* Create a YADM_DATA base (that is the source for repo & archive)
* Add --yadm-data to override
* Default YADM_DATA will be determined by XDG_DATA_HOME
This special condition doesn't affect the selection process and is only
supported to support syntax highlighting and language detection for alt files
as reported in #239.
The syntax is '{% include "file" %}' where file is either an absolute path or a
path relative to the current template file's directory.
Variables in the included file will be replaced as for the main template. But
the included file can't include files itself.
The newer versions (OpenSSL 1.1.1 or LibreSSL 2.9.1) support the pbkdf2
key derivation function, while older versions do not. In addition the
new versions have changed the default digest to SHA256 instead of MD5.
Files encrypted with older versions would throw warnings about
deprecated key derivation used files encrypted with newer versions +
pbkdf2 would not be decryptable using older versions These problems
matter, when many users maintain their dotfiles across different systems
with different levels of OpenSSL support.
A new boolean config option has been added, yadm.openssl-old
* If false, use options -pbkdf2 -iter 100000 -md sha512
* If true, use options -md md5 (and if decrypting with newer versions
warnings will be printed)
FixesTheLocehiliosan/yadm#226
When a config file path is passed to yadm whose parent directory does
not exist, git (and hence yadm) fails without writing the file.
Yadm should, however, make sure that the directory exists s.t. git can
just write to the file.
Support is inherently provided by `enter`, which supports a command.
I've added a `transcrypt` command, which is really just an alias
under-the-hood for "enter transcrypt".
Support is inherently provided by `enter`, which now supports a command.
I've added a `git-crypt` command, which is really just an alias
under-the-hood for "enter git-crypt".
When this option is provided, linters will be run regardless of the
version installed. Normally tests are skipped if the linters are not the
supported version.
This change allows alternates to be stored in "$YADM_DIR/alt". The
correct path within the work tree will be symlinked.
Storing alternates within the work tree is still allowed. Both locations
will be considered when choosing an appropriate alternate file.
A new variable is exposed to templates, which holds the filename of the
template source. The primary use case is to be able to include a warning
message within the template. For example:
# Do not edit. This file auto-generated from {{ yadm.source }}.
The new test system is written with py.test. These tests are more
comprehensive, run faster by an order of magnitude, and are far more
maintainable. The tests themselves conform to PEP8.
`eval` has always been used to process the globs in `.yadm/encrypt`.
This is being removed, as there is a risk of executing "dirty" data
found in `.yadm/encrypt`.
Caveats of this change:
* Brace and tilde expansion will no longer work in `.yadm/encrypt`
* Paths with spaces must not be quoted anymore
Directories are created prior to merge during clone, and prior to any
Git command run.
This directly addresses CVE-2017-11353.
When cloning a repo which includes data in a .ssh or .gnupg directory,
if those directories do not exist at the time of cloning, yadm will
create the directories with mask 0700 prior to merging the fetched data
into the work-tree.
When running a Git command and .ssh or .gnupg directories do not exist,
create those directories with mask 0700 prior to running the Git
command. However, do not create those directories if
yadm.auto-private-dirs is false.
