
||||
26: 'No value',
|
||||
27: 'Not found',
|
||||
28: 'Value not found',
|
||||
29: 'Syntax error',
|
||||
30: 'Bad MPI value',
|
||||
31: 'Invalid passphrase',
|
||||
32: 'Invalid signature class',
|
||||
33: 'Resources exhausted',
|
||||
34: 'Invalid keyring',
|
||||
35: 'Trust DB error',
|
||||
36: 'Bad certificate',
|
||||
37: 'Invalid user ID',
|
||||
38: 'Unexpected error',
|
||||
39: 'Time conflict',
|
||||
40: 'Keyserver error',
|
||||
41: 'Wrong public key algorithm',
|
||||
42: 'Tribute to D. A.',
|
||||
43: 'Weak encryption key',
|
||||
44: 'Invalid key length',
|
||||
45: 'Invalid argument',
|
||||
46: 'Syntax error in URI',
|
||||
47: 'Invalid URI',
|
||||
48: 'Network error',
|
||||
49: 'Unknown host',
|
||||
50: 'Selftest failed',
|
||||
51: 'Data not encrypted',
|
||||
52: 'Data not processed',
|
||||
53: 'Unusable public key',
|
||||
54: 'Unusable secret key',
|
||||
55: 'Invalid value',
|
||||
56: 'Bad certificate chain',
|
||||
57: 'Missing certificate',
|
||||
58: 'No data',
|
||||
59: 'Bug',
|
||||
60: 'Not supported',
|
||||
61: 'Invalid operation code',
|
||||
62: 'Timeout',
|
||||
63: 'Internal error',
|
||||
64: 'EOF (gcrypt)',
|
||||
65: 'Invalid object',
|
||||
66: 'Provided object is too short',
|
||||
67: 'Provided object is too large',
|
||||
68: 'Missing item in object',
|
||||
69: 'Not implemented',
|
||||
70: 'Conflicting use',
|
||||
71: 'Invalid cipher mode',
|
||||
72: 'Invalid flag',
|
||||
73: 'Invalid handle',
|
||||
74: 'Result truncated',
|
||||
75: 'Incomplete line',
|
||||
76: 'Invalid response',
|
||||
77: 'No agent running',
|
||||
78: 'agent error',
|
||||
79: 'Invalid data',
|
||||
80: 'Unspecific Assuan server fault',
|
||||
81: 'General Assuan error',
|
||||
82: 'Invalid session key',
|
||||
83: 'Invalid S-expression',
|
||||
84: 'Unsupported algorithm',
|
||||
85: 'No pinentry',
|
||||
86: 'pinentry error',
|
||||
87: 'Bad PIN',
|
||||
88: 'Invalid name',
|
||||
89: 'Bad data',
|
||||
90: 'Invalid parameter',
|
||||
91: 'Wrong card',
|
||||
92: 'No dirmngr',
|
||||
93: 'dirmngr error',
|
||||
94: 'Certificate revoked',
|
||||
95: 'No CRL known',
|
||||
96: 'CRL too old',
|
||||
97: 'Line too long',
|
||||
98: 'Not trusted',
|
||||
99: 'Operation cancelled',
|
||||
100: 'Bad CA certificate',
|
||||
101: 'Certificate expired',
|
||||
102: 'Certificate too young',
|
||||
103: 'Unsupported certificate',
|
||||
104: 'Unknown S-expression',
|
||||
105: 'Unsupported protection',
|
||||
106: 'Corrupted protection',
|
||||
107: 'Ambiguous name',
|
||||
108: 'Card error',
|
||||
109: 'Card reset required',
|
||||
110: 'Card removed',
|
||||
111: 'Invalid card',
|
||||
112: 'Card not present',
|
||||
113: 'No PKCS15 application',
|
||||
114: 'Not confirmed',
|
||||
115: 'Configuration error',
|
||||
116: 'No policy match',
|
||||
117: 'Invalid index',
|
||||
118: 'Invalid ID',
|
||||
119: 'No SmartCard daemon',
|
||||
120: 'SmartCard daemon error',
|
||||
121: 'Unsupported protocol',
|
||||
122: 'Bad PIN method',
|
||||
123: 'Card not initialized',
|
||||
124: 'Unsupported operation',
|
||||
125: 'Wrong key usage',
|
||||
126: 'Nothing found',
|
||||
127: 'Wrong blob type',
|
||||
128: 'Missing value',
|
||||
129: 'Hardware problem',
|
||||
130: 'PIN blocked',
|
||||
131: 'Conditions of use not satisfied',
|
||||
132: 'PINs are not synced',
|
||||
133: 'Invalid CRL',
|
||||
134: 'BER error',
|
||||
135: 'Invalid BER',
|
||||
136: 'Element not found',
|
||||
137: 'Identifier not found',
|
||||
138: 'Invalid tag',
|
||||
139: 'Invalid length',
|
||||
140: 'Invalid key info',
|
||||
141: 'Unexpected tag',
|
||||
142: 'Not DER encoded',
|
||||
143: 'No CMS object',
|
||||
144: 'Invalid CMS object',
|
||||
145: 'Unknown CMS object',
|
||||
146: 'Unsupported CMS object',
|
||||
147: 'Unsupported encoding',
|
||||
148: 'Unsupported CMS version',
|
||||
149: 'Unknown algorithm',
|
||||
150: 'Invalid crypto engine',
|
||||
151: 'Public key not trusted',
|
||||
152: 'Decryption failed',
|
||||
153: 'Key expired',
|
||||
154: 'Signature expired',
|
||||
155: 'Encoding problem',
|
||||
156: 'Invalid state',
|
||||
157: 'Duplicated value',
|
||||
158: 'Missing action',
|
||||
159: 'ASN.1 module not found',
|
||||
160: 'Invalid OID string',
|
||||
161: 'Invalid time',
|
||||
162: 'Invalid CRL object',
|
||||
163: 'Unsupported CRL version',
|
||||
164: 'Invalid certificate object',
|
||||
165: 'Unknown name',
|
||||
166: 'A locale function failed',
|
||||
167: 'Not locked',
|
||||
168: 'Protocol violation',
|
||||
169: 'Invalid MAC',
|
||||
170: 'Invalid request',
|
||||
171: 'Unknown extension',
|
||||
172: 'Unknown critical extension',
|
||||
173: 'Locked',
|
||||
174: 'Unknown option',
|
||||
175: 'Unknown command',
|
||||
176: 'Not operational',
|
||||
177: 'No passphrase given',
|
||||
178: 'No PIN given',
|
||||
179: 'Not enabled',
|
||||
180: 'No crypto engine',
|
||||
181: 'Missing key',
|
||||
182: 'Too many objects',
|
||||
183: 'Limit reached',
|
||||
184: 'Not initialized',
|
||||
185: 'Missing issuer certificate',
|
||||
198: 'Operation fully cancelled',
|
||||
199: 'Operation not yet finished',
|
||||
200: 'Buffer too short',
|
||||
201: 'Invalid length specifier in S-expression',
|
||||
202: 'String too long in S-expression',
|
||||
203: 'Unmatched parentheses in S-expression',
|
||||
204: 'S-expression not canonical',
|
||||
205: 'Bad character in S-expression',
|
||||
206: 'Bad quotation in S-expression',
|
||||
207: 'Zero prefix in S-expression',
|
||||
208: 'Nested display hints in S-expression',
|
||||
209: 'Unmatched display hints',
|
||||
210: 'Unexpected reserved punctuation in S-expression',
|
||||
211: 'Bad hexadecimal character in S-expression',
|
||||
212: 'Odd hexadecimal numbers in S-expression',
|
||||
213: 'Bad octal character in S-expression',
|
||||
257: 'General IPC error',
|
||||
258: 'IPC accept call failed',
|
||||
259: 'IPC connect call failed',
|
||||
260: 'Invalid IPC response',
|
||||
261: 'Invalid value passed to IPC',
|
||||
262: 'Incomplete line passed to IPC',
|
||||
263: 'Line passed to IPC too long',
|
||||
264: 'Nested IPC commands',
|
||||
265: 'No data callback in IPC',
|
||||
266: 'No inquire callback in IPC',
|
||||
267: 'Not an IPC server',
|
||||
268: 'Not an IPC client',
|
||||
269: 'Problem starting IPC server',
|
||||
270: 'IPC read error',
|
||||
271: 'IPC write error',
|
||||
273: 'Too much data for IPC layer',
|
||||
274: 'Unexpected IPC command',
|
||||
275: 'Unknown IPC command',
|
||||
276: 'IPC syntax error',
|
||||
277: 'IPC call has been cancelled',
|
||||
278: 'No input source for IPC',
|
||||
279: 'No output source for IPC',
|
||||
280: 'IPC parameter error',
|
||||
281: 'Unknown IPC inquire',
|
||||
1024: 'User defined error code 1',
|
||||
1025: 'User defined error code 2',
|
||||
1026: 'User defined error code 3',
|
||||
1027: 'User defined error code 4',
|
||||
1028: 'User defined error code 5',
|
||||
1029: 'User defined error code 6',
|
||||
1030: 'User defined error code 7',
|
||||
1031: 'User defined error code 8',
|
||||
1032: 'User defined error code 9',
|
||||
1033: 'User defined error code 10',
|
||||
1034: 'User defined error code 11',
|
||||
1035: 'User defined error code 12',
|
||||
1036: 'User defined error code 13',
|
||||
1037: 'User defined error code 14',
|
||||
1038: 'User defined error code 15',
|
||||
1039: 'User defined error code 16',
|
||||
16381: 'System error w/o errno',
|
||||
16382: 'Unknown system error',
|
||||
16383: 'End of file',
|
||||
}
|
||||
UNKNOWN = 'Unknown error code'
|
||||
|
||||
CODE = dict((message,code) for code,message in MESSAGE.items())
|
||||
|
||||
# TODO: system errors (GPG_ERR_E2BIG = GPG_ERR_SYSTEM_ERROR | 0, etc.)
|
||||
|
||||
class AssuanError (Exception):
|
||||
r"""
|
||||
|
||||
>>> e = AssuanError(1)
|
||||
>>> print(e)
|
||||
1 General error
|
||||
>>> e = AssuanError(1024, 'testing!')
|
||||
>>> print(e)
|
||||
1024 testing!
|
||||
>>> e = AssuanError(message='Unknown packet')
|
||||
>>> print(e)
|
||||
2 Unknown packet
|
||||
"""
|
||||
def __init__(self, code=None, message=None):
|
||||
if code is None and message is None:
|
||||
raise ValueError('missing both `code` and `message`')
|
||||
if message is None:
|
||||
message = MESSAGE[code]
|
||||
if code is None:
|
||||
code = CODE.get(message, UNKNOWN)
|
||||
self.code = code
|
||||
self.message = message
|
||||
super(AssuanError, self).__init__('{} {}'.format(code, message))
|
@ -0,0 +1,299 @@
|
||||
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import logging as _logging
|
||||
import re as _re
|
||||
import socket as _socket
|
||||
import sys as _sys
|
||||
import threading as _threading
|
||||
import traceback as _traceback
|
||||
|
||||
from . import LOG as _LOG
|
||||
from . import common as _common
|
||||
from . import error as _error
|
||||
|
||||
|
||||
_OPTION_REGEXP = _re.compile('^-?-?([-\w]+)( *)(=?) *(.*?) *\Z')
|
||||
|
||||
|
||||
class AssuanServer (object):
|
||||
"""A single-threaded Assuan server based on the `devolpment suggestions`_
|
||||
|
||||
Extend by subclassing and adding ``_handle_XXX`` methods for each
|
||||
command you want to handle.
|
||||
|
||||
.. _development suggestions:
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Server-code.html
|
||||
"""
|
||||
def __init__(self, name, logger=_LOG, use_sublogger=True,
|
||||
valid_options=None, strict_options=True,
|
||||
single_request=False, listen_to_quit=False,
|
||||
close_on_disconnect=False):
|
||||
self.name = name
|
||||
if use_sublogger:
|
||||
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
|
||||
self.logger = logger
|
||||
if valid_options is None:
|
||||
valid_options = []
|
||||
self.valid_options = valid_options
|
||||
self.strict_options = strict_options
|
||||
self.single_request = single_request
|
||||
self.listen_to_quit = listen_to_quit
|
||||
self.close_on_disconnect = close_on_disconnect
|
||||
self.input = self.output = None
|
||||
self.options = {}
|
||||
self.reset()
|
||||
|
||||
def reset(self):
|
||||
self.stop = False
|
||||
self.options.clear()
|
||||
|
||||
def run(self):
|
||||
self.reset()
|
||||
self.logger.info('running')
|
||||
self.connect()
|
||||
try:
|
||||
self.handle_requests()
|
||||
finally:
|
||||
self.disconnect()
|
||||
self.logger.info('stopping')
|
||||
|
||||
def connect(self):
|
||||
if not self.input:
|
||||
self.logger.info('read from stdin')
|
||||
self.input = _sys.stdin.buffer
|
||||
if not self.output:
|
||||
self.logger.info('write to stdout')
|
||||
self.output = _sys.stdout.buffer
|
||||
|
||||
def disconnect(self):
|
||||
if self.close_on_disconnect:
|
||||
self.logger.info('disconnecting')
|
||||
self.input = None
|
||||
self.output = None
|
||||
|
||||
def handle_requests(self):
|
||||
self.send_response(_common.Response('OK', 'Your orders please'))
|
||||
self.output.flush()
|
||||
while not self.stop:
|
||||
line = self.input.readline()
|
||||
if not line:
|
||||
break # EOF
|
||||
if len(line) > _common.LINE_LENGTH:
|
||||
self.raise_error(
|
||||
_error.AssuanError(message='Line too long'))
|
||||
if not line.endswith(b'\n'):
|
||||
self.logger.info('C: {}'.format(line))
|
||||
self.send_error_response(
|
||||
_error.AssuanError(message='Invalid request'))
|
||||
continue
|
||||
line = line[:-1] # remove the trailing newline
|
||||
self.logger.info('C: {}'.format(line))
|
||||
request = _common.Request()
|
||||
try:
|
||||
request.from_bytes(line)
|
||||
except _error.AssuanError as e:
|
||||
self.send_error_response(e)
|
||||
continue
|
||||
self.handle_request(request)
|
||||
|
||||
def handle_request(self, request):
|
||||
try:
|
||||
handle = getattr(
|
||||
self, '_handle_{}'.format(request.command))
|
||||
except AttributeError:
|
||||
self.logger.warn('unknown command: {}'.format(request.command))
|
||||
self.send_error_response(
|
||||
_error.AssuanError(message='Unknown command'))
|
||||
return
|
||||
try:
|
||||
responses = handle(request.parameters)
|
||||
for response in responses:
|
||||
self.send_response(response)
|
||||
except _error.AssuanError as error:
|
||||
self.send_error_response(error)
|
||||
return
|
||||
except Exception as e:
|
||||
self.logger.error(
|
||||
'exception while executing {}:\n{}'.format(
|
||||
handle, _traceback.format_exc().rstrip()))
|
||||
self.send_error_response(
|
||||
_error.AssuanError(message='Unspecific Assuan server fault'))
|
||||
return
|
||||
|
||||
def send_response(self, response):
|
||||
"""For internal use by ``.handle_requests()``
|
||||
"""
|
||||
rstring = str(response)
|
||||
self.logger.info('S: {}'.format(response))
|
||||
self.output.write(bytes(response))
|
||||
self.output.write(b'\n')
|
||||
try:
|
||||
self.output.flush()
|
||||
except IOError:
|
||||
if not self.stop:
|
||||
raise
|
||||
|
||||
def send_error_response(self, error):
|
||||
"""For internal use by ``.handle_requests()``
|
||||
"""
|
||||
self.send_response(_common.error_response(error))
|
||||
|
||||
# common commands defined at
|
||||
# http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
|
||||
|
||||
def _handle_BYE(self, arg):
|
||||
if self.single_request:
|
||||
self.stop = True
|
||||
yield _common.Response('OK', 'closing connection')
|
||||
|
||||
def _handle_RESET(self, arg):
|
||||
self.reset()
|
||||
|
||||
def _handle_END(self, arg):
|
||||
raise _error.AssuanError(
|
||||
code=175, message='Unknown command (reserved)')
|
||||
|
||||
def _handle_HELP(self, arg):
|
||||
raise _error.AssuanError(
|
||||
code=175, message='Unknown command (reserved)')
|
||||
|
||||
def _handle_QUIT(self, arg):
|
||||
if self.listen_to_quit:
|
||||
self.stop = True
|
||||
yield _common.Response('OK', 'stopping the server')
|
||||
raise _error.AssuanError(
|
||||
code=175, message='Unknown command (reserved)')
|
||||
|
||||
def _handle_OPTION(self, arg):
|
||||
"""
|
||||
|
||||
>>> s = AssuanServer(name='test', valid_options=['my-op'])
|
||||
>>> list(s._handle_OPTION('my-op = 1 ')) # doctest: +ELLIPSIS
|
||||
[<pyassuan.common.Response object at ...>]
|
||||
>>> s.options
|
||||
{'my-op': '1'}
|
||||
>>> list(s._handle_OPTION('my-op 2')) # doctest: +ELLIPSIS
|
||||
[<pyassuan.common.Response object at ...>]
|
||||
>>> s.options
|
||||
{'my-op': '2'}
|
||||
>>> list(s._handle_OPTION('--my-op 3')) # doctest: +ELLIPSIS
|
||||
[<pyassuan.common.Response object at ...>]
|
||||
>>> s.options
|
||||
{'my-op': '3'}
|
||||
>>> list(s._handle_OPTION('my-op')) # doctest: +ELLIPSIS
|
||||
[<pyassuan.common.Response object at ...>]
|
||||
>>> s.options
|
||||
{'my-op': None}
|
||||
>>> list(s._handle_OPTION('inv'))
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
pyassuan.error.AssuanError: 174 Unknown option
|
||||
>>> list(s._handle_OPTION('in|valid'))
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
pyassuan.error.AssuanError: 90 Invalid parameter
|
||||
"""
|
||||
match = _OPTION_REGEXP.match(arg)
|
||||
if not match:
|
||||
raise _error.AssuanError(message='Invalid parameter')
|
||||
name,space,equal,value = match.groups()
|
||||
if value and not space and not equal:
|
||||
# need either space or equal to separate value
|
||||
raise _error.AssuanError(message='Invalid parameter')
|
||||
if name not in self.valid_options:
|
||||
if self.strict_options:
|
||||
raise _error.AssuanError(message='Unknown option')
|
||||
else:
|
||||
self.logger.info('skipping invalid option: {}'.format(name))
|
||||
else:
|
||||
if not value:
|
||||
value = None
|
||||
self.options[name] = value
|
||||
yield _common.Response('OK')
|
||||
|
||||
def _handle_CANCEL(self, arg):
|
||||
raise _error.AssuanError(
|
||||
code=175, message='Unknown command (reserved)')
|
||||
|
||||
def _handle_AUTH(self, arg):
|
||||
raise _error.AssuanError(
|
||||
code=175, message='Unknown command (reserved)')
|
||||
|
||||
|
||||
class AssuanSocketServer (object):
|
||||
"""A threaded server spawning ``AssuanServer``\s for each connection
|
||||
"""
|
||||
def __init__(self, name, socket, server, kwargs={}, max_threads=10,
|
||||
logger=_LOG, use_sublogger=True):
|
||||
self.name = name
|
||||
if use_sublogger:
|
||||
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
|
||||
self.logger = logger
|
||||
self.socket = socket
|
||||
self.server = server
|
||||
assert 'name' not in kwargs, kwargs['name']
|
||||
assert 'logger' not in kwargs, kwargs['logger']
|
||||
kwargs['logger'] = self.logger
|
||||
assert 'use_sublogger' not in kwargs, kwargs['use_sublogger']
|
||||
kwargs['use_sublogger'] = True
|
||||
if 'close_on_disconnect' in kwargs:
|
||||
assert kwargs['close_on_disconnect'] == True, (
|
||||
kwargs['close_on_disconnect'])
|
||||
else:
|
||||
kwargs['close_on_disconnect'] = True
|
||||
self.kwargs = kwargs
|
||||
self.max_threads = max_threads
|
||||
self.threads = []
|
||||
|
||||
def run(self):
|
||||
self.logger.info('listen on socket')
|
||||
self.socket.listen()
|
||||
thread_index = 0
|
||||
while True:
|
||||
socket,address = self.socket.accept()
|
||||
self.logger.info('connection from {}'.format(address))
|
||||
self.cleanup_threads()
|
||||
if len(threads) > self.max_threads:
|
||||
self.drop_connection(socket, address)
|
||||
self.spawn_thread(
|
||||
'server-thread-{}'.format(thread_index), socket, address)
|
||||
thread_index = (thread_index + 1) % self.max_threads
|
||||
|
||||
def cleanup_threads(self):
|
||||
i = 0
|
||||
while i < len(self.threads):
|
||||
thread = self.threads[i]
|
||||
thread.join(0)
|
||||
if thread.is_alive():
|
||||
self.logger.info('joined thread {}'.format(thread.name))
|
||||
self.threads.pop(i)
|
||||
thread.socket.shutdown()
|
||||
thread.socket.close()
|
||||
else:
|
||||
i += 1
|
||||
|
||||
def drop_connection(self, socket, address):
|
||||
self.logger.info('drop connection from {}'.format(address))
|
||||
# TODO: proper error to send to the client?
|
||||
|
||||
def spawn_thread(self, name, socket, address):
|
||||
server = self.server(name=name, **self.kwargs)
|
||||
server.input = socket.makefile('rb')
|
||||
server.output = socket.makefile('wb')
|
||||
thread = _threading.Thread(target=server.run, name=name)
|
||||
thread.start()
|
||||
self.threads.append(thread)
|
@ -0,0 +1,25 @@
|
||||
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import doctest
|
||||
import unittest
|
||||
|
||||
from . import common
|
||||
|
||||
|
||||
def load_tests(loader, tests, ignore):
|
||||
tests.addTests(doctest.DocTestSuite(common))
|
||||
return tests
|
@ -0,0 +1,25 @@
|
||||
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import doctest
|
||||
import unittest
|
||||
|
||||
from . import error
|
||||
|
||||
|
||||
def load_tests(loader, tests, ignore):
|
||||
tests.addTests(doctest.DocTestSuite(error))
|
||||
return tests
|
@ -0,0 +1,25 @@
|
||||
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import doctest
|
||||
import unittest
|
||||
|
||||
from . import server
|
||||
|
||||
|
||||
def load_tests(loader, tests, ignore):
|
||||
tests.addTests(doctest.DocTestSuite(server))
|
||||
return tests
|
@ -0,0 +1,54 @@
|
||||
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
|
||||
#
|
||||
# This file is part of pyassuan.
|
||||
#
|
||||
# pyassuan is free software: you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation, either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
"Python module and tools for communicating in the Assuan protocol."
|
||||
|
||||
from distutils.core import setup as _setup
|
||||
import os.path as _os_path
|
||||
|
||||
from pyassuan import __version__
|
||||
|
||||
|
||||
_this_dir = _os_path.dirname(__file__)
|
||||
|
||||
_setup(
|
||||
name='pyassuan',
|
||||
version=__version__,
|
||||
maintainer='W. Trevor King',
|
||||
maintainer_email='wking@tremily.us',
|
||||
url='http://blog.tremily.us/posts/pyassuan/',
|
||||
download_url='http://git.tremily.us/?p=pyassuan.git;a=snapshot;h=v{};sf=tgz'.format(__version__),
|
||||
license = 'GNU General Public License (GPL)',
|
||||
platforms = ['all'],
|
||||
description = __doc__,
|
||||
long_description=open(_os_path.join(_this_dir, 'README'), 'r').read(),
|
||||
classifiers = [
|
||||
'Development Status :: 3 - Alpha',
|
||||
'Intended Audience :: Developers',
|
||||
'Operating System :: OS Independent',
|
||||
'License :: OSI Approved :: GNU General Public License (GPL)',
|
||||
'Programming Language :: Python :: 3',
|
||||
'Programming Language :: Python :: 3.3',
|
||||
'Programming Language :: Python :: 3.4',
|
||||
'Programming Language :: Python :: 3.5',
|
||||
'Programming Language :: Python :: 3.6',
|
||||
'Topic :: Security :: Cryptography',
|
||||
'Topic :: Software Development'
|
||||
],
|
||||
scripts = ['bin/get-info.py', 'bin/pinentry.py'],
|
||||
packages = ['pyassuan'],
|
||||
provides = ['pyassuan'],
|
||||
zip_safe=False)
|
@ -0,0 +1,4 @@
|
||||
if __name__ == '__main__':
|
||||
from gridfire import main
|
||||
|
||||
main()
|
@ -0,0 +1,4 @@
|
||||
if __name__ == '__main__':
|
||||
from gridfire import main
|
||||
|
||||
main()
|
152
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/ansible-vault.2.8.12
Executable file
152
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/ansible-vault.2.8.12
Executable file
@ -0,0 +1,152 @@
|
||||
#!/usr/bin/python3.7
|
||||
|
||||
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
########################################################
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
__requires__ = ['ansible']
|
||||
|
||||
|
||||
import os
|
||||
import shutil
|
||||
import sys
|
||||
import traceback
|
||||
|
||||
from ansible import context
|
||||
from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
|
||||
from ansible.module_utils._text import to_text
|
||||
|
||||
|
||||
# Used for determining if the system is running a new enough python version
|
||||
# and should only restrict on our documented minimum versions
|
||||
_PY3_MIN = sys.version_info[:2] >= (3, 5)
|
||||
_PY2_MIN = (2, 6) <= sys.version_info[:2] < (3,)
|
||||
_PY_MIN = _PY3_MIN or _PY2_MIN
|
||||
if not _PY_MIN:
|
||||
raise SystemExit('ERROR: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: %s' % ''.join(sys.version.splitlines()))
|
||||
|
||||
|
||||
class LastResort(object):
|
||||
# OUTPUT OF LAST RESORT
|
||||
def display(self, msg, log_only=None):
|
||||
print(msg, file=sys.stderr)
|
||||
|
||||
def error(self, msg, wrap_text=None):
|
||||
print(msg, file=sys.stderr)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
display = LastResort()
|
||||
|
||||
try: # bad ANSIBLE_CONFIG or config options can force ugly stacktrace
|
||||
import ansible.constants as C
|
||||
from ansible.utils.display import Display
|
||||
except AnsibleOptionsError as e:
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
sys.exit(5)
|
||||
|
||||
cli = None
|
||||
me = os.path.basename(sys.argv[0])
|
||||
|
||||
try:
|
||||
display = Display()
|
||||
display.debug("starting run")
|
||||
|
||||
sub = None
|
||||
target = me.split('-')
|
||||
if target[-1][0].isdigit():
|
||||
# Remove any version or python version info as downstreams
|
||||
# sometimes add that
|
||||
target = target[:-1]
|
||||
|
||||
if len(target) > 1:
|
||||
sub = target[1]
|
||||
myclass = "%sCLI" % sub.capitalize()
|
||||
elif target[0] == 'ansible':
|
||||
sub = 'adhoc'
|
||||
myclass = 'AdHocCLI'
|
||||
else:
|
||||
raise AnsibleError("Unknown Ansible alias: %s" % me)
|
||||
|
||||
try:
|
||||
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
|
||||
except ImportError as e:
|
||||
# ImportError members have changed in py3
|
||||
if 'msg' in dir(e):
|
||||
msg = e.msg
|
||||
else:
|
||||
msg = e.message
|
||||
if msg.endswith(' %s' % sub):
|
||||
raise AnsibleError("Ansible sub-program not implemented: %s" % me)
|
||||
else:
|
||||
raise
|
||||
|
||||
try:
|
||||
args = [to_text(a, errors='surrogate_or_strict') for a in sys.argv]
|
||||
except UnicodeError:
|
||||
display.error('Command line args are not in utf-8, unable to continue. Ansible currently only understands utf-8')
|
||||
display.display(u"The full traceback was:\n\n%s" % to_text(traceback.format_exc()))
|
||||
exit_code = 6
|
||||
else:
|
||||
cli = mycli(args)
|
||||
exit_code = cli.run()
|
||||
|
||||
except AnsibleOptionsError as e:
|
||||
cli.parser.print_help()
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
exit_code = 5
|
||||
except AnsibleParserError as e:
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
exit_code = 4
|
||||
# TQM takes care of these, but leaving comment to reserve the exit codes
|
||||
# except AnsibleHostUnreachable as e:
|
||||
# display.error(str(e))
|
||||
# exit_code = 3
|
||||
# except AnsibleHostFailed as e:
|
||||
# display.error(str(e))
|
||||
# exit_code = 2
|
||||
except AnsibleError as e:
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
exit_code = 1
|
||||
except KeyboardInterrupt:
|
||||
display.error("User interrupted execution")
|
||||
exit_code = 99
|
||||
except Exception as e:
|
||||
if C.DEFAULT_DEBUG:
|
||||
# Show raw stacktraces in debug mode, It also allow pdb to
|
||||
# enter post mortem mode.
|
||||
raise
|
||||
have_cli_options = bool(context.CLIARGS)
|
||||
display.error("Unexpected Exception, this is probably a bug: %s" % to_text(e), wrap_text=False)
|
||||
if not have_cli_options or have_cli_options and context.CLIARGS['verbosity'] > 2:
|
||||
log_only = False
|
||||
if hasattr(e, 'orig_exc'):
|
||||
display.vvv('\nexception type: %s' % to_text(type(e.orig_exc)))
|
||||
why = to_text(e.orig_exc)
|
||||
if to_text(e) != why:
|
||||
display.vvv('\noriginal msg: %s' % why)
|
||||
else:
|
||||
display.display("to see the full traceback, use -vvv")
|
||||
log_only = True
|
||||
display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
|
||||
exit_code = 250
|
||||
|
||||
sys.exit(exit_code)
|
@ -0,0 +1,87 @@
|
||||
#!/usr/bin/expect --
|
||||
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set ROLE gpgkey
|
||||
set PREFIX /usr/local
|
||||
|
||||
set timeout 30
|
||||
|
||||
#? spawn /usr/local/bin/pinentry.py
|
||||
spawn /usr/local/bin/pinentry_gridfire.py
|
||||
|
||||
expect "OK Your orders please"
|
||||
send_user "OPTION grab\n"
|
||||
send "OPTION grab\n"
|
||||
expect "OK"
|
||||
send_user "OPTION ttyname=/dev/pts/6\n"
|
||||
send "OPTION ttyname=/dev/pts/6\n"
|
||||
expect "OK"
|
||||
send_user "OPTION ttytype=xterm\n"
|
||||
send "OPTION ttytype=xterm\n"
|
||||
expect "OK"
|
||||
send_user "OPTION lc-ctype=en_US.UTF-8\n"
|
||||
send "OPTION lc-ctype=en_US.UTF-8\n"
|
||||
expect "OK"
|
||||
send_user "OPTION lc-messages=en_US.UTF-8\n"
|
||||
send "OPTION lc-messages=en_US.UTF-8\n"
|
||||
expect "OK"
|
||||
send_user "OPTION allow-external-password-cache\n"
|
||||
send "OPTION allow-external-password-cache\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-ok=_OK\n"
|
||||
send "OPTION default-ok=_OK\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-cancel=_Cancel\n"
|
||||
send "OPTION default-cancel=_Cancel\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-yes=_Yes\n"
|
||||
send "OPTION default-yes=_Yes\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-no=_No\n"
|
||||
send "OPTION default-no=_No\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-prompt=PIN:\n"
|
||||
send "OPTION default-prompt=PIN:\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-pwmngr=_Save in password manager\n"
|
||||
send "OPTION default-pwmngr=_Save in password manager\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\n"
|
||||
send "OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-tt-visi=Make passphrase visible\n"
|
||||
send "OPTION default-tt-visi=Make passphrase visible\n"
|
||||
expect "OK"
|
||||
send_user "OPTION default-tt-hide=Hide passphrase\n"
|
||||
send "OPTION default-tt-hide=Hide passphrase\n"
|
||||
expect "OK"
|
||||
send_user "GETINFO pid\n"
|
||||
send "GETINFO pid\n"
|
||||
expect "D 14309"
|
||||
expect "OK"
|
||||
send_user "SETKEYINFO u/S9464F2C2825D2FE3\n"
|
||||
send "SETKEYINFO u/S9464F2C2825D2FE3\n"
|
||||
expect "OK"
|
||||
send_user "SETDESC Enter passphrase%0A\n"
|
||||
send "SETDESC Enter passphrase%0A\n"
|
||||
expect "OK"
|
||||
send_user "SETPROMPT Passphrase\n"
|
||||
send "SETPROMPT Passphrase\n"
|
||||
expect "OK"
|
||||
send_user "GETPIN\n"
|
||||
send "GETPIN\n"
|
||||
expect "D testing!"
|
||||
expect "OK"
|
||||
send_user "BYE\n"
|
||||
send "BYE\n"
|
||||
expect "OK closing connection"
|
||||
|
||||
expect -re .+ {
|
||||
exp_continue
|
||||
} timeout {
|
||||
exit 1
|
||||
} eof {
|
||||
exit 0
|
||||
}
|
||||
|
||||
# expect -r .+ {send "\r"}
|
11
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.bash
Executable file
11
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.bash
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
[ -f $PREFIX/bin/gridfire.rc ] && . $PREFIX/bin/gridfire.rc
|
||||
|
||||
cd /usr/local/src/gridfire || exit 3
|
||||
|
||||
exec /usr/local/bin/python3.sh gridfire.py "$@"
|
59
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.new
Executable file
59
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.new
Executable file
@ -0,0 +1,59 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
declare -a ELTS LARGS RARGS
|
||||
ELTS=(
|
||||
gridfire_ansible-vault.sh
|
||||
gridfire_keepassxc-cli.sh
|
||||
gridfire_keepassxc.sh
|
||||
gridfire_keyring.sh
|
||||
gridfire_openssl.sh
|
||||
gridfire_secret-tool.sh
|
||||
gridfire_staticgpg.sh
|
||||
gridfire_truecrypt.sh
|
||||
gridfire_veracrypt.sh
|
||||
)
|
||||
SHORTOPTS="ha:cgulbodfpwm:nv:s:D:P:H:A:"
|
||||
|
||||
OARGS="$@"
|
||||
ARGS=$(getopt --options $SHORTOPTS -- "$@")
|
||||
[ $? != 0 ] && error 2 "Aborting."
|
||||
eval set -- "$ARGS"
|
||||
|
||||
while true; do
|
||||
case "$1" in
|
||||
-h|-c|-g|-u|-l|-b|-o|-d|-f|-p|-w|-n)
|
||||
LARGS+=($1)
|
||||
shift;;
|
||||
-a|-m|-v|-s|-D|-P|-H|-A)
|
||||
LARGS+=($1)
|
||||
shift
|
||||
LARGS+=($1)
|
||||
shift;;
|
||||
'--')
|
||||
shift
|
||||
RARGS=("$@")
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
done
|
||||
#echo DEBUG: LARGS ${LARGS[@]}
|
||||
#echo DEBUG: RARGS ${RARGS[@]}
|
||||
case ${RARGS[0]} in
|
||||
ansible-vault|keepassxc-cli|keepassxc|keyring|openssl|secret-tool|staticgpg|truecrypt|veracrypt|foo)
|
||||
elt=gridfire_${RARGS[0]}.bash
|
||||
unset ${RARGS[0]}
|
||||
RARGS[0]=""
|
||||
exec bash $elt ${LARGS[@]} ${RARGS[@]}
|
||||
;;
|
||||
esac
|
||||
# echo ${RARGS[@]}
|
||||
|
||||
exec python3.sh $PREFIX/src/gridfire/gridfire.py "$OARGS"
|
@ -0,0 +1,6 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
export PATH='/var/local/bin:'"$PATH"
|
||||
#export PATH='/usr/local/bin:'"$PATH"
|
||||
export TMPDIR=/tmp
|
||||
|
11
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.win
Executable file
11
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.win
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
export PATH='/q/Pg64/KeePassXC-2.6.6-Win64:'"$PATH"
|
||||
export PATH='/q/Pg64/VeraCrypt_1.24-Update7:'"$PATH"
|
||||
# VeraCrypt Legacy Portable 1.24-Update7.exe
|
||||
export PATH='/w/Pg32/TrueCrypt:'"$PATH"
|
||||
export PATH='/q/Pg64/TrueCrypt-7.1a:'"$PATH"
|
||||
|
||||
export PATH='/usr/local/bin:'"$PATH"
|
||||
export TMPDIR=/q/tmp
|
||||
|
@ -0,0 +1,13 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
PYVER=3
|
||||
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
export PYTHONPATH=$PREFIX/src/gridfire
|
||||
exec $PREFIX/bin/gridfire -H "ansible-vault.py" -- \
|
||||
$PREFIX/bin/python$PYVER.sh $PREFIX/src/gridfire/ansible-vault.py "$@"
|
||||
|
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
root=KeeC
|
||||
DEBUG=1
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
EXE=/var/local/bin/keepassxc.bash
|
||||
|
||||
# not -k not -p
|
||||
[[ "$*" =~ "--pw-stdin" ]] || [[ $RARGS =~ "--pw-stdin" ]] || RARGS="--pw-stdin $RARGS"
|
||||
# not =''
|
||||
[[ "$*" =~ "--keyfile" ]] || [[ $RARGS =~ "--keyfile" ]] || RARGS="--keyfile '' $RARGS"
|
||||
|
||||
DEBUG=1
|
||||
DEBUG $EXE $RARGS "$@" >> /tmp/${root}$$.log
|
||||
$EXE $RARGS "$@" 2>/tmp/${root}$$.err >/tmp/${root}$$.log
|
||||
retval=$?
|
||||
if [ $retval -eq 0 ] ; then
|
||||
INFO see /tmp/${root}$$.log
|
||||
else
|
||||
WARN see /tmp/${root}$$.err
|
||||
cat /tmp/${root}$$.err
|
||||
fi
|
||||
exit $retval
|
||||
|
@ -0,0 +1,174 @@
|
||||
#!/usr/local/bin/python2.sh
|
||||
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
|
||||
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
########################################################
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
__requires__ = ['ansible']
|
||||
|
||||
|
||||
import os
|
||||
import shutil
|
||||
import sys
|
||||
import traceback
|
||||
|
||||
from ansible import context
|
||||
from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
|
||||
from ansible.module_utils._text import to_text
|
||||
|
||||
from gridfire import getpass
|
||||
|
||||
ROLE="proxy"
|
||||
# Used for determining if the system is running a new enough python version
|
||||
# and should only restrict on our documented minimum versions
|
||||
_PY3_MIN = sys.version_info[:2] >= (3, 5)
|
||||
_PY2_MIN = (2, 6) <= sys.version_info[:2] < (3,)
|
||||
_PY_MIN = _PY3_MIN or _PY2_MIN
|
||||
if not _PY_MIN:
|
||||
raise SystemExit('ERROR: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: %s' % ''.join(sys.version.splitlines()))
|
||||
|
||||
|
||||
class LastResort(object):
|
||||
# OUTPUT OF LAST RESORT
|
||||
def display(self, msg, log_only=None):
|
||||
print(msg, file=sys.stderr)
|
||||
|
||||
def error(self, msg, wrap_text=None):
|
||||
print(msg, file=sys.stderr)
|
||||
|
||||
def prompt(self, msg, private=True):
|
||||
return getpass(msg)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
display = LastResort()
|
||||
|
||||
try: # bad ANSIBLE_CONFIG or config options can force ugly stacktrace
|
||||
import ansible.constants as C
|
||||
from ansible.utils.display import Display
|
||||
except AnsibleOptionsError as e:
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
sys.exit(5)
|
||||
|
||||
_Display = Display
|
||||
class MyDisplay(_Display):
|
||||
name = 'getpass'
|
||||
def prompt(self, prompt, private=True):
|
||||
return getpass(prompt)
|
||||
|
||||
Display = MyDisplay
|
||||
display = MyDisplay()
|
||||
from ansible.parsing import vault
|
||||
vault.display = display
|
||||
|
||||
cli = None
|
||||
me = os.path.basename(sys.argv[0])
|
||||
|
||||
try:
|
||||
display.v("starting run")
|
||||
|
||||
sub = None
|
||||
target = me.split('-')
|
||||
if target[-1][0].isdigit():
|
||||
# Remove any version or python version info as downstreams
|
||||
# sometimes add that
|
||||
target = target[:-1]
|
||||
|
||||
if len(target) > 1:
|
||||
sub = target[1]
|
||||
myclass = "%sCLI" % sub.capitalize()
|
||||
elif target[0] == 'ansible':
|
||||
sub = 'adhoc'
|
||||
myclass = 'AdHocCLI'
|
||||
else:
|
||||
raise AnsibleError("Unknown Ansible alias: %s" % me)
|
||||
|
||||
try:
|
||||
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
|
||||
except ImportError as e:
|
||||
# ImportError members have changed in py3
|
||||
if 'msg' in dir(e):
|
||||
msg = e.msg
|
||||
else:
|
||||
msg = e.message
|
||||
if msg.endswith(' %s' % sub):
|
||||
raise AnsibleError("Ansible sub-program not implemented: %s" % me)
|
||||
raise
|
||||
|
||||
mycli.display = display
|
||||
try:
|
||||
args = [to_text(a, errors='surrogate_or_strict') for a in sys.argv]
|
||||
except UnicodeError:
|
||||
display.error('Command line args are not in utf-8, unable to continue. Ansible currently only understands utf-8')
|
||||
display.display(u"The full traceback was:\n\n%s" % to_text(traceback.format_exc()))
|
||||
exit_code = 6
|
||||
else:
|
||||
cli = mycli(args)
|
||||
cli.parse()
|
||||
cli.display = display
|
||||
# import pdb; pdb.set_trace()
|
||||
exit_code = cli.run()
|
||||
|
||||
except AnsibleOptionsError as e:
|
||||
cli.parser.print_help()
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
exit_code = 5
|
||||
except AnsibleParserError as e:
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
exit_code = 4
|
||||
# TQM takes care of these, but leaving comment to reserve the exit codes
|
||||
# except AnsibleHostUnreachable as e:
|
||||
# display.error(str(e))
|
||||
# exit_code = 3
|
||||
# except AnsibleHostFailed as e:
|
||||
# display.error(str(e))
|
||||
# exit_code = 2
|
||||
except AnsibleError as e:
|
||||
display.error(to_text(e), wrap_text=False)
|
||||
exit_code = 1
|
||||
except KeyboardInterrupt:
|
||||
display.error("User interrupted execution")
|
||||
exit_code = 99
|
||||
except Exception as e:
|
||||
if C.DEFAULT_DEBUG:
|
||||
# Show raw stacktraces in debug mode, It also allow pdb to
|
||||
# enter post mortem mode.
|
||||
raise
|
||||
have_cli_options = bool(context.CLIARGS)
|
||||
display.error("Unexpected Exception, this is probably a bug: %s" % to_text(e), wrap_text=False)
|
||||
if not have_cli_options or have_cli_options and context.CLIARGS['verbosity'] > 2:
|
||||
log_only = False
|
||||
if hasattr(e, 'orig_exc'):
|
||||
display.vvv('\nexception type: %s' % to_text(type(e.orig_exc)))
|
||||
why = to_text(e.orig_exc)
|
||||
if to_text(e) != why:
|
||||
display.vvv('\noriginal msg: %s' % why)
|
||||
else:
|
||||
display.display("to see the full traceback, use -vvv")
|
||||
log_only = True
|
||||
display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
|
||||
exit_code = 250
|
||||
finally:
|
||||
# Remove ansible tmpdir
|
||||
shutil.rmtree(C.DEFAULT_LOCAL_TMP, True)
|
||||
|
||||
sys.exit(exit_code)
|
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
COMMAND=$1
|
||||
shift
|
||||
RARGS="--pw-stdin"
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
exec $PREFIX/bin/gridfire -H "keepassxc-cli.sh $tail" -- \
|
||||
keepassxc-cli.sh $COMMAND $RARGS "$@"
|
@ -0,0 +1,20 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
LARGS="--bg"
|
||||
LARGS=""
|
||||
RARGS="--pw-stdin"
|
||||
INFO $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
|
||||
keepassxc $RARGS "$@"
|
||||
exec $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
|
||||
keepassxc $RARGS "$@"
|
@ -0,0 +1,58 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
echo USAGE: $0 [options]
|
||||
cat << EOF
|
||||
USAGE:
|
||||
--password PASSWORD Database password.
|
||||
--password-command PW_CMD
|
||||
Password will be obtained from the output of this
|
||||
command.
|
||||
--keyfile KEYFILE Key file for unlocking database.
|
||||
--pinentry PINENTRY Command used to run pinentry.
|
||||
-c COMMAND, --command COMMAND
|
||||
Command to execute. If command arguments contain
|
||||
spaces, they must be enclosed in double quotes. With
|
||||
this switch, kpsh will be started in non-interactive
|
||||
mode. A list of available commands can be found by
|
||||
running 'kpsh -c help':
|
||||
{open,unlock,lock,db,ls,show,add,edit,delete,move,autotype,exit,echo,sleep,help}
|
||||
open Change currently opened database.
|
||||
unlock Unlock currently opened database.
|
||||
lock Lock a database.
|
||||
db Query opened database info.
|
||||
ls List contents of database.
|
||||
show Show contents of entry.
|
||||
add Add a new entry if it doesn't exist yet.
|
||||
edit Edit existing entry
|
||||
delete Delete entry from database
|
||||
move Move entry to the new path.
|
||||
autotype Auto-type sequence of entry fields.
|
||||
exit Exit shell.
|
||||
echo Display a message.
|
||||
sleep Sleep for a given number of seconds.
|
||||
|
||||
--prompt PROMPT Text used by shell for prompt.
|
||||
-d, --daemon Start as a daemon listening on a socket given by
|
||||
--socket-path
|
||||
-s SOCKET_PATH, --socket-path SOCKET_PATH
|
||||
Path to the socket which will be created in daemon
|
||||
mode (default: /tmp/kpsh-$UID.sock).
|
||||
|
||||
USAGE: $0 -- kpsh-args
|
||||
`basename $0` arguments go before the -- kpsh args go after
|
||||
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# FixMe: nonewline
|
||||
exec $PREFIX/bin/gridfire -H "kpsh password on stdin" --stdin -- \
|
||||
kpsh "$@"
|
187
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_openssl.bash
Executable file
187
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_openssl.bash
Executable file
@ -0,0 +1,187 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
COMMANDS=(
|
||||
asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec
|
||||
ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp
|
||||
passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req
|
||||
rsa rsautl s_client s_server s_time sess_id smime speed spkac srp
|
||||
storeutl ts verify version x509 dgst enc
|
||||
)
|
||||
# for elt in ${COMMANDS[*]}; do echo INFO: openssl $elt;openssl $elt -help;done
|
||||
|
||||
usage () {
|
||||
echo "USAGE: recognized commands are - ${PASSIN_COMMANDS[*]} ${PASSOUT_COMMANDS[*]} ${PASS_COMMANDS[*]}"
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
if [ "$#" -eq 0 ] || [ "$1" = '--help' ] || [ "$1" = '-h' ] ; then
|
||||
echo USAGE: $0 command [options]
|
||||
cat << EOF
|
||||
Recognized commands:
|
||||
|
||||
-passin commands: -passin pass:stdin
|
||||
ca \
|
||||
-passin val Input file pass phrase source
|
||||
cms
|
||||
-pwri_password val (No additional info)
|
||||
-passin val Input file pass phrase source
|
||||
dgst
|
||||
-passin val Input file pass phrase source
|
||||
pkeyutl
|
||||
-passin val Input file pass phrase source
|
||||
rsautl
|
||||
-passin val Input file pass phrase source
|
||||
smime
|
||||
-passin val Input file pass phrase source
|
||||
spkac
|
||||
-passin val Input file pass phrase source
|
||||
storeutl
|
||||
-passin val Input file pass phrase source
|
||||
ts
|
||||
-passin val Input file pass phrase source
|
||||
x509
|
||||
-passin val Private key password/pass-phrase source
|
||||
dgst
|
||||
-passin val Input file pass phrase source
|
||||
|
||||
-passout commands: -passout pass:stdin
|
||||
gendsa
|
||||
-passout val Output file pass phrase source
|
||||
genrsa
|
||||
-passout val Output file pass phrase source
|
||||
|
||||
-pass commands: -pass pass:stdin
|
||||
enc
|
||||
-pass val Passphrase source
|
||||
genpkey
|
||||
-pass val Output file pass phrase source
|
||||
|
||||
Options:
|
||||
pass:stdin
|
||||
pass:fd0
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
COMMAND=$1
|
||||
|
||||
# FixMe: make sure command is first
|
||||
if [ $COMMAND = '-help' ] || [ $COMMAND = '--help' ] ; then
|
||||
usage
|
||||
echo "USAGE: all openssl commands are - ${COMMANDS[*]}"
|
||||
exit 0
|
||||
fi
|
||||
if [ "${COMMAND:0:1}" = "-" ] ; then
|
||||
echo "USAGE: command args - command must precede args"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case $COMMAND in \
|
||||
# PASSIN_COMMANDS=(
|
||||
ca \
|
||||
| cms \
|
||||
| dgst \
|
||||
| pkeyutl \
|
||||
| rsautl \
|
||||
| smime \
|
||||
| spkac \
|
||||
| storeutl \
|
||||
| ts \
|
||||
| x509 \
|
||||
| dgst \
|
||||
) # FixMe: check if already there
|
||||
LARGS="-passin pass:stdin"
|
||||
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
|
||||
;;
|
||||
|
||||
# PASSOUT_COMMANDS=(
|
||||
gendsa \
|
||||
| genrsa \
|
||||
) # FixMe: check if already there
|
||||
LARGS="-passout pass:stdin"
|
||||
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
|
||||
;;
|
||||
|
||||
# PASS_COMMANDS=( \
|
||||
enc \
|
||||
| genpkey \
|
||||
) # FixMe: check if already there
|
||||
LARGS="-pass pass:stdin"
|
||||
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
|
||||
;;
|
||||
|
||||
# PASSNOV_COMMANDS=( \
|
||||
passwd \
|
||||
| '-in infile Read passwords from file' \
|
||||
| '-noverify Never verify when reading password from terminal' \
|
||||
| '-stdin Read passwords from stdin' \
|
||||
) # FixMe: check if already there
|
||||
#? conflicts with -in?
|
||||
LARGS=" -noverify -stdin"
|
||||
bash $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
|
||||
;;
|
||||
|
||||
# PASSINOUT_COMMANDS=( \
|
||||
pkcs8 \
|
||||
| '-passin val Input file pass phrase source' \
|
||||
| '-passout val Output file pass phrase source' \
|
||||
| pkey \
|
||||
| '-passin val Input file pass phrase source' \
|
||||
| '-passout val Output file pass phrase source' \
|
||||
| rsa \
|
||||
| '-passout val Output file pass phrase source' \
|
||||
| '-passin val Input file pass phrase source' \
|
||||
| srp \
|
||||
| '-passin val Input file pass phrase source' \
|
||||
| '-passout val Output file pass phrase source' \
|
||||
) # FixMe: check if already there
|
||||
# FixMe: fd:
|
||||
LARGS="--passin"
|
||||
passin=`sh $PREFIX/bin/gridfire -H "openssl $LARGS" `
|
||||
LARGS="-passin pass:$passin -passout pass:stdin"
|
||||
bash $PREFIX/bin/gridfire -H "openssl -passout pass:stdin" -- openssl $LARGS "$@" || exit $?
|
||||
|
||||
esac
|
||||
exit 0
|
||||
|
||||
# PASSDPASS_COMMANDS=( \
|
||||
s_server \
|
||||
# -pass val Private key file pass phrase source \
|
||||
# -dpass val Second private key file pass phrase source \
|
||||
) # FixMe: check if already there
|
||||
# FixMe: fd:
|
||||
pass=`sh $PREFIX/bin/gridfire.sh`
|
||||
LARGS="-pass pass:$pass -dpass pass:stdin"
|
||||
bash $PREFIX/bin/gridfire -- openssl $LARGS "$@" || exit $?
|
||||
|
||||
;; # PASSKPASS_COMMANDS=( \
|
||||
enc \
|
||||
# -pass val Passphrase source \
|
||||
# -kfile infile Read passphrase from file \
|
||||
) # FixMe: check if already there
|
||||
# FixMe: fd:
|
||||
#?pass=`sh $PREFIX/bin/gridfire.sh`
|
||||
#?LARGS="-pass pass:$pass -dpass pass:stdin"
|
||||
LARGS="-pass pass:stdin"
|
||||
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
|
||||
|
||||
;; # PASSINOUTWORD_COMMANDS=( \ \
|
||||
pkcs12 \
|
||||
# -twopass Separate MAC, encryption passwords \
|
||||
# -passin val Input file pass phrase source \
|
||||
# -passout val Output file pass phrase source \
|
||||
# -password val Set import/export password source \
|
||||
) # FixMe: check if already there
|
||||
|
||||
|
||||
# FixMe: pass: prefix
|
||||
$PREFIX/bin/gridfire -H "-passin pass:" --single "passin" -- sh $PREFIX/bin/gridfire -H "-passout stdin" -- openssl "$@" || exit $?
|
||||
esac
|
@ -0,0 +1,27 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
echo USAGE: $0 [options]
|
||||
cat << EOF
|
||||
usage: secret-tool store --label='label' attribute value ...
|
||||
secret-tool lookup attribute value ...
|
||||
secret-tool clear attribute value ...
|
||||
secret-tool search [--all] [--unlock] attribute value ...
|
||||
|
||||
USAGE: $0 -- secret-tool-args
|
||||
`basename $0` arguments go before the -- secret-tool args go after
|
||||
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# FixMe: nonewline
|
||||
exec $PREFIX/bin/gridfire -H "secret-tool password on stdin" --stdin -- \
|
||||
secret-tool "$@"
|
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
#? --pinentry-mode loopback
|
||||
|
||||
exec $PREFIX/bin/gridfire -H "staticgpg --passphrase-fd 0" -- \
|
||||
staticgpg --passphrase-fd 0 "$@"
|
104
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_tomb.bash
Executable file
104
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_tomb.bash
Executable file
@ -0,0 +1,104 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
PYVER=3
|
||||
EXE=/var/local/bin/tomb.bash
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
|
||||
# ~/.local/share/python_keyring
|
||||
|
||||
# what goes on stdin - the passwd to the keyfile with the keyfile as an arg?
|
||||
# or open the keyfile?
|
||||
# passwd from gridfire or from keepass
|
||||
|
||||
usage() {
|
||||
echo "Syntax: tomb [options] command [arguments]"
|
||||
echo
|
||||
echo " // Creation:"
|
||||
echo " dig create a new empty TOMB file of size -s in MiB"
|
||||
echo " forge create a new KEY file and set its password"
|
||||
echo " lock installs a lock on a TOMB to use it with KEY"
|
||||
echo
|
||||
echo " // Operations on tombs:"
|
||||
echo " open open an existing TOMB (-k KEY file or - for stdin)"
|
||||
echo " index update the search indexes of tombs"
|
||||
echo " search looks for filenames matching text patterns"
|
||||
echo " list list of open TOMBs and information on them"
|
||||
echo " ps list of running processes inside open TOMBs"
|
||||
echo " close close a specific TOMB (or 'all')"
|
||||
echo " slam slam a TOMB killing all programs using it"
|
||||
[[ $RESIZER == 1 ]] && {
|
||||
echo " resize resize a TOMB to a new size -s (can only grow)"
|
||||
}
|
||||
echo
|
||||
echo " // Operations on keys:"
|
||||
echo " passwd change the password of a KEY (needs old pass)"
|
||||
echo " setkey change the KEY locking a TOMB (needs old key and pass)"
|
||||
echo
|
||||
[[ $QRENCODE == 1 ]] && {
|
||||
echo " // Backup on paper:"
|
||||
echo " engrave makes a QR code of a KEY to be saved on paper"
|
||||
echo
|
||||
}
|
||||
[[ $STEGHIDE == 1 || $CLOAKIFY == 1 || $DECLOAKIFY == 1 ]] && {
|
||||
echo " // Steganography:"
|
||||
[[ $STEGHIDE == 1 ]] && {
|
||||
echo " bury hide a KEY inside a JPEG image (for use with -k)"
|
||||
echo " exhume extract a KEY from a JPEG image (prints to stdout)"
|
||||
}
|
||||
[[ $CLOAKIFY == 1 ]] && {
|
||||
echo " cloak transform a KEY into TEXT using CIPHER (for use with -k)"
|
||||
}
|
||||
[[ $DECLOAKIFY == 1 ]] && {
|
||||
echo " uncloak extract a KEY from a TEXT using CIPHER (prints to stdout)"
|
||||
}
|
||||
echo
|
||||
}
|
||||
echo "Options:"
|
||||
echo
|
||||
echo " -s size of the tomb file when creating/resizing one (in MiB)"
|
||||
echo " -k path to the key to be used ('-k -' to read from stdin)"
|
||||
echo " -n don't launch the execution hooks found in tomb"
|
||||
echo " -p preserve the ownership of all files in tomb"
|
||||
echo " -o options passed to commands: open, lock, forge (see man)"
|
||||
echo " -f force operation (i.e. even if swap is active)"
|
||||
echo " -g use a GnuPG key to encrypt a tomb key"
|
||||
echo " -r provide GnuPG recipients (separated by comma)"
|
||||
echo " -R provide GnuPG hidden recipients (separated by comma)"
|
||||
|
||||
[[ $SPHINX == 1 ]] && {
|
||||
echo " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
|
||||
echo " --sphx-host host associated with the key (for use with pitchforkedsphinx)"
|
||||
}
|
||||
|
||||
[[ $KDF == 1 ]] && {
|
||||
echo " --kdf forge keys armored against dictionary attacks"
|
||||
}
|
||||
|
||||
echo
|
||||
echo " -q run quietly without printing informations"
|
||||
echo " -D print debugging information at runtime"
|
||||
}
|
||||
|
||||
# FixMe: make sure command is first
|
||||
if [ "$#" -eq 0 ] || [ "$1" = '--help' -o "$1" = 'help' ] ; then
|
||||
# usage
|
||||
# exit 0
|
||||
:
|
||||
fi
|
||||
|
||||
LARGS="-H \"tomb $tail\""
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
if [[ "$*" =~ "-- " ]];then
|
||||
RARGS=`echo $*|sed -e "s/-- /-- $EXE/"`
|
||||
exec $PREFIX/bin/gridfire $LARGS $RARGS
|
||||
else
|
||||
exec $PREFIX/bin/gridfire $LARGS -- $EXE "$@"
|
||||
fi
|
||||
|
@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
usage () {
|
||||
echo USAGE: $0 [options]
|
||||
cat << EOF
|
||||
USAGE: $0 [--arg password ] -- truecrypt-args
|
||||
`basename $0` arguments go before the -- truecrypt args go after
|
||||
MINIMUM of 2 args for truecrypt
|
||||
EOF
|
||||
exit 1
|
||||
}
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
usage
|
||||
fi
|
||||
if [ "$#" -lt 2 ] ; then
|
||||
usage
|
||||
fi
|
||||
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
RARGS="--non-interactive"
|
||||
exec $PREFIX/bin/gridfire --double password -E -B -H "truecrypt-console $tail" -- \
|
||||
$PREFIX/bin/truecrypt-console.sh $RARGS "$@"
|
||||
|
||||
# FixMe: --new-password=<str> New password
|
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
echo USAGE: $0 [options]
|
||||
cat << EOF
|
||||
USAGE: $0 [--arg password ] -- truecrypt-args
|
||||
`basename $0` arguments go before the -- truecrypt args go after
|
||||
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
exec $PREFIX/bin/gridfire -E --double password -H "truecrypt $tail" -- \
|
||||
$PREFIX/bin/truecrypt.sh "$@"
|
||||
|
||||
# FixMe: --new-password=<str> New password
|
@ -0,0 +1,37 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
usage () {
|
||||
echo USAGE: $0 [options]
|
||||
cat << EOF
|
||||
USAGE: $0 [--arg password ] -- veracrypt-args
|
||||
`basename $0` arguments go before the -- veracrypt args go after
|
||||
MINIMUM of 2 args for veracrypt
|
||||
EOF
|
||||
exit 1
|
||||
}
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
if [ "$#" -lt 2 ] ; then
|
||||
usage
|
||||
fi
|
||||
|
||||
RARGS="--stdin --non-interactive"
|
||||
[[ "$*" =~ "--stdin" ]] || [[ $RARGS =~ "--stdin" ]] || LARGS="--stdin $LARGS"
|
||||
#no [[ "$*" =~ "--create" ]] && LARGS="--repeat $LARGS"
|
||||
#no [[ "$*" =~ "--new-password=" ]] && LARGS="--repeat $LARGS"
|
||||
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
$PREFIX/bin/gridfire $LARGS -H "veracrypt-console $tail" -- \
|
||||
$PREFIX/bin/veracrypt-console.sh $RARGS "$@"
|
||||
|
||||
# FixMe: --new-password=<str> New password
|
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
exec $PREFIX/bin/gridfire -H "veracrypt $tail" -- \
|
||||
$PREFIX/bin/veracrypt.sh $RARGS "$@"
|
||||
|
||||
# FixMe: --new-password=<str> New password
|
97
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.bash
Executable file
97
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.bash
Executable file
@ -0,0 +1,97 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
root=KeeC
|
||||
DEBUG=1
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
EXE=/var/local/bin/keepassxc-cli.bash
|
||||
|
||||
#? mayaybe not
|
||||
if [ "$#" -eq 0 -o "$1" = '--help' ] ; then
|
||||
echo USAGE: $0 command [options]
|
||||
cat << EOF
|
||||
Available commands:
|
||||
analyze Analyze passwords for weaknesses and problems.
|
||||
clip Copy an entry's attribute to the clipboard.
|
||||
close Close the currently opened database.
|
||||
db-create Create a new database.
|
||||
db-info Show a database's information.
|
||||
diceware Generate a new random diceware passphrase.
|
||||
edit Edit an entry.
|
||||
estimate Estimate the entropy of a password.
|
||||
export Exports the content of a database to standard output in the specified format.
|
||||
generate Generate a new random password.
|
||||
help Display command help.
|
||||
import Import the contents of an XML database.
|
||||
locate Find entries quickly.
|
||||
ls List database entries.
|
||||
merge Merge two databases.
|
||||
mkdir Adds a new group to a database.
|
||||
mv Moves an entry to a new group.
|
||||
open Open a database.
|
||||
rm Remove an entry from the database.
|
||||
rmdir Removes a group from a database.
|
||||
show Show an entry's information.
|
||||
|
||||
Options:
|
||||
-k, --key-file <path> Key file of the database.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# [[ "$*" =~ "--pw-stdin" ]] || [[ $LARGS =~ "--pw-stdin" ]] || LARGS="--pw-stdin $LARGS"
|
||||
|
||||
if [[ "$*" =~ "db-create" ]] ; then
|
||||
[[ "$*" =~ "--decryption-time" ]] || [[ $RARGS =~ "--decryption-time" ]] || RARGS="--decryption-time=1000 $RARGS"
|
||||
# not =''
|
||||
# [[ "$*" =~ "-k" ]] || [[ $RARGS =~ "-k" ]] || RARGS="-k '' $RARGS"
|
||||
|
||||
[ -x $EXE ] || PANIC file not found $EXE
|
||||
DBUG $EXE $LARGS $RARGS "$@" >> /tmp/${root}$$.log
|
||||
password=$(cat)
|
||||
/usr/bin/expect << EOF
|
||||
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set ROLE gpgkey
|
||||
set PREFIX /usr/local
|
||||
|
||||
set timeout 30
|
||||
|
||||
spawn -noecho $EXE $LARGS $RARGS "$@"
|
||||
log_user 0
|
||||
|
||||
expect "Enter password to encrypt database (optional):"
|
||||
send "$password\n"
|
||||
expect "Repeat password:"
|
||||
send "$password\n"
|
||||
|
||||
expect -re .+ {
|
||||
exp_continue
|
||||
} timeout {
|
||||
exit 1
|
||||
} eof {
|
||||
exit 0
|
||||
}
|
||||
EOF
|
||||
retval=$?
|
||||
DBUG see /tmp/${root}$$.log
|
||||
exit $retval
|
||||
fi
|
||||
|
||||
DEBUG=1
|
||||
DEBUG $EXE $LARGS $RARGS "$@" >> /tmp/${root}$$.log
|
||||
$EXE $LARGS $RARGS "$@" 2>/tmp/${root}$$.err >>/tmp/${root}$$.log
|
||||
retval=$?
|
||||
if [ $retval -eq 0 ] ; then
|
||||
INFO see /tmp/${root}$$.log
|
||||
cat /tmp/${root}$$.log
|
||||
else
|
||||
WARN see /tmp/${root}$$.err /tmp/${root}$$.log
|
||||
cat /tmp/${root}$$.err
|
||||
fi
|
||||
exit $retval
|
@ -0,0 +1,26 @@
|
||||
#!/usr/bin/expect --
|
||||
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set ROLE gpgkey
|
||||
set PREFIX /usr/local
|
||||
|
||||
set timeout 30
|
||||
|
||||
spawn /g/Gpgkey/net/Http/github.com/keepassxreboot/keepassxc/releases/download/2.6.6/KeePassXC-2.6.6-x86_64.AppImage cli db-create -p -k /dev/shm/mausPh4.key /dev/shm/mausA3d_h0.kdbx
|
||||
|
||||
expect "Enter password to encrypt database (optional):*"
|
||||
send_user "AA\n"
|
||||
send "AA\n"
|
||||
expect "Repeat password:*"
|
||||
send_user "AA\n"
|
||||
send "AA\n"
|
||||
|
||||
expect -re .+ {
|
||||
exp_continue
|
||||
} timeout {
|
||||
exit 1
|
||||
} eof {
|
||||
exit 0
|
||||
}
|
||||
|
||||
# expect -r .+ {send "\r"}
|
@ -0,0 +1,15 @@
|
||||
=== db-create ===
|
||||
|
||||
Usage: keepassxc-cli db-create [options] database
|
||||
Create a new database.
|
||||
|
||||
Options:
|
||||
-q, --quiet Silence password prompt and other secondary
|
||||
outputs.
|
||||
-k, --set-key-file <path> Set the key file for the database.
|
||||
-p, --set-password Set a password for the database.
|
||||
-t, --decryption-time <time> Target decryption time in MS for the database.
|
||||
-h, --help Display this help.
|
||||
|
||||
Arguments:
|
||||
database Path of the database.
|
@ -0,0 +1,34 @@
|
||||
INFO: /g/Gpgkey/net/Http/github.com/keepassxreboot/keepassxc/releases/download/2.6.6/KeePassXC-2.6.6-x86_64.AppImage --help
|
||||
Usage: keepassxc [options] [filename(s)]
|
||||
KeePassXC - cross-platform password manager
|
||||
|
||||
Options:
|
||||
-h, --help Displays help on commandline options.
|
||||
--help-all Displays help including Qt specific options.
|
||||
-v, --version Displays version information.
|
||||
--config <config> path to a custom config file
|
||||
--localconfig <localconfig> path to a custom local config file
|
||||
--lock lock all open databases
|
||||
--keyfile <keyfile> key file of the database
|
||||
--pw-stdin read password of the database from stdin
|
||||
--debug-info Displays debugging information.
|
||||
|
||||
Arguments:
|
||||
filename(s) filenames of the password databases to open
|
||||
(*.kdbx)
|
||||
|
||||
=== db-create ===
|
||||
|
||||
Usage: keepassxc-cli db-create [options] database
|
||||
Create a new database.
|
||||
|
||||
Options:
|
||||
-q, --quiet Silence password prompt and other secondary
|
||||
outputs.
|
||||
-k, --set-key-file <path> Set the key file for the database.
|
||||
-p, --set-password Set a password for the database.
|
||||
-t, --decryption-time <time> Target decryption time in MS for the database.
|
||||
-h, --help Display this help.
|
||||
|
||||
Arguments:
|
||||
database Path of the database.
|
15
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keyring_gridfire.bash
Executable file
15
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keyring_gridfire.bash
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
PYVER=3
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
|
||||
# ~/.local/share/python_keyring
|
||||
|
||||
exec python$PYVER.sh `which keyring` -p /usr/local/bin/gridfire -b gridfire "$@"
|
13
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/pinentry3.bash
Executable file
13
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/pinentry3.bash
Executable file
@ -0,0 +1,13 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
root=KeeC
|
||||
DEBUG=1
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
exec /usr/local/bin/python3.sh /usr/local/bin/pinentry_.py "$@"
|
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
[ -f $PREFIX/bin/gridfire.rc ] && . $PREFIX/bin/gridfire.rc
|
||||
|
||||
[ -e /run ] || exit 1
|
||||
|
||||
cd $PREFIX/src/gridfire || exit 3
|
||||
|
||||
export PYTHONPATH=$PREFIX/src/gridfire/pyassuan:$PREFIX/src/gridfire:$PWD
|
||||
|
||||
exec $PREFIX/bin/python3.sh bin/pinentry_gridfire.py "$@"
|
302
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/pinentry_gridfire.py
Executable file
302
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/pinentry_gridfire.py
Executable file
@ -0,0 +1,302 @@
|
||||
#!/usr/bin/env python3
|
||||
# -*- mode: python; py-indent-offset: 4; indent-tabs-mode: nil; coding: utf-8 -*-
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
#? from future import *
|
||||
|
||||
import sys
|
||||
import os
|
||||
import socket
|
||||
import stat
|
||||
import logging
|
||||
import argparse
|
||||
import traceback
|
||||
|
||||
ROLE="proxy"
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
# we want to use our version for now
|
||||
sGDir = os.path.dirname(os.path.dirname(__file__))
|
||||
if sGDir not in sys.path:
|
||||
sys.path.insert(0, sGDir)
|
||||
#print('\n'.join(sys.path))
|
||||
from gridfire import getpass
|
||||
|
||||
sDir=os.path.join(sGDir, 'keepassxc_cmd2')
|
||||
if sDir not in sys.path: sys.path.insert(0, sDir)
|
||||
try:
|
||||
from keepassxc_cmd2.cmd2_ansi import *
|
||||
except Exception:
|
||||
def green(s): return s
|
||||
def info(s): print(green(s))
|
||||
def red(s): return s
|
||||
def error(s): print(red(s))
|
||||
def yellow(s): return s
|
||||
def warn(s): print(yellow(s))
|
||||
def blue(s): return s
|
||||
def debug(s): print(blue(s))
|
||||
ansi = None
|
||||
del sGDir
|
||||
|
||||
# installed by Makefile install::
|
||||
sDir=os.path.join('/usr/local/lib/python3.8', 'site-packages')
|
||||
if sDir not in sys.path: sys.path.insert(0, sDir)
|
||||
try:
|
||||
from pyassuan import common as _common
|
||||
from pyassuan import error as _error
|
||||
except:
|
||||
sys.stderr.write('\n'.join(sys.path)+'\n')
|
||||
raise
|
||||
del sDir
|
||||
|
||||
LOCALE="en_US.UTF-8"
|
||||
NAME='pinentry_gridfire'
|
||||
HOST='127.0.0.1'
|
||||
PORT=6666
|
||||
INET_SOCKET=False
|
||||
RUN='/run/user/{}/'.format(os.geteuid()) +NAME +'.{}'.format(os.getpid())
|
||||
|
||||
VALID_OPTIONS = (
|
||||
#? 'grab',
|
||||
'ttyname', # + os.environ['GPG_TTY']
|
||||
# 'ttytype', # xterm
|
||||
'lc-ctype', # " +LOCALE
|
||||
'lc-messages', # en_US.UTF-8
|
||||
# 'allow-external-password-cache',
|
||||
# 'default-ok', # _OK
|
||||
# 'default-cancel', # _Cancel
|
||||
# 'default-yes', # _Yes
|
||||
# 'default-no', # _No
|
||||
'default-prompt', # 'Passphrase:'
|
||||
# 'default-pwmngr', # _Save in password manager
|
||||
'default-cf-visi', # Do you really want to make your passphrase visible on the screen?
|
||||
'default-tt-visi', # Make passphrase visible
|
||||
'default-tt-hide', # Hide passphrase
|
||||
)
|
||||
VALID_COMMANDS = ('GETINFO', 'OPTION', 'BYE', 'QUIT', 'HELP',)
|
||||
LOG_FILE = '/tmp/pinentry{}.log'.format(os.getpid())
|
||||
|
||||
# from pyassuan import server # AssuanServer , AssuanSocketServer
|
||||
print('from pyassuan.server import AssuanServer , AssuanSocketServer')
|
||||
from pyassuan.server import AssuanServer , AssuanSocketServer
|
||||
class GridfireAssuanServer(AssuanServer):
|
||||
"""A single-threaded Assuan server based on the `development suggestions`_
|
||||
|
||||
Extend by subclassing and adding ``_handle_XXX`` methods for each
|
||||
command you want to handle.
|
||||
|
||||
.. _development suggestions:
|
||||
http://www.gnupg.org/documentation/manuals/assuan/Server-code.html
|
||||
"""
|
||||
valid_options = VALID_OPTIONS
|
||||
valid_commands = VALID_COMMANDS
|
||||
|
||||
def __init__(self, name, logger=LOG, use_sublogger=True,
|
||||
valid_options=VALID_OPTIONS, strict_options=True,
|
||||
single_request=False, listen_to_quit=False,
|
||||
close_on_disconnect=False, args=None):
|
||||
self.args = args
|
||||
AssuanServer.__init__(self, name, logger, use_sublogger,
|
||||
valid_options, strict_options,
|
||||
single_request, listen_to_quit,
|
||||
close_on_disconnect)
|
||||
|
||||
def reset(self):
|
||||
self.stop = False
|
||||
self.options.clear()
|
||||
|
||||
if self.args.ttyname:
|
||||
self.options['ttyname'] = self.args.ttyname
|
||||
elif 'GPG_TTY' in os.environ:
|
||||
self.options['ttyname'] = os.environ['GPG_TTY']
|
||||
else:
|
||||
self.options['ttyname'] = os.ttyname(sys.stdin.fileno())
|
||||
|
||||
if self.args.lc_messages:
|
||||
self.options['lc-messages'] = self.args.lc_messages
|
||||
elif 'LC_MESSAGES' in os.environ:
|
||||
self.options['lc-messages'] = os.environ['LC_MESSAGES']
|
||||
elif 'LANG' in os.environ:
|
||||
self.options['lc-ctype'] = os.environ['LANG']
|
||||
|
||||
if self.args.lc_ctype:
|
||||
self.options['lc-ctype'] = self.args.lc_ctype
|
||||
elif 'LC_CTYPE' in os.environ:
|
||||
self.options['lc-ctype'] = os.environ['LC_CTYPE']
|
||||
elif 'LANG' in os.environ:
|
||||
self.options['lc-ctype'] = os.environ['LANG']
|
||||
|
||||
if 'default-prompt' not in self.options:
|
||||
self.options['default-prompt'] = 'Passphrase:'
|
||||
|
||||
def run(self):
|
||||
self.reset()
|
||||
self.logger.info('running')
|
||||
self.connect()
|
||||
try:
|
||||
self.handle_requests()
|
||||
finally:
|
||||
self.logger.info('stopped running')
|
||||
self.disconnect()
|
||||
self.logger.info('stopping')
|
||||
|
||||
def init_options(self):
|
||||
#? if self.listen_to_quit is None: self.listen_to_quit = True
|
||||
if os.path.isfile(LOG_FILE):
|
||||
os.chmod(LOG_FILE, stat.S_IRUSR| stat.S_IWUSR)
|
||||
if os.path.exists(RUN):
|
||||
os.chmod(RUN, stat.S_IRUSR| stat.S_IWUSR)
|
||||
|
||||
def _handle_BYE(self, arg):
|
||||
if self.single_request:
|
||||
self.stop = True
|
||||
yield _common.Response('OK', 'bye connection')
|
||||
|
||||
def _handle_GETINFO(self, args):
|
||||
arg = args.split()[0]
|
||||
if arg.lower() == 'pid':
|
||||
yield _common.Response("D", '{}'.format(os.getpid()).encode('ascii'))
|
||||
yield _common.Response('OK', '')
|
||||
|
||||
def _handle_HELP(self, arg):
|
||||
s = 'COMMANDS: ' +' '.join(self.valid_commands)
|
||||
yield _common.Response("D", s.encode('ascii'))
|
||||
s = 'OPTIONS: ' +' '.join(self.valid_options)
|
||||
yield _common.Response("D", s.encode('ascii'))
|
||||
yield _common.Response('OK', '')
|
||||
|
||||
def _handle_QUIT(self, arg):
|
||||
if self.listen_to_quit:
|
||||
self.stop = True
|
||||
yield _common.Response('OK', 'quitting the server')
|
||||
else:
|
||||
raise _error.AssuanError(
|
||||
code=175, message='Unknown command (reserved)')
|
||||
|
||||
def _handle_GETPIN(self, arg):
|
||||
self.init_options()
|
||||
main_args = []
|
||||
if self.args.debug:
|
||||
main_args += ['--verbosity', "3"]
|
||||
else:
|
||||
main_args += ['--verbosity', "1"]
|
||||
main_args += ['--ttyalert', self.args.ttyalert]
|
||||
if 'default-tt-hide' in self.options:
|
||||
#? and self.options['default-tt-visi']
|
||||
main_args += ['-c']
|
||||
|
||||
#? spawn an xterm is DISPLAY is set?
|
||||
s = getpass(prompt=self.options['default-prompt'],
|
||||
stream=None,
|
||||
tty=self.options['ttyname'],
|
||||
main_args=main_args,
|
||||
)
|
||||
yield _common.Response('D', s.encode('ascii'))
|
||||
yield _common.Response('OK', '')
|
||||
|
||||
class GridfireAssuanSocketServer (AssuanSocketServer):
|
||||
"""A threaded server spawning ``AssuanServer``\s for each connection
|
||||
"""
|
||||
def __init__(self, name, socket, server_klass, kwargs={}, max_threads=10,
|
||||
logger=LOG, use_sublogger=True, args=None):
|
||||
self.args = args
|
||||
AssuanSocketServer.__init__(self, name, socket, server_klass, kwargs, max_threads,
|
||||
logger=logger, use_sublogger=use_sublogger)
|
||||
|
||||
def run(self):
|
||||
self.logger.info('listen on socket')
|
||||
self.socket.listen()
|
||||
thread_index = 0
|
||||
while True:
|
||||
self.logger.info('threads: ' +repr(self.threads))
|
||||
|
||||
socket,address = self.socket.accept()
|
||||
self.logger.info('connection from {}'.format(address))
|
||||
self.cleanup_threads()
|
||||
if len(self.threads) > self.max_threads:
|
||||
self.drop_connection(socket, address)
|
||||
self.spawn_thread(
|
||||
'server-thread-{}'.format(thread_index), socket, address)
|
||||
thread_index = (thread_index + 1) % self.max_threads
|
||||
|
||||
if 'single_request' in self.kwargs:
|
||||
self.logger.info('single_request: ' +repr(self.kwargs['single_request']))
|
||||
if self.kwargs['single_request']: break
|
||||
|
||||
def make_argparser():
|
||||
description='''pinentry_gridfire'''
|
||||
if INET_SOCKET:
|
||||
description += ' listening on {}:{}'.format(HOST, PORT)
|
||||
else:
|
||||
description += ' listening at {}'.format(RUN)
|
||||
|
||||
argparser = argparse.ArgumentParser(description=description, add_help=True)
|
||||
argparser.add_argument('-d', '--debug', action='store_true', help='Turn on debugging output')
|
||||
# argparser.add_argument('-D', '--display', default=None, help='Set the X display')
|
||||
argparser.add_argument('-T', '--ttyname', type=str, help='Set the terminal tty')
|
||||
# argparser.add_argument('-N', '--ttytype NAME', type=str, help='Set the tty terminal type')
|
||||
argparser.add_argument('-C', '--lc-ctype', type=str, help='Set the tty LC_CTYPE value')
|
||||
argparser.add_argument('-M', '--lc-messages', type=str, help='Set the tty LC_MESSAGES value')
|
||||
# argparser.add_argument('-o', '--timeout', type=int, help='Timeout in secs. waiting for input after this many seconds')
|
||||
# argparser.add_argument('-g', '--no-global-grab', action='store_true', help='Grab keyboard only while window is focused')
|
||||
# argparser.add_argument('-W', '--parent-wid', type=str, help='Parent window ID (for positioning)')
|
||||
# argparser.add_argument('-c', '--colors', type=str, help='Set custom colors for ncurses')
|
||||
argparser.add_argument('-a', '--ttyalert', type=str, default='none', choices=['none', 'beep', 'flash'],
|
||||
help='Set the alert mode (none, beep or flash)')
|
||||
return argparser
|
||||
|
||||
print( 'iMain '+repr(sys.argv))
|
||||
def iMain(sys_argv):
|
||||
argparser = make_argparser()
|
||||
args = argparser.parse_args(sys_argv)
|
||||
|
||||
# Show help and exit if help requested
|
||||
if hasattr(args, 'help') and args.help:
|
||||
argparser.print_help(sys.stdout)
|
||||
sys.exit(0)
|
||||
|
||||
if args.debug:
|
||||
LOG.setLevel(logging.INFO)
|
||||
else:
|
||||
LOG.setLevel(logging.WARN)
|
||||
LOG.addHandler(logging.StreamHandler())
|
||||
LOG.addHandler(logging.FileHandler(LOG_FILE))
|
||||
LOG.handlers[0].setFormatter(logging.Formatter('%(name)s: %(levelname)s: %(message)s'))
|
||||
|
||||
if INET_SOCKET:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.bind((HOST, PORT))
|
||||
else:
|
||||
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
sock.bind(RUN)
|
||||
|
||||
server_klass = GridfireAssuanServer # (NAME, logger=LOG)
|
||||
server_kwargs = dict(valid_options=server_klass.valid_options,
|
||||
single_request=True,
|
||||
close_on_disconnect=True,
|
||||
listen_to_quit=True,
|
||||
strict_options=True,
|
||||
args=args
|
||||
)
|
||||
i=0
|
||||
o = GridfireAssuanSocketServer(NAME, sock, server_klass, logger=LOG, kwargs=server_kwargs, args=args)
|
||||
o.run()
|
||||
return i
|
||||
|
||||
if __name__ == '__main__':
|
||||
LOG.info('INFO: Entering iMain sys.argv=' +str(repr(sys.argv)))
|
||||
try:
|
||||
i = iMain(sys.argv[1:])
|
||||
LOG.debug('DEBUG: Leaving iMain exit_code=' + str(i))
|
||||
except (KeyboardInterrupt, BrokenPipeError,) as e:
|
||||
i=0
|
||||
LOG.warn('WARN: Leaving iMain exit_code=0 ' + str(e))
|
||||
LOG.debug(traceback.format_exc())
|
||||
except (Exception,) as e:
|
||||
i=1
|
||||
LOG.error('ERROR: Leaving iMain exit_code=1 ' + str(e))
|
||||
LOG.debug(traceback.format_exc())
|
||||
finally:
|
||||
if not INET_SOCKET and os.path.exists(RUN):
|
||||
os.unlink(RUN)
|
||||
LOG.info('INFO: Leaving iMain exit_code=' +str(i))
|
||||
sys.exit(i)
|
@ -0,0 +1,45 @@
|
||||
# S:OK Your orders please
|
||||
OPTION grab
|
||||
# S:OK
|
||||
OPTION ttyname=/dev/tty3
|
||||
# S:OK
|
||||
OPTION ttytype=xterm
|
||||
# S:OK
|
||||
OPTION lc-ctype=en_US.UTF-8
|
||||
# S:OK
|
||||
OPTION lc-messages=en_US.UTF-8
|
||||
# S:OK
|
||||
OPTION allow-external-password-cache
|
||||
# S:OK
|
||||
OPTION default-ok=_OK
|
||||
# S:OK
|
||||
OPTION default-cancel=_Cancel
|
||||
# S:OK
|
||||
OPTION default-yes=_Yes
|
||||
# S:OK
|
||||
OPTION default-no=_No
|
||||
# S:OK
|
||||
OPTION default-prompt=PIN:
|
||||
# S:OK
|
||||
OPTION default-pwmngr=_Save in password manager
|
||||
# S:OK
|
||||
OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
|
||||
# S:OK
|
||||
OPTION default-tt-visi=Make passphrase visible
|
||||
# S:OK
|
||||
OPTION default-tt-hide=Hide passphrase
|
||||
# S:OK
|
||||
GETINFO pid
|
||||
# S:D 14309
|
||||
# S:OK
|
||||
SETKEYINFO u/S9464F2C2825D2FE3
|
||||
# S:OK
|
||||
SETDESC Enter passphrase%0A
|
||||
# S:OK
|
||||
SETPROMPT Passphrase
|
||||
# S:OK
|
||||
GETPIN
|
||||
# S:D testing!
|
||||
# S:OK
|
||||
BYE
|
||||
# S:OK closing connection
|
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
# DEBUG=1
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
|
||||
TTY=`tty`
|
||||
|
||||
PASS=`pyassuan_password.sh "$*" "pyassuan_keepassxc-cli"`
|
||||
retval=$?
|
||||
if [ $retval = 0 ] ; then
|
||||
ERROR retval=$retval
|
||||
exit $retval
|
||||
fi
|
||||
|
||||
|
||||
# No Gcr System Prompter available
|
||||
echo $PASS | keepassxc-cli.bash "$@" 2>/tmp/Pyakc$$.err
|
||||
retval=$?
|
||||
if [ $retval -eq 0 ] ; then
|
||||
rm -f /tmp/Pyakc$$.err
|
||||
else
|
||||
ERROR retval=$retval `cat /tmp/Pyakc$$.err` >&2
|
||||
fi
|
||||
|
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
# DEBUG=1
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
|
||||
TTY=`tty`
|
||||
|
||||
PASS=`pyassuan_password.sh "Password for pyassuan_keepassxc-cli" "pyassuan_keepassxc-cli"`
|
||||
echo $PASS | keepassxc-cli.bash "$@"
|
185
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/pyassuan_password.bash
Executable file
185
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/pyassuan_password.bash
Executable file
@ -0,0 +1,185 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
|
||||
[ -n "$GPG_TTY" ] && TTY=$GPG_TTY
|
||||
[ -x "$GPG_TTY" ] && TTY=`tty`
|
||||
|
||||
## _is_found
|
||||
_is_found() {
|
||||
# returns 0 if binary is found in path
|
||||
[[ -z $1 ]] && return 1
|
||||
command -v "$1" 1>/dev/null 2>/dev/null
|
||||
return $?
|
||||
}
|
||||
|
||||
# Synopsis: option_is_set -flag [out]
|
||||
#
|
||||
# First argument is the commandline flag (e.g., "-s").
|
||||
# If the second argument is present and set to 'out', print out the
|
||||
# result: either 'set' or 'unset' (useful for if conditions).
|
||||
#
|
||||
# Return 0 if is set, 1 otherwise
|
||||
## option_is_set
|
||||
option_is_set() {
|
||||
local -i r # the return code (0 = set, 1 = unset)
|
||||
|
||||
## [[ -n "${(k)OPTS[$1]}" ]];
|
||||
r=1
|
||||
return $r;
|
||||
}
|
||||
|
||||
## echo_assuan_getpin
|
||||
function echo_assuan_getpin() {
|
||||
# simply prints out commands for pinentry's stdin to activate the
|
||||
# password dialog
|
||||
cat << EOF
|
||||
OPTION ttyname=$TTY
|
||||
OPTION lc-ctype=$LANG
|
||||
SETTITLE $title
|
||||
SETDESC $description
|
||||
SETPROMPT Password:
|
||||
GETPIN
|
||||
EOF
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# Ask user for a password
|
||||
# Wraps around the pinentry command, from the GnuPG project, as it
|
||||
# provides better security and conveniently use the right toolkit.
|
||||
## ask_password
|
||||
ask_password() {
|
||||
|
||||
local description="$1"
|
||||
local title="${2:-Enter password.}"
|
||||
local output
|
||||
local password
|
||||
local gtkrc
|
||||
local theme
|
||||
local pass_asked
|
||||
|
||||
# Distributions have broken wrappers for pinentry: they do
|
||||
# implement fallback, but they disrupt the output somehow. We are
|
||||
# better off relying on less intermediaries, so we implement our
|
||||
# own fallback mechanisms. Pinentry supported: curses, gtk-2, qt4, qt5
|
||||
# and x11.
|
||||
|
||||
# make sure LANG is set, default to C
|
||||
export LANG=${LANG:-C}
|
||||
|
||||
DBUG "asking password with tty=$TTY lc-ctype=$LANG" >&2
|
||||
pass_asked=0
|
||||
|
||||
if false && [ -n "$TTY" ]; then
|
||||
DBUG "terminal detected" >&2
|
||||
if _is_found "gridfire"; then
|
||||
DBUG "gridfire"
|
||||
# SETTITLE $title SETDESC $description
|
||||
output=$(gridfire -H $title)
|
||||
pass_asked=1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ ! -z $WAYLAND_DISPLAY ]]; then
|
||||
DBUG "wayland display detected" >&2
|
||||
if _is_found "pinentry-gnome3" ; then
|
||||
DBUG "using pinentry-gnome3 on wayland" >&2
|
||||
output=$(echo_assuan_getpin | pinentry-gnome3|tr '[\n]' '@' )
|
||||
pass_asked=1
|
||||
fi
|
||||
fi
|
||||
if [[ ! -z $DISPLAY ]] && [[ $pass_asked == 0 ]]; then
|
||||
DBUG "X11 display detected" >&2
|
||||
if _is_found "pinentry-qt"; then
|
||||
DBUG "using pinentry-qt" >&2
|
||||
output=$(echo_assuan_getpin | pinentry-qt -a beep|tr '[\n]' '@' )
|
||||
pass_asked=1
|
||||
elif _is_found "pinentry-qt5"; then
|
||||
DBUG "using pinentry-qt5" >&2
|
||||
output=$(echo_assuan_getpin | pinentry-qt5 -a beep|tr '[\n]' '@' )
|
||||
pass_asked=1
|
||||
elif _is_found "pinentry-gtk-2"; then
|
||||
DBUG "using pinentry-gtk2" >&2
|
||||
output=$(echo_assuan_getpin | pinentry-gtk-2|tr '[\n]' '@' )
|
||||
pass_asked=1
|
||||
elif _is_found "pinentry-x11"; then
|
||||
DBUG "using pinentry-x11" >&2
|
||||
output=$(echo_assuan_getpin | pinentry-x11|tr '[\n]' '@' )
|
||||
pass_asked=1
|
||||
elif _is_found "pinentry-gnome3"; then
|
||||
DBUG "using pinentry-gnome3 on X11" >&2
|
||||
output=$(echo_assuan_getpin | pinentry-gnome3|tr '[\n]' '@' )
|
||||
pass_asked=1
|
||||
fi
|
||||
fi
|
||||
if [[ $pass_asked == 0 ]]; then
|
||||
DBUG "no display detected" >&2
|
||||
if _is_found "gridfire"; then
|
||||
DBUG "gridfire" >&2
|
||||
# SETTITLE $title SETDESC $description
|
||||
output=$(gridfire -H $title )
|
||||
elif _is_found "pinentry-curses"; then
|
||||
DBUG "using pinentry-curses with no display" >&2
|
||||
output=$(echo_assuan_getpin | pinentry-curses|tr '[\n]' '@' )
|
||||
pass_asked=1
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ $pass_asked == 0 ]] &&
|
||||
ERROR "Cannot find pinentry-curses or gridfire and no DISPLAY detected." >&2 && \
|
||||
return 3
|
||||
|
||||
|
||||
# parse the pinentry output
|
||||
local pinentry_error
|
||||
sed -e 's/@/\n/g' <<< ${output} | while read i ; do #? (f)
|
||||
[ -z "$i" ] && continue
|
||||
key="${i::2}" ; val="${i:2}";
|
||||
[[ $i =~ ^ERR ]] && {
|
||||
pinentry_error="${i:4}"
|
||||
WARN $pinentry_error >&2
|
||||
continue
|
||||
}
|
||||
# here the password is found
|
||||
if [ "$key" = "D " ] ; then
|
||||
password="$val"
|
||||
DBUG $i key="${key}" '#'val="${#val}" >&2
|
||||
DBUG Password is found >&2
|
||||
[ -z "$password" ] && {
|
||||
WARN "Empty password" >&2
|
||||
return 1
|
||||
}
|
||||
echo "$password"
|
||||
return 0
|
||||
|
||||
else
|
||||
DBUG $i key="${i::2}" val="${i:2}" >&2
|
||||
fi
|
||||
done
|
||||
|
||||
# if sphinx mode is chosen, use the provided input
|
||||
# as master password to retrieve the actual password
|
||||
# if option_is_set --sphx-user || option_is_set --sphx-host; then
|
||||
# password=$( sphinx_get_password "$password")
|
||||
# fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# INFO 0=$0
|
||||
if [ -x /usr/bin/basename ] && \
|
||||
[ $( basename -- "$0" .bash ) = $prog \
|
||||
-o $( basename -- "$0" .sh ) = $prog ] ; then
|
||||
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
|
||||
echo USAGE: $0 '[decription [title]]' && exit 0
|
||||
# echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//' && exit 0
|
||||
# [ $# -eq 0 ] && set --
|
||||
ask_password "$@"
|
||||
exit $?
|
||||
fi
|
@ -0,0 +1,85 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
ROLE=gpgkey
|
||||
base=TruC
|
||||
TMPDIR=/tmp
|
||||
EXE=/q/Pg64/TrueCrypt-7.1a/TrueCrypt.exe
|
||||
[ -x "$EXE" -a -n "$MSYSTEM" ] || EXE=truecrypt-console.bash
|
||||
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
LARGS="--non-interactive"
|
||||
if [[ "$*" =~ "--help" ]]; then
|
||||
cat<<EOF
|
||||
Usage: truecrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-keyfiles <str>] [--new-password <str>] [--non-interactive] [-p <str>] [--protect-hidden <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [--test] [-t] [--token-lib <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [Volume path] [Mount point]
|
||||
--auto-mount=<str> Auto mount device-hosted/favorite volumes
|
||||
--backup-headers Backup volume headers
|
||||
--background-task Start Background Task
|
||||
-C, --change Change password or keyfiles
|
||||
-c, --create Create new volume
|
||||
--create-keyfile Create new keyfile
|
||||
--delete-token-keyfiles Delete security token keyfiles
|
||||
-d, --dismount Dismount volume
|
||||
--display-password Display password while typing
|
||||
--encryption=<str> Encryption algorithm
|
||||
--explore Open explorer window for mounted volume
|
||||
--export-token-keyfile Export keyfile from security token
|
||||
--filesystem=<str> Filesystem type
|
||||
-f, --force Force mount/dismount/overwrite
|
||||
--fs-options=<str> Filesystem mount options
|
||||
--hash=<str> Hash algorithm
|
||||
-h, --help Display detailed command line help
|
||||
--import-token-keyfiles Import keyfiles to security token
|
||||
-k, --keyfiles=<str> Keyfiles
|
||||
-l, --list List mounted volumes
|
||||
--list-token-keyfiles List security token keyfiles
|
||||
--load-preferences Load user preferences
|
||||
--mount Mount volume interactively
|
||||
-m, --mount-options=<str> TrueCrypt volume mount options
|
||||
--new-keyfiles=<str> New keyfiles
|
||||
--new-password=<str> New password
|
||||
--non-interactive Do not interact with user
|
||||
-p, --password=<str> Password
|
||||
--protect-hidden=<str> Protect hidden volume
|
||||
--protection-keyfiles=<str> Keyfiles for protected hidden volume
|
||||
--protection-password=<str> Password for protected hidden volume
|
||||
--random-source=<str> Use file as source of random data
|
||||
--restore-headers Restore volume headers
|
||||
--save-preferences Save user preferences
|
||||
--quick Enable quick format
|
||||
--size=<str> Size in bytes
|
||||
--slot=<str> Volume slot number
|
||||
--test Test internal algorithms
|
||||
-t, --text Use text user interface
|
||||
--token-lib=<str> Security token library
|
||||
-v, --verbose Enable verbose output
|
||||
--version Display version information
|
||||
--volume-properties Display volume properties
|
||||
--volume-type=<str> Volume type
|
||||
|
||||
EOF
|
||||
exit 0
|
||||
elif [[ "$*" =~ "--list" ]]; then
|
||||
:
|
||||
else
|
||||
[[ "$*" =~ "--password" ]] || [[ $LARGS =~ "--password" ]] || {
|
||||
ERROR --password is required -- $*
|
||||
exit 3
|
||||
}
|
||||
[[ "$*" =~ "--keyfiles" ]] || [[ $LARGS =~ "--keyfiles" ]] || LARGS="--keyfiles '' $LARGS"
|
||||
fi
|
||||
|
||||
DBUG $EXE $LARGS "$@" |tee $TMPDIR/$base$$.tmp
|
||||
$EXE $LARGS "$@" 2>$TMPDIR/$base$$.err >$TMPDIR/$base$$.log
|
||||
retval=$?
|
||||
if [ $retval -eq 0 ] ; then
|
||||
INFO see $TMPDIR/$base$$.log
|
||||
else
|
||||
WARN see $TMPDIR/$base$$.err
|
||||
cat $TMPDIR/$base$$.err
|
||||
fi
|
||||
exit $retval
|
85
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/truecrypt.bash
Executable file
85
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/truecrypt.bash
Executable file
@ -0,0 +1,85 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
base=TrueC
|
||||
ROLE=gpgkey
|
||||
TMPDIR=/tmp
|
||||
EXE=/q/Pg64/TrueCrypt-7.1a/TrueCrypt.exe
|
||||
[ -x "$EXE" -a -n "$MSYSTEM" ] || EXE=truecrypt.bash
|
||||
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
RARGS="--non-interactive -v"
|
||||
if [[ "$*" =~ "--list" ]]; then
|
||||
cat<<EOF
|
||||
Usage: truecrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-keyfiles <str>] [--new-password <str>] [--non-interactive] [-p <str>] [--protect-hidden <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [--test] [-t] [--token-lib <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [Volume path] [Mount point]
|
||||
--auto-mount=<str> Auto mount device-hosted/favorite volumes
|
||||
--backup-headers Backup volume headers
|
||||
--background-task Start Background Task
|
||||
-C, --change Change password or keyfiles
|
||||
-c, --create Create new volume
|
||||
--create-keyfile Create new keyfile
|
||||
--delete-token-keyfiles Delete security token keyfiles
|
||||
-d, --dismount Dismount volume
|
||||
--display-password Display password while typing
|
||||
--encryption=<str> Encryption algorithm
|
||||
--explore Open explorer window for mounted volume
|
||||
--export-token-keyfile Export keyfile from security token
|
||||
--filesystem=<str> Filesystem type
|
||||
-f, --force Force mount/dismount/overwrite
|
||||
--fs-options=<str> Filesystem mount options
|
||||
--hash=<str> Hash algorithm
|
||||
-h, --help Display detailed command line help
|
||||
--import-token-keyfiles Import keyfiles to security token
|
||||
-k, --keyfiles=<str> Keyfiles
|
||||
-l, --list List mounted volumes
|
||||
--list-token-keyfiles List security token keyfiles
|
||||
--load-preferences Load user preferences
|
||||
--mount Mount volume interactively
|
||||
-m, --mount-options=<str> TrueCrypt volume mount options
|
||||
--new-keyfiles=<str> New keyfiles
|
||||
--new-password=<str> New password
|
||||
--non-interactive Do not interact with user
|
||||
-p, --password=<str> Password
|
||||
--protect-hidden=<str> Protect hidden volume
|
||||
--protection-keyfiles=<str> Keyfiles for protected hidden volume
|
||||
--protection-password=<str> Password for protected hidden volume
|
||||
--random-source=<str> Use file as source of random data
|
||||
--restore-headers Restore volume headers
|
||||
--save-preferences Save user preferences
|
||||
--quick Enable quick format
|
||||
--size=<str> Size in bytes
|
||||
--slot=<str> Volume slot number
|
||||
--test Test internal algorithms
|
||||
-t, --text Use text user interface
|
||||
--token-lib=<str> Security token library
|
||||
-v, --verbose Enable verbose output
|
||||
--version Display version information
|
||||
--volume-properties Display volume properties
|
||||
--volume-type=<str> Volume type
|
||||
|
||||
EOF
|
||||
exit 0
|
||||
elif [[ "$*" =~ "--list" ]]; then
|
||||
:
|
||||
else
|
||||
[[ "$*" =~ "--password" ]] || [[ $RARGS =~ "--password" ]] || {
|
||||
ERROR --password is required
|
||||
exit 3
|
||||
}
|
||||
[[ "$*" =~ "--keyfiles" ]] || [[ $RARGS =~ "--keyfiles" ]] || RARGS="--keyfiles='' $RARGS"
|
||||
fi
|
||||
|
||||
DBUG truecrypt.sh $RARGS "$@" >> $TMPDIR/$base$$.tmp
|
||||
$EXE $RARGS "$@" 2>$TMPDIR/${base}$$.err >/tmp/${base}$$.log
|
||||
retval=$?
|
||||
if [ $retval -eq 0 ] ; then
|
||||
INFO see $TMPDIR/${base}$$.log
|
||||
else
|
||||
WARN see $TMPDIR/${base}$$.err
|
||||
cat $TMPDIR/${base}$$.err
|
||||
fi
|
||||
exit $retval
|
@ -0,0 +1,285 @@
|
||||
Usage: truecrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-keyfiles <str>] [--new-password <str>] [--non-interactive] [-p <str>] [--protect-hidden <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [--test] [-t] [--token-lib <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [Volume path] [Mount point]
|
||||
--auto-mount=<str> Auto mount device-hosted/favorite volumes
|
||||
--backup-headers Backup volume headers
|
||||
--background-task Start Background Task
|
||||
-C, --change Change password or keyfiles
|
||||
-c, --create Create new volume
|
||||
--create-keyfile Create new keyfile
|
||||
--delete-token-keyfiles Delete security token keyfiles
|
||||
-d, --dismount Dismount volume
|
||||
--display-password Display password while typing
|
||||
--encryption=<str> Encryption algorithm
|
||||
--explore Open explorer window for mounted volume
|
||||
--export-token-keyfile Export keyfile from security token
|
||||
--filesystem=<str> Filesystem type
|
||||
-f, --force Force mount/dismount/overwrite
|
||||
--fs-options=<str> Filesystem mount options
|
||||
--hash=<str> Hash algorithm
|
||||
-h, --help Display detailed command line help
|
||||
--import-token-keyfiles Import keyfiles to security token
|
||||
-k, --keyfiles=<str> Keyfiles
|
||||
-l, --list List mounted volumes
|
||||
--list-token-keyfiles List security token keyfiles
|
||||
--load-preferences Load user preferences
|
||||
--mount Mount volume interactively
|
||||
-m, --mount-options=<str> TrueCrypt volume mount options
|
||||
--new-keyfiles=<str> New keyfiles
|
||||
--new-password=<str> New password
|
||||
--non-interactive Do not interact with user
|
||||
-p, --password=<str> Password
|
||||
--protect-hidden=<str> Protect hidden volume
|
||||
--protection-keyfiles=<str> Keyfiles for protected hidden volume
|
||||
--protection-password=<str> Password for protected hidden volume
|
||||
--random-source=<str> Use file as source of random data
|
||||
--restore-headers Restore volume headers
|
||||
--save-preferences Save user preferences
|
||||
--quick Enable quick format
|
||||
--size=<str> Size in bytes
|
||||
--slot=<str> Volume slot number
|
||||
--test Test internal algorithms
|
||||
-t, --text Use text user interface
|
||||
--token-lib=<str> Security token library
|
||||
-v, --verbose Enable verbose output
|
||||
--version Display version information
|
||||
--volume-properties Display volume properties
|
||||
--volume-type=<str> Volume type
|
||||
|
||||
|
||||
Synopsis:
|
||||
|
||||
truecrypt [OPTIONS] COMMAND
|
||||
truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]
|
||||
|
||||
|
||||
Commands:
|
||||
|
||||
--auto-mount=devices|favorites
|
||||
Auto mount device-hosted or favorite volumes.
|
||||
|
||||
--backup-headers[=VOLUME_PATH]
|
||||
Backup volume headers to a file. All required options are requested from the
|
||||
user.
|
||||
|
||||
-c, --create[=VOLUME_PATH]
|
||||
Create a new volume. Most options are requested from the user if not specified
|
||||
on command line. See also options --encryption, -k, --filesystem, --hash, -p,
|
||||
--random-source, --quick, --size, --volume-type. Note that passing some of the
|
||||
options may affect security of the volume (see option -p for more information).
|
||||
|
||||
Inexperienced users should use the graphical user interface to create a hidden
|
||||
volume. When using the text user interface, the following procedure must be
|
||||
followed to create a hidden volume:
|
||||
1) Create an outer volume with no filesystem.
|
||||
2) Create a hidden volume within the outer volume.
|
||||
3) Mount the outer volume using hidden volume protection.
|
||||
4) Create a filesystem on the virtual device of the outer volume.
|
||||
5) Mount the new filesystem and fill it with data.
|
||||
6) Dismount the outer volume.
|
||||
If at any step the hidden volume protection is triggered, start again from 1).
|
||||
|
||||
--create-keyfile[=FILE_PATH]
|
||||
Create a new keyfile containing pseudo-random data.
|
||||
|
||||
-C, --change[=VOLUME_PATH]
|
||||
Change a password and/or keyfile(s) of a volume. Most options are requested
|
||||
from the user if not specified on command line. PKCS-5 PRF HMAC hash
|
||||
algorithm can be changed with option --hash. See also options -k,
|
||||
--new-keyfiles, --new-password, -p, --random-source.
|
||||
|
||||
-d, --dismount[=MOUNTED_VOLUME]
|
||||
Dismount a mounted volume. If MOUNTED_VOLUME is not specified, all
|
||||
volumes are dismounted. See below for description of MOUNTED_VOLUME.
|
||||
|
||||
--delete-token-keyfiles
|
||||
Delete keyfiles from security tokens. See also command --list-token-keyfiles.
|
||||
|
||||
--export-token-keyfile
|
||||
Export a keyfile from a security token. See also command --list-token-keyfiles.
|
||||
|
||||
--import-token-keyfiles
|
||||
Import keyfiles to a security token. See also option --token-lib.
|
||||
|
||||
-l, --list[=MOUNTED_VOLUME]
|
||||
Display a list of mounted volumes. If MOUNTED_VOLUME is not specified, all
|
||||
volumes are listed. By default, the list contains only volume path, virtual
|
||||
device, and mount point. A more detailed list can be enabled by verbose
|
||||
output option (-v). See below for description of MOUNTED_VOLUME.
|
||||
|
||||
--list-token-keyfiles
|
||||
Display a list of all available security token keyfiles. See also command
|
||||
--import-token-keyfiles.
|
||||
|
||||
--mount[=VOLUME_PATH]
|
||||
Mount a volume. Volume path and other options are requested from the user
|
||||
if not specified on command line.
|
||||
|
||||
--restore-headers[=VOLUME_PATH]
|
||||
Restore volume headers from the embedded or an external backup. All required
|
||||
options are requested from the user.
|
||||
|
||||
--save-preferences
|
||||
Save user preferences.
|
||||
|
||||
--test
|
||||
Test internal algorithms used in the process of encryption and decryption.
|
||||
|
||||
--version
|
||||
Display program version.
|
||||
|
||||
--volume-properties[=MOUNTED_VOLUME]
|
||||
Display properties of a mounted volume. See below for description of
|
||||
MOUNTED_VOLUME.
|
||||
|
||||
MOUNTED_VOLUME:
|
||||
Specifies a mounted volume. One of the following forms can be used:
|
||||
1) Path to the encrypted TrueCrypt volume.
|
||||
2) Mount directory of the volume's filesystem (if mounted).
|
||||
3) Slot number of the mounted volume (requires --slot).
|
||||
|
||||
|
||||
Options:
|
||||
|
||||
--display-password
|
||||
Display password characters while typing.
|
||||
|
||||
--encryption=ENCRYPTION_ALGORITHM
|
||||
Use specified encryption algorithm when creating a new volume.
|
||||
|
||||
--filesystem=TYPE
|
||||
Filesystem type to mount. The TYPE argument is passed to mount(8) command
|
||||
with option -t. Default type is 'auto'. When creating a new volume, this
|
||||
option specifies the filesystem to be created on the new volume (only 'FAT'
|
||||
and 'none' TYPE is allowed). Filesystem type 'none' disables mounting or
|
||||
creating a filesystem.
|
||||
|
||||
--force
|
||||
Force mounting of a volume in use, dismounting of a volume in use, or
|
||||
overwriting a file. Note that this option has no effect on some platforms.
|
||||
|
||||
--fs-options=OPTIONS
|
||||
Filesystem mount options. The OPTIONS argument is passed to mount(8)
|
||||
command with option -o when a filesystem on a TrueCrypt volume is mounted.
|
||||
This option is not available on some platforms.
|
||||
|
||||
--hash=HASH
|
||||
Use specified hash algorithm when creating a new volume or changing password
|
||||
and/or keyfiles. This option also specifies the mixing PRF of the random
|
||||
number generator.
|
||||
|
||||
-k, --keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
|
||||
Use specified keyfiles when mounting a volume or when changing password
|
||||
and/or keyfiles. When a directory is specified, all files inside it will be
|
||||
used (non-recursively). Multiple keyfiles must be separated by comma.
|
||||
Use double comma (,,) to specify a comma contained in keyfile's name.
|
||||
Keyfile stored on a security token must be specified as
|
||||
token://slot/SLOT_NUMBER/file/FILENAME. An empty keyfile (-k "") disables
|
||||
interactive requests for keyfiles. See also options --import-token-keyfiles,
|
||||
--list-token-keyfiles, --new-keyfiles, --protection-keyfiles.
|
||||
|
||||
--load-preferences
|
||||
Load user preferences.
|
||||
|
||||
-m, --mount-options=OPTION1[,OPTION2,OPTION3,...]
|
||||
Specifies comma-separated mount options for a TrueCrypt volume:
|
||||
headerbak: Use backup headers when mounting a volume.
|
||||
nokernelcrypto: Do not use kernel cryptographic services.
|
||||
readonly|ro: Mount volume as read-only.
|
||||
system: Mount partition using system encryption.
|
||||
timestamp|ts: Do not restore host-file modification timestamp when a volume
|
||||
is dismounted (note that the operating system under certain circumstances
|
||||
does not alter host-file timestamps, which may be mistakenly interpreted
|
||||
to mean that this option does not work).
|
||||
See also option --fs-options.
|
||||
|
||||
--new-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
|
||||
Add specified keyfiles to a volume. This option can only be used with command
|
||||
-C.
|
||||
|
||||
--new-password=PASSWORD
|
||||
Specifies a new password. This option can only be used with command -C.
|
||||
|
||||
-p, --password=PASSWORD
|
||||
Use specified password to mount/open a volume. An empty password can also be
|
||||
specified (-p ""). Note that passing a password on the command line is
|
||||
potentially insecure as the password may be visible in the process list
|
||||
(see ps(1)) and/or stored in a command history file or system logs.
|
||||
|
||||
--protect-hidden=yes|no
|
||||
Write-protect a hidden volume when mounting an outer volume. Before mounting
|
||||
the outer volume, the user will be prompted for a password to open the hidden
|
||||
volume. The size and position of the hidden volume is then determined and the
|
||||
outer volume is mounted with all sectors belonging to the hidden volume
|
||||
protected against write operations. When a write to the protected area is
|
||||
prevented, the whole volume is switched to read-only mode. Verbose list
|
||||
(-v -l) can be used to query the state of the hidden volume protection.
|
||||
Warning message is displayed when a volume switched to read-only is being
|
||||
dismounted.
|
||||
|
||||
--protection-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
|
||||
Use specified keyfiles to open a hidden volume to be protected. This option
|
||||
may be used only when mounting an outer volume with hidden volume protected.
|
||||
See also options -k and --protect-hidden.
|
||||
|
||||
--protection-password=PASSWORD
|
||||
Use specified password to open a hidden volume to be protected. This option
|
||||
may be used only when mounting an outer volume with hidden volume protected.
|
||||
See also options -p and --protect-hidden.
|
||||
|
||||
--quick
|
||||
Do not encrypt free space when creating a device-hosted volume. This option
|
||||
must not be used when creating an outer volume.
|
||||
|
||||
--random-source=FILE
|
||||
Use FILE as a source of random data (e.g., when creating a volume) instead
|
||||
of requiring the user to type random characters.
|
||||
|
||||
--slot=SLOT
|
||||
Use specified slot number when mounting, dismounting, or listing a volume.
|
||||
|
||||
--size=SIZE
|
||||
Use specified size in bytes when creating a new volume.
|
||||
|
||||
-t, --text
|
||||
Use text user interface. Graphical user interface is used by default if
|
||||
available. This option must be specified as the first argument.
|
||||
|
||||
--token-lib=LIB_PATH
|
||||
Use specified PKCS #11 security token library.
|
||||
|
||||
--volume-type=TYPE
|
||||
Use specified volume type when creating a new volume. TYPE can be 'normal'
|
||||
or 'hidden'. See option -c for more information on creating hidden volumes.
|
||||
|
||||
-v, --verbose
|
||||
Enable verbose output.
|
||||
|
||||
|
||||
IMPORTANT:
|
||||
|
||||
If you want to use TrueCrypt, you must follow the security requirements and
|
||||
security precautions listed in chapter 'Security Requirements and Precautions'
|
||||
in the TrueCrypt documentation (file 'TrueCrypt User Guide.pdf').
|
||||
|
||||
|
||||
Examples:
|
||||
|
||||
Create a new volume:
|
||||
truecrypt -t -c
|
||||
|
||||
Mount a volume:
|
||||
truecrypt volume.tc /media/truecrypt1
|
||||
|
||||
Mount a volume as read-only, using keyfiles:
|
||||
truecrypt -m ro -k keyfile1,keyfile2 volume.tc
|
||||
|
||||
Mount a volume without mounting its filesystem:
|
||||
truecrypt --filesystem=none volume.tc
|
||||
|
||||
Mount a volume prompting only for its password:
|
||||
truecrypt -t -k "" --protect-hidden=no volume.tc /media/truecrypt1
|
||||
|
||||
Dismount a volume:
|
||||
truecrypt -d volume.tc
|
||||
|
||||
Dismount all mounted volumes:
|
||||
truecrypt -d
|
@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
TMPDIR=/tmp
|
||||
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
EXE=veracrypt-console
|
||||
|
||||
#? mayaybe not
|
||||
|
||||
# text -- Unexpected parameter '--text'
|
||||
[[ "$*" =~ "--stdin" ]] && \
|
||||
LARGS="--text --non-interactive"
|
||||
|
||||
if [[ "$*" =~ "--create" ]] ; then
|
||||
. /usr/local/bin/veracrypt-create.sh
|
||||
elif [[ "$*" =~ "--list" ]] ; then
|
||||
:
|
||||
else
|
||||
[[ "$*" =~ "--pim" ]] || RARGS="--pim=100 $RARGS"
|
||||
[[ "$*" =~ "--volume-type" ]] || [[ $RARGS =~ "--volume-type" ]] || RARGS="--volume-type=normal $RARGS"
|
||||
[[ "$*" =~ "--hash" ]] || [[ $RARGS =~ "--hash" ]] || RARGS="--hash=sha512 $RARGS"
|
||||
[[ "$*" =~ "--encryption" ]] || [[ $RARGS =~ "--encryption" ]] || RARGS="--encryption=Twofish $RARGS"
|
||||
# not =''
|
||||
[[ "$*" =~ "--keyfiles" ]] || RARGS="--keyfiles '' $RARGS"
|
||||
fi
|
||||
|
||||
DEBUG=1
|
||||
DBUG $EXE $LARGS $RARGS "$@" >> $TMPDIR/VerC$$.tmp
|
||||
$EXE $LARGS $RARGS "$@" 2>$TMPDIR/VerC$$.err >$TMPDIR/VerC$$.log
|
||||
retval=$?
|
||||
if [ $retval -eq 0 ] ; then
|
||||
INFO see $TMPDIR/VerC$$.log
|
||||
else
|
||||
WARN see $TMPDIR/VerC$$.err
|
||||
cat $TMPDIR/VerC$$.err
|
||||
fi
|
||||
exit $retval
|
||||
|
63
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/veracrypt-create.bash
Executable file
63
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/veracrypt-create.bash
Executable file
@ -0,0 +1,63 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
if [[ "$*" =~ "--create" ]] ; then
|
||||
[[ "$*" =~ "--volume-type" ]] || [[ $RARGS =~ "--volume-type" ]] || RARGS="--volume-type=normal $RARGS"
|
||||
[[ "$*" =~ "--hash" ]] || [[ $RARGS =~ "--hash" ]] || RARGS="--hash=sha512 $RARGS"
|
||||
[[ "$*" =~ "--filesystem" ]] || [[ $RARGS =~ "--filesystem" ]] || RARGS="--filesystem=none $RARGS"
|
||||
[[ "$*" =~ "--size" ]] || [[ $RARGS =~ "--size" ]] || RARGS="--size=1G $RARGS"
|
||||
[[ "$*" =~ "--encryption" ]] || [[ $RARGS =~ "--encryption" ]] || RARGS="--encryption=Twofish $RARGS"
|
||||
fi
|
||||
|
||||
# root@Ulati:# veracrypt --keyfiles='' --pim=100 --create /tmp/a.tc
|
||||
# Volume type:
|
||||
# 1) Normal
|
||||
# 2) Hidden
|
||||
# Select [1]:
|
||||
#
|
||||
# Enter volume size (sizeK/size[M]/sizeG): 1G
|
||||
#
|
||||
# Encryption Algorithm:
|
||||
# 1) AES
|
||||
# 2) Serpent
|
||||
# 3) Twofish
|
||||
# 4) Camellia
|
||||
# 5) Kuznyechik
|
||||
# 6) AES(Twofish)
|
||||
# 7) AES(Twofish(Serpent))
|
||||
# 8) Camellia(Kuznyechik)
|
||||
# 9) Camellia(Serpent)
|
||||
# 10) Kuznyechik(AES)
|
||||
# 11) Kuznyechik(Serpent(Camellia))
|
||||
# 12) Kuznyechik(Twofish)
|
||||
# 13) Serpent(AES)
|
||||
# 14) Serpent(Twofish(AES))
|
||||
# 15) Twofish(Serpent)
|
||||
# Select [1]: 1
|
||||
#
|
||||
# Hash algorithm:
|
||||
# 1) SHA-512
|
||||
# 2) Whirlpool
|
||||
# 3) SHA-256
|
||||
# 4) Streebog
|
||||
# Select [1]: 1
|
||||
#
|
||||
# Filesystem:
|
||||
# 1) None
|
||||
# 2) FAT
|
||||
# 3) Linux Ext2
|
||||
# 4) Linux Ext3
|
||||
# 5) Linux Ext4
|
||||
# 6) NTFS
|
||||
# 7) exFAT
|
||||
# 8) Btrfs
|
||||
# Select [2]: 2
|
||||
# gridfire_veracrypt.sh
|
||||
|
49
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/veracrypt.bash
Executable file
49
roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/veracrypt.bash
Executable file
@ -0,0 +1,49 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
base=VerC
|
||||
TMPDIR=/tmp
|
||||
if [ -z "$EXE" ] ; then
|
||||
EXE='/q/Pg64/VeraCrypt_1.24-Update7/veracrypt.exe'
|
||||
[ -x "$EXE" -a -n "$MSYSTEM" ] || EXE=veracrypt
|
||||
fi
|
||||
|
||||
DEBUG=1
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
[[ "$*" =~ --stdin ]] && \
|
||||
LARGS="--text --non-interactive"
|
||||
|
||||
if [[ "$*" =~ --create ]] ; then
|
||||
. /usr/local/bin/veracrypt-create.sh
|
||||
elif [[ "$*" =~ --change ]] ; then
|
||||
:
|
||||
# [[ "$*" =~ --pim ]] || RARGS="--pim=100 $RARGS"
|
||||
[[ "$*" =~ --volume-type ]] || RARGS="--volume-type=normal $RARGS"
|
||||
[[ "$*" =~ --hash ]] || RARGS="--hash=sha512 $RARGS"
|
||||
[[ "$*" =~ --encryption ]] || RARGS="--encryption=Twofish $RARGS"
|
||||
elif [[ "$*" =~ --list ]] ; then
|
||||
:
|
||||
else
|
||||
[[ "$*" =~ --pim ]] || RARGS="--pim=100 $RARGS"
|
||||
[[ "$*" =~ --filesystem ]] || [[ $RARGS =~ "--filesystem" ]] || RARGS="--filesystem=none $RARGS"
|
||||
[[ "$*" =~ --encryption ]] || RARGS="--encryption=Twofish $RARGS"
|
||||
[[ "$*" =~ --volume-type ]] || RARGS="--volume-type=normal $RARGS"
|
||||
[[ "$*" =~ --hash ]] || RARGS="--hash=sha512 $RARGS"
|
||||
# not =''
|
||||
[[ "$*" =~ --keyfiles ]] || RARGS="--keyfiles '' $RARGS"
|
||||
fi
|
||||
|
||||
DBUG $EXE $LARGS $RARGS "$@" |tee $TMPDIR/${base}$$.tmp
|
||||
$EXE $LARGS $RARGS "$@" 2>$TMPDIR/${base}$$.err >$TMPDIR/${base}$$.log
|
||||
retval=$?
|
||||
if [ $retval -eq 0 ] ; then
|
||||
INFO see $TMPDIR/${base}$$.log
|
||||
else
|
||||
WARN see $TMPDIR/${base}$$.err
|
||||
fi
|
||||
exit $retval
|
@ -0,0 +1,310 @@
|
||||
Usage: veracrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-hash <str>] [--new-keyfiles <str>] [--new-password <str>] [--new-pim <str>] [--non-interactive] [--stdin] [-p <str>] [--pim <str>] [--protect-hidden <str>] [--protection-hash <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--protection-pim <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [-tc] [--test] [-t] [--token-lib <str>] [--token-pin <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [--no-size-check] [--legacy-password-maxlength] [--use-dummy-sudo-password] [Volume path] [Mount point]
|
||||
--auto-mount=<str> Auto mount device-hosted/favorite volumes
|
||||
--backup-headers Backup volume headers
|
||||
--background-task Start Background Task
|
||||
-C, --change Change password or keyfiles
|
||||
-c, --create Create new volume
|
||||
--create-keyfile Create new keyfile
|
||||
--delete-token-keyfiles Delete security token keyfiles
|
||||
-d, --dismount Dismount volume
|
||||
--display-password Display password while typing
|
||||
--encryption=<str> Encryption algorithma
|
||||
--explore Open explorer window for mounted volume
|
||||
--export-token-keyfile Export keyfile from security token
|
||||
--filesystem=<str> Filesystem type
|
||||
-f, --force Force mount/dismount/overwrite
|
||||
--fs-options=<str> Filesystem mount options
|
||||
--hash=<str> Hash algorithm
|
||||
-h, --help Display detailed command line help
|
||||
--import-token-keyfiles Import keyfiles to security token
|
||||
-k, --keyfiles=<str> Keyfiles
|
||||
-l, --list List mounted volumes
|
||||
--list-token-keyfiles List security token keyfiles
|
||||
--load-preferences Load user preferences
|
||||
--mount Mount volume interactively
|
||||
-m, --mount-options=<str> VeraCrypt volume mount options
|
||||
--new-hash=<str> New hash algorithm
|
||||
--new-keyfiles=<str> New keyfiles
|
||||
--new-password=<str> New password
|
||||
--new-pim=<str> New PIM
|
||||
--non-interactive Do not interact with user
|
||||
--stdin Read password from standard input
|
||||
-p, --password=<str> Password
|
||||
--pim=<str> PIM
|
||||
--protect-hidden=<str> Protect hidden volume
|
||||
--protection-hash=<str> Hash algorithm for protected hidden volume
|
||||
--protection-keyfiles=<str> Keyfiles for protected hidden volume
|
||||
--protection-password=<str> Password for protected hidden volume
|
||||
--protection-pim=<str> PIM for protected hidden volume
|
||||
--random-source=<str> Use file as source of random data
|
||||
--restore-headers Restore volume headers
|
||||
--save-preferences Save user preferences
|
||||
--quick Enable quick format
|
||||
--size=<str> Size in bytes
|
||||
--slot=<str> Volume slot number
|
||||
-tc, --truecrypt Enable TrueCrypt mode. Should be put first to avoid issues.
|
||||
--test Test internal algorithms
|
||||
-t, --text Use text user interface
|
||||
--token-lib=<str> Security token library
|
||||
--token-pin=<str> Security token PIN
|
||||
-v, --verbose Enable verbose output
|
||||
--version Display version information
|
||||
--volume-properties Display volume properties
|
||||
--volume-type=<str> Volume type
|
||||
--no-size-check Disable check of container size against disk free space.
|
||||
--legacy-password-maxlength Use legacy maximum password length (64 UTF-8 bytes)
|
||||
--use-dummy-sudo-password Use dummy password in sudo to detect if it is already authenticated
|
||||
|
||||
|
||||
Synopsis:
|
||||
|
||||
veracrypt [OPTIONS] COMMAND
|
||||
veracrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]
|
||||
|
||||
|
||||
Commands:
|
||||
|
||||
--auto-mount=devices|favorites
|
||||
Auto mount device-hosted or favorite volumes.
|
||||
|
||||
--backup-headers[=VOLUME_PATH]
|
||||
Backup volume headers to a file. All required options are requested from the
|
||||
user.
|
||||
|
||||
-c, --create[=VOLUME_PATH]
|
||||
Create a new volume. Most options are requested from the user if not specified
|
||||
on command line. See also options --encryption, -k, --filesystem, --hash, -p,
|
||||
--random-source, --quick, --size, --volume-type. Note that passing some of the
|
||||
options may affect security of the volume (see option -p for more information).
|
||||
|
||||
Inexperienced users should use the graphical user interface to create a hidden
|
||||
volume. When using the text user interface, the following procedure must be
|
||||
followed to create a hidden volume:
|
||||
1) Create an outer volume with no filesystem.
|
||||
2) Create a hidden volume within the outer volume.
|
||||
3) Mount the outer volume using hidden volume protection.
|
||||
4) Create a filesystem on the virtual device of the outer volume.
|
||||
5) Mount the new filesystem and fill it with data.
|
||||
6) Dismount the outer volume.
|
||||
If at any step the hidden volume protection is triggered, start again from 1).
|
||||
|
||||
--create-keyfile[=FILE_PATH]
|
||||
Create a new keyfile containing pseudo-random data.
|
||||
|
||||
-C, --change[=VOLUME_PATH]
|
||||
Change a password and/or keyfile(s) of a volume. Most options are requested
|
||||
from the user if not specified on command line. PKCS-5 PRF HMAC hash
|
||||
algorithm can be changed with option --hash. See also options -k,
|
||||
--new-keyfiles, --new-password, -p, --random-source.
|
||||
|
||||
-d, --dismount[=MOUNTED_VOLUME]
|
||||
Dismount a mounted volume. If MOUNTED_VOLUME is not specified, all
|
||||
volumes are dismounted. See below for description of MOUNTED_VOLUME.
|
||||
|
||||
--delete-token-keyfiles
|
||||
Delete keyfiles from security tokens. See also command --list-token-keyfiles.
|
||||
|
||||
--export-token-keyfile
|
||||
Export a keyfile from a security token. See also command --list-token-keyfiles.
|
||||
|
||||
--import-token-keyfiles
|
||||
Import keyfiles to a security token. See also option --token-lib.
|
||||
|
||||
-l, --list[=MOUNTED_VOLUME]
|
||||
Display a list of mounted volumes. If MOUNTED_VOLUME is not specified, all
|
||||
volumes are listed. By default, the list contains only volume path, virtual
|
||||
device, and mount point. A more detailed list can be enabled by verbose
|
||||
output option (-v). See below for description of MOUNTED_VOLUME.
|
||||
|
||||
--list-token-keyfiles
|
||||
Display a list of all available security token keyfiles. See also command
|
||||
--import-token-keyfiles.
|
||||
|
||||
--mount[=VOLUME_PATH]
|
||||
Mount a volume. Volume path and other options are requested from the user
|
||||
if not specified on command line.
|
||||
|
||||
--restore-headers[=VOLUME_PATH]
|
||||
Restore volume headers from the embedded or an external backup. All required
|
||||
options are requested from the user.
|
||||
|
||||
--save-preferences
|
||||
Save user preferences.
|
||||
|
||||
--test
|
||||
Test internal algorithms used in the process of encryption and decryption.
|
||||
|
||||
--version
|
||||
Display program version.
|
||||
|
||||
--volume-properties[=MOUNTED_VOLUME]
|
||||
Display properties of a mounted volume. See below for description of
|
||||
MOUNTED_VOLUME.
|
||||
|
||||
MOUNTED_VOLUME:
|
||||
Specifies a mounted volume. One of the following forms can be used:
|
||||
1) Path to the encrypted VeraCrypt volume.
|
||||
2) Mount directory of the volume's filesystem (if mounted).
|
||||
3) Slot number of the mounted volume (requires --slot).
|
||||
|
||||
|
||||
Options:
|
||||
|
||||
--display-password
|
||||
Display password characters while typing.
|
||||
|
||||
--encryption=ENCRYPTION_ALGORITHM
|
||||
Use specified encryption algorithm when creating a new volume.
|
||||
|
||||
--filesystem=TYPE
|
||||
Filesystem type to mount. The TYPE argument is passed to mount(8) command
|
||||
with option -t. Default type is 'auto'. When creating a new volume, this
|
||||
option specifies the filesystem to be created on the new volume.
|
||||
Filesystem type 'none' disables mounting or creating a filesystem.
|
||||
|
||||
--force
|
||||
Force mounting of a volume in use, dismounting of a volume in use, or
|
||||
overwriting a file. Note that this option has no effect on some platforms.
|
||||
|
||||
--fs-options=OPTIONS
|
||||
Filesystem mount options. The OPTIONS argument is passed to mount(8)
|
||||
command with option -o when a filesystem on a VeraCrypt volume is mounted.
|
||||
This option is not available on some platforms.
|
||||
|
||||
--hash=HASH
|
||||
Use specified hash algorithm when creating a new volume or changing password
|
||||
and/or keyfiles. This option also specifies the mixing PRF of the random
|
||||
number generator.
|
||||
|
||||
-k, --keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
|
||||
Use specified keyfiles when mounting a volume or when changing password
|
||||
and/or keyfiles. When a directory is specified, all files inside it will be
|
||||
used (non-recursively). Multiple keyfiles must be separated by comma.
|
||||
Use double comma (,,) to specify a comma contained in keyfile's name.
|
||||
Keyfile stored on a security token must be specified as
|
||||
token://slot/SLOT_NUMBER/file/FILENAME. An empty keyfile (-k "") disables
|
||||
interactive requests for keyfiles. See also options --import-token-keyfiles,
|
||||
--list-token-keyfiles, --new-keyfiles, --protection-keyfiles.
|
||||
|
||||
--load-preferences
|
||||
Load user preferences.
|
||||
|
||||
-m, --mount-options=OPTION1[,OPTION2,OPTION3,...]
|
||||
Specifies comma-separated mount options for a VeraCrypt volume:
|
||||
headerbak: Use backup headers when mounting a volume.
|
||||
nokernelcrypto: Do not use kernel cryptographic services.
|
||||
readonly|ro: Mount volume as read-only.
|
||||
system: Mount partition using system encryption.
|
||||
timestamp|ts: Do not restore host-file modification timestamp when a volume
|
||||
is dismounted (note that the operating system under certain circumstances
|
||||
does not alter host-file timestamps, which may be mistakenly interpreted
|
||||
to mean that this option does not work).
|
||||
See also option --fs-options.
|
||||
|
||||
--new-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
|
||||
Add specified keyfiles to a volume. This option can only be used with command
|
||||
-C.
|
||||
|
||||
--new-password=PASSWORD
|
||||
Specifies a new password. This option can only be used with command -C.
|
||||
|
||||
--new-pim=PIM
|
||||
Specifies a new PIM. This option can only be used with command -C.
|
||||
|
||||
-p, --password=PASSWORD
|
||||
Use specified password to mount/open a volume. An empty password can also be
|
||||
specified (-p ""). Note that passing a password on the command line is
|
||||
potentially insecure as the password may be visible in the process list
|
||||
(see ps(1)) and/or stored in a command history file or system logs.
|
||||
|
||||
--pim=PIM
|
||||
Use specified PIM to mount/open a volume. Note that passing a PIM on the
|
||||
command line is potentially insecure as the PIM may be visible in the process
|
||||
list (see ps(1)) and/or stored in a command history file or system logs.
|
||||
|
||||
--protect-hidden=yes|no
|
||||
Write-protect a hidden volume when mounting an outer volume. Before mounting
|
||||
the outer volume, the user will be prompted for a password to open the hidden
|
||||
volume. The size and position of the hidden volume is then determined and the
|
||||
outer volume is mounted with all sectors belonging to the hidden volume
|
||||
protected against write operations. When a write to the protected area is
|
||||
prevented, the whole volume is switched to read-only mode. Verbose list
|
||||
(-v -l) can be used to query the state of the hidden volume protection.
|
||||
Warning message is displayed when a volume switched to read-only is being
|
||||
dismounted.
|
||||
|
||||
--protection-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
|
||||
Use specified keyfiles to open a hidden volume to be protected. This option
|
||||
may be used only when mounting an outer volume with hidden volume protected.
|
||||
See also options -k and --protect-hidden.
|
||||
|
||||
--protection-password=PASSWORD
|
||||
Use specified password to open a hidden volume to be protected. This option
|
||||
may be used only when mounting an outer volume with hidden volume protected.
|
||||
See also options -p and --protect-hidden.
|
||||
|
||||
--quick
|
||||
Do not encrypt free space when creating a device-hosted volume. This option
|
||||
must not be used when creating an outer volume.
|
||||
|
||||
--random-source=FILE
|
||||
Use FILE as a source of random data (e.g., when creating a volume) instead
|
||||
of requiring the user to type random characters.
|
||||
|
||||
--slot=SLOT
|
||||
Use specified slot number when mounting, dismounting, or listing a volume.
|
||||
|
||||
--size=SIZE[K|M|G|T]
|
||||
Use specified size when creating a new volume. If no suffix is indicated,
|
||||
then SIZE is interpreted in bytes. Suffixes K, M, G or T can be used to
|
||||
indicate a value in KiB, MiB, GiB or TiB respectively.
|
||||
|
||||
-t, --text
|
||||
Use text user interface. Graphical user interface is used by default if
|
||||
available. This option must be specified as the first argument.
|
||||
|
||||
-tc, --truecrypt
|
||||
Enable TrueCrypt compatibility mode to enable mounting volumes created
|
||||
by TrueCrypt 6.x or 7.x. This option must be specified as the first
|
||||
argument, or immediately after --text.
|
||||
|
||||
--token-lib=LIB_PATH
|
||||
Use specified PKCS #11 security token library.
|
||||
|
||||
--volume-type=TYPE
|
||||
Use specified volume type when creating a new volume. TYPE can be 'normal'
|
||||
or 'hidden'. See option -c for more information on creating hidden volumes.
|
||||
|
||||
-v, --verbose
|
||||
Enable verbose output.
|
||||
|
||||
|
||||
IMPORTANT:
|
||||
|
||||
If you want to use VeraCrypt, you must follow the security requirements and
|
||||
security precautions listed in chapter 'Security Requirements and Precautions'
|
||||
in the VeraCrypt documentation (file 'VeraCrypt User Guide.pdf').
|
||||
|
||||
|
||||
Examples:
|
||||
|
||||
Create a new volume:
|
||||
veracrypt -t -c
|
||||
|
||||
Mount a volume:
|
||||
veracrypt volume.hc /media/veracrypt1
|
||||
|
||||
Mount a volume as read-only, using keyfiles:
|
||||
veracrypt -m ro -k keyfile1,keyfile2 volume.hc
|
||||
|
||||
Mount a volume without mounting its filesystem:
|
||||
veracrypt --filesystem=none volume.hc
|
||||
|
||||
Mount a volume prompting only for its password:
|
||||
veracrypt -t -k "" --pim=0 --protect-hidden=no volume.hc /media/veracrypt1
|
||||
|
||||
Dismount a volume:
|
||||
veracrypt -d volume.hc
|
||||
|
||||
Dismount all mounted volumes:
|
||||
veracrypt -d
|
@ -0,0 +1,51 @@
|
||||
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
|
||||
from __future__ import unicode_literals, print_function
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
|
||||
import cx_Freeze
|
||||
from cx_Freeze import cli
|
||||
|
||||
ROLE="proxy" # noqa
|
||||
|
||||
def main(constants):
|
||||
# options = cx_Freeze.ParseCommandLine()
|
||||
parser = cli.prepare_parser()
|
||||
args = cli.parse_command_line(parser)
|
||||
executables = [cx_Freeze.Executable(args.script,
|
||||
args.init_script,
|
||||
args.base_name,
|
||||
args.target_name,
|
||||
args.icon)
|
||||
]
|
||||
args.includes += ['wcwidth']
|
||||
args.excludes += ['numpy', 'sphinx', 'matplotlib', 'numpy', 'PyQt5', 'pandas', 'babel', 'wx', 'pythran', 'scipy', 'notebook', 'PySide2']
|
||||
args.zip_include_packages='*'
|
||||
args.zip_exclude_packages=''
|
||||
freezer = cx_Freeze.Freezer(executables,
|
||||
includes=args.includes,
|
||||
excludes=args.excludes,
|
||||
packages=args.packages,
|
||||
replacePaths=args.replace_paths,
|
||||
compress=args.compress,
|
||||
optimizeFlag=args.optimize_flag,
|
||||
targetDir=args.target_dir,
|
||||
includeFiles=args.include_files,
|
||||
zipIncludes=args.zip_includes,
|
||||
silent=args.silent,
|
||||
zipIncludePackages=args.zip_include_packages,
|
||||
zipExcludePackages=args.zip_exclude_packages,
|
||||
)
|
||||
freezer.Freeze()
|
||||
return 0
|
||||
|
||||
if __name__ == '__main__':
|
||||
from cx_Freeze import freezer
|
||||
constants = freezer.ConstantsModule()
|
||||
try:
|
||||
i = main(constants)
|
||||
except KeyboardInterrupt:
|
||||
i =0
|
||||
sys.exit(i)
|
@ -0,0 +1,95 @@
|
||||
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
|
||||
|
||||
=== Keyctl Binary ===
|
||||
|
||||
/bin/keyctl
|
||||
|
||||
>>> import os,sys
|
||||
>>> os.system('/bin/keyctl --version') #doctest: +ELLIPSIS
|
||||
0
|
||||
>>> os.system('file /bin/keyctl') #doctest: +ELLIPSIS
|
||||
0
|
||||
>>> from os import system as S
|
||||
|
||||
=== Add a key to a keyring ===
|
||||
|
||||
keyctl add <type> <desc> <data> <keyring>
|
||||
keyctl padd <type> <desc> <keyring>
|
||||
|
||||
This command creates a key of the specified type and description; in‐
|
||||
stantiates it with the given data and attaches it to the specified
|
||||
keyring. It then prints the new key's ID on stdout:
|
||||
|
||||
>>> S('keyctl add user mykey stuff @u')
|
||||
0
|
||||
|
||||
26
|
||||
|
||||
=== Create a keyring ===
|
||||
|
||||
keyctl newring <name> <keyring>
|
||||
|
||||
This command creates a new keyring of the specified name and attaches
|
||||
it to the specified keyring. The ID of the new keyring will be printed
|
||||
to stdout if successful.
|
||||
|
||||
>>> S('keyctl newring gridfire @us > /tmp/newring.id')
|
||||
0
|
||||
>>> sys.stderr.write(open('/tmp/newring.id', 'r').read() +'\n')
|
||||
1...
|
||||
|
||||
|
||||
== /var/local/src/python-keyring-keyutils ==
|
||||
|
||||
>>> gridfire_service = 'gridfire service'
|
||||
>>> from keyring.core import load_keyring
|
||||
>>> keyring = load_keyring('keyring_keyutils.backend.KeyutilsKeyringBackend')
|
||||
>>> keyring.set_password(gridfire_service, 'username foo', 'password bar')
|
||||
>>> keyring.get_password(gridfire_service, 'username foo')
|
||||
'password bar'
|
||||
>>> keyring.set_password(gridfire_service, 'foobar', 'secret')
|
||||
|
||||
>>> import keyutils # different beast
|
||||
>>> iSess = keyutils.join_session_keyring()
|
||||
|
||||
>>> os.system("keyctl setperm $(keyctl search @s user 'gridfire service:foobar') 0x003f0000")
|
||||
512
|
||||
|
||||
This shoul have been zero but maybe the ssushell
|
||||
|
||||
>>> description = gridfire_service+':'+ 'foobar'
|
||||
>>> i = keyutils.search(iSess, description.encode(), destination=0, keyType=b"user")
|
||||
>>> i is not None and type(i) == int and i > 0
|
||||
False
|
||||
|
||||
This should have been the id
|
||||
>>> os.system("keyctl search @s user 'gridfire service:foobar'")
|
||||
|
||||
>>> dir(keyutils)
|
||||
[...'absolute_import', 'add_key', 'clear', 'describe_key', 'join_session_keyring', 'link', 'read_key', 'request_key', 'revoke', 'search', 'session_to_parent', 'set_perm', 'set_timeout', 'unlink', 'update_key']
|
||||
>>> keyutils.set_perm
|
||||
<function...
|
||||
|
||||
>>> keyring.delete_password(gridfire_service, 'username foo')
|
||||
>>> os.system(' keyctl show @s')
|
||||
0
|
||||
|
||||
marcus@linux:~/python-keyring-keyutils> keyctl show @s
|
||||
Keyring
|
||||
46297307 --alswrv 1000 100 keyring: _ses
|
||||
990208180 --alswrv 1000 65534 \_ keyring: _uid.1000
|
||||
750093164 --alswrv 1000 100 \_ keyring: python-keyring-keyutils
|
||||
22790318 --alswrv 1000 100 \_ user: some service:foobar
|
||||
|
||||
keyctl show @s
|
||||
|
||||
marcus@linux:~/python-keyring-keyutils> keyctl print 22790318
|
||||
secret
|
||||
|
||||
>>> os.system('''/var/local/bin/python3.bash -c "from keyring.core import load_keyring; keyring = load_keyring('keyring_keyutils.backend.KeyutilsKeyringBackend'); print(keyring.get_password('gridfire service', 'foobar'))" > /tmp/passwd.tmp''')
|
||||
0
|
||||
|
||||
The file /tmp/passwd.tmp shoudl have the asswd secret
|
||||
|
||||
>>> sys.stderr.write(open('/tmp/passwd.tmp', 'r').read() +'\n')
|
||||
8
|
97
roles/toxcore/overlay/Linux/usr/local/src/gridfire/doc/txt/keyring3.txt
Executable file
97
roles/toxcore/overlay/Linux/usr/local/src/gridfire/doc/txt/keyring3.txt
Executable file
@ -0,0 +1,97 @@
|
||||
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
|
||||
|
||||
== Local Keyrings ==
|
||||
|
||||
This is a Python doctest file that is executable documentation.
|
||||
|
||||
>>> import keyring
|
||||
|
||||
=== Keyring Binary ===
|
||||
|
||||
/bin/keyctl
|
||||
|
||||
>>> import os
|
||||
>>> os.system('/bin/keyctl --version') #doctest: +ELLIPSIS
|
||||
0
|
||||
>>> os.system('file /bin/keyctl') #doctest: +ELLIPSIS
|
||||
0
|
||||
|
||||
=== Keyring Config ===
|
||||
|
||||
>>> import keyring.util.platform_
|
||||
|
||||
Was .../.local/share/python_keyring
|
||||
|
||||
>>> print(keyring.util.platform_.config_root()) #doctest: +ELLIPSIS
|
||||
/.../.config/python_keyring
|
||||
|
||||
The config file is keyringrc.cfg
|
||||
|
||||
=== Kernel Keyring ===
|
||||
|
||||
>>> from keyutils.keys import Key, Keyring, session_keyring
|
||||
>>> Keyring.join_session_keyring() #doctest: +ELLIPSIS
|
||||
<keyutils.keys.Keyring object at ...>
|
||||
|
||||
>>> key = Key.create_or_update('user', 'some description', 'my payload', session_keyring)
|
||||
>>> key.serial >= 0
|
||||
True
|
||||
|
||||
>>> b'my payload' == key.payload()
|
||||
True
|
||||
|
||||
>>> from keyring.core import load_keyring
|
||||
>>> keyring = load_keyring('keyutils.backend.KeyutilsKeyringBackend')
|
||||
>>> keyring.set_password('service X', 'username foo', 'password bar')
|
||||
>>> keyring.get_password('service X', 'username foo')
|
||||
'password bar'
|
||||
|
||||
>>> keyring.set_password('some service', 'foobar', 'secret')
|
||||
>>> keyring.get_password('some service', 'foobar')
|
||||
'secret'
|
||||
|
||||
>>> keyring.delete_password('service X', 'username foo')
|
||||
|
||||
https://rtfm.co.ua/en/what-is-linux-keyring-gnome-keyring-secret-service-and-d-bus/
|
||||
Let's see which keyrings are available for my current session:
|
||||
>>> from sh import keyctl
|
||||
>>> keyctl('show', '@s') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
|
||||
Keyring
|
||||
... --alswrv ... keyring: _ses
|
||||
... --alswrv ... \_ user: some description
|
||||
... --alswrv ... \_ keyring: python-keyring-keyutils
|
||||
... --alswrv ... \_ user: some service:foobar
|
||||
<BLANKLINE>
|
||||
|
||||
Also, in the /proc/key-users you can get information about all
|
||||
keyrings and their statistics by each user:
|
||||
>>> from sh import cat
|
||||
>>> cat('/proc/key-users') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
|
||||
0: ...
|
||||
...
|
||||
<BLANKLINE>
|
||||
|
||||
Or for my user:
|
||||
>>> keyctl('show', '@u') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
|
||||
Keyring
|
||||
... --alswrv ... keyring: _uid...
|
||||
|
||||
Or for my user session:
|
||||
>>> keyctl('show', '@us') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
|
||||
Keyring
|
||||
... --alswrv ... keyring: _uid...
|
||||
|
||||
=== Gnome Keyring ===
|
||||
|
||||
Check D-Bus services - look for the org.freedesktop.secrets:
|
||||
|
||||
>>> from sh import dbus_send
|
||||
>>> dbus_send('--session', '--dest=org.freedesktop.DBus', '--type=method_call', '--print-reply', '/org/freedesktop/DBus', 'org.freedesktop.DBus.ListNames') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
|
||||
method return ...
|
||||
...
|
||||
string "org.freedesktop.secrets"
|
||||
...
|
||||
<BLANKLINE>
|
||||
|
||||
FixMe: maybe gnome-keyring is not installed and org.freedesktop.DBus is in the
|
||||
answer instead.
|
118
roles/toxcore/overlay/Linux/usr/local/src/gridfire/doc/txt/keyutils3.txt
Executable file
118
roles/toxcore/overlay/Linux/usr/local/src/gridfire/doc/txt/keyutils3.txt
Executable file
@ -0,0 +1,118 @@
|
||||
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
|
||||
|
||||
== Keyutils ==
|
||||
|
||||
This is a Python doctest file that is executable documentation.
|
||||
|
||||
/mnt/linuxPen19/usr/local/src/python-keyutils/README.rst
|
||||
|
||||
>>> import keyutils
|
||||
|
||||
# NOTE: only pass `bytes` to the keyutils API:
|
||||
name = b'foo'
|
||||
value = b'bar'
|
||||
ring = keyutils.KEY_SPEC_PROCESS_KEYRING
|
||||
|
||||
key_id = keyutils.add_key(name, value, ring)
|
||||
|
||||
assert keyutils.request_key(name, ring) == key_id
|
||||
assert keyutils.read_key(key_id) == value
|
||||
|
||||
# set timeout to 5 seconds, wait and then... it's gone:
|
||||
keyutils.set_timeout(key_id, 5)
|
||||
from time import sleep
|
||||
sleep(6)
|
||||
assert keyutils.request_key(name, ring) == None
|
||||
|
||||
=== Keyutils ===
|
||||
|
||||
>>> import keyutils
|
||||
>>> dir(keyutils)
|
||||
['__builtins__', '__cached__', '__doc__', '__file__', '__loader__', '__name__', '__package__', '__path__', '__spec__']
|
||||
|
||||
=== Kernel Keyring ===
|
||||
|
||||
>>> from keyutils.backend import KeyutilsKeyringBackend
|
||||
>>> dir(KeyutilsKeyringBackend)
|
||||
['__abstractmethods__', ... 'delete_password', 'get_credential', 'get_password', 'get_viable_backends', 'name', 'priority', 'set_password', 'set_properties_from_env', 'viable']
|
||||
|
||||
|
||||
>>> from keyutils import keys
|
||||
>>> dir (keys)
|
||||
['Key', 'KeyEntity', 'Keyring', '__builtins__', '__cached__', '__doc__', '__file__', '__loader__', '__name__', '__package__', '__spec__', 'errno', 'group_keyring', 'process_keyring', 'raw', 'session_keyring', 'thread_keyring', 'user_keyring', 'user_session_keyring']
|
||||
|
||||
>>> from keyutils.keys import session_keyring
|
||||
>>> dir( session_keyring)
|
||||
[...'add_key', 'create', 'from_serial', 'invalidate', 'join_session_keyring', 'revoke', 'search', 'serial']
|
||||
>>> session_keyring.serial
|
||||
-...
|
||||
|
||||
>>> from keyutils.keys import group_keyring
|
||||
>>> from keyutils.keys import process_keyring
|
||||
|
||||
>>> service = b'ser\xffvice'
|
||||
>>> username = b'user\xdcname'
|
||||
>>> password = b'\xdc\0\xff\0pass\x7f'
|
||||
|
||||
test_backend.py
|
||||
|
||||
>>> parent = process_keyring
|
||||
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar@p', parent_keyring=parent, payload_encoding=None)
|
||||
|
||||
>>> assert oKeyring.get_password(service, username) is None
|
||||
|
||||
>>> oKeyring.set_password(service, username, password)
|
||||
>>> actual_password = oKeyring.get_password(service, username)
|
||||
>>> assert password == actual_password
|
||||
|
||||
>>> from keyutils.keys import user_session_keyring
|
||||
>>> dir( user_session_keyring)
|
||||
[... 'add_key', 'create', 'from_serial', 'invalidate', 'join_session_keyring', 'revoke', 'search', 'serial']
|
||||
>>> from keyutils.keys import user_keyring
|
||||
|
||||
=== user_keyring ===
|
||||
|
||||
>>> parent = user_keyring
|
||||
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar@u', parent_keyring=parent, payload_encoding=None)
|
||||
|
||||
>>> assert oKeyring.get_password(service, username) is None
|
||||
|
||||
>>> oKeyring.set_password(service, username, password)
|
||||
>>> actual_password = oKeyring.get_password(service, username)
|
||||
>>> assert password == actual_password
|
||||
|
||||
=== user_session_keyring ===
|
||||
|
||||
>>> parent = user_session_keyring
|
||||
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar@us', parent_keyring=parent, payload_encoding=None)
|
||||
|
||||
|
||||
Zap is possible.
|
||||
|
||||
>>> plen = len(actual_password)
|
||||
>>> for i in range(plen):
|
||||
... actual_password[i] = 0
|
||||
>>> bytes(plen) == actual_password
|
||||
True
|
||||
|
||||
>>> for elt in ['group_keyring', 'process_keyring', 'session_keyring', 'thread_keyring', 'user_keyring', 'user_session_keyring']:
|
||||
... assert __import__('keyutils.keys' , elt)
|
||||
|
||||
=== parent = process_keyring ===
|
||||
|
||||
>>> parent = process_keyring
|
||||
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar', parent_keyring=parent, payload_encoding=None)
|
||||
|
||||
>>> assert oKeyring.get_password(service, username) is None
|
||||
|
||||
>>> oKeyring.set_password(service, username, password)
|
||||
>>> actual_password = oKeyring.get_password(service, username)
|
||||
>>> assert password == actual_password
|
||||
|
||||
== /usr/local/src/python-keyutils/test/ ==
|
||||
|
||||
>>> os.chdir('/usr/local/src/python-keyutils/test/')
|
||||
>>> os.system('python3.sh keyutils_test.py')
|
||||
|
||||
marcus@linux:~/python-keyring-keyutils> keyctl print 22790318
|
||||
secret
|
207
roles/toxcore/overlay/Linux/usr/local/src/gridfire/doc/txt/pykeepass3.txt
Executable file
207
roles/toxcore/overlay/Linux/usr/local/src/gridfire/doc/txt/pykeepass3.txt
Executable file
@ -0,0 +1,207 @@
|
||||
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
|
||||
|
||||
== PyKeepass ==
|
||||
|
||||
>>> import os,sys # doctest: +REPORT_ONLY_FIRST_FAILURE
|
||||
|
||||
This library allows you to write entries to a KeePass database.
|
||||
Come chat at `#pykeepass`_ on Freenode or `#pykeepass:matrix.org`_ on Matrix.
|
||||
|
||||
.. _#pykeepass: irc://irc.freenode.net
|
||||
.. _#pykeepass\:matrix.org: https://matrix.to/#/%23pykeepass:matrix.org
|
||||
|
||||
>>> import pykeepass
|
||||
|
||||
>>> password = 'password'
|
||||
>>> key = '12345678'
|
||||
>>> new_key_file = '/var/tmp/keyf.txt'
|
||||
>>> new_file = '/tmp/twofish.kdbx'
|
||||
>>> os.system('rm -f ' +new_file)
|
||||
0
|
||||
>>> with open(new_key_file, 'wt') as oFd:
|
||||
... oFd.write(key)
|
||||
8
|
||||
|
||||
=== Test Construct ===
|
||||
|
||||
You can test if this is an error in Construct
|
||||
|
||||
>>> from construct import Struct, Bytes
|
||||
>>> s = Struct("field1" / Bytes(16))
|
||||
>>> parsed = s.parse(b'\x00' * 16)
|
||||
>>> s.build_file(parsed, '/tmp/file.' +str(os.getpid()))
|
||||
>>> parsed = s.parse_file('/tmp/file.' +str(os.getpid()))
|
||||
|
||||
=== run tests ===
|
||||
|
||||
>>> import pykeepass
|
||||
>>> tests_dir = os.path.join(os.path.dirname(pykeepass.__file__), 'tests')
|
||||
>>> os.chdir('/var/local/src/pykeepass/tests')
|
||||
>>> _=sys.stderr.write( 'Running tests in ' +tests_dir +'\n')
|
||||
>>> os.system('python3.bash tests.py')
|
||||
0
|
||||
|
||||
>>> os.system('ls -1f *4*x|grep -v hex|while read file ;do echo ' +password
|
||||
... +'| keepassxc-cli db-info -k test4.key $file;done')
|
||||
0
|
||||
|
||||
>>> os.system('ls -1f *4*x|grep hex|while read file ;do echo password| keepassxc-cli db-info -k test4_hex.key $file;done')
|
||||
0
|
||||
|
||||
=== create_database ===
|
||||
|
||||
Assume has boon run
|
||||
|
||||
>>> import pykeepass
|
||||
... # os.path.dirname(pykeepass.__file__),
|
||||
>>> egg_dir = '/usr/local/lib/python3.8/site-packages/pykeepass-3.2.0-py3.8.egg/pykeepass'
|
||||
>>> blank_database = os.path.join(egg_dir, 'tests', 'blank_twofish.kdbx')
|
||||
>>> assert os.path.exists(blank_database), \
|
||||
... 'blank_database not found ' +blank_database
|
||||
|
||||
>>> os.system('cp ' + blank_database +' ' +new_file)
|
||||
0
|
||||
>>> assert os.path.exists(new_file), 'File not found ' +new_file
|
||||
>>> old_key_file = os.path.join(os.path.dirname(pykeepass.__file__),
|
||||
... 'tests', 'test4.key')
|
||||
|
||||
>>> from pykeepass import PyKeePass
|
||||
>>> kp = PyKeePass(new_file, password=password, keyfile=old_key_file)
|
||||
>>> kp.filename = new_file
|
||||
>>> kp.password = password
|
||||
>>> kp.keyfile = None
|
||||
>>> kp.save()
|
||||
... # keepass_instance.save(transformed_key)
|
||||
>>> _=sys.stderr.write( 'File created, keyfile reset ' +new_file +'\n')
|
||||
|
||||
=== CLI ===
|
||||
|
||||
>>> import sh
|
||||
>>> from sh import keepassxc_cli
|
||||
|
||||
... if False:
|
||||
... old_file = '/var/tmp/test.kdbx'
|
||||
... os.path.exists(old_file): os.unlink(old_file)
|
||||
... keepassxc_cli('db-create', '-k', new_key_file, old_file,
|
||||
... _in=password, _tty_in=True, _tty_out=False ) #doctest: +NORMALIZE_WHITESPACE
|
||||
... # Successfully created new database.
|
||||
... # <BLANKLINE>
|
||||
|
||||
>>> if True:
|
||||
... old_key_file = os.path.join(tests_dir, 'test4.key')
|
||||
... old_file = os.path.join(tests_dir, 'test4_twofish.kdbx')
|
||||
|
||||
>>> _=sys.stderr.write( 'Using ' +old_file +'\n')
|
||||
|
||||
=== Example ===
|
||||
|
||||
Load the database that we just created.
|
||||
|
||||
>>> from pykeepass import PyKeePass
|
||||
>>> kp = PyKeePass(old_file, password=password, keyfile=old_key_file)
|
||||
>>> assert kp
|
||||
>>> _=sys.stderr.write( 'Opened ' +old_file +'\n')
|
||||
|
||||
|
||||
Save database again.
|
||||
|
||||
>>> kp.filename = new_file
|
||||
>>> kp.keyfile = None
|
||||
>>> kp.save(new_file)
|
||||
>>> _=sys.stderr.write( 'Saved with no keyfile ' +new_file +'\n')
|
||||
|
||||
Delete old groups.
|
||||
|
||||
>>> for group in kp.groups:
|
||||
... if group == kp.root_group: continue
|
||||
... _=sys.stderr.write( 'deleting group ' +str(group) +'\n')
|
||||
... kp.delete_group(group)
|
||||
|
||||
Delete old entries
|
||||
|
||||
>>> for group in kp.groups:
|
||||
... if group != kp.root_group: continue
|
||||
... group.name = 'New Twofish' # yes
|
||||
... group.notes = 'New Notes' # yes
|
||||
... entries = kp.entries
|
||||
... for entry in entries:
|
||||
... _=sys.stderr.write( 'deleted entries ' +str(entry) +'\n')
|
||||
... entry.delete()
|
||||
|
||||
Create a new group.
|
||||
|
||||
>>> group = kp.add_group(kp.root_group, 'email')
|
||||
>>> assert group
|
||||
|
||||
Create a new entry.
|
||||
|
||||
>>> kp.add_entry(group, 'gmail', 'myusername', 'myPassw0rdXX')
|
||||
Entry: "email/gmail (myusername)"
|
||||
|
||||
Save the modified database.
|
||||
|
||||
>>> kp.save()
|
||||
>>> assert os.path.exists(old_file)
|
||||
>>> os.system("ls -l " +old_file)
|
||||
0
|
||||
|
||||
Find any group by its name.
|
||||
|
||||
>>> group = kp.find_groups(name='email', first=True)
|
||||
|
||||
Get the entries in a group.
|
||||
|
||||
>>> group.entries
|
||||
[Entry: "email/gmail (myusername)"]
|
||||
|
||||
Find any entry by its title.
|
||||
|
||||
>>> entry = kp.find_entries(title='gmail', first=True)
|
||||
>>> assert entry is not None, 'gmail'
|
||||
>>> entry.username == 'myusername'
|
||||
True
|
||||
|
||||
Retrieve the associated password.
|
||||
|
||||
>>> entry.password
|
||||
'myPassw0rdXX'
|
||||
|
||||
Update an entry.
|
||||
|
||||
>>> import base64
|
||||
|
||||
>>> entry.notes = 'primary gmail account'
|
||||
>>> kp.save()
|
||||
>>> _=sys.stderr.write( 'Saved with entry.notes ' +new_file +'\n')
|
||||
|
||||
>>> kp.title = 'TwoFish Twofish' # nope
|
||||
>>> _=sys.stderr.write( 'Saved with Tmp kp.kdbx ' \
|
||||
... +repr(dir(kp.kdbx)) +'\n')
|
||||
|
||||
>>> _=sys.stderr.write( ' with kp.kdbx.header.data ' \
|
||||
... +base64.b64encode(kp.kdbx.header.data).decode() +'\n')
|
||||
|
||||
>>> x = kp._xpath('/KeePassFile/Meta/DatabaseName')[0]
|
||||
>>> x.text = 'TwoFishName' # yes
|
||||
>>> x = kp._xpath('/KeePassFile/Meta/DatabaseDescription')[0]
|
||||
>>> x.text = 'TwoFishDescription' # yes
|
||||
>>> kp.save()
|
||||
>>> _=sys.stderr.write( 'Saved with TwoFishDb ' +'\n')
|
||||
|
||||
>>> binaries = kp._xpath('/KeePassFile/Meta/Binaries', first=True)
|
||||
>>> kp.add_binary('123'.encode(), compressed=False)
|
||||
0
|
||||
>>> kp.add_binary('456'.encode(), compressed=False)
|
||||
1
|
||||
>>> kp.save()
|
||||
>>> _=sys.stderr.write( 'Saved with a binary ' +'\n')
|
||||
|
||||
>>> kp.binaries
|
||||
[b'123', b'456']
|
||||
|
||||
>>> xml_file = '/tmp/twofish.xml'
|
||||
>>> kp.dump_xml(xml_file)
|
||||
>>> _=sys.stderr.write( 'Saved xml ' +xml_file +'\n')
|
||||
|
||||
>>> _=sys.stderr.write( ' with kp ' +repr(dir(kp)))
|
||||
|
@ -0,0 +1,13 @@
|
||||
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
|
||||
|
||||
=== Keyctl Binary ===
|
||||
|
||||
/bin/keyctl
|
||||
|
||||
>>> import os,sys
|
||||
>>> os.system('/bin/keyctl --version') #doctest: +ELLIPSIS
|
||||
0
|
||||
|
||||
>>> import os,sys
|
||||
>>> os.system('/var/local/bin/gpgkey_tomber_test.bash') #doctest: +ELLIPSIS
|
||||
0
|
@ -0,0 +1,4 @@
|
||||
dev-python/connect
|
||||
dev-python/argon2_cffi
|
||||
dev-python/future
|
||||
dev-python/pycryptodome
|
1238
roles/toxcore/overlay/Linux/usr/local/src/gridfire/gridfire.py
Executable file
1238
roles/toxcore/overlay/Linux/usr/local/src/gridfire/gridfire.py
Executable file
File diff suppressed because it is too large
Load Diff
898
roles/toxcore/overlay/Linux/usr/local/src/gridfire/gridfire.py.bak
Executable file
898
roles/toxcore/overlay/Linux/usr/local/src/gridfire/gridfire.py.bak
Executable file
@ -0,0 +1,898 @@
|
||||
#!/usr/bin/env python3
|
||||
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
# https://github.com/reid-k/gridfire
|
||||
|
||||
from __future__ import unicode_literals, print_function
|
||||
|
||||
__program__ = "Gridfire"
|
||||
__version__ = "v0.5+testforge"
|
||||
__doc__ = """
|
||||
Gridfire is inspired by gpggrid, a security tool included in
|
||||
Tinfoil Hat Linux, intended to resist shoulder-surfing and keylogging.
|
||||
For more information on the project, see the README file distributed with Gridfire.
|
||||
|
||||
Gridfire is named after a fictional superweapon in Iain M Banks' Culture novels.
|
||||
See http://everything2.com/title/Gridfire for more.
|
||||
RIP Iain M Banks (1954-02-16 to 2013-06-09)
|
||||
|
||||
usage: gridfire.py [-h] [-a TTYALERT] [-c] [-g] [-u] [-l] [-b] [-o] [-d] [-f]
|
||||
[-p] [-w] [-m METHOD] [-n] [-v VERBOSITY]
|
||||
[-S SINGLE] [-D DOUBLE] [-R REPEAT ]
|
||||
[ -P POS] [-H HEADER] [-A ANSWER] [-O fd]
|
||||
[STDIN COMMAND [STDIN ARGS ...]]
|
||||
|
||||
positional arguments:
|
||||
STDIN COMMAND Arguments to run a subprocess wih the password in stdin.
|
||||
|
||||
optional arguments:
|
||||
-h, --help show this help message and exit
|
||||
-a TTYALERT, --ttyalert TTYALERT
|
||||
Set the alert mode (none, beep or flash)
|
||||
-c Force concealment of entered text.
|
||||
-g, --grid Ignore other options and behave like gpggrid.
|
||||
-u Allow uppercase letters [A-Z].
|
||||
-l Allow lowercase letters [a-z].
|
||||
-b Allow binary numbers [0-1].
|
||||
-o Allow octal numbers [0-7].
|
||||
-d Allow decimal numbers [0-9].
|
||||
-f Allow hexadecimal numbers [0-9][a-f][A-F].
|
||||
-p Allow punctuation.
|
||||
-w Allow whitespace.
|
||||
-m METHOD, --method METHOD
|
||||
Specify indexing method (0-3, higher is more secure,
|
||||
default=3)
|
||||
-n Append N newlines on output.
|
||||
-v VERBOSITY, --verbosity VERBOSITY
|
||||
Specify verbosity (0-5, higher is verbose, default=3)
|
||||
-S SINGLE, --single SINGLE
|
||||
Arg to pass to a subprocess with -SINGLE=password.
|
||||
-D DOUBLE, --double DOUBLE
|
||||
Arg to pass to a subprocess with --DOUBLE=password.
|
||||
-R, --repeat
|
||||
Repeat the password with a newline to a subprocess.
|
||||
-P POS, --pos POS Position to place the Arg to a subprocess with
|
||||
--DOUBLE/SINGLE=password.
|
||||
-H HEADER, --header HEADER
|
||||
Header line as a prompt (default "").
|
||||
-A ANSWER, --answer ANSWER
|
||||
Skip the grid and give the answer (for testing only).
|
||||
|
||||
"""
|
||||
|
||||
#Learn more about Tinfoil Hat Linux:
|
||||
#Homepage: http://tinfoilhat.shmoo.com/
|
||||
#Wikipedia: https://en.wikipedia.org/wiki/Tinfoil_Hat_Linux
|
||||
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
#TODO: Decide whether or not implement method 4
|
||||
#TODO: Fix row index for non-default charsets
|
||||
|
||||
import os
|
||||
import sys
|
||||
import signal
|
||||
import curses
|
||||
import locale
|
||||
import string
|
||||
import random
|
||||
import argparse
|
||||
import _curses
|
||||
from io import StringIO
|
||||
import subprocess
|
||||
from time import sleep
|
||||
|
||||
PY3 = sys.version_info[0] == 3
|
||||
VERBOSE = 3
|
||||
#
|
||||
# 0: stdin
|
||||
# 1: stdout
|
||||
# 2: stderr
|
||||
iOUT_FD = sys.stdout
|
||||
|
||||
try:
|
||||
from pinentry import PinEntry
|
||||
except ImportError:
|
||||
PinEntry = None
|
||||
oPinEntry = None
|
||||
|
||||
try:
|
||||
from dialog import Dialog
|
||||
except ImportError:
|
||||
Dialog = None
|
||||
oDIALOG = None
|
||||
oLAST_DIR = '/tmp/'
|
||||
|
||||
# Allow stderr for the caller to use
|
||||
def debug(message):
|
||||
if VERBOSE <= 4: return
|
||||
sys.stdout.write('DEBUG: ' + repr(message) +'\n')
|
||||
pass
|
||||
def info(message):
|
||||
if VERBOSE <= 3: return
|
||||
sys.stdout.write('INFO: ' + repr(message) +'\n')
|
||||
pass
|
||||
def warn(message):
|
||||
if VERBOSE <= 2: return
|
||||
sys.stdout.write('WARN: ' + repr(message) +'\n')
|
||||
pass
|
||||
def error(message):
|
||||
if VERBOSE <= 1: return
|
||||
sys.stdout.write('ERROR: ' + message +'\n')
|
||||
pass
|
||||
|
||||
class DummyContextManager:
|
||||
def __enter__(self):
|
||||
return self
|
||||
|
||||
def __exit__(self, *exc):
|
||||
return False
|
||||
|
||||
#Helps curses play nice
|
||||
locale.setlocale(locale.LC_ALL, '')
|
||||
code = locale.getpreferredencoding()
|
||||
|
||||
##### Defaults & Initial variables #####
|
||||
charsets = ''
|
||||
min_x, min_y = 55, 17
|
||||
upperchar = ''
|
||||
lowerchar = ''
|
||||
out = ''
|
||||
hide_out = 0
|
||||
newline = 1
|
||||
|
||||
def spaceout(s):
|
||||
i=len(s)-1 #number of spaces to be inserted
|
||||
while i >= 1:
|
||||
s = s[:-i]+" "+s[-i:]
|
||||
i -= 1
|
||||
return s
|
||||
|
||||
def make_parser():
|
||||
"""Argument parsing"""
|
||||
global VERBOSE
|
||||
|
||||
parser = argparse.ArgumentParser(add_help=True)
|
||||
parser.add_argument('-a', '--ttyalert', type=str, help='Set the alert mode (none, beep or flash)')
|
||||
parser.add_argument('-c', help="Force concealment of entered text.", action="store_true")
|
||||
parser.add_argument('-g', '--grid', help="Ignore other options and behave like gpggrid.", action="store_true")
|
||||
#~ parser.add_argument('-u', dest='char_u', action='store_true')
|
||||
parser.add_argument('-u', help="Allow uppercase letters [A-Z].", action="store_true")
|
||||
parser.add_argument('-l', help="Allow lowercase letters [a-z].", action="store_true")
|
||||
parser.add_argument('-b', help="Allow binary numbers [0-1].", action="store_true")
|
||||
parser.add_argument('-o', help="Allow octal numbers [0-7].", action="store_true")
|
||||
parser.add_argument('-d', help="Allow decimal numbers [0-9].", action="store_true")
|
||||
parser.add_argument('-f', help="Allow hexadecimal numbers [0-9][a-f][A-F].", action="store_true")
|
||||
parser.add_argument('-p', help="Allow punctuation.", action="store_true")
|
||||
parser.add_argument('-w', help="Allow whitespace.", action="store_true")
|
||||
parser.add_argument('-m', '--method', help='Specify indexing method (0-3, higher is more secure, default=3)', dest='method', type=int, default=3)
|
||||
parser.add_argument('-n', help="Append newlines on output.", dest='newline', type=int, default=1)
|
||||
parser.add_argument('-v', '--verbosity', help='Specify verbosity (0-5, higher is verbose, default=3)', type=int, default=3)
|
||||
parser.add_argument('-S', '--single', help="Arg to pass to a subprocess with -SINGLE=password.", dest="single", default='')
|
||||
parser.add_argument('-D', '--double', help="Arg to pass to a subprocess with --DOUBLE=password.", dest="double", default='')
|
||||
parser.add_argument('-R', '--repeat', help="Repeat the password with a newline to a subprocess", action="store_true")
|
||||
parser.add_argument('-P', '--pos', help="Position to place the Arg to a subprocess with --DOUBLE/SINGLE=password.", dest="pos", type=int, default=1)
|
||||
parser.add_argument('-H', '--header', help="Header line as a prompt (default \"\").", dest="header", default='')
|
||||
parser.add_argument('-A', '--answer', help="Skip the grid and give the answer (for testing only).", dest="answer", default='')
|
||||
parser.add_argument('-O', '--output_fd', help="Output file descriptor to print the answer (default 1).", dest="output_fd", type=int, default=1)
|
||||
parser.add_argument('sargs', help="Arguments to run a subprocess wih the password in stdin.", type=str, default='', nargs='*') # metavar='STDIN COMMAND',
|
||||
return parser
|
||||
|
||||
def make_grid(args):
|
||||
"""Define character sets"""
|
||||
punct = spaceout(string.punctuation)
|
||||
punct2 = punct[52:]
|
||||
punct = punct[:52]
|
||||
whitespace = spaceout(string.whitespace)
|
||||
|
||||
#Select character sets
|
||||
#TODO: Can this be simplified? args['u'+'l'] or whatnot?
|
||||
#use_uppercases = (-1 != charsets.find("u"))
|
||||
use_uppercases = args['u']
|
||||
use_lowercases = args['l']
|
||||
use_bindigits = args['b']
|
||||
use_octdigits = args['o']
|
||||
use_decdigits = args['d']
|
||||
use_hexdigits = args['f']
|
||||
use_punct = args['p']
|
||||
use_whitespace = args['w']
|
||||
_setcount = args['u']+args['l']+args['b']+args['o']+args['d']+args['f']+args['p']+args['w']
|
||||
|
||||
#if use_uppercases+use_lowercases+use_bindigits+use_octdigits+use_decdigits+use_hexdigits+use_punct+use_whitespace == 0:
|
||||
if _setcount == 0:
|
||||
use_uppercases = 1
|
||||
use_lowercases = 1
|
||||
use_decdigits = 1
|
||||
use_punct = 1
|
||||
use_whitespace = 1
|
||||
|
||||
use_numbers = 0
|
||||
numbers = ''
|
||||
if use_bindigits+use_octdigits+use_decdigits+use_hexdigits: use_numbers = 1
|
||||
if use_bindigits: numbers = '0 1'
|
||||
if use_octdigits: numbers = spaceout(string.octdigits)
|
||||
if use_decdigits: numbers = spaceout(string.digits)
|
||||
if use_hexdigits: numbers = spaceout(string.hexdigits)
|
||||
|
||||
##### Build static grid #####
|
||||
grid = []
|
||||
if use_uppercases:
|
||||
if PY3:
|
||||
grid.append(spaceout(string.ascii_uppercase))
|
||||
else:
|
||||
grid.append(spaceout(string.uppercase))
|
||||
if use_lowercases:
|
||||
if PY3:
|
||||
grid.append(spaceout(string.ascii_lowercase))
|
||||
else:
|
||||
grid.append(spaceout(string.lowercase))
|
||||
if use_numbers: grid.append(numbers)
|
||||
if use_punct:
|
||||
grid.append(punct)
|
||||
grid.append(punct2)
|
||||
return (use_uppercases,
|
||||
use_lowercases,
|
||||
use_decdigits,
|
||||
use_punct,
|
||||
use_whitespace,
|
||||
punct,
|
||||
punct2,
|
||||
whitespace,
|
||||
numbers,
|
||||
grid, )
|
||||
|
||||
##### Build user interface #####
|
||||
usagebanner = "Choose from grid by typing letter pairs like eF or Dg"
|
||||
|
||||
#? not hasattr(sys, 'frozen') and
|
||||
if Dialog is not None and os.path.isfile('/usr/bin/dialog'):
|
||||
shortcuts = "4:Shell 5:FName 6:FContents 7:Delete 8:Show/Hide 9:Quit 0:Done"
|
||||
else:
|
||||
shortcuts = "7:Delete 8:Show/Hide 9:Quit 0:Done"
|
||||
|
||||
def total_rows(use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct):
|
||||
return use_lowercases+use_uppercases+use_decdigits+use_whitespace+use_punct+use_punct+1
|
||||
|
||||
def iMain(lSysArgv):
|
||||
global password, exit_code, VERBOSE, iOUT_FD, oDIALOG, oLAST_DIR
|
||||
global min_x, min_y, upperchar, lowerchar, out, hide_out
|
||||
global oLAST_DIR
|
||||
|
||||
padpos = 0
|
||||
|
||||
stdscr = None
|
||||
password = ''
|
||||
exit_code = -1
|
||||
out = ''
|
||||
upperchar = ''
|
||||
lowerchar = ''
|
||||
|
||||
if PY3:
|
||||
uppercase = string.ascii_uppercase
|
||||
lowercase = string.ascii_lowercase
|
||||
else:
|
||||
uppercase = string.uppercase
|
||||
lowercase = string.lowercase
|
||||
|
||||
# Check for required size before continuing
|
||||
def check_size(stdscr):
|
||||
(size_y,size_x) = stdscr.getmaxyx()
|
||||
if ((size_x < min_x)|(size_y < min_y)):
|
||||
error( __program__+" needs a "+str(min_x)+"x"+str(min_y)+" character area to function.\n")
|
||||
error( "please adjust your terminal size and restart "+__program__+".")
|
||||
sys.exit(1)
|
||||
|
||||
def pad_draw(stdscr, pad, ly, lx, hy, hx, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title):
|
||||
rv = __program__ +" "+ __version__
|
||||
pad.addstr(0,0," "*(hx+1),curses.A_REVERSE)
|
||||
pad.addstr(0,2,rv,curses.A_REVERSE)
|
||||
pad.addstr(1,0," "*min_x)
|
||||
#~ pad.addstr(0,40," ")
|
||||
pad.addstr(0,40,lowerchar,curses.A_REVERSE)
|
||||
pad.addstr(0,41,upperchar,curses.A_REVERSE)
|
||||
pad.addstr(0,73,"SHOW")
|
||||
if hide_out:
|
||||
pad.addstr(0,73,"HIDE")
|
||||
pad.addstr(1,0,header)
|
||||
pad.addstr(2,0,">>")
|
||||
pad.addstr(2,4," "*(len(out)+1))
|
||||
disp_out = out
|
||||
if hide_out:
|
||||
disp_out = len(out)*"*"
|
||||
pad.addstr(2,4,disp_out)
|
||||
|
||||
##Draw the grid
|
||||
global gridrow
|
||||
gridrow = 6
|
||||
gridoffset = 4
|
||||
|
||||
#Grid Indexes
|
||||
pad.addstr(gridrow-2,gridoffset,spaceout(col_index))
|
||||
for t in range(0, total_rows(use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct)):
|
||||
pad.addstr(gridrow+t,1,row_index[t])
|
||||
t += 1
|
||||
|
||||
#Index selection highlighting
|
||||
if len(upperchar):
|
||||
stdscr.addstr(gridrow-2,4+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
|
||||
if len(lowerchar):
|
||||
stdscr.addstr(gridrow+row_index.find(lowerchar),1,lowerchar,curses.A_REVERSE)
|
||||
|
||||
#Static grid elements
|
||||
### New grid draw method ###
|
||||
r = 0
|
||||
for s in grid:
|
||||
pad.addstr(gridrow,gridoffset,grid[r])
|
||||
r += 1
|
||||
gridrow += 1
|
||||
|
||||
if use_whitespace:
|
||||
#Draw the whitespace row
|
||||
pad.addstr(gridrow,gridoffset," :Space :Tab :Enter")
|
||||
pad.addstr(gridrow,gridoffset,col_index[0])
|
||||
pad.addstr(gridrow,9+gridoffset,col_index[1])
|
||||
pad.addstr(gridrow,18+gridoffset,col_index[2])
|
||||
#If the corresponding columns are selected, highlight them
|
||||
if len(upperchar)&(upperchar==col_index[0]):
|
||||
stdscr.addstr(gridrow,4+col_index.find(upperchar),upperchar,curses.A_REVERSE)
|
||||
if len(upperchar)&(upperchar==col_index[1]):
|
||||
stdscr.addstr(gridrow,11+col_index.find(upperchar),upperchar,curses.A_REVERSE)
|
||||
if len(upperchar)&(upperchar==col_index[2]):
|
||||
stdscr.addstr(gridrow,19+col_index.find(upperchar),upperchar,curses.A_REVERSE)
|
||||
gridrow += 1
|
||||
|
||||
#Draw the 'done' line, and highlight column if selected
|
||||
pad.addstr(gridrow,gridoffset," :Ignore")
|
||||
pad.addstr(gridrow,gridoffset,col_index[0])
|
||||
# pad.addstr(gridrow,9+gridoffset,col_index[1])
|
||||
# pad.addstr(gridrow,18+gridoffset,col_index[2])
|
||||
if len(upperchar)&(upperchar==col_index[0]):
|
||||
stdscr.addstr(gridrow,4+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
|
||||
if len(upperchar)&(upperchar==col_index[1]):
|
||||
stdscr.addstr(gridrow,10+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
|
||||
if len(upperchar)&(upperchar==col_index[2]):
|
||||
stdscr.addstr(gridrow,17+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
|
||||
|
||||
#Help banners
|
||||
pad.addstr(14,0,title)
|
||||
pad.addstr(15,0,usagebanner)
|
||||
# (1+hx-len(shortcuts))*' '+
|
||||
pad.addstr(16,0,shortcuts,curses.A_REVERSE)
|
||||
|
||||
pad.refresh(padpos, 0, ly, lx, hy, hx)
|
||||
|
||||
def main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title):
|
||||
(max_y, max_x,) = stdscr.getmaxyx()
|
||||
pad_draw(stdscr, pad, 0, 0, (max_y-2), (max_x-1), use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title)
|
||||
stdscr.move(max_y-1,0)
|
||||
try:
|
||||
curses.curs_set(0)
|
||||
except:
|
||||
pass
|
||||
stdscr.refresh()
|
||||
|
||||
def cycle_index(cyclemethod=3): #Argument specifies method, default is 3
|
||||
global col_index, row_index
|
||||
if PY3:
|
||||
uppercase = string.ascii_uppercase
|
||||
lowercase = string.ascii_lowercase
|
||||
else:
|
||||
uppercase = string.uppercase
|
||||
lowercase = string.lowercase
|
||||
#Method 0: Ordered letters and numbers, no randomization
|
||||
#This method has 1 possible state and provides no security.
|
||||
#Included to allow gridfire's use to limit possible symbols entered.
|
||||
#For example, hex digits only when entering a WEP key.
|
||||
if cyclemethod==0:
|
||||
col_index = uppercase
|
||||
row_index = lowercase
|
||||
|
||||
#Method 1: Ordered letters, random offset (as with gpggrid)
|
||||
#The math might differ from gpggrid
|
||||
#This method has 676 or 26^2 possible states
|
||||
if cyclemethod==1:
|
||||
offset = random.randint(0,25)
|
||||
col_index = uppercase[offset:]+uppercase[:offset]
|
||||
offset = random.randint(0,25)
|
||||
row_index = lowercase[offset:]+lowercase[:offset]
|
||||
|
||||
#Method 2: use random.shuffle() to shuffle one index in place
|
||||
#This might not work very well, see module documentation on
|
||||
#issues with small len(x) exceeding period of RNGs
|
||||
# http://docs.python.org/2/library/random.html
|
||||
##This method has:
|
||||
##403,291,461,126,605,635,584,000,000
|
||||
##or 26! possible states (403.3 septillion)
|
||||
if cyclemethod==2:
|
||||
col_index = uppercase
|
||||
colcycle = list(uppercase)
|
||||
random.shuffle(colcycle)
|
||||
col_index = ''.join(colcycle)
|
||||
row_index = col_index.lower()
|
||||
|
||||
#Method 3: use random.shuffle() to shuffle indices in place
|
||||
#This might not work very well, see module documentation on
|
||||
#issues with small len(x) exceeding period of RNGs
|
||||
# http://docs.python.org/2/library/random.html
|
||||
#This method has:
|
||||
#162,644,002,617,632,464,507,038,883,409,628,607,021,056,000,000,000,000
|
||||
##or 26!^2 possible states (162.6 sexdecillion).
|
||||
if cyclemethod==3:
|
||||
col_index = uppercase
|
||||
colcycle = list(uppercase)
|
||||
random.shuffle(colcycle)
|
||||
col_index = ''.join(colcycle)
|
||||
|
||||
row_index = lowercase
|
||||
rowcycle = list(lowercase)
|
||||
random.shuffle(rowcycle)
|
||||
row_index = ''.join(rowcycle)
|
||||
|
||||
#TODO: Implement method 4 (mixed cases in row/column indexes)
|
||||
# (This would require redoing input handling to recognize same-case pairs)
|
||||
#Method 4 would have:
|
||||
#80,658,175,170,943,878,571,660,636,856,403,766,975,289,505,440,883,277,824,000,000,000,000
|
||||
#or 52! possible states (80.6 Unvigintillion).
|
||||
|
||||
def quit_scr(leave_message = "", exit_status= 0):
|
||||
global password, exit_code
|
||||
stdscr.keypad(0)
|
||||
curses.echo()
|
||||
curses.nocbreak()
|
||||
curses.endwin()
|
||||
# print leave_message
|
||||
password = leave_message
|
||||
exit_code = exit_status
|
||||
|
||||
parser = make_parser()
|
||||
args = vars(parser.parse_args(lSysArgv))
|
||||
|
||||
debug('args.keys() ' +repr(args.keys()))
|
||||
VERBOSE = args['verbosity']
|
||||
cyclemethod = args['method'] or 3
|
||||
header = args['header'] or ''
|
||||
answer = args['answer'] or ''
|
||||
output_fd = args['output_fd'] or 1
|
||||
sargs = args['sargs']
|
||||
|
||||
if output_fd != 1:
|
||||
iOUT_FD = os.fdopen(int(output_fd), 'w')
|
||||
|
||||
info('DEBUG: sargs=' + repr(sargs))
|
||||
|
||||
(use_uppercases,
|
||||
use_lowercases,
|
||||
use_decdigits,
|
||||
use_punct,
|
||||
use_whitespace,
|
||||
punct,
|
||||
punct2,
|
||||
whitespace,
|
||||
numbers,
|
||||
grid ) = make_grid(args)
|
||||
|
||||
if answer:
|
||||
# for testing - bypass the grid and accept the answer
|
||||
password = answer
|
||||
exit_code = 0
|
||||
else:
|
||||
if not stdscr:
|
||||
stdscr = curses.initscr()
|
||||
curses.noecho()
|
||||
curses.start_color()
|
||||
try:
|
||||
curses.use_default_colors()
|
||||
except:
|
||||
pass
|
||||
stdscr.keypad(1)
|
||||
|
||||
for key, value in _curses.__dict__.items():
|
||||
if key[0:4] == 'ACS_' or key in ('LINES', 'COLS'):
|
||||
if key == 'LINES':
|
||||
value = value - 3
|
||||
setattr(curses, key, value)
|
||||
|
||||
curses.flushinp ()
|
||||
check_size(stdscr)
|
||||
pad = curses.newpad(100,100)
|
||||
if args['ttyalert'] == 'beep':
|
||||
curses.beep()
|
||||
elif args['ttyalert'] == 'flash':
|
||||
curses.flash()
|
||||
|
||||
##### MAIN LOOP: draw the interface and handle user input #####
|
||||
cycle_index(cyclemethod) #Don't start the program with unrandomized indexes
|
||||
# If this isn't done, the program initially shows nothing
|
||||
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, '')
|
||||
|
||||
_previous_sigcont_handler = None
|
||||
while exit_code == -1:
|
||||
if hasattr(sys.stderr, 'getvalue'):
|
||||
title = sys.stderr.getvalue().strip()
|
||||
sys.stderr.buf = ''
|
||||
else:
|
||||
title = ''
|
||||
if title:
|
||||
title = title.split('\n')[-1]
|
||||
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title)
|
||||
curses.noecho()
|
||||
curses.cbreak()
|
||||
sys.stderr.flush()
|
||||
sys.stdout.flush()
|
||||
if not _previous_sigcont_handler:
|
||||
_previous_sigcont_handler = signal.getsignal(signal.SIGCONT)
|
||||
|
||||
try:
|
||||
c = stdscr.getkey()
|
||||
except:
|
||||
quit_scr()
|
||||
break
|
||||
|
||||
if c == '0':
|
||||
quit_scr(out) #on 'Done', write output and exit
|
||||
break
|
||||
if c in ['', '9', chr(27)]: # Quit
|
||||
quit_scr() #on 'Cancel', exit without writing output
|
||||
break
|
||||
if c == '8': # Hide
|
||||
hide_out -= hide_out+hide_out
|
||||
hide_out += 1
|
||||
elif ((c == '7')&(len(out)>=1)) or ((c == 'KEY_BACKSPACE')&(len(out)>=1)):
|
||||
out = out[:len(out)-1] # Delete
|
||||
elif Dialog is not None and c == '6': # File Contents
|
||||
|
||||
# you will first need to save the tty modes with a call to def_prog_mode()
|
||||
# and then call endwin() to end the curses mode. This will leave you in the
|
||||
# original tty mode. To get back to curses once you are done, call
|
||||
# reset_prog_mode() . This function returns the tty to the state stored by
|
||||
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
|
||||
_curses.def_prog_mode() ; _curses.endwin()
|
||||
sBut, sCode = lDialogFselect(oLAST_DIR, height=10, width=50, help_button=False)
|
||||
if sBut == 'ok':
|
||||
sOut = sCode
|
||||
else:
|
||||
return
|
||||
sBut = 'ok'; sCode = '='
|
||||
if sOut and out:
|
||||
sText = sOut # "New text at Beginning, Replace or End"
|
||||
sBut, sCode = lDialogCode(sText)
|
||||
if sBut != 'ok':
|
||||
pass
|
||||
elif sCode == '<':
|
||||
out = sOut + ' ' + out
|
||||
elif sCode == '>':
|
||||
out = out + ' ' + sOut
|
||||
elif sCode == '=':
|
||||
out = sOut
|
||||
elif sCode == '':
|
||||
out = ''
|
||||
|
||||
# oDIALOG.msgbox("Bug Alert: If the screen goes black, suspend to shell with ^Z and then use fg to come back to Gridfire " +sCode, height=8, width=40)
|
||||
|
||||
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, '')
|
||||
_curses.reset_prog_mode()
|
||||
stdscr.refresh()
|
||||
|
||||
elif Dialog is not None and c == '5': # File Name
|
||||
|
||||
# you will first need to save the tty modes with a call to def_prog_mode()
|
||||
# and then call endwin() to end the curses mode. This will leave you in the
|
||||
# original tty mode. To get back to curses once you are done, call
|
||||
# reset_prog_mode() . This function returns the tty to the state stored by
|
||||
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
|
||||
_curses.def_prog_mode() ; _curses.endwin()
|
||||
sOut = sDialogFget()
|
||||
sBut = 'ok'; sCode = '='
|
||||
if sOut and out:
|
||||
sText = sOut # "New text at Beginning, Replace or End"
|
||||
sBut, sCode = lDialogCode(sText)
|
||||
if sBut != 'ok':
|
||||
pass
|
||||
elif sCode == '<':
|
||||
out = sOut + ' ' + out
|
||||
elif sCode == '>':
|
||||
out = out + ' ' + sOut
|
||||
elif sCode == '=':
|
||||
out = sOut
|
||||
elif sCode == '':
|
||||
out = ''
|
||||
|
||||
# oDIALOG.msgbox("Bug Alert: If the screen goes black, suspend to shell with ^Z and then use fg to come back to Gridfire " +sCode, height=8, width=40)
|
||||
|
||||
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, '')
|
||||
_curses.reset_prog_mode()
|
||||
stdscr.refresh()
|
||||
|
||||
elif Dialog is not None and c == '4': # Shell
|
||||
if oDIALOG is None:
|
||||
oDIALOG = Dialog()
|
||||
sCode = '='
|
||||
sOut = ''
|
||||
yStdoutdata = yStderrdata = b''
|
||||
|
||||
# you will first need to save the tty modes with a call to def_prog_mode()
|
||||
# and then call endwin() to end the curses mode. This will leave you in the
|
||||
# original tty mode. To get back to curses once you are done, call
|
||||
# reset_prog_mode() . This function returns the tty to the state stored by
|
||||
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
|
||||
_curses.def_prog_mode() ; _curses.endwin()
|
||||
sCode, sAnswer = oDIALOG.inputbox("Run command (erase to cancel)",
|
||||
init='')
|
||||
if sCode == 'ok' and sAnswer:
|
||||
|
||||
try:
|
||||
devnull = subprocess.DEVNULL
|
||||
except AttributeError: # Python < 3.3
|
||||
devnull_context = devnull = open(os.devnull, "wb")
|
||||
else:
|
||||
devnull_context = DummyContextManager()
|
||||
|
||||
with devnull_context:
|
||||
p = subprocess.Popen(sAnswer,
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=devnull, close_fds=True)
|
||||
if True:
|
||||
( yStdoutdata, yStderrdata ) = p.communicate()
|
||||
retcode = p.returncode
|
||||
oDIALOG.scrollbox(yStdoutdata.decode().strip(),
|
||||
15,50)
|
||||
else:
|
||||
retcode = p.wait()
|
||||
ystdoutdata = p.stdout.read()
|
||||
# One could use title=... instead of text=... to put the text
|
||||
# in the title bar.
|
||||
oDIALOG.programbox(fd=p.stdout.fileno(),
|
||||
text="Output of command: " +sAnswer)
|
||||
|
||||
# oDIALOG.msgbox("Bug Alert: If the screen goes black, suspend to shell with ^Z and then use fg to come back to Gridfire " +str(retcode), height=8, width=40)
|
||||
|
||||
if retcode == 0:
|
||||
sOut = yStdoutdata.decode().strip()
|
||||
sBut = 'ok'; sCode = '='
|
||||
if sOut and out:
|
||||
sText = sOut # "New text at Beginning, Replace or End"
|
||||
sBut, sCode = lDialogCode(sText)
|
||||
if sBut != 'ok':
|
||||
pass
|
||||
elif sCode == '<':
|
||||
out = sOut + ' ' + out
|
||||
elif sCode == '>':
|
||||
out = out + ' ' + sOut
|
||||
elif sCode == '=':
|
||||
out = sOut
|
||||
elif sCode == '':
|
||||
out = ''
|
||||
_curses.reset_prog_mode()
|
||||
stdscr.refresh()
|
||||
|
||||
elif c == '3': # was Ignore
|
||||
# now 'Ignore' is a keypair to fool keystroke counting
|
||||
pass
|
||||
elif PinEntry is not None and c == '2': # unused
|
||||
if oPinEntry is None:
|
||||
oPinEntry = PinEntry()
|
||||
oPinEntry.run()
|
||||
# unfinished
|
||||
#handle row/column selections
|
||||
elif (uppercase.find(c)+1):
|
||||
upperchar = c
|
||||
elif (row_index[:total_rows(use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct)].find(c)+1):
|
||||
lowerchar = c
|
||||
|
||||
#if selection completes a pair, find choice, add to output, reset selection
|
||||
if len(upperchar)&len(lowerchar):
|
||||
#if selected pair chooses 'Done' or 'Cancel'
|
||||
if((upperchar==col_index[0])&(lowerchar==row_index[len(grid)+1])):
|
||||
#on 'Ignore', do nothing
|
||||
pass
|
||||
# :Space :Tab :Enter
|
||||
elif((upperchar==col_index[0])&(lowerchar==row_index[len(grid)])):
|
||||
out += ' ' #on 'Space'
|
||||
elif((upperchar==col_index[1])&(lowerchar==row_index[len(grid)])):
|
||||
out += ' ' #on 'Tab'
|
||||
elif((upperchar==col_index[2])&(lowerchar==row_index[len(grid)])):
|
||||
out += '\n' #on 'Enter'
|
||||
# elif((upperchar==col_index[2])&(lowerchar==row_index[len(grid)])):
|
||||
# out = out[:len(out)-1] #on 'Delete'
|
||||
else:
|
||||
rowchoice = row_index.find(lowerchar)
|
||||
if rowchoice < len(grid):
|
||||
if (grid[rowchoice].find("A") == 0):
|
||||
out += uppercase[col_index.find(upperchar)]
|
||||
if (grid[rowchoice].find("a") == 0):
|
||||
out += lowercase[col_index.find(upperchar)]
|
||||
if (grid[rowchoice].find("0") == 0)&(spaceout(col_index).find(upperchar) < len(numbers)):
|
||||
out += numbers[spaceout(col_index).find(upperchar)]
|
||||
if (grid[rowchoice].find("!") == 0):
|
||||
out += punct[spaceout(col_index).find(upperchar)]
|
||||
if (grid[rowchoice].find("_") == 0)&(spaceout(col_index).find(upperchar) < len(punct2)):
|
||||
out += punct2[spaceout(col_index).find(upperchar)]
|
||||
|
||||
upperchar = ''
|
||||
lowerchar = ''
|
||||
cycle_index(cyclemethod)
|
||||
|
||||
single = args['single'] or ''
|
||||
double = args['double'] or ''
|
||||
repeat = args['repeat'] or ''
|
||||
if single:
|
||||
thing = ['-'+single, password]
|
||||
sStdIn = None
|
||||
elif double:
|
||||
thing = ['--'+double, password]
|
||||
sStdIn = None
|
||||
elif repeat:
|
||||
thing = []
|
||||
sStdIn = password +'\n' +password
|
||||
else:
|
||||
thing = []
|
||||
sStdIn = password
|
||||
|
||||
if exit_code == 0 and sargs and password:
|
||||
# sys.stderr.write('EXIT: ' + repr(password) + '\n')
|
||||
if type(sargs) == str:
|
||||
#? quote
|
||||
largs = sargs.split(' ')
|
||||
elif type(sargs) == list and len(sargs) == 1 and sargs[0].find(' ') > 0:
|
||||
largs = sargs[0].strip().split()
|
||||
elif type(sargs) == list and len(sargs) > 1:
|
||||
largs = sargs
|
||||
else:
|
||||
raise RuntimeError('ERROR: not list or str type(sargs) ' + str(type(sargs) ))
|
||||
|
||||
if thing:
|
||||
pos = args['pos']
|
||||
if pos == -1:
|
||||
largs.append(thing)
|
||||
else:
|
||||
largs.insert(pos, thing)
|
||||
shell = False
|
||||
executable = '' # largs[0] sargs = ' '.join(largs[1:])
|
||||
(exit_code, password,) = lSubprocess(largs, shell, executable, sStdIn=sStdIn)
|
||||
else:
|
||||
debug('len(password)=%d' % len(password))
|
||||
|
||||
# del password, exit_code
|
||||
stdscr = None
|
||||
cycle_index(cyclemethod) #Don't start the program with unrandomized indexes
|
||||
retval = [exit_code, password][:]
|
||||
out = ''
|
||||
exit_code = -1
|
||||
|
||||
return retval
|
||||
|
||||
# should be getpass.getpass compatible
|
||||
def getpass(prompt="", stream=None, tty=None, main_args=None):
|
||||
# what should stream be if curses should be a tty
|
||||
if tty is not None:
|
||||
pass
|
||||
elif stream is not None:
|
||||
tty = os.ttyname(stream.fileno())
|
||||
elif 'GPG_TTY' in os.environ:
|
||||
tty = os.environ['GPG_TTY']
|
||||
else:
|
||||
tty = os.ttyname(sys.stdin.fileno())
|
||||
with open(tty, 'r') as fd:
|
||||
assert fd.isatty(), "The input stream must be a tty: %r" % (tty,)
|
||||
|
||||
if not hasattr(sys, '_stderr'):
|
||||
sys._stderr = sys.stderr
|
||||
sys.stderr = StringIO()
|
||||
|
||||
password = ''
|
||||
exit_code = -1
|
||||
if main_args is None:
|
||||
main_args = ['-H', prompt]
|
||||
else:
|
||||
main_args += ['-H', prompt]
|
||||
try:
|
||||
(exit_code, password,) = main(main_args)
|
||||
info('EXIT: getpass ' + prompt +' ' + repr(password))
|
||||
except KeyboardInterrupt:
|
||||
info('EXIT: getpass KeyboardInterrupt')
|
||||
|
||||
if hasattr(sys, '_stderr'):
|
||||
sys.stderr = sys._stderr
|
||||
|
||||
return password
|
||||
|
||||
def sDialogFget():
|
||||
global oLAST_DIR
|
||||
sBut, sCode = lDialogFselect(oLAST_DIR, height=10, width=50, help_button=False)
|
||||
sOut = ''
|
||||
if sBut == 'ok':
|
||||
sFile = sCode
|
||||
try:
|
||||
with open( sFile, 'rt') as iFd:
|
||||
sOut = iFd.read().strip()
|
||||
except Exception as e:
|
||||
# dunno
|
||||
pass
|
||||
else:
|
||||
if os.path.isdir(sFile):
|
||||
oLAST_DIR = sFile
|
||||
else:
|
||||
oLAST_DIR = os.path.dirname(sFile)
|
||||
oLAST_DIR = oLAST_DIR + '/'
|
||||
return sOut
|
||||
|
||||
def lDialogFselect(sLastDir=None, height=10, width=50, help_button=False, prompt=None):
|
||||
global oDIALOG, oLAST_DIR
|
||||
if oDIALOG is None:
|
||||
oDIALOG = Dialog()
|
||||
if not sLastDir:
|
||||
sLastDir = oLAST_DIR
|
||||
sBut, sCode = oDIALOG.fselect(sLastDir, height, width, help_button=False)
|
||||
return (sBut, sCode,)
|
||||
|
||||
def lDialogCode(sText):
|
||||
lChoices = [("<", "Begin - Add the text at the beginning"),
|
||||
("=", "All - Replace all with the text"),
|
||||
(">", "End - Add the text at the end")]
|
||||
sCode = '='
|
||||
sBut, sCode = oDIALOG.menu(sText, height=16, width=50,
|
||||
choices=lChoices,
|
||||
title="Replace the buffer with file contents",
|
||||
help_button=False)
|
||||
return (sBut, sCode,)
|
||||
|
||||
def lSubprocess(largs, shell=False, executable='', sStdIn=''):
|
||||
|
||||
env = os.environ.copy()
|
||||
if 'PYTHONPATH' in env:
|
||||
del env['PYTHONPATH']
|
||||
debug('executable=' + repr(executable) +' largs=' + repr(largs) ) # + ' len(password)=%d' % len(password)
|
||||
|
||||
yStdoutData = stderrdata = ''
|
||||
try:
|
||||
oProcess = subprocess.Popen(largs,
|
||||
stdin=subprocess.PIPE,
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE,
|
||||
env=env,
|
||||
shell=shell)
|
||||
sleep(3)
|
||||
except Exception as e:
|
||||
error('Popen executable=' + repr(executable) +' largs=' + repr(largs) + '\n' + str(e))
|
||||
exit_code = 1
|
||||
sStdOut = ''
|
||||
else:
|
||||
if sStdIn:
|
||||
(yStdoutData, stderrdata,) = oProcess.communicate(sStdIn.encode())
|
||||
else:
|
||||
#? wait
|
||||
(yStdoutData, stderrdata,) = oProcess.communicate()
|
||||
#? oProcess.close()
|
||||
if stderrdata:
|
||||
sys.stderr.write(stderrdata.decode() + '\n')
|
||||
exit_code = oProcess.returncode
|
||||
sStdOut = yStdoutData.decode()
|
||||
return (exit_code, sStdOut,)
|
||||
|
||||
def main():
|
||||
sargs = sys.argv[1:]
|
||||
if type(sargs) == list and len(sargs) == 1 and sargs[0].find(' ') > 0:
|
||||
lSysArgv = sargs[0].strip().split()
|
||||
else:
|
||||
lSysArgv = sargs
|
||||
# print('DEBUG: ' +repr(sys.argv[1:]) +' ' +repr(type(sys.argv[1:])))
|
||||
if hasattr(sys, 'frozen') and hasattr(sys, '_MEIPASS'):
|
||||
print('DEBUG: running in a PyInstaller bundle')
|
||||
(exit_code, password,) = iMain(lSysArgv)
|
||||
iOUT_FD.write(password+('\n'*newline))
|
||||
password = ''
|
||||
sys.stderr.flush()
|
||||
return exit_code
|
||||
|
||||
if __name__ == '__main__':
|
||||
sys.exit(main())
|
@ -0,0 +1 @@
|
||||
curses
|
@ -0,0 +1,29 @@
|
||||
# -*- mode: python -*-
|
||||
|
||||
|
||||
block_cipher = None
|
||||
|
||||
|
||||
a = Analysis(['./gridfire.py'],
|
||||
pathex=['/usr/local/src/gridfire'],
|
||||
binaries=None,
|
||||
datas=None,
|
||||
hiddenimports=[],
|
||||
hookspath=[],
|
||||
runtime_hooks=[],
|
||||
excludes=[],
|
||||
win_no_prefer_redirects=False,
|
||||
win_private_assemblies=False,
|
||||
cipher=block_cipher)
|
||||
pyz = PYZ(a.pure, a.zipped_data,
|
||||
cipher=block_cipher)
|
||||
exe = EXE(pyz,
|
||||
a.scripts,
|
||||
a.binaries,
|
||||
a.zipfiles,
|
||||
a.datas,
|
||||
name='gridfire',
|
||||
debug=False,
|
||||
strip=False,
|
||||
upx=True,
|
||||
console=True )
|
@ -0,0 +1,47 @@
|
||||
Gridfire is inspired by gpggrid, a security tool included in Tinfoil Hat Linux
|
||||
(http://tinfoilhat.shmoo.com) intended to resist shoulder-surfing and keylogging.
|
||||
For more information on the project, see the README file distributed with Gridfire.
|
||||
|
||||
Gridfire is named after a fictional superweapon in Iain M Banks' Culture novels.
|
||||
See http://everything2.com/title/Gridfire for more.
|
||||
RIP Iain M Banks (1954-02-16 to 2013-06-09)
|
||||
|
||||
usage: gridfire.py [-h] [-a TTYALERT] [-c] [-g] [-u] [-l] [-b] [-o] [-d] [-f]
|
||||
[-p] [-w] [-m METHOD] [-n] [-v VERBOSITY] [-S SINGLE]
|
||||
[-D DOUBLE] [-P POS] [-H HEADER] [-A ANSWER] [-O fd]
|
||||
[STDIN COMMAND [STDIN ARGS ...]]
|
||||
|
||||
positional arguments:
|
||||
STDIN COMMAND Arguments to run a subprocess wih the password in stdin.
|
||||
|
||||
optional arguments:
|
||||
-h, --help show this help message and exit
|
||||
-a TTYALERT, --ttyalert TTYALERT
|
||||
Set the alert mode (none, beep or flash)
|
||||
-c Force concealment of entered text.
|
||||
-g, --grid Ignore other options and behave like gpggrid.
|
||||
-u Allow uppercase letters [A-Z].
|
||||
-l Allow lowercase letters [a-z].
|
||||
-b Allow binary numbers [0-1].
|
||||
-o Allow octal numbers [0-7].
|
||||
-d Allow decimal numbers [0-9].
|
||||
-f Allow hexadecimal numbers [0-9][a-f][A-F].
|
||||
-p Allow punctuation.
|
||||
-w Allow whitespace.
|
||||
-m METHOD, --method METHOD
|
||||
Specify indexing method (0-3, higher is more secure,
|
||||
default=3)
|
||||
-n Append a newline on output.
|
||||
-v VERBOSITY, --verbosity VERBOSITY
|
||||
Specify verbosity (0-5, higher is verbose, default=3)
|
||||
-S SINGLE, --single SINGLE
|
||||
Arg to pass to a subprocess with -SINGLE=password.
|
||||
-D DOUBLE, --double DOUBLE
|
||||
Arg to pass to a subprocess with --DOUBLE=password.
|
||||
-P POS, --pos POS Position to place the Arg to a subprocess with
|
||||
--DOUBLE/SINGLE=password.
|
||||
-H HEADER, --header HEADER
|
||||
Header line as a prompt (default "").
|
||||
-A ANSWER, --answer ANSWER
|
||||
Skip the grid and give the answer (for testing only).
|
||||
|
@ -0,0 +1,16 @@
|
||||
Reading package lists...
|
||||
Building dependency tree...
|
||||
Reading state information...
|
||||
The following packages were automatically installed and are no longer required:
|
||||
arc-theme bsdtar dkms libayatana-appindicator3-1 libshp2 spl-dkms tirdad
|
||||
tirdad-dkms vm-config-dist
|
||||
Use 'sudo apt autoremove' to remove them.
|
||||
Suggested packages:
|
||||
python3-doc
|
||||
The following NEW packages will be installed:
|
||||
python-dialog python3-dialog
|
||||
0 upgraded, 2 newly installed, 0 to remove and 5 not upgraded.
|
||||
1 not fully installed or removed.
|
||||
Need to get 84.7 kB/1,480 kB of archives.
|
||||
After this operation, 3,303 kB of additional disk space will be used.
|
||||
'tor+https://deb.debian.org/debian/pool/main/p/python2-pythondialog/python-dialog_3.3.0-3_amd64.deb' python-dialog_3.3.0-3_amd64.deb 84692 MD5Sum:bdd3168f237ff90677a814e3059e23b0
|
@ -0,0 +1,105 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0`
|
||||
PREFIX=/usr/local
|
||||
ROLE=gpgkey
|
||||
PYVER=3
|
||||
EXE=/var/local/bin/tomb.bash
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/gridfire.rc
|
||||
|
||||
# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
|
||||
# ~/.local/share/python_keyring
|
||||
|
||||
# what goes on stdin - the passwd to the keyfile with the keyfile as an arg?
|
||||
# or open the keyfile?
|
||||
# passwd from gridfire or from keepass
|
||||
|
||||
usage() {
|
||||
echo "Syntax: tomb [options] command [arguments]"
|
||||
echo
|
||||
echo " // Creation:"
|
||||
echo " dig create a new empty TOMB file of size -s in MiB"
|
||||
echo " forge create a new KEY file and set its password"
|
||||
echo " lock installs a lock on a TOMB to use it with KEY"
|
||||
echo
|
||||
echo " // Operations on tombs:"
|
||||
echo " open open an existing TOMB (-k KEY file or - for stdin)"
|
||||
echo " index update the search indexes of tombs"
|
||||
echo " search looks for filenames matching text patterns"
|
||||
echo " list list of open TOMBs and information on them"
|
||||
echo " ps list of running processes inside open TOMBs"
|
||||
echo " close close a specific TOMB (or 'all')"
|
||||
echo " slam slam a TOMB killing all programs using it"
|
||||
[[ $RESIZER == 1 ]] && {
|
||||
echo " resize resize a TOMB to a new size -s (can only grow)"
|
||||
}
|
||||
echo
|
||||
echo " // Operations on keys:"
|
||||
echo " passwd change the password of a KEY (needs old pass)"
|
||||
echo " setkey change the KEY locking a TOMB (needs old key and pass)"
|
||||
echo
|
||||
[[ $QRENCODE == 1 ]] && {
|
||||
echo " // Backup on paper:"
|
||||
echo " engrave makes a QR code of a KEY to be saved on paper"
|
||||
echo
|
||||
}
|
||||
[[ $STEGHIDE == 1 || $CLOAKIFY == 1 || $DECLOAKIFY == 1 ]] && {
|
||||
echo " // Steganography:"
|
||||
[[ $STEGHIDE == 1 ]] && {
|
||||
echo " bury hide a KEY inside a JPEG image (for use with -k)"
|
||||
echo " exhume extract a KEY from a JPEG image (prints to stdout)"
|
||||
}
|
||||
[[ $CLOAKIFY == 1 ]] && {
|
||||
echo " cloak transform a KEY into TEXT using CIPHER (for use with -k)"
|
||||
}
|
||||
[[ $DECLOAKIFY == 1 ]] && {
|
||||
echo " uncloak extract a KEY from a TEXT using CIPHER (prints to stdout)"
|
||||
}
|
||||
echo
|
||||
}
|
||||
echo "Options:"
|
||||
echo
|
||||
echo " -s size of the tomb file when creating/resizing one (in MiB)"
|
||||
echo " -k path to the key to be used ('-k -' to read from stdin)"
|
||||
echo " -n don't launch the execution hooks found in tomb"
|
||||
echo " -p preserve the ownership of all files in tomb"
|
||||
echo " -o options passed to commands: open, lock, forge (see man)"
|
||||
echo " -f force operation (i.e. even if swap is active)"
|
||||
echo " -g use a GnuPG key to encrypt a tomb key"
|
||||
echo " -r provide GnuPG recipients (separated by comma)"
|
||||
echo " -R provide GnuPG hidden recipients (separated by comma)"
|
||||
|
||||
[[ $SPHINX == 1 ]] && {
|
||||
echo " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
|
||||
echo " --sphx-host host associated with the key (for use with pitchforkedsphinx)"
|
||||
}
|
||||
|
||||
[[ $KDF == 1 ]] && {
|
||||
echo " --kdf forge keys armored against dictionary attacks"
|
||||
}
|
||||
|
||||
echo
|
||||
echo " -q run quietly without printing informations"
|
||||
echo " -D print debugging information at runtime"
|
||||
}
|
||||
|
||||
# FixMe: make sure command is first
|
||||
if [ "$#" -eq 0 ] || [ "$1" = '--help' -o "$1" = 'help' ] ; then
|
||||
# usage
|
||||
# exit 0
|
||||
:
|
||||
fi
|
||||
|
||||
LARGS="-H \"tomb $tail\""
|
||||
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
|
||||
if [[ "$*" =~ "-- " ]];then
|
||||
RARGS=`echo $*|sed -e "s/-- /-- $EXE/"`
|
||||
exec $PREFIX/bin/gridfire $LARGS $RARGS
|
||||
else
|
||||
exec $PREFIX/bin/gridfiremake: *** No rule to make target 'up'. Stop.
|
||||
$LARGS -- $EXE "$@"
|
||||
fi
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,6 @@
|
||||
# /e/tmp/To/KeePassXC PAM loing manager integration GitHub.html
|
||||
dbus-send --print-reply --dest=org.keepassxc.KeePassXC.MainWindow \
|
||||
/keepassxc \
|
||||
org.keepassxc.MainWindow.openDatabase \
|
||||
string:Documents/Passwords.kdbx \
|
||||
string:$(keyctl print $key)
|
122
roles/toxcore/overlay/Linux/usr/local/src/gridfire/keepassxc_cmd2/Makefile
Executable file
122
roles/toxcore/overlay/Linux/usr/local/src/gridfire/keepassxc_cmd2/Makefile
Executable file
@ -0,0 +1,122 @@
|
||||
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PROG=keepassxc_cmd2
|
||||
BOX_OS_FLAVOR=`cat /etc/hostname`
|
||||
TMPDIR=/var/tmp
|
||||
|
||||
OVERLAY=/var/local/share/genkernel/overlay/
|
||||
PYVER=3
|
||||
PYMVER=38
|
||||
PLAT=linux
|
||||
# pex broken
|
||||
# PYMVER=37
|
||||
# PLAT=windows
|
||||
|
||||
build=build-$(BOX_OS_FLAVOR)
|
||||
dist=dist-$(BOX_OS_FLAVOR)
|
||||
|
||||
refresh::
|
||||
|
||||
update:: install
|
||||
|
||||
install:: pex bins # pyi
|
||||
|
||||
pyi:: pyinstaller_$(PROG)-$(BOX_OS_FLAVOR)
|
||||
pyinstaller_$(PROG)-$(BOX_OS_FLAVOR):: $(dist)_$(PROG)/$(PROG)
|
||||
$(dist)_$(PROG)/$(PROG):: Makefile $(PWD)/keepassxc_cmd2.py
|
||||
[ -d $(build)_$(PROG) ] || mkdir $(build)_$(PROG)
|
||||
[ -d $(dist)_$(PROG) ] || mkdir $(dist)_$(PROG)
|
||||
[ -f $(PROG).log -a \
|
||||
-e $(dist)_$(PROG)/$(PROG) -a \
|
||||
$(dist)_$(PROG)/$(PROG) -nt $(PWD)/keepassxc_cmd2.py ] || \
|
||||
python$(PYVER).bash -m PyInstaller --clean \
|
||||
--distpath $(dist)_$(PROG) --workpath $(build)_$(PROG) \
|
||||
--onefile -c --ascii \
|
||||
--name $(PROG)_pyi-$(BOX_OS_FLAVOR) \
|
||||
--additional-hooks-dir packaging/pyinstaller \
|
||||
--hidden-import wcwidth \
|
||||
--exclude-module macOS \
|
||||
$(PWD)/keepassxc_cmd2.py \
|
||||
> $(PROG).log 2>&1
|
||||
! grep ERROR: $(PROG).log
|
||||
[ -e $(dist)_$(PROG)/$(PROG) -a -e $(dist)_$(PROG)/$(PROG)_pyi-$(BOX_OS_FLAVOR) ] || \
|
||||
ln $(dist)_$(PROG)/$(PROG)_pyi-$(BOX_OS_FLAVOR) $(dist)_$(PROG)/$(PROG)
|
||||
|
||||
cxFreeze:: cxFreeze-$(BOX_OS_FLAVOR)
|
||||
cxFreeze-$(BOX_OS_FLAVOR)::
|
||||
[ -e cxfreeze_main.py ] || ln -s ../cxfreeze_main.py
|
||||
[ -f $(PROG).spec ] || pyi-makespec ./$(PROG).py -F -c
|
||||
[ -f $(PROG).spec.Linux ] || cp -p $(PROG).spec $(PROG).spec.Linux
|
||||
[ -d cxFreeze-$(BOX_OS_FLAVOR) ] || mkdir cxFreeze-$(BOX_OS_FLAVOR)
|
||||
python3 ./cxfreeze_main.py -c \
|
||||
--target-dir cxFreeze-$(BOX_OS_FLAVOR) $(PROG).py \
|
||||
>cxFreeze-$(BOX_OS_FLAVOR).log 2>&1
|
||||
|
||||
# No bundling of so's - not a freezer
|
||||
pex:: clean
|
||||
[ -d dist/dist-$(BOX_OS_FLAVOR)/ ] || mkdir -p dist/dist-$(BOX_OS_FLAVOR)
|
||||
[ -n "${MSYSTEM}" ] || $(MAKE) $(MFLAGS) dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex
|
||||
|
||||
dist/dist-Windows/$(PROG).pex:: Makefile $(PROG).py
|
||||
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
|
||||
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
--platform windows_x86_64-cp-27-cp27mu \
|
||||
--platform windows_x86_64-cp-37-cp37mu
|
||||
zip -d $@ build-\*/\* dist-\*/\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
# ERROR: No matching distribution found for wcwidth (from -r keepassxc_cmd2.reqs (line 1))
|
||||
# -r $(PROG).reqs
|
||||
dist/dist-Kick150154/$(PROG).pex:: Makefile $(PROG).py
|
||||
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
|
||||
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
|
||||
-f /usr/lib/python3/dist-packages/ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
--platform linux_x86_64-cp-27-cp27mu \
|
||||
--platform linux_x86_64-cp-37-cp37mu
|
||||
zip -d $@ build-\*/\* dist-\*/\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
dist/dist-pentoo/$(PROG).pex:: Makefile $(PROG).py
|
||||
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
|
||||
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
--platform linux_x86_64-cp-27-cp27mu \
|
||||
--platform linux_x86_64-cp-38-cp38mu
|
||||
zip -d $@ build-\*/\* dist-\*/\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
dist/dist-devuan/$(PROG).pex:: Makefile $(PROG).py
|
||||
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
|
||||
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
|
||||
--no-index --ignore-errors --inherit-path=prefer \
|
||||
--platform linux_x86_64-cp-39-cp39mu
|
||||
zip -d $@ build-\*/\* dist-\*/\* \
|
||||
\*/.git/\* \*.log __pycache__/\* >/dev/null
|
||||
|
||||
bins:: pex
|
||||
[ -f dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex -a \
|
||||
../../../bin/$(PROG).pex -nt dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ] || \
|
||||
cp -p dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ../../../bin
|
||||
|
||||
test::
|
||||
# ./keepassxc_cmd2.py < *2 keepassxc_cmd2.cmd2
|
||||
[ -f ${TMPDIR}/test4.kdbx -o -f ${TMPDIR}/test4.key ] || \
|
||||
cp -p ../pykeepass/tests/*y ../pykeepass/tests/*x ${TMPDIR}
|
||||
/usr/local/bin/python3.sh $(PROG).py < keepassxc_kpy.cmd2
|
||||
/usr/local/bin/python3.sh $(PROG).py run_script keepassxc_cli.cmd2
|
||||
echo -n password | /usr/local/bin/python3.sh $(PROG).py \
|
||||
run_script keepassxc_stdin.cmd2
|
||||
[ ! -f dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ] || \
|
||||
{ dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex < keepassxc_kpy.cmd2 ; \
|
||||
echo INFO: tested dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ; }
|
||||
|
||||
clean::
|
||||
rm -f */*~ *~
|
||||
|
||||
up:: clean
|
||||
$(MAKE) $(MFLAGS) -C .. $@
|
||||
|
||||
down:: clean
|
||||
$(MAKE) $(MFLAGS) -C .. $@
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,26 @@
|
||||
#!/usr/local/bin/python3.sh
|
||||
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
|
||||
import os,sys
|
||||
# if not hasattr(sys, 'frozen'):
|
||||
try:
|
||||
#keepassxc_cmd2
|
||||
from . import ansi
|
||||
Fg=ansi.Fg
|
||||
Bg=ansi.Bg
|
||||
except Exception:
|
||||
def green(s): return s
|
||||
def red(s): return s
|
||||
def yellow(s): return s
|
||||
def blue(s): return s
|
||||
ansi = None
|
||||
else:
|
||||
def green(s): return f"{Fg.GREEN}{s} {Fg.RESET}"
|
||||
def red(s): return f"{Fg.RED}{s} {Fg.RESET}"
|
||||
def yellow(s): return f"{Fg.YELLOW}{s} {Fg.RESET}"
|
||||
def blue(s): return f"{Fg.LIGHT_BLUE}{s} {Fg.RESET}"
|
||||
|
||||
def info(s): return green(s)
|
||||
def error(s): return red(s)
|
||||
def warn(s): return yellow(s)
|
||||
def debug(s): return blue(s)
|
@ -0,0 +1,59 @@
|
||||
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
|
||||
import cx_Freeze
|
||||
from cx_Freeze import cli
|
||||
|
||||
def main(constants):
|
||||
# options = cx_Freeze.ParseCommandLine()
|
||||
parser = cli.prepare_parser()
|
||||
args = cli.parse_command_line(parser)
|
||||
executables = [cx_Freeze.Executable(args.script,
|
||||
args.init_script,
|
||||
args.base_name,
|
||||
args.target_name,
|
||||
args.icon)
|
||||
]
|
||||
args.includes += ['wcwidth']
|
||||
args.excludes += ['numpy', 'sphinx', 'matplotlib', 'numpy', 'PyQt5', 'pandas', 'babel', 'wx', 'pythran', 'scipy', 'notebook', 'PySide2']
|
||||
# 11704 cxFreeze-Pentoo/lib/sphinx/
|
||||
# 14544 cxFreeze-Pentoo/lib/matplotlib/
|
||||
# 18972 cxFreeze-Pentoo/lib/numpy/
|
||||
# 21744 cxFreeze-Pentoo/lib/PyQt5/
|
||||
# 29188 cxFreeze-Pentoo/lib/pandas/
|
||||
# 29784 cxFreeze-Pentoo/lib/babel/
|
||||
# 32468 cxFreeze-Pentoo/lib/wx/
|
||||
# 36256 cxFreeze-Pentoo/lib/pythran/
|
||||
# 49152 cxFreeze-Pentoo/lib/scipy/
|
||||
# 218816 cxFreeze-Pentoo/lib/notebook/
|
||||
# 407960 cxFreeze-Pentoo/lib/PySide2/
|
||||
args.zip_include_packages='*'
|
||||
args.zip_exclude_packages=''
|
||||
freezer = cx_Freeze.Freezer(executables,
|
||||
includes=args.includes,
|
||||
excludes=args.excludes,
|
||||
packages=args.packages,
|
||||
replacePaths=args.replace_paths,
|
||||
compress=args.compress,
|
||||
optimizeFlag=args.optimize_flag,
|
||||
targetDir=args.target_dir,
|
||||
includeFiles=args.include_files,
|
||||
zipIncludes=args.zip_includes,
|
||||
silent=args.silent,
|
||||
zipIncludePackages=args.zip_include_packages,
|
||||
zipExcludePackages=args.zip_exclude_packages,
|
||||
)
|
||||
freezer.Freeze()
|
||||
return 0
|
||||
|
||||
if __name__ == '__main__':
|
||||
from cx_Freeze import freezer
|
||||
constants = freezer.ConstantsModule()
|
||||
try:
|
||||
i = main(constants)
|
||||
except KeyboardInterrupt:
|
||||
i =0
|
||||
sys.exit(i)
|
@ -0,0 +1,25 @@
|
||||
|
||||
|
||||
Available commands:
|
||||
add Add a new entry to a database.
|
||||
analyze Analyze passwords for weaknesses and problems.
|
||||
clip Copy an entry's attribute to the clipboard.
|
||||
close Close the currently opened database.
|
||||
db-create Create a new database.
|
||||
db-info Show a database's information.
|
||||
diceware Generate a new random diceware passphrase.
|
||||
edit Edit an entry.
|
||||
estimate Estimate the entropy of a password.
|
||||
export Exports the content of a database to standard output in the specified format.
|
||||
generate Generate a new random password.
|
||||
help Display command help.
|
||||
import Import the contents of an XML database.
|
||||
locate Find entries quickly.
|
||||
ls List database entries.
|
||||
merge Merge two databases.
|
||||
mkdir Adds a new group to a database.
|
||||
mv Moves an entry to a new group.
|
||||
open Open a database.
|
||||
rm Remove an entry from the database.
|
||||
rmdir Removes a group from a database.
|
||||
show Show an entry's information.
|
@ -0,0 +1,40 @@
|
||||
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set debug true
|
||||
cli generate
|
||||
cli diceware -- -q --words 3
|
||||
|
||||
get_kdbx /var/tmp/test4.kdbx
|
||||
cli db-info
|
||||
get_pass password
|
||||
get_keyfile /var/tmp/test4.key
|
||||
|
||||
# no arguments
|
||||
cli db-info
|
||||
cli ls
|
||||
cli help
|
||||
|
||||
shell rm -f /var/tmp/test4.xml
|
||||
shell cp /var/tmp/test4.kdbx /var/tmp/cli4.kdbx
|
||||
|
||||
get_kdbx /var/tmp/cli4.kdbx
|
||||
get_keyfile /var/tmp/test4.key
|
||||
get_pass password
|
||||
|
||||
cli db-info
|
||||
|
||||
cli mkdir email
|
||||
# --url http://goo.gl
|
||||
# cli add email/gmail -u foo --generate --length 8
|
||||
cli add email/gmail
|
||||
cli show email/gmail
|
||||
cli show -s email/gmail
|
||||
|
||||
# set sPassword
|
||||
set sKeyfile
|
||||
set sKdbx
|
||||
|
||||
help
|
||||
#help cli
|
||||
#help kpy
|
@ -0,0 +1,503 @@
|
||||
#!/var/local/bin/python3.bash
|
||||
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
|
||||
from __future__ import unicode_literals, print_function
|
||||
|
||||
"""
|
||||
|
||||
|
||||
"""
|
||||
|
||||
import os,sys,io
|
||||
import argparse
|
||||
import random
|
||||
import base64
|
||||
import curses
|
||||
|
||||
from keepassxc_doc import (dCLI_HELP, dKPY_HELP,)
|
||||
|
||||
try:
|
||||
from dialog import Dialog
|
||||
except ImportError:
|
||||
Dialog = None
|
||||
oDIALOG = None
|
||||
oLAST_DIR = '/tmp/'
|
||||
|
||||
try:
|
||||
import keyutils
|
||||
except ImportError:
|
||||
keyutils = None
|
||||
|
||||
oKP=None
|
||||
|
||||
sGridDir = '/usr/local/src/gridfire'
|
||||
if os.path.isdir(sGridDir):
|
||||
sGridDir in sys.path or sys.path.append(sGridDir)
|
||||
|
||||
lCLI_WORDS_key_dbx = [ 'add', 'analyze', 'clip', 'close',
|
||||
'db-create', 'db-info',
|
||||
'edit', 'estimate', 'export', 'format',
|
||||
'import', 'locate', 'ls', 'merge', 'mkdir',
|
||||
'mv', 'open', 'rm', 'rmdir', 'show']
|
||||
|
||||
lCLI_WORDS_nokey_nodbx = ['help', 'generate', 'diceware',]
|
||||
cli_item_strs = lCLI_WORDS_nokey_nodbx + lCLI_WORDS_key_dbx
|
||||
|
||||
kpy_choices = ['open', 'eval', 'save', 'close', 'dump_xml', 'help']
|
||||
kpy_new = ['add_binary_base64', 'get_binary_base64', 'get_binary_file']
|
||||
kpy_methods = ['add_binary', 'add_entry', 'add_group', 'attachments', 'binaries', 'delete_binary', 'delete_entry', 'delete_group', 'deref', 'dump_xml', 'encryption_algorithm', 'entries', 'filename', 'find_attachments', 'find_entries', 'find_entries_by_notes', 'find_entries_by_password', 'find_entries_by_path', 'find_entries_by_string', 'find_entries_by_title', 'find_entries_by_url', 'find_entries_by_username', 'find_entries_by_uuid', 'find_groups', 'find_groups_by_name', 'find_groups_by_notes', 'find_groups_by_path', 'find_groups_by_uuid', 'groups', 'kdbx', 'kdf_algorithm', 'keyfile', 'move_entry', 'move_group', 'password', 'read', 'root_group', 'save', 'transformed_key', 'tree', 'version', 'xml'] + kpy_new
|
||||
|
||||
sGridDir = '/usr/local/src/cmd2'
|
||||
if os.path.isdir(sGridDir):
|
||||
sGridDir in sys.path or sys.path.append(sGridDir)
|
||||
import cmd2
|
||||
from cmd2_ansi import *
|
||||
|
||||
oSCR=None
|
||||
|
||||
class CmdLineApp(cmd2.Cmd):
|
||||
"""keepassxc cmd2 application using keepassxc-cli and pykeepass."""
|
||||
|
||||
# Setting this true makes it run a shell command if a cmd2/cmd command doesn't exist
|
||||
# default_to_shell = True
|
||||
def __init__(self):
|
||||
self.sPassword = ''
|
||||
self.sKeyfile = ''
|
||||
self.sKdbx = ''
|
||||
self.sGridfire = ''
|
||||
self.oPyKdbx = ''
|
||||
shortcuts = dict(cmd2.DEFAULT_SHORTCUTS)
|
||||
shortcuts.update({'&': 'kpy'})
|
||||
super().__init__(allow_cli_args=False, multiline_commands=['orate'], shortcuts=shortcuts)
|
||||
|
||||
self.self_in_py = True
|
||||
|
||||
# Make sPassword settable at runtime
|
||||
self.add_settable(cmd2.Settable('sPassword', str, 'password for keepassxc', self))
|
||||
# Make sKeyfile settable at runtime
|
||||
self.add_settable(cmd2.Settable('sKeyfile', str, 'keyfile for keepassxc', self))
|
||||
# Make sKdbx settable at runtime
|
||||
self.add_settable(cmd2.Settable('sKdbx', str, 'kdbx for keepassxc', self))
|
||||
|
||||
# Make sGridfire settable at runtime
|
||||
self.add_settable(cmd2.Settable('sGridfire', str, 'gridfire for keepassxc', self))
|
||||
|
||||
# Should ANSI color output be allowed
|
||||
if not hasattr(sys, 'frozen') and ansi:
|
||||
self.allow_style = ansi.AllowStyle.TERMINAL
|
||||
|
||||
clean_parser = cmd2.Cmd2ArgumentParser()
|
||||
clean_parser.add_argument('-r', '--recycle', type=int, help='Just clean the recycle bin')
|
||||
|
||||
@cmd2.with_argparser(clean_parser)
|
||||
def do_clean_kdbx(self, args):
|
||||
"""Cleans all of the entries and groups from a kdbx"""
|
||||
|
||||
if self.oPyKdbx == '':
|
||||
self.poutput(red('cle: ! ') + 'Open database first' )
|
||||
return
|
||||
|
||||
kp = self.oPyKdbxf
|
||||
for group in kp.groups:
|
||||
if group != kp.root_group:
|
||||
_=sys.stderr.write( 'deleting group ' +str(group) +'\n')
|
||||
kp.delete_group(group)
|
||||
else:
|
||||
entries = kp.entries
|
||||
for entry in entries:
|
||||
_=sys.stderr.write( 'deleted entries ' +str(entry) +'\n')
|
||||
entry.delete()
|
||||
|
||||
getpass_parser = cmd2.Cmd2ArgumentParser()
|
||||
getpass_parser.add_argument('words', nargs='*', help='arguments')
|
||||
@cmd2.with_argparser(getpass_parser)
|
||||
def do_get_pass(self, args):
|
||||
"""Get the password, and set the variable sPassword."""
|
||||
if args.words:
|
||||
if args.words[0] == '-':
|
||||
self.sPassword = sys.stdin.read()
|
||||
else:
|
||||
self.sPassword = args.words[0]
|
||||
self.poutput(green('Pas: . ') +self.sPassword)
|
||||
return
|
||||
from gridfire import getpass
|
||||
if self.sKdbx:
|
||||
sPrompt = 'Password for ' +self.sKdbx
|
||||
else:
|
||||
sPrompt = 'Password for keepassxc_cmd2'
|
||||
oTty = os.ttyname(sys.__stdin__.fileno())
|
||||
oRet = getpass(prompt=sPrompt, stream=None, tty=oTty, main_args=None)
|
||||
if oRet:
|
||||
self.sPassword = oRet
|
||||
self.poutput(green('Pas: . ') +self.sPassword)
|
||||
do_get_sPassword = do_get_pass
|
||||
|
||||
getkeyfile_parser = cmd2.Cmd2ArgumentParser()
|
||||
getkeyfile_parser.add_argument('words', nargs='*', help='arguments')
|
||||
@cmd2.with_argparser(getkeyfile_parser)
|
||||
def do_get_keyfile(self, args):
|
||||
"""Get the name of the key file, and set the variable sKeyfile."""
|
||||
if len(args.words) and os.path.isfile(args.words[0]):
|
||||
self.sKeyfile = args.words[0]
|
||||
self.poutput(green('Key: . ') +str(self.sKeyfile))
|
||||
return
|
||||
|
||||
# you will first need to save the tty modes with a call to def_prog_mode()
|
||||
# and then call endwin() to end the curses mode. This will leave you in the
|
||||
# original tty mode. To get back to curses once you are done, call
|
||||
# reset_prog_mode() . This function returns the tty to the state stored by
|
||||
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
|
||||
from gridfire import lDialogFselect
|
||||
oRet = lDialogFselect()
|
||||
try:
|
||||
curses.def_prog_mode()
|
||||
curses.endwin()
|
||||
except Exception as e:
|
||||
# must call initscr() first
|
||||
# global oSCR; if oSCR is none: oSCR=curses.initscr()
|
||||
pass
|
||||
|
||||
if len(oRet) == 2 and oRet[0] == 'ok':
|
||||
self.sKeyfile = oRet[1]
|
||||
self.poutput(green('key: . ') +str(self.sKeyfile))
|
||||
do_get_sKeyfile = do_get_keyfile
|
||||
|
||||
getkdbx_parser = cmd2.Cmd2ArgumentParser()
|
||||
getkdbx_parser.add_argument('words', nargs='*', help='arguments')
|
||||
@cmd2.with_argparser(getkdbx_parser)
|
||||
def do_get_kdbx(self, args):
|
||||
"""Get the name of the kdbx database file, and set the variable sKbx."""
|
||||
if len(args.words):
|
||||
self.sKdbx = args.words[0]
|
||||
if os.path.isfile(args.words[0]):
|
||||
self.poutput(green('Kdb: . ') +str(self.sKdbx))
|
||||
else:
|
||||
self.poutput(red('Kdb: ! File not found ') +str(self.sKdbx))
|
||||
return
|
||||
|
||||
from gridfire import curses
|
||||
# you will first need to save the tty modes with a call to def_prog_mode()
|
||||
# and then call endwin() to end the curses mode. This will leave you in the
|
||||
# original tty mode. To get back to curses once you are done, call
|
||||
# reset_prog_mode() . This function returns the tty to the state stored by
|
||||
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
|
||||
from gridfire import lDialogFselect
|
||||
oRet = lDialogFselect()
|
||||
try:
|
||||
# Is this needed? Between FSelect and gridfire is the idea
|
||||
# but it errors with initscr() not called when called here
|
||||
curses.def_prog_mode(); curses.endwin()
|
||||
except Exception: pass
|
||||
|
||||
if len(oRet) == 2 and oRet[0] == 'ok':
|
||||
self.sKdbx = oRet[1]
|
||||
self.poutput(green('dbx: . ') +str(self.sKdbx))
|
||||
do_get_sKdbx = do_get_kdbx
|
||||
|
||||
def cli_help(sel, sElt):
|
||||
if sElt and sElt in dCLI_HELP:
|
||||
self.poutput(green('cli: help ') +sElt +dCLI_HELP[sElt])
|
||||
else:
|
||||
self.poutput(green('kpy: help ') +'one of: ' \
|
||||
+' '.join(dCLI_HELP.keys()))
|
||||
|
||||
qdbus_parser = cmd2.Cmd2ArgumentParser()
|
||||
qdbus_parser.add_argument('words', nargs='*', help='arguments')
|
||||
@cmd2.with_argparser(qdbus_parser)
|
||||
def do_qdbus(self, args):
|
||||
"""."""
|
||||
|
||||
MainWindow='org.keepassxc.KeePassXC.MainWindow'
|
||||
def qdbus(s): os.system('qdbus ' +s)
|
||||
|
||||
if not args.words or args.words[0] == "help":
|
||||
self.poutput(green('bus: ? ') +'one of: ' \
|
||||
'open close exit')
|
||||
return
|
||||
|
||||
sCommand = args.words[0]
|
||||
if sCommand == "open":
|
||||
# Open keepassxc database: without password and key file
|
||||
qdbus # MainWindow +' /keepassxc ' +MainWindow.openDatabase /path/to/database.kdbx
|
||||
|
||||
elif sCommand == "open":
|
||||
# Open keepassxc database: with password but without key file
|
||||
qdbus # MainWindow +' /keepassxc ' +MainWindow.openDatabase /path/to/database.kdbx passwd
|
||||
|
||||
elif sCommand == "open":
|
||||
# Open keepassxc database: with password and key file
|
||||
qdbus # MainWindow +' /keepassxc ' +MainWindow.openDatabase /path/to/database.kdbx passwd /path/to/key
|
||||
|
||||
elif sCommand == "lock":
|
||||
# Lock all keepassxc databases
|
||||
qdbus # MainWindow +' /keepassxc ' +MainWindow.lockAllDatabases
|
||||
elif sCommand == "close":
|
||||
# Close all keepassxc databases
|
||||
qdbus # MainWindow +' /keepassxc ' +MainWindow.closeAllDatabases
|
||||
|
||||
elif sCommand == "exit":
|
||||
# Exit keepassxc
|
||||
qdbus(MainWindow +' /keepassxc ' +MainWindow +'.exit')
|
||||
|
||||
return
|
||||
|
||||
cli_parser = cmd2.Cmd2ArgumentParser()
|
||||
cli_parser.add_argument('cli', help='Enter name cli command', choices=cli_item_strs)
|
||||
cli_parser.add_argument('words', nargs='*', help='cli command arguments')
|
||||
@cmd2.with_argparser(cli_parser)
|
||||
def do_cli(self, args):
|
||||
"""Call keepassxc-cli with the kdbx database file and a cli command."""
|
||||
sStdIn = ''
|
||||
if args.cli in ['help', '--help', ]:
|
||||
if args.words and args.words[0] in dCLI_HELP:
|
||||
sElt = args.words[0]
|
||||
self.poutput(green('cli: ? ') +sElt +dCLI_HELP[sElt])
|
||||
else:
|
||||
self.poutput(green('cli: ? ') +'one of: ' \
|
||||
+' '.join(dCLI_HELP.keys()))
|
||||
return
|
||||
if args.words and args.words[0] in ['help', '--help', ]:
|
||||
sElt = args.cli
|
||||
return
|
||||
if args.cli in lCLI_WORDS_nokey_nodbx:
|
||||
largs = ['keepassxc-cli.bash', args.cli] + args.words
|
||||
elif args.cli in lCLI_WORDS_key_dbx:
|
||||
if self.sPassword == '':
|
||||
self.poutput(red('cli: ! ') + 'We require a password using get_pass' )
|
||||
return
|
||||
sStdIn = self.sPassword
|
||||
if not self.sKdbx or not os.path.isfile(self.sKdbx):
|
||||
self.poutput(red('cli: ! ') + 'We require a kbx file using get_kdbx' )
|
||||
return
|
||||
if not self.sKeyfile or not os.path.isfile(self.sKeyfile):
|
||||
self.poutput(yellow('cli: = ') + 'Not using a keyfile' )
|
||||
largs = ['keepassxc-cli.bash', args.cli]
|
||||
else:
|
||||
largs = ['keepassxc-cli.bash', args.cli, '-k', self.sKeyfile]
|
||||
largs += ['-q', self.sKdbx] +args.words
|
||||
|
||||
if len(sStdIn):
|
||||
self.poutput(blue('cli: . ') +' Using a password of len' +str(len(sStdIn)))
|
||||
from gridfire import lSubprocess
|
||||
self.poutput(blue('cli: < ') +' Calling ' +' '.join(largs))
|
||||
shell = False
|
||||
executable = '' # largs[0] sargs = ' '.join(largs[1:])
|
||||
(exit_code, sStdout,) = lSubprocess(largs, shell, executable, sStdIn)
|
||||
if exit_code == 0:
|
||||
if sStdout is not None:
|
||||
if sStdout.find('\n') > 0:
|
||||
for sLine in sStdout.split('\n'):
|
||||
self.poutput(green('cli: > ') +sLine)
|
||||
else:
|
||||
self.poutput(green('cli: > ') +repr(sStdout))
|
||||
else:
|
||||
if sStdout is not None:
|
||||
self.poutput(red('cli: > ') +repr(sStdout))
|
||||
|
||||
kpy_parser = cmd2.Cmd2ArgumentParser()
|
||||
clean_parser.add_argument('-K', '--session_add_key', type=str,
|
||||
help='session_add_key some-description')
|
||||
kpy_parser.add_argument('kpy', help='Enter name kpy command',
|
||||
choices=kpy_choices+kpy_methods+['_xpath'])
|
||||
kpy_parser.add_argument('words', nargs='*', help='kpy command arguments')
|
||||
@cmd2.with_argparser(kpy_parser)
|
||||
def do_kpy(self, args):
|
||||
"""Call the Python oKP with the database and a kpy method or attribute."""
|
||||
global oKP
|
||||
if args.kpy in ['help', '--help', ]:
|
||||
if args.words and args.words[0] in dKPY_HELP:
|
||||
sElt = args.words[0]
|
||||
self.poutput(green('kpy: help ') +sElt +' - ' +dKPY_HELP[sElt])
|
||||
else:
|
||||
self.poutput(green('kpy: help ') +'one of: ' \
|
||||
+' '.join(dKPY_HELP.keys()))
|
||||
return
|
||||
if args.words and args.words[0] in ['help', '--help', ]:
|
||||
sElt = args.kpy
|
||||
if sElt and sElt in dKPY_HELP:
|
||||
self.poutput(green('kpy: help ') +sElt +' - ' +dKPY_HELP[sElt])
|
||||
else:
|
||||
self.poutput(green('kpy: help ') +'one of: ' \
|
||||
+' '.join(dKPY_HELP.keys()))
|
||||
return
|
||||
|
||||
if args.kpy == 'open' and self.oPyKdbx != '':
|
||||
self.poutput(red('kpy: ! ') + 'Close the open database first' )
|
||||
return
|
||||
if args.kpy == 'open' and self.oPyKdbx == '':
|
||||
if not self.sKdbx or not os.path.isfile(self.sKdbx):
|
||||
self.poutput(red('kpy: ! ') + 'We require a kbx file using get_kdbx' )
|
||||
return
|
||||
|
||||
if self.sPassword == '':
|
||||
self.poutput(red('kpy: ! ') + 'We require a password using get_pass' )
|
||||
return
|
||||
|
||||
if not self.sKeyfile or not os.path.isfile(self.sKeyfile):
|
||||
self.poutput(yellow('kpy: = ') + 'Not using a keyfile' )
|
||||
|
||||
from pykeepass import PyKeePass
|
||||
try:
|
||||
oKP = PyKeePass(self.sKdbx, password=self.sPassword, keyfile=self.sKeyfile or None)
|
||||
|
||||
except Exception as e:
|
||||
self.poutput(red('kpy: ! ') + 'Failed opening a database ' +str(e))
|
||||
return
|
||||
|
||||
oKP.filename = self.sKdbx
|
||||
oKP.password = self.sPassword
|
||||
oKP.keyfile = self.sKeyfile or None
|
||||
# oKP.save()
|
||||
self.oPyKdbx = oKP
|
||||
self.poutput(green('kpy: . ') + 'Opened a database ' +repr(oKP))
|
||||
if args.session_add_key:
|
||||
yVal = self.password.encode()
|
||||
yDesc = args.session_add_key.encode()
|
||||
session_add_key(yDesc, yVal)
|
||||
g`< self.poutput(green('kpy: . ') + 'Added session key ' +args.session_add_key)
|
||||
return
|
||||
if args.kpy in ['close', 'save']+kpy_methods and not self.oPyKdbx:
|
||||
self.poutput(red('kpy: ! ') + 'Open a database before using ' +args.kpy )
|
||||
return
|
||||
if args.kpy == 'close' and self.oPyKdbx:
|
||||
self.oPyKdbx = oKP = None
|
||||
self.poutput(green('kpy: . ') + 'Closed the open database' )
|
||||
return
|
||||
if args.kpy in ['read', 'dump_xml'] and self.oPyKdbx:
|
||||
if len(args.words) < 1:
|
||||
self.poutput(red('kpy: ! ') + 'Filename required to ' +args.kpy +' a database' )
|
||||
return
|
||||
sLine = args.words[0]
|
||||
if args.kpy in ['read']:
|
||||
self.poutput(blue('kpy: . ') +args.kpy +' kdbx from '+sLine)
|
||||
elif args.kpy in ['dump_xml']:
|
||||
self.poutput(blue('kpy: . ') +args.kpy +' kdbx to '+sLine)
|
||||
oMeth = getattr(self.oPyKdbx, args.kpy)
|
||||
o = oMeth(*args.words)
|
||||
self.poutput(green('kpy: < ') + args.kpy +' ' +repr(o))
|
||||
return
|
||||
|
||||
if args.kpy in kpy_methods+['_xpath'] and self.oPyKdbx: # 'save'
|
||||
|
||||
if args.kpy in [ 'add_entry', 'add_group']:
|
||||
self.poutput(yellow('kpy: = ') + 'Unsupported: ' +args.kpy )
|
||||
return
|
||||
|
||||
if args.kpy == 'get_binary_base64':
|
||||
oMeth = getattr(self.oPyKdbx, 'binaries')[int(args.words[0])]
|
||||
oMeth = base64.b64encode(oMeth)
|
||||
elif args.kpy == 'add_binary_base64':
|
||||
args.kpy = 'add_binary'
|
||||
oMeth = getattr(self.oPyKdbx, args.kpy)
|
||||
args.words = [base64.b64decode(args.words[0])]
|
||||
# compressed=True, protected=True
|
||||
elif args.kpy == 'add_binary_file':
|
||||
args.kpy = 'add_binary'
|
||||
oMeth = getattr(self.oPyKdbx, args.kpy)
|
||||
with open(args.words[0], 'rb') as iFd:
|
||||
oMeth = iFd.read()
|
||||
# compressed=True, protected=True
|
||||
else:
|
||||
oMeth = getattr(self.oPyKdbx, args.kpy)
|
||||
if args.kpy == 'delete_binary':
|
||||
args.words = [int(args.words[0])]
|
||||
if not callable(oMeth):
|
||||
o = oMeth
|
||||
elif len(args.words):
|
||||
o = oMeth(*args.words)
|
||||
else:
|
||||
o = oMeth()
|
||||
|
||||
if type(o) is type(None) or o is None:
|
||||
s = ''
|
||||
elif type(o) in [list, tuple] and len(o):
|
||||
# xpath
|
||||
if 'text' in dir(o[0]):
|
||||
# lxml.etree._Element
|
||||
s = o[0].text
|
||||
else:
|
||||
s = repr(list(map(str,o)))
|
||||
elif type(o) == str:
|
||||
s = o
|
||||
else:
|
||||
s = repr(o)
|
||||
|
||||
self.poutput(green('kpy: < ') +args.kpy +': ' +s )
|
||||
return
|
||||
if args.kpy in ['exec', 'eval'] and not self.oPyKdbx:
|
||||
self.poutput(yellow('kpy: = ') + 'Usually open a database first' )
|
||||
|
||||
if args.kpy == 'eval':
|
||||
from io import StringIO
|
||||
|
||||
sLine = ' '.join(args.words)
|
||||
self.poutput(blue('kpy: > ') +str(sLine))
|
||||
old = sys.stdout
|
||||
exit_code = 0
|
||||
try:
|
||||
sys.stdout = StringIO()
|
||||
dLocals = {}
|
||||
dLocals['oKP'] = oKP
|
||||
if True:
|
||||
# sStdout = eval(compile(sLine, 'single', 'exec'), globals(), dLocals)
|
||||
sStdout = eval(sLine, globals(), dLocals)
|
||||
else:
|
||||
exec(compile(sLine, 'single', 'exec'))
|
||||
sys.stdout.seek(0)
|
||||
sStdout = sys.stdout.read()
|
||||
finally:
|
||||
sys.stdout = old
|
||||
|
||||
if not sStdout:
|
||||
pass
|
||||
elif exit_code == 0:
|
||||
self.poutput(green('kpy: < ') +str(sStdout))
|
||||
else:
|
||||
self.poutput(red('kpy: ! ') +str(sStdout))
|
||||
|
||||
def session_add_key(yDesc,yVal):
|
||||
|
||||
from keyutils import join_session_keyring, add_key, request_key, set_perm
|
||||
|
||||
iSk=join_session_keyring()
|
||||
assert type(iSk) == int
|
||||
|
||||
iKey = add_key(yDesc, yVal, iSk)
|
||||
assert iKey >= 0
|
||||
|
||||
key_id=request_key(yDesc, iSk)
|
||||
assert key_id > 0
|
||||
|
||||
set_perm(key_id, 0x3f1f0000)
|
||||
info('session_add_key(' +yDesc +')')
|
||||
|
||||
|
||||
def main(argv=None):
|
||||
"""Run when invoked from the operating system shell"""
|
||||
|
||||
parser = cmd2.Cmd2ArgumentParser(description='Commands as arguments')
|
||||
command_help = 'optional command to run, if no command given, enter an interactive shell'
|
||||
parser.add_argument('command', nargs='?', help=command_help)
|
||||
arg_help = 'optional arguments for command'
|
||||
parser.add_argument('command_args', nargs=argparse.REMAINDER, help=arg_help)
|
||||
|
||||
args = parser.parse_args(argv)
|
||||
|
||||
c = CmdLineApp()
|
||||
|
||||
sys_exit_code = 0
|
||||
if args.command:
|
||||
# we have a command, run it and then exit
|
||||
c.onecmd_plus_hooks('{} {}'.format(args.command, ' '.join(args.command_args)))
|
||||
else:
|
||||
# we have no command, drop into interactive mode
|
||||
sys_exit_code = c.cmdloop()
|
||||
|
||||
return sys_exit_code
|
||||
|
||||
if __name__ == '__main__':
|
||||
try:
|
||||
sys.exit(main())
|
||||
except io.UnsupportedOperation:
|
||||
pass
|
||||
|
@ -0,0 +1,4 @@
|
||||
wcwidth
|
||||
cmd2
|
||||
typing-extensions>=3.6.4
|
||||
importlib-metadata>=4.6.1
|
@ -0,0 +1,33 @@
|
||||
# -*- mode: python ; coding: utf-8 -*-
|
||||
|
||||
block_cipher = None
|
||||
|
||||
|
||||
a = Analysis(['keepassxc_cmd2.py'],
|
||||
pathex=['/usr/local/src/gridfire/keepassxc_cmd2'],
|
||||
binaries=[],
|
||||
datas=[],
|
||||
hiddenimports=[],
|
||||
hookspath=[],
|
||||
runtime_hooks=[],
|
||||
excludes=[],
|
||||
win_no_prefer_redirects=False,
|
||||
win_private_assemblies=False,
|
||||
cipher=block_cipher,
|
||||
noarchive=False)
|
||||
pyz = PYZ(a.pure, a.zipped_data,
|
||||
cipher=block_cipher)
|
||||
exe = EXE(pyz,
|
||||
a.scripts,
|
||||
a.binaries,
|
||||
a.zipfiles,
|
||||
a.datas,
|
||||
[],
|
||||
name='keepassxc_cmd2',
|
||||
debug=False,
|
||||
bootloader_ignore_signals=False,
|
||||
strip=False,
|
||||
upx=True,
|
||||
upx_exclude=[],
|
||||
runtime_tmpdir=None,
|
||||
console=True )
|
Binary file not shown.
@ -0,0 +1,76 @@
|
||||
#!/var/local/bin/python3.bash
|
||||
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
|
||||
dCLI_HELP = {
|
||||
"add": "Add a new entry to a database",
|
||||
"analyze": "Analyze passwords for weaknesses and problems",
|
||||
"clip": "Copy an entry's attribute to the clipboard",
|
||||
"close": "Close the currently opened database",
|
||||
"db-create": "Create a new database",
|
||||
"db-info": "Show a database's information",
|
||||
"diceware": "Generate a new random diceware passphrase",
|
||||
"edit": "Edit an entry",
|
||||
"estimate": "Estimate the entropy of a password",
|
||||
"export": "Exports the content of a database to standard output in the specified format",
|
||||
"generate": "Generate a new random password",
|
||||
"help": "Display command help",
|
||||
"import": "Import the contents of an XML database",
|
||||
"locate": "Find entries quickly",
|
||||
"ls": "List database entries",
|
||||
"merge": "Merge two databases",
|
||||
"mkdir": "Adds a new group to a database",
|
||||
"mv": "Moves an entry to a new group",
|
||||
"open": "Open a database",
|
||||
"rm": "Remove an entry from the database",
|
||||
"rmdir": "Removes a group from a database",
|
||||
"show": "Show an entry's information",
|
||||
}
|
||||
|
||||
dKPY_HELP = {
|
||||
'add_binary': 'add binary',
|
||||
'add_entry': 'add entry',
|
||||
'add_group': 'add group',
|
||||
'attachments': 'attachments',
|
||||
'binaries': 'binaries (property)',
|
||||
'delete_binary': 'delete binary',
|
||||
'delete_entry': 'delete entry',
|
||||
'delete_group': 'delete group',
|
||||
'deref': 'deref',
|
||||
'dump_xml': 'dump xml',
|
||||
'encryption algorithm': 'encryption_algorithm (property)',
|
||||
'entries': 'entries (property)',
|
||||
'filename': 'filename (property)',
|
||||
'find_attachments': 'find attachments',
|
||||
'find_entries': 'find entries',
|
||||
'find_entries by_notes': 'find entries by notes',
|
||||
'find_entries_by_password': 'find entries by password',
|
||||
'find_entries_by_path': 'find entries by path',
|
||||
'find_entries_by_string': 'find entries by string',
|
||||
'find_entries_by_title': 'find entries by title',
|
||||
'find_entries_by url': 'find entries by url',
|
||||
'find_entries_by_username': 'find entries by username',
|
||||
'find_entries_by_uuid': 'find entries by uuid',
|
||||
'find_groups': 'find groups',
|
||||
'find_groups_by_name': 'find groups by name',
|
||||
'find_groups_by_notes': 'find groups by notes',
|
||||
'find_groups_by_path': 'find groups by path',
|
||||
'find_groups_by_uuid': 'find groups by uuid',
|
||||
'groups': 'groups',
|
||||
'kdbx': 'kdbx (property)',
|
||||
'kdf_algorithm': 'kdf algorithm (property)',
|
||||
'keyfile': 'keyfile (property)',
|
||||
'move_entry': 'move entry',
|
||||
'move_group': 'move group',
|
||||
'password': 'password (property)',
|
||||
'read': 'read',
|
||||
'root_group': 'root group',
|
||||
'save': 'save',
|
||||
'transformed_key': 'transformed key',
|
||||
'tree': 'tree',
|
||||
'version': 'version (property)',
|
||||
'xml': 'xml',
|
||||
|
||||
'add_binary_base64': 'add binary base64',
|
||||
'get_binary_base64': 'get binary base64',
|
||||
|
||||
}
|
@ -0,0 +1,63 @@
|
||||
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set debug true
|
||||
|
||||
shell rm -f /var/tmp/test4.xml
|
||||
shell cp /var/tmp/test4.kdbx /var/tmp/kpy4.kdbx
|
||||
|
||||
get_kdbx /var/tmp/kpy4.kdbx
|
||||
get_keyfile /var/tmp/test4.key
|
||||
get_pass password
|
||||
|
||||
kpy open
|
||||
|
||||
# properties
|
||||
kpy attachments
|
||||
kpy binaries
|
||||
kpy encryption_algorithm
|
||||
kpy filename
|
||||
kpy groups
|
||||
kpy kdf_algorithm
|
||||
kpy keyfile
|
||||
kpy version
|
||||
|
||||
# destination_group, group_name
|
||||
kpy add_group email Email
|
||||
# destination_group, title, username,assword, url=None, notes=None,
|
||||
## AttributeError: 'str' object has no attribute '_element'
|
||||
kpy add_entry email/gmail Gmail foo password url=http://goo.gl notes=""
|
||||
# KGFbaSozMjppKjMyKzMxXS5yZXBsYWNlKHMsJycpLmVuY29kZSgpKQ
|
||||
kpy add_binary_base64 AAAAAAAAAAAAAAAAAAAAAA==
|
||||
kpy binaries
|
||||
kpy get_binary_base64 0
|
||||
kpy delete_binary 0
|
||||
kpy binaries
|
||||
|
||||
kpy _xpath /KeePassFile/Meta/Generator
|
||||
# KeePass
|
||||
kpy _xpath /KeePassFile/Meta/RecycleBinEnabled
|
||||
# True
|
||||
kpy _xpath /KeePassFile/Root/Group/UUID
|
||||
# o0mwbJwv11og+n6KjBcVjw==
|
||||
|
||||
# kpy root_group
|
||||
# kpy tree
|
||||
# kpy xml
|
||||
|
||||
kpy save
|
||||
|
||||
kpy dump_xml /var/tmp/test4.xml
|
||||
shell ls -l /var/tmp/test4.xml
|
||||
|
||||
kpy eval 1+1
|
||||
kpy eval [ x for x in dir(oKP) if not x.startswith('_')]
|
||||
kpy close
|
||||
|
||||
# set sPassword
|
||||
set sKeyfile
|
||||
set sKdbx
|
||||
|
||||
help
|
||||
#help cli
|
||||
#help kpy
|
@ -0,0 +1,28 @@
|
||||
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set debug true
|
||||
|
||||
shell rm -f /var/tmp/test4.xml
|
||||
shell cp /var/tmp/test4.kdbx /var/tmp/kpy4.kdbx
|
||||
|
||||
get_kdbx /var/tmp/kpy4.kdbx
|
||||
get_keyfile /var/tmp/test4.key
|
||||
get_pass password
|
||||
|
||||
qdbus help
|
||||
|
||||
shell echo password | /var/local/bin/keepassxc.bash --pw-stdin --keyfile /var/tmp/test4.key /var/tmp/kpy4.kdbx &
|
||||
|
||||
kpy eval 1+1
|
||||
kpy eval [ x for x in dir(oKP) if not x.startswith('_')]
|
||||
|
||||
qdbus exit
|
||||
|
||||
# set sPassword
|
||||
set sKeyfile
|
||||
set sKdbx
|
||||
|
||||
#help cli
|
||||
#help kpy
|
||||
qdbus help
|
@ -0,0 +1,17 @@
|
||||
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set debug true
|
||||
cli generate
|
||||
cli diceware -- -q --words 3
|
||||
|
||||
get_kdbx /var/tmp/test4.kdbx
|
||||
cli db-info
|
||||
get_pass -
|
||||
get_keyfile /var/tmp/test4.key
|
||||
|
||||
# no arguments
|
||||
cli db-info
|
||||
cli ls
|
||||
cli help
|
||||
|
@ -0,0 +1,2 @@
|
||||
ailed to spawn a job for DistributionTarget(platform=Platform(platform='windows_x86_64', impl='cp', version='37', abi='cp37mu')): [Errno 2] No such file or directory: '/home/foo/.pex/venvs/c143f2812d31f0fdcd4da39bae5848b0eb481a90/d6df6f3ad8beb1fab8b495c2fade3bcb54b2cde9' -> '/home/foo/.pex/venvs/short/94a7fad2'
|
||||
d
|
@ -0,0 +1,17 @@
|
||||
#-----------------------------------------------------------------------------
|
||||
# Copyright (c) 2014-2020, PyInstaller Development Team.
|
||||
#
|
||||
# Distributed under the terms of the GNU General Public License (version 2
|
||||
# or later) with exception for distributing the bootloader.
|
||||
#
|
||||
# The full license is in the file COPYING.txt, distributed with this software.
|
||||
#
|
||||
# SPDX-License-Identifier: (GPL-2.0-or-later WITH Bootloader-exception)
|
||||
#-----------------------------------------------------------------------------
|
||||
|
||||
# Tested with keyring 3.7 on MacOS.
|
||||
|
||||
from PyInstaller.utils.hooks import collect_submodules
|
||||
|
||||
# .KeyutilsKeyringBackend
|
||||
hiddenimports = collect_submodules('keyutils.keys.*')
|
@ -0,0 +1,16 @@
|
||||
#-----------------------------------------------------------------------------
|
||||
# Copyright (c) 2014-2020, PyInstaller Development Team.
|
||||
#
|
||||
# Distributed under the terms of the GNU General Public License (version 2
|
||||
# or later) with exception for distributing the bootloader.
|
||||
#
|
||||
# The full license is in the file COPYING.txt, distributed with this software.
|
||||
#
|
||||
# SPDX-License-Identifier: (GPL-2.0-or-later WITH Bootloader-exception)
|
||||
#-----------------------------------------------------------------------------
|
||||
|
||||
# Tested with keyring 3.7 on MacOS.
|
||||
|
||||
from PyInstaller.utils.hooks import collect_submodules
|
||||
|
||||
hiddenimports = collect_submodules('keyutils.keys.*')
|
27
roles/toxcore/overlay/Linux/usr/local/src/gridfire/main.py
Normal file
27
roles/toxcore/overlay/Linux/usr/local/src/gridfire/main.py
Normal file
@ -0,0 +1,27 @@
|
||||
from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
import sys
|
||||
|
||||
ROLE="proxy" # noqa
|
||||
# Remove '' and current working directory from the first entry
|
||||
# of sys.path, if present to avoid using current directory
|
||||
# in pip commands check, freeze, install, list and show,
|
||||
# when invoked as python -m pip <command>
|
||||
if sys.path[0] in ('', os.getcwd()):
|
||||
sys.path.pop(0)
|
||||
|
||||
# If we are running from a wheel, add the wheel to sys.path
|
||||
# This allows the usage python pip-*.whl/pip install pip-*.whl
|
||||
if __package__ == '':
|
||||
# __file__ is pip-*.whl/pip/__main__.py
|
||||
# first dirname call strips of '/__main__.py', second strips off '/pip'
|
||||
# Resulting path is the name of the wheel itself
|
||||
# Add that to sys.path so we can import pip
|
||||
path = os.path.dirname(os.path.dirname(__file__))
|
||||
sys.path.insert(0, path)
|
||||
|
||||
from gridfire.gridfire import main as _main # isort:skip # noqa
|
||||
|
||||
if __name__ == '__main__':
|
||||
sys.exit(_main())
|
288
roles/toxcore/overlay/Linux/usr/local/src/gridfire/pex3.hlp
Normal file
288
roles/toxcore/overlay/Linux/usr/local/src/gridfire/pex3.hlp
Normal file
@ -0,0 +1,288 @@
|
||||
usage: __main__.py [-o OUTPUT.PEX] [options] [-- arg1 arg2 ...]
|
||||
|
||||
__main__.py builds a PEX (Python Executable) file based on the given specifications: sources, requirements, their dependencies and other options.
|
||||
Command-line options can be provided in one or more files by prefixing the filenames with an @ symbol. These files must contain one argument per line.
|
||||
|
||||
positional arguments:
|
||||
requirements Requirements to add to the pex (default: None)
|
||||
|
||||
optional arguments:
|
||||
-h, --help show this help message and exit
|
||||
-V, --version show program's version number and exit
|
||||
--pex-repository FILE
|
||||
Resolve requirements from the given PEX file instead
|
||||
of from --index servers or --find-links repos.
|
||||
(default: None)
|
||||
-o PEX_NAME, --output-file PEX_NAME
|
||||
The name of the generated .pex file: Omitting this
|
||||
will run PEX immediately and not save it to a file.
|
||||
(default: None)
|
||||
-p FILE, --preamble-file FILE
|
||||
The name of a file to be included as the preamble for
|
||||
the generated .pex file (default: None)
|
||||
-D DIR, --sources-directory DIR
|
||||
Add a directory containing sources and/or resources to
|
||||
be packaged into the generated .pex file. This option
|
||||
can be used multiple times. (default: [])
|
||||
-R DIR, --resources-directory DIR
|
||||
Add resources directory to be packaged into the
|
||||
generated .pex file. This option can be used multiple
|
||||
times. DEPRECATED: Use -D/--sources-directory instead.
|
||||
(default: [])
|
||||
-r FILE or URL, --requirement FILE or URL
|
||||
Add requirements from the given requirements file.
|
||||
This option can be used multiple times. (default: [])
|
||||
--constraints FILE or URL
|
||||
Add constraints from the given constraints file. This
|
||||
option can be used multiple times. (default: [])
|
||||
--requirements-pex FILE
|
||||
Add requirements from the given .pex file. This option
|
||||
can be used multiple times. (default: [])
|
||||
-v Turn on logging verbosity, may be specified multiple
|
||||
times. (default: 0)
|
||||
--emit-warnings, --no-emit-warnings
|
||||
Emit runtime UserWarnings on stderr. If false, only
|
||||
emit them when PEX_VERBOSE is set. (default: True)
|
||||
--pex-root PEX_ROOT Specify the pex root used in this invocation of pex
|
||||
(if unspecified, uses /root/.pex). (default: None)
|
||||
--tmpdir TMPDIR Specify the temporary directory Pex and its
|
||||
subprocesses should use. (default: /var/tmp)
|
||||
--seed [{none,args,verbose}]
|
||||
Seed local Pex caches for the generated PEX and print
|
||||
out the command line to run directly from the seed
|
||||
with (args) or else a json object including the
|
||||
'pex_root' path, the 'python' binary path and the
|
||||
seeded 'pex' path (verbose). (default: none)
|
||||
--no-seed Deprecated: Use --seed=none instead. (default: None)
|
||||
--help-variables Print out help about the various environment variables
|
||||
used to change the behavior of a running PEX file.
|
||||
(default: None)
|
||||
|
||||
Resolver options:
|
||||
Tailor how to find, resolve and translate the packages that get put into
|
||||
the PEX environment.
|
||||
|
||||
--resolver-version {pip-legacy-resolver,pip-2020-resolver}
|
||||
The dependency resolver version to use. Read more at
|
||||
https://pip.pypa.io/en/stable/user_guide/#resolver-
|
||||
changes-2020 (default: pip-legacy-resolver)
|
||||
--pypi, --no-pypi, --no-index
|
||||
Whether to use PyPI to resolve dependencies. (default:
|
||||
True)
|
||||
--pex-path PEX_PATH A colon separated list of other pex files to merge
|
||||
into the runtime environment. (default: None)
|
||||
-f PATH/URL, --find-links PATH/URL, --repo PATH/URL
|
||||
Additional repository path (directory or URL) to look
|
||||
for requirements. (default: [])
|
||||
-i URL, --index URL, --index-url URL
|
||||
Additional cheeseshop indices to use to satisfy
|
||||
requirements. (default: None)
|
||||
--cache-ttl DEPRECATED
|
||||
Deprecated: No longer used. (default: None)
|
||||
--retries RETRIES Maximum number of retries each connection should
|
||||
attempt. (default: 5)
|
||||
--timeout SECS Set the socket timeout in seconds. (default: 15)
|
||||
-H DEPRECATED, --header DEPRECATED
|
||||
Deprecated: No longer used. (default: None)
|
||||
--proxy PROXY Specify a proxy in the form
|
||||
[user:passwd@]proxy.server:port. (default: None)
|
||||
--cert PATH Path to alternate CA bundle. (default: None)
|
||||
--client-cert PATH Path to an SSL client certificate which should be a
|
||||
single file containing the private key and the
|
||||
certificate in PEM format. (default: None)
|
||||
--pre, --no-pre Whether to include pre-release and development
|
||||
versions of requirements. (default: False)
|
||||
--disable-cache Disable caching in the pex tool entirely. (default:
|
||||
False)
|
||||
--cache-dir CACHE_DIR
|
||||
DEPRECATED: Use --pex-root instead. The local cache
|
||||
directory to use for speeding up requirement lookups.
|
||||
(default: None)
|
||||
--wheel, --no-wheel, --no-use-wheel
|
||||
Whether to allow wheel distributions. (default: True)
|
||||
--build, --no-build Whether to allow building of distributions from
|
||||
source. (default: True)
|
||||
--manylinux MANYLINUX, --no-manylinux MANYLINUX, --no-use-manylinux MANYLINUX
|
||||
Whether to allow resolution of manylinux wheels for
|
||||
linux target platforms. (default: manylinux2014)
|
||||
--transitive, --no-transitive, --intransitive
|
||||
Whether to transitively resolve requirements.
|
||||
(default: True)
|
||||
-j JOBS, --jobs JOBS The maximum number of parallel jobs to use when
|
||||
resolving, building and installing distributions. You
|
||||
might want to increase the maximum number of parallel
|
||||
jobs to potentially improve the latency of the pex
|
||||
creation process at the expense of otherprocesses on
|
||||
your system. (default: 4)
|
||||
|
||||
PEX output options:
|
||||
Tailor the behavior of the emitted .pex file if -o is specified.
|
||||
|
||||
--include-tools Whether to include runtime tools in the pex file. If
|
||||
included, these can be run by exporting PEX_TOOLS=1
|
||||
and following the usage and --help information.
|
||||
(default: False)
|
||||
--zip-safe, --not-zip-safe
|
||||
Whether or not the sources in the pex file are zip
|
||||
safe. If they are not zip safe, they will be written
|
||||
to disk prior to execution. Also see --unzip which
|
||||
will cause the complete pex file, including
|
||||
dependencies, to be unzipped. (default: True)
|
||||
--unzip, --no-unzip Whether or not the pex file should be unzipped before
|
||||
executing it. If the pex file will be run multiple
|
||||
times under a stable runtime PEX_ROOT the unzipping
|
||||
will only be performed once and subsequent runs will
|
||||
enjoy lower startup latency. (default: False)
|
||||
--venv [{prepend,append}]
|
||||
Convert the pex file to a venv before executing it. If
|
||||
'prepend' or 'append' is specified, then all scripts
|
||||
and console scripts provided by distributions in the
|
||||
pex file will be added to the PATH in the
|
||||
corresponding position. If the the pex file will be
|
||||
run multiple times under a stable runtime PEX_ROOT,
|
||||
the venv creation will only be done once and
|
||||
subsequent runs will enjoy lower startup latency.
|
||||
(default: False)
|
||||
--venv-copies, --no-venv-copies
|
||||
If --venv is specified, create the venv using copies
|
||||
of base interpreter files instead of symlinks.
|
||||
(default: False)
|
||||
--always-write-cache Always write the internally cached distributions to
|
||||
disk prior to invoking the pex source code. This can
|
||||
use less memory in RAM constrained environments.
|
||||
(default: False)
|
||||
--ignore-errors Ignore requirement resolution solver errors when
|
||||
building pexes and later invoking them. (default:
|
||||
False)
|
||||
--inherit-path {false,prefer,fallback}
|
||||
Inherit the contents of sys.path (including site-
|
||||
packages, user site-packages and PYTHONPATH) running
|
||||
the pex. Possible values: 'false' (does not inherit
|
||||
sys.path), 'fallback' (inherits sys.path after
|
||||
packaged dependencies), 'prefer' (inherits sys.path
|
||||
before packaged dependencies), No value (alias for
|
||||
prefer, for backwards compatibility). (default: false)
|
||||
--compile, --no-compile
|
||||
Compiling means that the built pex will include .pyc
|
||||
files, which will result in slightly faster startup
|
||||
performance. However, compiling means that the
|
||||
generated pex likely will not be reproducible, meaning
|
||||
that if you were to run `./pex -o` with the same
|
||||
inputs then the new pex would not be byte-for-byte
|
||||
identical to the original. (default: False)
|
||||
--use-system-time, --no-use-system-time
|
||||
Use the current system time to generate timestamps for
|
||||
the new pex. Otherwise, Pex will use midnight on
|
||||
January 1, 1980. By using system time, the generated
|
||||
pex will not be reproducible, meaning that if you were
|
||||
to run `./pex -o` with the same inputs then the new
|
||||
pex would not be byte-for-byte identical to the
|
||||
original. (default: False)
|
||||
--runtime-pex-root RUNTIME_PEX_ROOT
|
||||
Specify the pex root to be used in the generated .pex
|
||||
file (if unspecified, uses ~/.pex). (default: None)
|
||||
--strip-pex-env, --no-strip-pex-env
|
||||
Strip all `PEX_*` environment variables used to
|
||||
control the pex runtime before handing off control to
|
||||
the pex entrypoint. You might want to set this to
|
||||
`False` if the new pex executes other pexes (or the
|
||||
Pex CLI itself) and you want the executed pex to be
|
||||
controllable via `PEX_*` environment variables.
|
||||
(default: True)
|
||||
|
||||
PEX environment options:
|
||||
Tailor the interpreter and platform targets for the PEX environment.
|
||||
|
||||
--python PYTHON The Python interpreter to use to build the PEX
|
||||
(default: current interpreter). This cannot be used
|
||||
with `--interpreter-constraint`, which will instead
|
||||
cause PEX to search for valid interpreters. Either
|
||||
specify an absolute path to an interpreter, or specify
|
||||
a binary accessible on $PATH like `python3.7`. This
|
||||
option can be passed multiple times to create a multi-
|
||||
interpreter compatible PEX. (default: [])
|
||||
--python-path PYTHON_PATH
|
||||
Colon-separated paths to search for interpreters when
|
||||
`--interpreter-constraint` and/or `--resolve-local-
|
||||
platforms` are specified (default: $PATH). Each
|
||||
element can be the absolute path of an interpreter
|
||||
binary or a directory containing interpreter binaries.
|
||||
(default: None)
|
||||
--interpreter-constraint INTERPRETER_CONSTRAINT
|
||||
Constrain the selected Python interpreter. Specify
|
||||
with Requirement-style syntax, e.g. "CPython>=2.7,<3"
|
||||
(A CPython interpreter with version >=2.7 AND version
|
||||
<3), ">=2.7,<3" (Any Python interpreter with version
|
||||
>=2.7 AND version <3) or "PyPy" (A PyPy interpreter of
|
||||
any version). This argument may be repeated multiple
|
||||
times to OR the constraints. Try `PEX_TOOLS=1
|
||||
/usr/bin/python3.8 /usr/local/lib/python3.8/site-
|
||||
packages/pex/__main__.py interpreter --verbose
|
||||
--indent 4` to find the exact interpreter constraints
|
||||
of /usr/bin/python3.8 and `PEX_TOOLS=1
|
||||
/usr/local/lib/python3.8/site-packages/pex/__main__.py
|
||||
interpreter --all --verbose --indent 4` to find out
|
||||
the interpreter constraints of all Python interpreters
|
||||
on the $PATH. (default: [])
|
||||
--rcfile RC_FILE An additional path to a pexrc file to read during
|
||||
configuration parsing, in addition to reading
|
||||
`/etc/pexrc` and `~/.pexrc`. If
|
||||
`PEX_IGNORE_RCFILES=true`, then all rc files will be
|
||||
ignored. (default: None)
|
||||
--python-shebang PYTHON_SHEBANG
|
||||
The exact shebang (#!...) line to add at the top of
|
||||
the PEX file minus the #!. This overrides the default
|
||||
behavior, which picks an environment Python
|
||||
interpreter compatible with the one used to build the
|
||||
PEX file. (default: None)
|
||||
--platform PLATFORMS The platform for which to build the PEX. This option
|
||||
can be passed multiple times to create a multi-
|
||||
platform pex. To use the platform corresponding to the
|
||||
current interpreter you can pass `current`. To target
|
||||
any other platform you pass a string composed of
|
||||
fields: <platform>-<python impl abbr>-<python
|
||||
version>-<abi>. These fields stem from wheel name
|
||||
conventions as outlined in
|
||||
https://www.python.org/dev/peps/pep-0427#file-name-
|
||||
convention and influenced by
|
||||
https://www.python.org/dev/peps/pep-0425. For the
|
||||
current interpreter at /usr/bin/python3.8 the full
|
||||
platform string is manylinux_2_33_x86_64-cp-38-cp38.
|
||||
To find out more, try `PEX_TOOLS=1
|
||||
/usr/local/lib/python3.8/site-packages/pex/__main__.py
|
||||
interpreter --all --verbose --indent 4` to print out
|
||||
the platform for all interpreters on the $PATH or
|
||||
`PEX_TOOLS=1 /usr/bin/python3.8
|
||||
/usr/local/lib/python3.8/site-packages/pex/__main__.py
|
||||
interpreter --verbose --indent 4` to inspect the
|
||||
single interpreter /usr/bin/python3.8. (default: [])
|
||||
--resolve-local-platforms
|
||||
When --platforms are specified, attempt to resolve a
|
||||
local interpreter that matches each platform
|
||||
specified. If found, use the interpreter to resolve
|
||||
distributions; if not (or if this option is not
|
||||
specified), resolve for each platform only allowing
|
||||
matching binary distributions and failing if only
|
||||
sdists or non-matching binary distributions can be
|
||||
found. (default: False)
|
||||
|
||||
PEX entry point options:
|
||||
Specify what target/module the PEX should invoke if any.
|
||||
|
||||
-m MODULE[:SYMBOL], -e MODULE[:SYMBOL], --entry-point MODULE[:SYMBOL]
|
||||
Set the entry point to module or module:symbol. If
|
||||
just specifying module, pex behaves like python -m,
|
||||
e.g. python -m SimpleHTTPServer. If specifying
|
||||
module:symbol, pex assume symbol is a n0-arg callable
|
||||
and imports that symbol and invokes it as if via
|
||||
`sys.exit(symbol())`. (default: None)
|
||||
-c SCRIPT_NAME, --script SCRIPT_NAME, --console-script SCRIPT_NAME
|
||||
Set the entry point as to the script or console_script
|
||||
as defined by a any of the distributions in the pex.
|
||||
For example: "pex -c fab fabric" or "pex -c mturk
|
||||
boto". (default: None)
|
||||
--validate-entry-point
|
||||
Validate the entry point by importing it in separate
|
||||
process. Warning: this could have side effects. For
|
||||
example, entry point `a.b.c:m` will translate to `from
|
||||
a.b.c import m` during validation. (default: False)
|
66
roles/toxcore/overlay/Linux/usr/local/src/gridfire/pyassuan.bash
Executable file
66
roles/toxcore/overlay/Linux/usr/local/src/gridfire/pyassuan.bash
Executable file
@ -0,0 +1,66 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=`basename $0`
|
||||
PREFIX=/usr/local
|
||||
[ -f /usr/local/etc/testforge/testforge.bash ] && \
|
||||
. /usr/local/etc/testforge/testforge.bash
|
||||
ROLE=gpgkey
|
||||
|
||||
PYVER=3
|
||||
P="BASE_PYTHON${PYVER}_MINOR"
|
||||
PYTHON_MINOR="$(eval echo \$$P)"
|
||||
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh
|
||||
PYTHON_EXE=$PYTHON_EXE_MSYS
|
||||
|
||||
MOD="pyassuan"
|
||||
DIR="${MOD}"
|
||||
BINS="get-info pinentry"
|
||||
|
||||
GIT_HUB=http-git.tremily.us
|
||||
GIT_DIR=pyassuan
|
||||
|
||||
cd $PREFIX/src/gridfire || exit 2
|
||||
WD=$PWD
|
||||
# http://http-git.tremily.us/pyassuan.git
|
||||
|
||||
if [ ! -d "$DIR" ] ; then
|
||||
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
|
||||
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
|
||||
mkdir "$PREFIX/net/Git/$GIT_HUB"
|
||||
route | grep -q '^default' || { echo DEBUG: not connected ; exit 0 ; }
|
||||
(cd "$PREFIX/net/Git/$GIT_HUB" && \
|
||||
git clone --depth=1 "http://$GIT_HUB/$GIT_DIR.git" ) \
|
||||
|| exit 2
|
||||
fi
|
||||
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || exit 3
|
||||
fi
|
||||
|
||||
cd "$DIR" || exit 4
|
||||
|
||||
if [ ! -f setup.py.dst ] ; then
|
||||
cp -p setup.py setup.py.dst
|
||||
sed -e 's@^ )@ zip_safe=False)@' -i setup.py
|
||||
fi
|
||||
|
||||
[ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \
|
||||
"$PYTHON_EXE_MSYS" setup.py install >> install.log 2>&1 || {
|
||||
echo "ERROR: code $?" ; cat install.log ; exit 6 ;
|
||||
}
|
||||
|
||||
"$PYTHON_EXE_MSYS" -c "import $MOD" || exit 10
|
||||
|
||||
cd ..
|
||||
|
||||
for elt in ${BINS} ; do \
|
||||
[ -f ../../bin/$$elt -a ../../bin/$$elt -nt bin/$$elt ] || \
|
||||
{ cp -p bin/$$elt ../../bin/$$elt ; \
|
||||
chmod 775 ../../bin/$$elt ; } ; \
|
||||
done
|
||||
|
||||
[ "$#" -eq 0 ] && exit 0
|
||||
|
||||
if [ "$1" = 'test' ] ; then
|
||||
cd $WD/DIR
|
||||
$PYTHON_EXE_MSYS -m unittest discover || exit 11
|
||||
fi
|
@ -0,0 +1,45 @@
|
||||
# S:OK Your orders please
|
||||
OPTION grab
|
||||
# S:OK
|
||||
OPTION ttyname=/dev/tty3
|
||||
# S:OK
|
||||
OPTION ttytype=xterm
|
||||
# S:OK
|
||||
OPTION lc-ctype=en_US.UTF-8
|
||||
# S:OK
|
||||
OPTION lc-messages=en_US.UTF-8
|
||||
# S:OK
|
||||
OPTION allow-external-password-cache
|
||||
# S:OK
|
||||
OPTION default-ok=_OK
|
||||
# S:OK
|
||||
OPTION default-cancel=_Cancel
|
||||
# S:OK
|
||||
OPTION default-yes=_Yes
|
||||
# S:OK
|
||||
OPTION default-no=_No
|
||||
# S:OK
|
||||
OPTION default-prompt=PIN:
|
||||
# S:OK
|
||||
OPTION default-pwmngr=_Save in password manager
|
||||
# S:OK
|
||||
OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
|
||||
# S:OK
|
||||
OPTION default-tt-visi=Make passphrase visible
|
||||
# S:OK
|
||||
OPTION default-tt-hide=Hide passphrase
|
||||
# S:OK
|
||||
GETINFO pid
|
||||
# S:D 14309
|
||||
# S:OK
|
||||
SETKEYINFO u/S9464F2C2825D2FE3
|
||||
# S:OK
|
||||
SETDESC Enter passphrase%0A
|
||||
# S:OK
|
||||
SETPROMPT Passphrase
|
||||
# S:OK
|
||||
GETPIN
|
||||
# S:D testing!
|
||||
# S:OK
|
||||
BYE
|
||||
# S:OK closing connection
|
72
roles/toxcore/overlay/Linux/usr/local/src/gridfire/pyassuan_test.py
Executable file
72
roles/toxcore/overlay/Linux/usr/local/src/gridfire/pyassuan_test.py
Executable file
@ -0,0 +1,72 @@
|
||||
#!/usr/bin/env python3
|
||||
# -*-mode: python; py-indent-offset: 4; indent-tabs-mode: nil; coding: utf-8 -*-
|
||||
|
||||
import sys
|
||||
import os
|
||||
import pexpect
|
||||
|
||||
ROLE="proxy" # noqa
|
||||
KEY="u/S9464F2C2825D2FE3"
|
||||
PASS="foo"
|
||||
LOCALE="en_US.UTF-8"
|
||||
|
||||
p = pexpect.spawnu('sh /var/local/bin/pinentry3.bash')
|
||||
p.logfile = sys.stdout
|
||||
p.timeout = 1
|
||||
|
||||
print(dir(p))
|
||||
|
||||
p.expect("OK .*\r")
|
||||
p.send("OPTION grab\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION ttyname=" + os.environ['GPG_TTY'] +"\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION ttytype=xterm\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION lc-ctype=" +LOCALE +"\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION lc-messages=en_US.UTF-8\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION allow-external-password-cache\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-ok=_OK\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-cancel=_Cancel\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-yes=_Yes\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-no=_No\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-prompt=PIN:\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-pwmngr=_Save in password manager\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-tt-visi=Make passphrase visible\r")
|
||||
p.expect("OK.*")
|
||||
p.send("OPTION default-tt-hide=Hide passphrase\r")
|
||||
p.expect("OK.*")
|
||||
p.send("GETINFO pid\r")
|
||||
p.expect("OK.*")
|
||||
# if str(p.match).find("D " +str(os.getpid())) < 0: raise RuntimeError(p.match)
|
||||
print(str(p.match))
|
||||
p.send("SETKEYINFO "+ KEY +"\r")
|
||||
p.expect("OK.*")
|
||||
p.send("SETDESC Enter passphrase%0A\r")
|
||||
p.expect("OK.*")
|
||||
p.send("SETPROMPT Passphrase\r")
|
||||
p.expect("OK.*")
|
||||
p.send("GETPIN\r")
|
||||
# p.expect("Enter passphrase")
|
||||
#p.expect("key: " +KEY)
|
||||
p.expect("Passphrase")
|
||||
p.send(PASS +"\r")
|
||||
#p.expect("D " +PASS +"\r\nOK.*")
|
||||
p.expect("OK.*")
|
||||
print(str(p.before))
|
||||
p.send("BYE\r")
|
||||
p.expect("OK closing connection\r")
|
||||
p.expect(pexpect.EOF)
|
||||
|
||||
p.kill(0)
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user