A command line tool for interacting with Nitrokey devices (GitHub mirror) https://git.ireas.org/mirrors/nitrocli/atom?h=v0.2.2 2019-01-14T03:25:50Z 2019-01-14T03:25:50Z Daniel Mueller deso@posteo.net 2019-01-14T03:25:50Z urn:sha1:790e84091e10d52d2dd33aab7400b5d6345200a7 This change bumps the version of the crate to 0.2.2. The following notable changes have been made since 0.2.1: - Added the -v/--verbose option to control libnitrokey log level - Added the -m/--model option to restrict connections to a device model - Added the -f/--format option for the otp set subcommand to choose the secret format - Deprecated the --ascii option - Honor NITROCLI_ADMIN_PIN and NITROCLI_USER_PIN as well as NITROCLI_NEW_ADMIN_PIN and NITROCLI_NEW_USER_PIN environment variables for non-interactive PIN supply - Format nitrokey reported errors in more user-friendly format - Bumped nitrokey dependency to 0.3.1 2019-01-11T00:05:26Z Daniel Mueller deso@posteo.net 2019-01-11T00:05:26Z urn:sha1:304eb1b4954a9fcee1b2b8a06e3dd25e46ca3787 The command detailed in the PIN section in the man page exhibit a larger line spacing than all the other commands documented. The reason is that we have an addition newline between each of the individual subcommands in this section. This patch removes this additional newline to achieve a more consistent appearance. 2019-01-09T19:16:03Z Daniel Mueller deso@posteo.net 2019-01-09T19:16:03Z urn:sha1:3a99e7417e4c4eb30df9e711077c89b75764c029 So far we have taken all nitrokey::CommandError objects and put them in formatted form into the Error::Error variant. What we really should do, though, is to preserve the original error, with the additional context provided by the caller, and report that up the stack directly. Doing so has at least the benefit that we are able to check for expected errors without hard coding the textual representation as maintained by the nitrokey create. This change refactors the code accordingly and adds two tests for such expected error codes. 2019-01-10T23:22:13Z Daniel Mueller deso@posteo.net 2019-01-10T23:22:13Z urn:sha1:6e0efd98e9ee07a01241e2187b4c820770c3c478 Now that we have the infrastructure for non-interactive PIN supply in place, we can add tests for commands that require the entry of a PIN. To that end, this change adds tests for the pin set as well as pin unblock commands. 2019-01-10T00:31:31Z Daniel Mueller deso@posteo.net 2019-01-10T00:31:31Z urn:sha1:eea4f7357d7a3e3b365d887671ba78fd386a6d2d The second source of interactivity comes from the pin set and pin unblock commands, which also inquire with the pinentry module to ask the user for a PIN. This change adjusts the two commands to honor the PINs as available in the command execution context. It also updates the documentation to reflect the availability of the newly introduced and honored environment variables NITROCLI_ADMIN_PIN & NITROCLI_USER_PIN as well as NITROCLI_NEW_ADMIN_PIN & NITROCLI_NEW_USER_PIN. 2019-01-10T00:35:33Z Daniel Mueller deso@posteo.net 2019-01-10T00:35:33Z urn:sha1:ae939694c598ae23690f6a56f977c66ae7c0f020 The try_with_pin_and_data function is used by many commands to ask the user for a PIN in an interactive manner. Because we do not want to have any interactivity in our tests, we should honor the command execution's admin & user PIN fields from this function, if set. This change adjusts the function to honor the command execution context's admin & user PIN, if set. In order to do so it also adjusts the callers to hand through the context to begin with. 2019-01-09T21:41:53Z Daniel Mueller deso@posteo.net 2019-01-09T21:41:53Z urn:sha1:4842ac86c0a805c5c4a679644594252ca5ea388b In order to run tests fully non-interactively we need to avoid the need for using the GPG agent's PIN entry and caching mechanism. To accomplish that, we first need an alternate way to supply the PINs to use to the program. This change offers such a way by extending the execution context with two fields representing the PINs that are populated by corresponding environment variables, NITROCLI_ADMIN_PIN & NITROCLI_USER_PIN, if set. While only two PINs are required right now, because the program allows for the changing of each of the PINs, we also add two fields representing new PINs. These latter two fields are populated by the NITROCLI_NEW_ADMIN_PIN and NITROCLI_NEW_USER_PIN environment variables. 2019-01-10T21:49:48Z Daniel Mueller deso@posteo.net 2019-01-10T21:49:48Z urn:sha1:749a5c78c2075c5d37b01ec4fd23704aa5cfdf09 In the future we will need to perform a sequence of invocations of the program for testing purposes, with each having a slightly different execution context. Such a scheme does not map very well to the existing design where we essentially just have a function invocation to run the program. We would either have functions that produce a different execution context or pass in the data to modify. Neither of these approaches is appealing and so this change reworks the code slightly. With it, we now can create a Nitrocli object, which contains the data that diverges from the default execution context. This data will eventually be modifiable by callers. 2019-01-09T23:15:55Z Daniel Mueller deso@posteo.net 2019-01-09T23:15:55Z urn:sha1:886788a95a3c79a7664cbcd0bfffa1e500461adf The try_with_pin_and_data function is a fairly complex beast. Part of that complexity stems from the returned Result value, whose error part not only contains the error but also the previously passed in data. As it turns out, though, this data as returned is never actually consumed by any client. Hence, this change simplifies the logic slightly by removing all the additional complexity that this tuple return entailed. 2019-01-10T00:34:53Z Daniel Mueller deso@posteo.net 2019-01-10T00:34:53Z urn:sha1:ac7025cbe1bc46d25dd978138c6b397d77853232 The inquire_pin function of the pinentry module used to return a vector of bytes, as that is what is ultimately read from the gpg-agent process. All clients of this function, however, work with a string and, hence, convert this vector into a string. As it turns out, for better or worse, the pinentry::parse_pinentry_pin function (which produces the result of inquire_pin) internally already works with a string but then converts it back. That is both not useful and a waste of resources. This change adjusts both functions of interest to simply return a String object instead, removing the need for conversions at the clients. While at it, the patch also removes the need for a bunch of unnecessary allocations caused by sub-par parameter type choice.