mirror of
https://github.com/FiloSottile/age.git
synced 2026-03-11 08:55:41 +00:00
Compare commits
No commits in common. "main" and "v1.3.0" have entirely different histories.
13 changed files with 30 additions and 124 deletions
6
.github/workflows/build.yml
vendored
6
.github/workflows/build.yml
vendored
|
|
@ -17,7 +17,6 @@ jobs:
|
|||
- {GOOS: linux, GOARCH: arm, GOARM: 6}
|
||||
- {GOOS: linux, GOARCH: arm64}
|
||||
- {GOOS: darwin, GOARCH: arm64}
|
||||
- {GOOS: darwin, GOARCH: amd64}
|
||||
- {GOOS: windows, GOARCH: amd64}
|
||||
- {GOOS: freebsd, GOARCH: amd64}
|
||||
steps:
|
||||
|
|
@ -87,11 +86,6 @@ jobs:
|
|||
mkdir "$DIR/age"
|
||||
git archive --format=tar.gz HEAD | tar -xz -C "$DIR/age"
|
||||
( cd "$DIR/age"; go mod vendor )
|
||||
for cmd in "$DIR"/age/{cmd,extra}/*; do
|
||||
echo "package main" >> "$cmd/version.go"
|
||||
echo "" >> "$cmd/version.go"
|
||||
echo "func init() { Version = \"$VERSION\" }" >> "$cmd/version.go"
|
||||
done
|
||||
tar -cvzf "age-$VERSION-source.tar.gz" -C "$DIR" age
|
||||
- name: Upload workflow artifacts
|
||||
uses: actions/upload-artifact@v4
|
||||
|
|
|
|||
|
|
@ -151,7 +151,7 @@ On Windows, Linux, macOS, and FreeBSD you can use the pre-built binaries.
|
|||
|
||||
```
|
||||
https://dl.filippo.io/age/latest?for=linux/amd64
|
||||
https://dl.filippo.io/age/v1.3.1?for=darwin/arm64
|
||||
https://dl.filippo.io/age/v1.3.0?for=darwin/arm64
|
||||
...
|
||||
```
|
||||
|
||||
|
|
|
|||
26
SIGSUM.md
26
SIGSUM.md
|
|
@ -11,33 +11,13 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1WpnEswJLPzvXJDiswowy48U+G+G1kmgwUE2eaRHZG
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz2WM5CyPLqiNjk7CLl4roDXwKhQ0QExXLebukZEZFS
|
||||
EOF
|
||||
|
||||
curl -JLO "https://dl.filippo.io/age/v1.3.1?for=darwin/arm64"
|
||||
curl -JLO "https://dl.filippo.io/age/v1.3.1?for=darwin/arm64&proof"
|
||||
curl -JLO "https://dl.filippo.io/age/v1.3.0?for=darwin/arm64"
|
||||
curl -JLO "https://dl.filippo.io/age/v1.3.0?for=darwin/arm64&proof"
|
||||
|
||||
go install sigsum.org/sigsum-go/cmd/sigsum-verify@v0.13.1
|
||||
sigsum-verify -k age-sigsum-key.pub -P sigsum-generic-2025-1 \
|
||||
age-v1.3.1-darwin-arm64.tar.gz.proof < age-v1.3.1-darwin-arm64.tar.gz
|
||||
age-v1.3.0-darwin-arm64.tar.gz.proof < age-v1.3.0-darwin-arm64.tar.gz
|
||||
```
|
||||
|
||||
You can learn more about what's happening above in the [Sigsum
|
||||
docs](https://www.sigsum.org/getting-started/).
|
||||
|
||||
### Release playbook
|
||||
|
||||
Dear future me, to sign a new release and produce Sigsum proofs, run the following
|
||||
|
||||
```
|
||||
VERSION=v1.3.1
|
||||
go install sigsum.org/sigsum-go/cmd/sigsum-verify@latest
|
||||
go install github.com/tillitis/tkey-ssh-agent/cmd/tkey-ssh-agent@main
|
||||
tkey-ssh-agent --agent-socket tkey-ssh-agent.sock --uss
|
||||
passage -c other/tkey-ssh-sigsum-age
|
||||
SSH_AUTH_SOCK=tkey-ssh-agent.sock ssh-add -L > tkey-ssh-agent.pub
|
||||
passage other/sigsum-ratelimit > sigsum-ratelimit
|
||||
gh release download $VERSION --repo FiloSottile/age --dir artifacts/
|
||||
SSH_AUTH_SOCK=tkey-ssh-agent.sock sigsum-submit -k tkey-ssh-agent.pub -P sigsum-generic-2025-1 -a sigsum-ratelimit -d filippo.io artifacts/*
|
||||
gh release upload $VERSION --repo FiloSottile/age artifacts/*.proof
|
||||
```
|
||||
|
||||
In the future, we will move to reproducing the artifacts locally, and signing
|
||||
those instead of the ones built by GitHub Actions.
|
||||
|
|
|
|||
|
|
@ -24,10 +24,6 @@ Options:
|
|||
INPUT defaults to standard input. "-" may be used as INPUT to explicitly
|
||||
read from standard input.`
|
||||
|
||||
// Version can be set at link time to override debug.BuildInfo.Main.Version when
|
||||
// building manually without git history. It should look like "v1.2.3".
|
||||
var Version string
|
||||
|
||||
func main() {
|
||||
flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
|
||||
|
||||
|
|
@ -41,10 +37,11 @@ func main() {
|
|||
flag.Parse()
|
||||
|
||||
if versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok && Version == "" {
|
||||
Version = buildInfo.Main.Version
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok {
|
||||
fmt.Println(buildInfo.Main.Version)
|
||||
return
|
||||
}
|
||||
fmt.Println(Version)
|
||||
fmt.Println("(unknown)")
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -56,10 +56,6 @@ Examples:
|
|||
$ age-keygen -y key.txt
|
||||
age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p`
|
||||
|
||||
// Version can be set at link time to override debug.BuildInfo.Main.Version when
|
||||
// building manually without git history. It should look like "v1.2.3".
|
||||
var Version string
|
||||
|
||||
func main() {
|
||||
log.SetFlags(0)
|
||||
flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
|
||||
|
|
@ -73,15 +69,6 @@ func main() {
|
|||
flag.StringVar(&outFlag, "o", "", "output to `FILE` (default stdout)")
|
||||
flag.StringVar(&outFlag, "output", "", "output to `FILE` (default stdout)")
|
||||
flag.Parse()
|
||||
|
||||
if versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok && Version == "" {
|
||||
Version = buildInfo.Main.Version
|
||||
}
|
||||
fmt.Println(Version)
|
||||
return
|
||||
}
|
||||
|
||||
if len(flag.Args()) != 0 && !convertFlag {
|
||||
errorf("too many arguments")
|
||||
}
|
||||
|
|
@ -91,6 +78,14 @@ func main() {
|
|||
if pqFlag && convertFlag {
|
||||
errorf("-pq cannot be used with -y")
|
||||
}
|
||||
if versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok {
|
||||
fmt.Println(buildInfo.Main.Version)
|
||||
return
|
||||
}
|
||||
fmt.Println("(unknown)")
|
||||
return
|
||||
}
|
||||
|
||||
out := os.Stdout
|
||||
if outFlag != "" {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ import (
|
|||
"io"
|
||||
"log"
|
||||
"os"
|
||||
"runtime/debug"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
|
@ -74,10 +73,6 @@ When decrypting, you can set AGE_PASSPHRASE_MAX_WORK_FACTOR to limit the
|
|||
maximum scrypt work factor accepted (between 1 and 30, default 30). This can
|
||||
be used to avoid very slow decryptions.`
|
||||
|
||||
// Version can be set at link time to override debug.BuildInfo.Main.Version when
|
||||
// building manually without git history. It should look like "v1.2.3".
|
||||
var Version string
|
||||
|
||||
func main() {
|
||||
flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
|
||||
|
||||
|
|
@ -85,19 +80,6 @@ func main() {
|
|||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
p.RegisterFlags(nil)
|
||||
|
||||
versionFlag := flag.Bool("version", false, "print the version")
|
||||
flag.Parse()
|
||||
|
||||
if *versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok && Version == "" {
|
||||
Version = buildInfo.Main.Version
|
||||
}
|
||||
fmt.Println(Version)
|
||||
return
|
||||
}
|
||||
|
||||
p.HandleIdentityAsRecipient(func(data []byte) (age.Recipient, error) {
|
||||
if len(data) != 0 {
|
||||
return nil, fmt.Errorf("batchpass identity does not take any payload")
|
||||
|
|
|
|||
|
|
@ -98,10 +98,6 @@ func (f *identityFlags) addPluginFlag(value string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Version can be set at link time to override debug.BuildInfo.Main.Version when
|
||||
// building manually without git history. It should look like "v1.2.3".
|
||||
var Version string
|
||||
|
||||
func main() {
|
||||
flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
|
||||
|
||||
|
|
@ -140,10 +136,13 @@ func main() {
|
|||
flag.Parse()
|
||||
|
||||
if versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok && Version == "" {
|
||||
Version = buildInfo.Main.Version
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok {
|
||||
// TODO: use buildInfo.Settings to prepare a pseudoversion such as
|
||||
// v0.0.0-20210817164053-32db794688a5+dirty on Go 1.18+.
|
||||
fmt.Println(buildInfo.Main.Version)
|
||||
return
|
||||
}
|
||||
fmt.Println(Version)
|
||||
fmt.Println("(unknown)")
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ AGE\-SECRET\-KEY\-1N9JEPW6DWJ0ZQUDX63F5A03GX8QUW7PXDE39N8UYF82VZ9PC8UFS3M7XA9
|
|||
Write a new post\-quantum identity to \fBkey\.txt\fR:
|
||||
.IP "" 4
|
||||
.nf
|
||||
$ age\-keygen \-pq \-o key\.txt
|
||||
$ age\-keygen \-o key\.txt
|
||||
Public key: age1pq1cd[\|\.\|\.\|\. 1950 more characters \|\.\|\.\|\.]
|
||||
.fi
|
||||
.IP "" 0
|
||||
|
|
|
|||
|
|
@ -130,7 +130,7 @@ AGE-SECRET-KEY-1N9JEPW6DWJ0ZQUDX63F5A03GX8QUW7PXDE39N8UYF82VZ9PC8UFS3M7XA9
|
|||
|
||||
<p>Write a new post-quantum identity to <code>key.txt</code>:</p>
|
||||
|
||||
<pre><code>$ age-keygen -pq -o key.txt
|
||||
<pre><code>$ age-keygen -o key.txt
|
||||
Public key: age1pq1cd[... 1950 more characters ...]
|
||||
</code></pre>
|
||||
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ Generate a new traditional identity:
|
|||
|
||||
Write a new post-quantum identity to `key.txt`:
|
||||
|
||||
$ age-keygen -pq -o key.txt
|
||||
$ age-keygen -o key.txt
|
||||
Public key: age1pq1cd[... 1950 more characters ...]
|
||||
|
||||
Convert an identity to a recipient:
|
||||
|
|
|
|||
|
|
@ -30,16 +30,12 @@ implementation of age that supports plugins.
|
|||
Recipients work out of the box, while identities need to be converted to plugin
|
||||
identities with -identity. If OUTPUT already exists, it is not overwritten.`
|
||||
|
||||
// Version can be set at link time to override debug.BuildInfo.Main.Version when
|
||||
// building manually without git history. It should look like "v1.2.3".
|
||||
var Version string
|
||||
|
||||
func main() {
|
||||
log.SetFlags(0)
|
||||
|
||||
p, err := plugin.New("pq")
|
||||
if err != nil {
|
||||
errorf("failed to create plugin: %v", err)
|
||||
log.Fatal(err)
|
||||
}
|
||||
p.RegisterFlags(nil)
|
||||
|
||||
|
|
@ -54,10 +50,11 @@ func main() {
|
|||
flag.Parse()
|
||||
|
||||
if versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok && Version == "" {
|
||||
Version = buildInfo.Main.Version
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok {
|
||||
fmt.Println(buildInfo.Main.Version)
|
||||
return
|
||||
}
|
||||
fmt.Println(Version)
|
||||
fmt.Println("(unknown)")
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import (
|
|||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"runtime/debug"
|
||||
|
||||
"filippo.io/age"
|
||||
"filippo.io/age/plugin"
|
||||
|
|
@ -19,10 +18,6 @@ support to any version and implementation of age that supports plugins.
|
|||
Usually, tagged recipients are the public side of private keys held in hardware,
|
||||
where the identity side is handled by a different plugin.`
|
||||
|
||||
// Version can be set at link time to override debug.BuildInfo.Main.Version when
|
||||
// building manually without git history. It should look like "v1.2.3".
|
||||
var Version string
|
||||
|
||||
func main() {
|
||||
flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
|
||||
|
||||
|
|
@ -30,22 +25,8 @@ func main() {
|
|||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
p.RegisterFlags(nil)
|
||||
|
||||
versionFlag := flag.Bool("version", false, "print the version")
|
||||
flag.Parse()
|
||||
|
||||
if *versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok && Version == "" {
|
||||
Version = buildInfo.Main.Version
|
||||
}
|
||||
fmt.Println(Version)
|
||||
return
|
||||
}
|
||||
|
||||
p.HandleRecipient(func(b []byte) (age.Recipient, error) {
|
||||
return tag.NewClassicRecipient(b)
|
||||
})
|
||||
|
||||
os.Exit(p.Main())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import (
|
|||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"runtime/debug"
|
||||
|
||||
"filippo.io/age"
|
||||
"filippo.io/age/plugin"
|
||||
|
|
@ -20,10 +19,6 @@ implementation of age that supports plugins.
|
|||
Usually, tagged recipients are the public side of private keys held in hardware,
|
||||
where the identity side is handled by a different plugin.`
|
||||
|
||||
// Version can be set at link time to override debug.BuildInfo.Main.Version when
|
||||
// building manually without git history. It should look like "v1.2.3".
|
||||
var Version string
|
||||
|
||||
func main() {
|
||||
flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
|
||||
|
||||
|
|
@ -31,22 +26,8 @@ func main() {
|
|||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
p.RegisterFlags(nil)
|
||||
|
||||
versionFlag := flag.Bool("version", false, "print the version")
|
||||
flag.Parse()
|
||||
|
||||
if *versionFlag {
|
||||
if buildInfo, ok := debug.ReadBuildInfo(); ok && Version == "" {
|
||||
Version = buildInfo.Main.Version
|
||||
}
|
||||
fmt.Println(Version)
|
||||
return
|
||||
}
|
||||
|
||||
p.HandleRecipient(func(b []byte) (age.Recipient, error) {
|
||||
return tag.NewHybridRecipient(b)
|
||||
})
|
||||
|
||||
os.Exit(p.Main())
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue