The newer versions (OpenSSL 1.1.1 or LibreSSL 2.9.1) support the pbkdf2
key derivation function, while older versions do not. In addition the
new versions have changed the default digest to SHA256 instead of MD5.
Files encrypted with older versions would throw warnings about
deprecated key derivation used files encrypted with newer versions +
pbkdf2 would not be decryptable using older versions These problems
matter, when many users maintain their dotfiles across different systems
with different levels of OpenSSL support.
A new boolean config option has been added, yadm.openssl-old
* If false, use options -pbkdf2 -iter 100000 -md sha512
* If true, use options -md md5 (and if decrypting with newer versions
warnings will be printed)
Adjusts the file mode check for BSD based systems as default BSD stat
uses "-f '%p'" to report the file mode. Also since `stat -p '%p'
"$filename"` reports more information than just read, write, execute
perms, pipe the output through `cut` to grab only the last three digits.
Signed-off-by: Adam Jimerson <vendion@gmail.com>
Update version number and update documentation
* Support for transcrypt (#197)
* Support ESH templates (#220)
* Preserve file mode of template (#193)
* Fish shell completions (#224)
* Fix alt processing when worktree is `/` (#198)
* Assert config directory if missing (#226, #227)
* Documentation improvements (#229)
FixesTheLocehiliosan/yadm#226
When a config file path is passed to yadm whose parent directory does
not exist, git (and hence yadm) fails without writing the file.
Yadm should, however, make sure that the directory exists s.t. git can
just write to the file.
This allows to version the configuration, using alt and to still be
able to use those configuration values in esh template
(using <% yamd config some-config %> )
This patch implements an OpenSSL cypher (via openssl enc command). It has to be enabled using yadm.cypher configuration key.
Some rough edges:
- archive file refers to GPG (.gpg extension)
- no test cases
Support is inherently provided by `enter`, which supports a command.
I've added a `transcrypt` command, which is really just an alias
under-the-hood for "enter transcrypt".
Update version number and update documentation
* Support multiple keys in `yadm.gpg-recipient` (#139)
* Ensure all templates are written atomically (#142)
* Add encrypt_with_checksums to the hooks collection (#188)
* Escape white space in YADM_HOOK_FULL_COMMAND (#187)
* Improve parsing of os-release (#194)
* Improve identification of WSL (#196)
* Fix troff warnings emitted by man page (#195)
* Write encrypt-based exclusions during decrypt