Skip to content

Releases: funtoo/keychain

Keychain 2.9.2

02 May 20:18
@danielrobbins danielrobbins
2.9.2
135f204
Compare
Choose a tag to compare
Keychain 2.9.2 Latest
Latest

ChangeLog for Keychain

http://www.funtoo.org/Funtoo:Keychain

keychain 2.9.2 (2 May 2025)

This is primarily a bug fix release, but also introduces the new --extended option -- see below:

  • Deprecate --confhost option and replace with --extended option. The old --confhost myhost would now be --extended host:myhost. This also allows specifying SSH keys (sshk: prefix), GPG keys ( gpgk: prefix) and hosts (host: prefix) together without confusion.
  • Well, I became intimately familiar with IFS the hard way. Fix 2.9.1 bug #159 by reworking IFS settings and adding proper documentation to the right places. This fixes the --timeout option and also now allows --stop to work properly which was broken.
  • Improve --agents deprecation warning.
  • Have keychain properly adopt a currently-running gpg-agent providing ssh-agent functionality when --ssh-use-gpg is specified.
  • Explicitly clean up known-bad pidfiles during processing.
  • Deprecate --confhost option and replace with new --extended option.
  • Improve host-based key processing by using ssh -G to officially extract host-based keys.
  • Make Makefile BSD-compatible.
Assets 4
Loading

Keychain 2.9.1

01 May 16:34
@danielrobbins danielrobbins
2.9.1
68da4d1
Compare
Choose a tag to compare
Keychain 2.9.1

ChangeLog for Keychain

http://www.funtoo.org/Funtoo:Keychain

keychain 2.9.1 (1 May 2025)

This release fixes a major bug related to the --eval option with non-Bourne shells.

  • Fix --eval option so it works with non-Bourne shells (#158).
  • Last-minute option change: replace --ssh-wipe and --gpg-wipe with --wipe [ssh|gpg|all].
  • Deprecate --attempts option which doesn't work with gpg-agent pinentry nor modern OpenSSH.
  • More script rewriting -- default to IFS of newline in the script, totally rework SSH and GPG key adding code.
  • Remove undocumented and likely unused -- option.
  • Script is now at a svelte 1049 lines of code.
Loading

Keychain 2.9.0

30 Apr 19:16
@danielrobbins danielrobbins
2.9.0
1acfbc4
Compare
Choose a tag to compare
Keychain 2.9.0

ChangeLog for Keychain

http://www.funtoo.org/Funtoo:Keychain

keychain 2.9.0 (30 Apr 2025)

These release notes contain a summary of all changes, including cumulative
changes in pre-releases:

  • A new release after 8 years, with Daniel Robbins (script creator) returning as maintainer.
  • 60% of the script has been rewritten, and is now compliant with ShellCheck.
  • --agents and --inherit options have been deprecated to improve ease-of-use.
  • gpg-agent no longer started by default -- only when a GPG key has been provided on the command-line. GnuPG 2.1+ supported.
  • GnuPG pidfiles with -gpg extension are deprecated and no longer used.
  • Better GnuPG integration: gpg-agent can be used for SSH key storage. This can be enabled by specifying one of the new --ssh-allow-gpg and --ssh-spawn-gpg options. Agent information for gpg-agent's SSH socket will be stored in the regular pidfile for compatibility.
  • Add --ssh-rm, --ssh-wipe, --gpg-wipe options for removing/wiping SSH and GPG keys. This addresses GitHub Issue #153.
  • --clear option is now designed to be used for "initial clearing" of keys only.
  • Many user interface output improvements, to provide additional detail.
  • --debug option which can be used to troubleshoot issues with keychain.
  • Manual page significantly improved: New section on invocation, as well as documentation of the startup and agent detection algorithm.
  • Addition of --ssh-agent-socket option to manually specify desired path of the ssh-agent socket when starting.
  • Addition of --confallhosts to load identity files for all hosts.
  • Various bug fixes and improvements.
  • Script size reduced from 1500 to 1133 lines.
Loading

Keychain 2.9.0_beta4

27 Apr 02:45
@danielrobbins danielrobbins
2.9.0_beta4
628bb3e
Compare
Choose a tag to compare
Keychain 2.9.0_beta4

ChangeLog for Keychain

http://www.funtoo.org/Funtoo:Keychain

keychain 2.9.0_beta4 (26 Apr 2025)

  • Rewrite key parsing code to remove unwanted use of wantagent gpg in the code. This may fix previous bugs related to identifying and loading GPG keys.
  • Fix GitHub Issue #61 by ensuring that any error messages generated when adding SSH or GPG keys are printed as warnings to facilitate troubleshooting by users.
  • Manually merge in fish shell examples into keychain.pod.
  • Resolve GitHub Issue #75 and ensure that "IdentityFile" allows case variations.
Loading

keychain 2.9.0_beta3

26 Apr 01:21
@danielrobbins danielrobbins
2.9.0_beta3
84bdcce
Compare
Choose a tag to compare
keychain 2.9.0_beta3

ChangeLog for Keychain

http://www.funtoo.org/Funtoo:Keychain

keychain 2.9.0_beta3 (25 Apr 2025)

  • The previous beta of keychain attempted to use gpg-agent by default instead of ssh-agent. This behavior has been
    changed so that now you must opt-in to using gpg-agent. There are two new options to allow you to do this:
    --ssh-allow-gpg and --ssh-spawn-gpg, which are documented in the man page.
  • Displayed information about found/started agents has been greatly enhanced.
  • New option --debug, which currently allows display of more information regarding
    keychain's decisions.
  • Full technical documentation for keychain's agent-detection algorithm in the man page.
  • Key decision points in keychain's internal code now have better comments.
  • Fixing behavior of --noinherit to match previous versions.
  • Fixing behavior of --quick to match previous versions.
  • Tweaking agent detection to match legacy --inherit=local-once option.
  • Many documentation updates and improvements.
  • Now at 1119 lines of code (from 1500 lines of code in keychain 2.8.5)
Loading

Keychain 2.9.0_beta2

23 Apr 16:58
@danielrobbins danielrobbins
2.9.0_beta2
4c8119a
Compare
Choose a tag to compare
Keychain 2.9.0_beta2

ChangeLog for Keychain

http://www.funtoo.org/Funtoo:Keychain

keychain 2.9.0_beta2 (23 Apr 2025)

  • Code has been overhauled to be more maintainable and various parts of the codebase have been rewritten. During this
    process, which started with 2.9.0_alpha1, various things were broken. THIS IS THE FIRST POTENTIALLY VIABLE WORKING
    RELEASE since 2.8.5, so PLEASE TEST AND PROVIDE FEEDBACK. It will be marked as a non-prerelease on GitHub to get
    more active testing and feedback.
  • Please note -- this version of keychain uses gpg-agent by default, if available. We are evaluating the consequences
    of this change at the moment, request feedback on complications related to this change, and THIS DECISION MAY BE
    REVERSED in the final release of 2.9.0 (we may go back to defaulting to ssh-agent, and have an option to use gpg-agent
    in place of ssh-agent, instead of just automatically using gpg-agent.) Please provide feedback in GitHub issues
    based on your experience. We have already found some challenges with the gpg-agent-by-default strategy, so no need
    to convince anyone. Just share your feedback/opinion. Also note that the man page has been updated to reflect all
    these changes, so take a look at the man page for info on the current behavior. There are new sections: LIFECYCLE,
    STARTING and SOCKETS AND PIDS.
  • ChangeLog has been converted to ChangeLog.md (thanks @d4g33z) to facilitate better interoperability with GitHub and
    modern conventions.

Contributors

d4g33z
Loading

keychain 2.9.0_beta1

15 Apr 22:08
@danielrobbins danielrobbins
2.9.0_beta1
dcddeee
Compare
Choose a tag to compare
keychain 2.9.0_beta1 Pre-release
Pre-release 
Keychain 2.9.0_beta1 release:

* Fix gpg support and allow gpg-agent to be used as an ssh-agent if
  found. --agents ssh now means "use gpg-agent if it has ssh-agent
  support, or ssh-agent as a backup.". Add code so we don't try to
  start two gpg-agents for --agents gpg,ssh or --agents ssh,gpg.
* Remove keychain.txt from git and add to .gitignore.
* Optimizing output messages.
* Add --nosub option to disable substitution of gpg-agent for
  ssh-agent.
Loading

keychain 2.9.0_alpha1

09 Apr 19:02
@danielrobbins danielrobbins
2.9.0_alpha1
14d70f2
Compare
Choose a tag to compare
keychain 2.9.0_alpha1 Pre-release
Pre-release

  • keychain 2.9.0_alpha1 (9 Apr 2025)

    • Daniel Robbins returns as keychain maintainer.

    • 'keychain' and 'keychain.1' removed from git repo and added to .gitignore.

    • Make 'keychain.sh' fully-compliant with ShellCheck, and add necessary exception
      comments to the codebase. These changes require testing, as some of the suggested
      fixes are not desired, and I tried to catch all of these. Thus the _alpha1
      status.

    • Merge in typographical errors from Peter Pentchev (@ppentchev).
      (commit d8a566d)

    • Merge in validity checking for malformed SSH public key files, also from
      Peter Pentchev (@ppentchev). (commit 2722fdc)

    • Merge in support for --agents, which adds detection of gpg-agent which was
      disabled. From Mikko Koivunalho (@mikkoi).
      (commit 1d170da)

    • Merge in support for --agent-socket option, to specify the path for
      SSH_AUTH_SOCK manually. From Mikhail f. Shiryaev (@Felixoid).
      (commit 2a3dfcd)

    • Fix handling of exit codes. This fix is from Manolis Androulidakis
      (@manolis-andr). (commit ced0785)

    • Add --confallhosts option to allow loading of keys from all hosts.
      This is from Ole Martin Ruud (@barskern).
      (commit 0041078)

    • Update GPL-2 license file. This is from Karol Babioch (@ghost).
      (commit 15ad9e1)

Contributors

ghost, ppentchev, and 4 other contributors
Loading

keychain 2.8.5

24 Jan 15:24
2.8.5
7e37e4b
Compare
Choose a tag to compare
keychain 2.8.5

This is the official 2.8.5 release. It includes various fixes and support for systemd gnupg sockets.

Loading

keychain 2.8.4

12 Nov 01:17
@danielrobbins danielrobbins
2.8.4
613907a
Compare
Choose a tag to compare
keychain 2.8.4

This is the official keychain 2.8.4 release with GPG2 support, support for busybox ps and various optimizations.

Loading