The master branch of pwmd has merged the no-literals branch and also fixes the CLEARCACHE command to clear gpg-agent cached keys among other things. This requires libgpgme >= 1.7.0 and gpg-agent >= 2.1.15 which are both still in development and haven’t been released yet. But you can still try things out by building from their git repositories.
Also added are two new special attributes expire and expire_increment. When the
GET command encounters an element with the expire attribute and the currrent time is greater than the attribute value, a new status message
STATUS_EXPIRE is sent. The expire_increment attribute is the number of seconds that the next
STORE command will increment the expire attribute by from the current time. So if you have set an expiry for an element and use a qpwmc shortcut to fetch element content with an expired element, you will be notified about it.
I’ve created a new branch for removal of literal element paths. This branch pretty much fixes recursion loops but has the problem that it can’t exactly mimic
find(1) output for elements with a target loop: the
LIST of the element path will stop at the node where the loop is detected which may really be in a child of the target node. For example, the pseudo-document:
a<TAB>b<TAB>c -> c
c<TAB>d -> a
LIST output. It will stop at
a->b->c with a target loop flag appended.
I’ve run into a couple of more bugs relating to handling of the
target attribute and recursion loops and have also recently learned about SQL relational object pointers which may be a canidate for replacing the
target attribute and XML database format entirely. The command syntax may be able to be kept the same with the exception of the
XPATHATTR commands. But SQL has easier searching syntax anyway.
Hopefully we should be able to use
sqlite3 since it can do in-memory databases and possibly faster than the XML database, too. We’ll see how it goes…
UPDATE: There is a project libsqlfs that utilizes sqlite’s VFS features as a fuse module. The fuse module itself isn’t very useful because fuse is Linux and *BSD (just looking at configure.ac) specific and not portable to other OS’s. Most filesystem operations can be done without the fuse parts with the exception (naturally) of symbolic links. I’ve got a somewhat working implementation of sqlfs_proc_realpath() that may be a suitable substitute for the
Since the VFS features of sqlite are being used, most commands will probably change to look and behave like shell commands:
UPDATE 2: Well, I don’t think SQLite is going to work as well as I thought. So I’m going to rewrite how the “target” attribute works by removing the notion of literal elements to simplify things. An element with a “target” attribute will work as usual, but a literal element — the element of the same name without a “target” attribute — will be non-existant. So if you remove an element that contains a “target” attribute, it will remove only that element and not the target element path. Kinda like removing a symbolic link on a filesystem. Remove the link and not the stuff the link points to. Thats the new plan. But things may of course change.
This version contains mostly fixes backported from the development branch of pwmd. Here’s the NEWS for this release:
The "tcp_require_key" configuration parameter will no longer clear the cache
entry for a data file. It will only try to decrypt it.
Do an fsync(2) on the data file directory after a SAVE as recommended by the
Only show regular files in the LS command and also be sure the OPEN'd file
is a regular one.
Disallow a new line character in an attribute value to prevent ATTR LIST
TLS-1.0 is now disabled by default.
Fixed handling of invalid group names in an ACL. They are ignored rather than
returning an error.
When using gpg-agent and the agent cached key has expired, return
GPG_ERR_KEY_EXPIRED rather than GPG_ERR_NO_DATA. This can make it easier to
determine why you are asked for a passphrase by reviewing a pwmd log. Note
that the "max-cache-ttl" gpg-agent configuration parameter also affects the
cache state for a data file.
A few minor bug fixes. See ChangeLog for details.
Download it here.
Here’s a screenshot of the “Extended Save” dialog. The same dialog is shown for new files with the exception that the Symmetric checkbox is enabled and selectable (can’t change encryption schemes for existing data files). These latest features require the development version of pwmd and libpwmd located in their git repositories.
Here’s a screenshot of QPwmc progress. Is has more of an application feel with menus and toolbars and supports OpenPGP key selection during Save. It also does pwmd server IO in a separated thread to prevent blocking the UI.
Menus and toolbars!
Work continues making
pwmd work with libgpgme. There are a couple of things remaining to do before a release. Mainly, deciding whether to make a tool to import v3.0.x data files then export to OpenPGP. Should the version then be 3.1 or 4.0? Another possibility is to rename the executable to
pwmd2 with a version of 1.0 or to fork the project entirely to something new. Also, should there be any beta releases?
The tickets on the SourceForge project page contain other things needing to be done, too.
This version adds advisory locking for data files via flock(2). Now two instances of
pwmd can share the same data file without risk of corruption. This version also reimplements data file ACL support and releases the data file mutex before beginning a data transfer during a command to let other clients aquire the mutex (unless locked explicitly). And a couple bug fixes.
Download it here.
This version fixes key file usage and expands a tilde
~ in the UDS socket parameter of pwmd_connect().
Download it here.
I’ve created a git repository libpurple-pwmd on GitLab. This is a plugin for libpurple (which is bundled with Pidgin) to retrieve account details from pwmd for any instant messaging protocol supported by libpurple. It requires the development version 3.x of Pidgin/libpurple but older and deprecated patches for Pidgin can be found here.