From 69d5d0f3e87151798c69774f4fe2407e7b6eb277 Mon Sep 17 00:00:00 2001 From: NicoHood Date: Mon, 1 Feb 2021 15:21:05 +0100 Subject: [PATCH 01/18] Added zstd compression support. --- CHANGELOG.md | 4 ++++ Readme.md | 4 ++-- gpgit.sh | 6 +++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2cb84d7..a38dd69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ This changlog uses the [ISO 8601 date format](https://www.iso.org/iso-8601-date- ## [Unreleased] +### Added + +* zstd compression support + ## [1.4.1] - 2021-01-31 ### Changed diff --git a/Readme.md b/Readme.md index 63a5321..dbaeb45 100644 --- a/Readme.md +++ b/Readme.md @@ -56,7 +56,7 @@ The security status of GNU/Linux projects will be tracked in the [Linux Security ```bash # Install dependencies and optional dependencies sudo apt-get install bash gnupg2 git tar xz-utils coreutils gawk grep sed -sudo apt-get install gzip bzip lzip file jq curl +sudo apt-get install gzip bzip lzip zstd file jq curl # Download and verify source VERSION=1.4.1 @@ -114,7 +114,7 @@ Configuration options: gpgit.signingkey , user.signingkey gpgit.output gpgit.token - gpgit.compression + gpgit.compression gpgit.hash gpgit.changelog gpgit.github diff --git a/gpgit.sh b/gpgit.sh index e126ffb..5c61c28 100755 --- a/gpgit.sh +++ b/gpgit.sh @@ -86,7 +86,7 @@ ${BOLD}Configuration options:${ALL_OFF} gpgit.signingkey , user.signingkey gpgit.output gpgit.token - gpgit.compression + gpgit.compression gpgit.hash gpgit.changelog gpgit.github @@ -416,7 +416,7 @@ NEW_SIGNINGKEY="false" # Check if dependencies are available # Dependencies: bash, gnupg2, git, tar, xz, coreutils, gawk, grep, sed -# Optional dependencies: gzip, bzip2, lzip, file, jq, curl +# Optional dependencies: gzip, bzip2, lzip, zstd, file, jq, curl check_dependency "${GPG_BIN}" "${COMPRESSION[@]}" \ || die "Please check your \$PATH variable or install the missing dependencies." @@ -668,7 +668,7 @@ do if [[ "${util}" == "zip" ]]; then git archive --format=zip --prefix "${PROJECT}-${TAG}/" "refs/tags/${TAG}" > "${FILE}" else - git archive --format=tar --prefix "${PROJECT}-${TAG}/" "refs/tags/${TAG}" | "${util}" --best > "${FILE}" + git archive --format=tar --prefix "${PROJECT}-${TAG}/" "refs/tags/${TAG}" | "${util}" > "${FILE}" fi else warning "Found existing archive '${FILE}'." From 34f444c1bda068899001d27790dd84b14327052f Mon Sep 17 00:00:00 2001 From: NicoHood Date: Mon, 1 Feb 2021 15:22:05 +0100 Subject: [PATCH 02/18] Minor improve error message --- gpgit.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gpgit.sh b/gpgit.sh index 5c61c28..d712a01 100755 --- a/gpgit.sh +++ b/gpgit.sh @@ -757,7 +757,7 @@ function github_upload_asset() # Abort in API error message="$(echo "${RESULT}" | jq -r .message)" if [[ "${message}" != "null" ]]; then - die "Github API message: '${message}' Check your token configuration: https://github.com/settings/tokens" + die "Github API message: '${message}'. Check your token configuration: https://github.com/settings/tokens" fi } @@ -817,7 +817,7 @@ else # Abort on API error message="$(echo "${GITHUB_RELEASE}" | jq -r .message)" if [[ "${message}" != "null" ]]; then - die "Github API message: '${message}' Check your token configuration: https://github.com/settings/tokens" + die "Github API message: '${message}'. Check your token configuration: https://github.com/settings/tokens" fi # Safe new ID From 3aeb789a66b16ef4e12df62025d4f9b983420331 Mon Sep 17 00:00:00 2001 From: NicoHood Date: Wed, 3 Feb 2021 17:37:35 +0100 Subject: [PATCH 03/18] Use --personal-digest-preferences as it is safer --- Readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Readme.md b/Readme.md index dbaeb45..8d9fc75 100644 --- a/Readme.md +++ b/Readme.md @@ -267,7 +267,7 @@ git archive --format=tar --prefix gpgit-1.0.0/ 1.0.0 | xz > gpgit-1.0.0.tar.xz ### 4.2 Sign the archive Type the filename of the tarball that you want to sign and then run: ```bash -gpg2 --digest-algo SHA512 --armor --detach-sign gpgit-1.0.0.tar.xz +gpg2 --personal-digest-preferences SHA512 --armor --detach-sign gpgit-1.0.0.tar.xz ``` **Do not blindly sign the Github source downloads** unless you have compared its content with the local files via `diff.` [[Read more]](https://wiki.archlinux.org/index.php/GnuPG#Make_a_detached_signature) From 3c76f15ec14864689170791868a8b7301d35ee20 Mon Sep 17 00:00:00 2001 From: NicoHood Date: Fri, 9 Jul 2021 14:22:27 +0200 Subject: [PATCH 04/18] Update readme links --- Readme.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Readme.md b/Readme.md index 8d9fc75..089fdb9 100644 --- a/Readme.md +++ b/Readme.md @@ -164,7 +164,7 @@ Here are a few examples how to keep a passphrase strong but easy to remember: ### 1.2 Key generation If you don't have a GPG key yet, create a new one first. You can use RSA (4096 bits) or ECC (Curve 25519) for a strong key. GPG offers you the option to use the most future-proof key algorithm available. Use the most recent version gnupg2, not gnupg1! -Ed25519 ECC GPG keys are currently [not supported by Github](https://help.github.com/articles/generating-a-new-gpg-key/#supported-gpg-key-algorithms). To generate an ECC key use `future-default` instead of `rsa4096` as parameter. +Ed25519 ECC GPG keys are still not supported by every software/platform. To generate an RSA key use `rsa4096` instead of `future-default` as parameter. **Make sure that your secret key is stored somewhere safe and use a unique strong password.** @@ -185,9 +185,9 @@ uid John Doe sub cv25519 2017-09-24 [E] ``` -The generated key has the fingerprint `6718A9A63030E182A86FEE152F8E73B1D445CCD3` in this example. Share it with others so they can verify your source. [[Read more]](https://wiki.archlinux.org/index.php/GnuPG#Create_key_pair) +The generated key has the fingerprint `6718A9A63030E182A86FEE152F8E73B1D445CCD3` in this example. Share it with others so they can verify your source. [[Read more]](https://wiki.archlinux.org/index.php/GnuPG#Create_a_key_pair) -If you ever move your installation make sure to backup `~/.gnupg/` as it contains the **private key** and the **revocation certificate**. Handle it with care. [[Read more]](https://wiki.archlinux.org/index.php/GnuPG#Revoking_a_key) +If you ever move your installation make sure to backup `~/.gnupg/` as it contains the **private key** and the **revocation certificate**. Handle it with care. [[Read more]](https://wiki.archlinux.org/index.php/GnuPG#Revoke_a_key) ## 2. Publish your key @@ -207,7 +207,7 @@ gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-keys To make it easy for everyone else to find your key it is crucial that you publish the [**full fingerprint**](https://lkml.org/lkml/2016/8/15/445) on a trusted platform, such as your website or Github. To give the key more trust other users can sign your key too. [[Read more]](https://wiki.debian.org/Keysigning) ### 2.3 Associate GPG key with Github -To make Github display your commits as "verified" you also need to add your public [GPG key to your Github profile](https://github.com/settings/keys). [[Read more]](https://help.github.com/articles/generating-a-gpg-key/) +To make Github display your commits as "verified" you also need to add your public [GPG key to your Github profile](https://github.com/settings/keys). [[Read more]](https://docs.github.com/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account) ```bash # List keys + full fingerprint @@ -288,7 +288,7 @@ sha512sum gpgit-1.0.0.tar.xz > gpgit-1.0.0.tar.xz.sha512 ## 5. Upload the release ### 5.1 Configure HTTPS download server -* [Why HTTPS Matters](https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https) +* [Why HTTPS Matters](https://web.dev/why-https-matters/) * [Let's Encrypt](https://letsencrypt.org/) * [SSL Server Test](https://www.ssllabs.com/ssltest/) From fa3c0517490f554f1fb5bad56c7adf67e6765a20 Mon Sep 17 00:00:00 2001 From: NicoHood Date: Fri, 9 Jul 2021 14:23:58 +0200 Subject: [PATCH 05/18] Added key expire tutorial in readme --- Readme.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Readme.md b/Readme.md index 089fdb9..e01754c 100644 --- a/Readme.md +++ b/Readme.md @@ -305,5 +305,19 @@ The script also supports [uploading to Github](https://developer.github.com/v3/r ## Email Encryption You can also use your GPG key for email encryption with [thunderbird](https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq). +## Update key expire date + +After renewing the GPG key expire date make sure to [publish your GPG key](https://github.com/NicoHood/gpgit#2-publish-your-key) again to the keyserver and update your website accordingly. A more detailed instruction can be found at [G-Loaded Journal](https://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/). + +``` +gpg2 --edit-key +gpg> expire +gpg> 1y +gpg> key 1 +gpg> expire +gpg> 1y +gpg> save +``` + ## Contact You can get securely in touch with me [here](https://contact.nicohood.de). My GPG key ID is `9731 2D5E B9D7 AE7D 0BD4 3073 51DA E9B7 C1AE 9161`. Don't hesitate to [file a bug at Github](https://github.com/NicoHood/gpgit/issues). More cool projects from me can be found [on my Website](https://www.nicohood.de). From b9e19940505459acc6f81b20cd4697366c51eab9 Mon Sep 17 00:00:00 2001 From: NicoHood Date: Fri, 9 Jul 2021 14:32:06 +0200 Subject: [PATCH 06/18] Added editorconfig --- .editorconfig | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..5dfee21 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,8 @@ +# .editorconfig +[*] +end_of_line = lf +insert_final_newline = true +charset = utf-8 +indent_style = space +indent_size = 4 +trim_trailing_whitespace = true From 7c67bb17510721f19d2cc7c6baa3e22cc48d2eab Mon Sep 17 00:00:00 2001 From: NicoHood Date: Fri, 9 Jul 2021 14:42:23 +0200 Subject: [PATCH 07/18] Added --version option --- gpgit.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/gpgit.sh b/gpgit.sh index d712a01..a8f758a 100755 --- a/gpgit.sh +++ b/gpgit.sh @@ -241,9 +241,9 @@ if [[ -x /usr/local/opt/gnu-getopt/bin/getopt ]]; then fi # Parse input params an ovrwrite possible default or config loaded options -GETOPT_PARAMS_SHORT="hcm:C:k:u:s:S:o:O:pnfdi" +GETOPT_PARAMS_SHORT="hvcm:C:k:u:s:S:o:O:pnfdi" GETOPT_ARGS="$(getopt -o "${GETOPT_PARAMS_SHORT}" \ - -l "help,message:,directory:,signingkey:,local-user:,gpg-sign:,output:,pre-release,no-github,force,interactive,changelog:,token:,compression:,hash:,keyserver:,github:,githubrepo:,project:,remote:,debug,color:"\ + -l "help,version,message:,directory:,signingkey:,local-user:,gpg-sign:,output:,pre-release,no-github,force,interactive,changelog:,token:,compression:,hash:,keyserver:,github:,githubrepo:,project:,remote:,debug,color:"\ -n "gpgit" -- "${@}")" || die "${USAGE_SHORT}" eval set -- "${GETOPT_ARGS}" @@ -255,6 +255,10 @@ while true ; do echo "${USAGE}" >&2 exit 0 ;; + -v|--version) + echo "${VERSION}" + exit 0 + ;; -m|--message) MESSAGE+="${2}\\n" shift From cbf022c47c7d3f8e82c3b2bdc98391e333edf77d Mon Sep 17 00:00:00 2001 From: NicoHood Date: Fri, 9 Jul 2021 15:13:30 +0200 Subject: [PATCH 08/18] Fix #32 add --asset option --- Readme.md | 1 + gpgit.sh | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Readme.md b/Readme.md index e01754c..553cb3a 100644 --- a/Readme.md +++ b/Readme.md @@ -100,6 +100,7 @@ Optional arguments: -u, --local-user Use the given GPG key (same as --signingkey). -o, --output Safe all release assets to the specified . -p, --pre-release Flag as Github pre-release. + -a, --asset Add additional assets, such as precompiled software. -f, --force Force the recreation of Git tag and release assets. -i, --interactive Run in interactive mode, step-by-step. --