The newer versions (OpenSSL 1.1.1 or LibreSSL 2.9.1) support the pbkdf2
key derivation function, while older versions do not. In addition the
new versions have changed the default digest to SHA256 instead of MD5.
Files encrypted with older versions would throw warnings about
deprecated key derivation used files encrypted with newer versions +
pbkdf2 would not be decryptable using older versions These problems
matter, when many users maintain their dotfiles across different systems
with different levels of OpenSSL support.
A new boolean config option has been added, yadm.openssl-old
* If false, use options -pbkdf2 -iter 100000 -md sha512
* If true, use options -md md5 (and if decrypting with newer versions
warnings will be printed)
Adjusts the file mode check for BSD based systems as default BSD stat
uses "-f '%p'" to report the file mode. Also since `stat -p '%p'
"$filename"` reports more information than just read, write, execute
perms, pipe the output through `cut` to grab only the last three digits.
Signed-off-by: Adam Jimerson <vendion@gmail.com>
Update version number and update documentation
* Support for transcrypt (#197)
* Support ESH templates (#220)
* Preserve file mode of template (#193)
* Fish shell completions (#224)
* Fix alt processing when worktree is `/` (#198)
* Assert config directory if missing (#226, #227)
* Documentation improvements (#229)
FixesTheLocehiliosan/yadm#226
When a config file path is passed to yadm whose parent directory does
not exist, git (and hence yadm) fails without writing the file.
Yadm should, however, make sure that the directory exists s.t. git can
just write to the file.
This allows to version the configuration, using alt and to still be
able to use those configuration values in esh template
(using <% yamd config some-config %> )
This patch implements an OpenSSL cypher (via openssl enc command). It has to be enabled using yadm.cypher configuration key.
Some rough edges:
- archive file refers to GPG (.gpg extension)
- no test cases
Support is inherently provided by `enter`, which supports a command.
I've added a `transcrypt` command, which is really just an alias
under-the-hood for "enter transcrypt".
Update version number and update documentation
* Support multiple keys in `yadm.gpg-recipient` (#139)
* Ensure all templates are written atomically (#142)
* Add encrypt_with_checksums to the hooks collection (#188)
* Escape white space in YADM_HOOK_FULL_COMMAND (#187)
* Improve parsing of os-release (#194)
* Improve identification of WSL (#196)
* Fix troff warnings emitted by man page (#195)
* Write encrypt-based exclusions during decrypt
This takes jonasc's change, and applies it to all template writing. Also
removes the dependency on mktemp, and only moves files if they are
successfully written.
This prevents problems with programs which watch the file for changes and will
first be presented an empty file.
One such example which will show a notification message about an empty config
file is Alacritty.
By writing to a tempory file and then moving it (atomically?) to the real
location this problem is mitigated.
Update version number and update documentation
* Support git-crypt (#168)
* Support specifying a command after `yadm enter`
* Expose GIT_WORK_TREE during `yadm enter` (#160)
* Support GNUPGHOME environment variable (#134)
* Assert private dirs, only when worktree = $HOME (#171)
Support is inherently provided by `enter`, which now supports a command.
I've added a `git-crypt` command, which is really just an alias
under-the-hood for "enter git-crypt".
