| Commit message (Collapse) | Author | Age |
|
|
|
| |
This patch adds the librem device model for the Librem Key.
|
|
|
|
|
|
| |
This patch updates the nitrokey dependency to version 0.8.0 and applies
all breaking changes (Config fields renaming, DeviceWrapper and Model
non-exhaustiveness, changed Display implementation for Model).
|
|
|
|
|
|
|
| |
The fill command starts a background operation on a Nitrokey Storage
device that fills the SD card with random data. This patch adds a new
option, --progress, to the fill command that checks if a fill operation
is already running on the device and shows its progress.
|
|
|
|
|
| |
This patch uses the progressing crate to display a progress bar for the
fill command if the output is printed to a TTY.
|
|
|
|
|
|
| |
This patch adds the is_tty field to the Context struct that indicates
whether stdout is a TTY. This allows us to use TTY features like moving
the cursor in our output.
|
|
|
|
|
|
| |
This patch adds the fill command that overwrites the SD card with random
data. Similar to the reset command, we always require the user to enter
the admin PIN even if is cached.
|
|
|
|
|
|
|
|
|
|
| |
The Storage device keeps track of the areas of the SD card that have
been written to during this power cycle. This data can be accessed using
the NK_get_SD_usage_data function that returns a range of the SD card
that has not been written. This data can be used as a guide line when
creating new hidden volumes.
This patch adds the SD card usage data to the output of the status
command for Nitrokey Storage devices.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.3.5. The following
notable changes have been made since 0.3.4:
- Added support for configuration files
- Added support for configuration files that can be used to set
default values for some arguments
- Added toml dependency in version 0.5.6
- Added serde dependency in version 1.0.114
- Added envy dependency in version 0.4.2
- Added merge dependency in version 0.1.0
- Added directories dependency in version 3.0.1
- Reworked connection handling for multiple attached Nitrokey devices:
- Fail if multiple attached devices match the filter options (or no filter
options are set)
- Added --serial-number option that restricts the serial number of the
device to connect to
- Added --usb-path option that restricts the USB path of the device to
connect to
- Bumped structopt dependency to 0.3.17
|
|
|
|
|
|
|
|
|
|
| |
When we switched the default OTP format from hexadecimal to base32 we
missed that the manual was providing examples of the otp set command
that were implicitly making use of the default format -- leading to a
mismatch between what the example is meant to do and what it actually
does.
This change fixes this oversight in the manual by adjusting the examples
accordingly.
|
|
|
|
|
|
|
|
|
| |
When we originally switched over to using anyhow for error handling, we
evidently missed to take advantage of its context support in a couple of
error paths. The result was that we ended up with rather long winded
> result.ok_or_else(|| anyhow::anyhow!(...))
constructs.
This change shortens them, making use of the anyhow::Context trait.
|
|
|
|
|
|
|
|
| |
The man page mentions a password safe slot count of 20 for both the
Nitrokey Pro and the Nitrokey Storage devices. This count is incorrect,
as both devices can store only 16 entries each, as is evident from the
corresponding technical details for each device. With this change we
correct said number.
|
|
|
|
| |
Update company name to Nitrokey GmbH
|
|
|
|
|
| |
For consistency with the --usb-path option, this path renames the device
path column in the output of the list command to USB path.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the --usb-path option as an additional way to filter the
Nitrokey device to connect to. While the serial number is a better
identifier in theory, the Nitrokey Storage devices do not send their
serial number in the USB device descriptor. Having the --usb-path
options allows users to select one of multiple Nitrokey Storage devices.
While we could directly call the nitrokey::Manager::connect_path
function with the specified path, we integrate the --usb-path option
into the existing find_device function for consistent error messages and
to avoid having to duplicate the --model and --serial-number checks.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds test cases for the new connection logic:
- connect_multiple checks that nitrocli aborts if more than one Nitrokey
device is connected and no filter is set.
- connect_serial_number checks that we can use the --serial-number
option to connect to all supported Nitrokey devices.
- connect_wrong_serial_number checks that nitrocli aborts if it can’t
find a device with the requested serial number.
- connect_model checks that we can use the --model option to select the
Nitrokey device to connect to, and that nitrocli aborts if it finds no
matching device or multiple matching devices.
|
|
|
|
|
|
|
|
|
|
| |
This change updates the structopt crate to version 0.3.17. We need this
version as it fixes a compilation error [0] when using the
external_subcommand enum variant annotation provided by the crate. This
functionality will be used in a follow up change that enables usage of
user provided extensions.
[0]: https://github.com/TeXitoi/structopt/issues/424
|
|
|
|
|
|
|
|
| |
This patch adds the --serial-number option that allows the user to
filter the attached Nitrokey devices by serial number. As the Nitrokey
Storage does not include its serial number in the USB device descriptor
and as we don't want to connect to it just to query the serial number,
this option only works for Nitrokey Storage devices.
|
|
|
|
|
|
|
|
| |
Previously, we just applied our filter (if any) to all attached Nitrokey
devices and selected the first match when connection to a Nitrokey
device. This may lead to unexpected behavior if multiple devices are
attached. This patch changes the find_device function to return an
error if multiple matching devices are found.
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces two new functions, find_device and connect, to
connect to a Nitrokey device. find_device queries the attached Nitrokey
devices, applies the filters (currently only the --model option) and
returns the first match. connect calls find_device and connects to the
returned device.
This refactoring allows us to add more device filters, for example a
--serial-number option, without code duplication.
|
|
|
|
|
|
|
|
| |
In the future we would like to provide more ways for tests to create a
Nitrocli instance. In order to prevent explosion of with_XXX methods for
each possible combination of arguments, this change allows for an easier
configuration of an existing object with builder-pattern-inspired
modifier methods.
|
|
|
|
|
|
|
|
| |
While the Nitrocli::model() method was well intentioned, we do not
actually need it because we create a Nitrocli instance from the model
passed to the individual test. We can just reuse this model instead.
With this patch we do exactly that, allowing us to get rid of
Nitrocli::model() all together.
|
|
|
|
|
|
| |
This patch adds a new section to the README that declares that we follow
the Semantic Versioning specification and that the public API of our
crate is defined by the man page.
|
|
|
|
|
|
|
|
| |
With this change we switch to using a REUSE compliant way of specifying
the copyright & license of the program. To be fully in conformance we
also add additional license specifications for the remaining files in
the project. Lastly, a new CI pipeline rule takes care of verifying
compliance on an ongoing basis.
|
|
|
|
|
| |
This change adjusts the copyright header in all files to no longer
mention individuals but refer to The Nitrocli Developers in general.
|
|
|
|
|
| |
This patch adds the from_env constructor to Context to make the main
function easier to read.
|
|
|
|
|
|
|
| |
Since we moved the model, no_cache and verbosity fields from ExecCtx
into Config and added a Config field to both ExecCtx and RunCtx, RunCtx
and ExecCtx are identical. Therefore this patch merges the ExecCtx and
RunCtx structs into the new Context struct.
|
|
|
|
|
|
|
| |
With the switch from argparse over to structopt a while back the need
for the Stdio trait that we used for abstracting over the different
contexts vanished. With this change we remove the trait and its various
implementations.
|
|
|
|
|
|
|
| |
This patch updates the man page for the last changes:
- new option --no-cache
- changes to the environment variables
- configuration files
|
|
|
|
|
|
|
|
| |
This patch adds a new --no-cache option that corresponds to the
NITROCLI_NO_CACHE environment variable and the no_cache configuration.
This makes the user interface more consistent as all configuration items
are now backed by both an environment variable and a command-line
option.
|
|
|
|
|
|
|
|
| |
This patch adds a simple configuration file that demonstrates the syntax
and contains some documentation. We suggest to ship this file together
with nitrocli and to install it e.g., in the /usr/share/doc/nitrocli
directory. This patch also adds a simple test case that makes sure that
the example file is parsed correctly.
|
|
|
|
|
|
|
|
|
| |
This patch uses the directories crate to query the appropriate path for
the configuration files. For Linux, paths according to the XDG Base
Directory Specification are used.
Note that directories does not yet support the XDG_CONFIG_DIRS variable
for system-wide configuration files. Therefore we only use a user
configuration file.
|
|
|
|
|
|
|
|
| |
This patch uses the envy crate to parse the environment. A variable
NITROCLI_KEY can be used to overwrite the configuration for *key*. This
has the side effect that the NITROCLI_NO_CACHE variable is evaluated as
a boolean variable (instead of only checking whether it is set). We
also accept two new variables, NITROCLI_MODEL and NITROCLI_VERBOSITY.
|
|
|
|
|
|
|
|
|
| |
This patch implements basic configuration handling that reads a
configuration file and stores the parsed data in the ExecCtx and RunCtx
structs. It supports three configuration items:
- model (previously only --model)
- no_cache (previously only NITROCLI_NO_CACHE)
- verbosity (previously only --verbose)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.3.4. The following
notable changes have been made since 0.3.3:
- Changed default OTP format from hex to base32
- Improved error reporting format and fidelity
- Added anyhow dependency in version 1.0.32
- Updated minimum required Rust version to 1.42.0
- Bumped nitrokey dependency to 0.7.1
- Bumped proc-macro2 dependency to 1.0.19
- Bumped syn dependency to 1.0.36
|
|
|
|
|
|
|
| |
The missing_copy_implementations lint is arguably not super useful in an
application crate, where no third party is consuming the type
definitions. As such, this change removes it from the list of lints
causing warnings.
|
|
|
|
|
| |
This change updates the syn dependency we consume to 1.0.36 and
proc-macro2 to 1.0.19.
|
|
|
|
|
|
|
| |
In the past we were using an application global custom Result type
definition. This makes less sense now that we switched over to using
anyhow's Error and Result types. We kept that for the time being, but
with this change we remove the type and use anyhow::Result instead.
|
|
|
|
|
|
| |
This change removes the error module. This module, and the Error type it
homes, are no longer used by the application, as everything has been
transitioned over to using anyhow's Error type.
|
|
|
|
|
|
|
|
|
| |
With the move to using anyhow's Error type and adding contextual
information at the point where we bubble up errors, we no longer require
the 'msg' argument that is passed to the try_with_pin_* and authenticate
functions.
To that end, this change removes this parameter, concluding the switch
to using anyhow.
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes our error handling approach from the ground up:
instead of having a globally used Error enum that contains variants for
all possible errors, we now use anyhow's Error type. This approach is
more dynamic (and not statically typed), but it allows for more fine
grained error messages and overall more user-friendly error reporting.
Overall it also is a net simplification. While we have one dynamic cast
now, in order to be able to handle erroneous password/PIN entries
correctly, that is considered a reasonable compromise.
|
|
|
|
|
|
|
|
|
| |
This change updates the nitrokey dependency we consume to 0.7.1. With
this version the crate's Error type got reworked slightly, allowing it
to implement Sync and Send. It furthermore no longer duplicates
information available through the source() method in its Display
implementation. Both these changes will enable us to switch over to
using the anyhow crate for error handling in nitrocli in the future.
|
|
|
|
| |
This change updates the nitrokey-test development dependency to 0.4.0.
|
|
|
|
|
|
| |
This change updates the minimum required version of Rust to 1.42.0. We
will need this version in order to make use of the most recent version
of nitrokey-test.
|
|
|
|
|
|
|
|
| |
The pinentry tests currently expect the Error::Error variant to be
reported for failures.
This patch adjusts the tests to merely compare strings and ignore the
exact type of error. Doing so will make it easier to switch to using
anyhow for error handling.
|
|
|
|
|
|
| |
This change wraps up the removal of the UnwrapError test trait. This
step prepares us for the subsequent removal of the application's global
Error enum type, in favor of the usage of anyhow's Error type.
|
|
|
|
|
| |
This change marks the next step in getting rid of the UnwrapError test
trait. Specifically, it removes its unwrap_lib_err method.
|
|
|
|
|
|
|
|
|
|
| |
With upcoming changes we intend to move towards a model where we do not
distinguish the individual error variants the program deals with in a
global enum.
In preparation of such a change, this patch marks a first step in
removing the UnwrapError test trait, which relies on the existence of
exactly such typed errors. In particular, we remove the unwrap_str_err
method from it, basically falling back to just working with strings.
|
|
|
|
|
|
|
|
|
|
|
| |
An arguably unrepresentative survey of services (GitHub, Google
Authenticator, and Bitbucket) seems to suggests that the base32 format
is the de-facto standard format for OTP secrets. Given that it's not
necessarily obvious what format a secret is in and that most services
refrain from mentioning it explicitly, having the correct default format
is fairly important.
With this change we switch the default format from hexadecimal to
base32 to accommodate for this finding.
|
|
|
|
|
|
|
| |
A while back we removed the nitrocli/ directory in the repository root.
Unfortunately, we missed that the binary-sizes.py script relied on the
previous directory structure. This change adjusts the script to work
with the new structure.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our custom macros for conveniently creating types with additional meta
information for working with structopt do not actually use the doc
comments we have in place -- these comments are solely for in-source
documentation. We are an application and as such crates.io will not
automatically generate documentation.
All of that does not deter rustc from complaining that doc comments are
unused. In the past we tried to fudge that by adding a special
allowance, #[allow(unused_doc_comments)], but that seems to have seized
to work.
With this change we finally give in and move the doc comment into the
macro itself, where it will be used to annotate the generated type. This
step should hopefully silence rustc once and for all -- at the expense
of a slight decrease in readability.
|