Add pws-cache extension

.github/workflows/ci.yml

@@ -0,0 +1,68 @@
+# Copyright (C) 2021 The Nitrocli Developers
+# SPDX-License-Identifier: CC0-1.0
+
+# TODO:
+# - Test with system libnitrokey (USE_SYSTEM_LIBNITROKEY=1)?
+# - Add support for macos and windows
+
+name: CI
+
+on: [push, pull_request]
+
+env:
+  RUST_BACKTRACE: 1
+
+jobs:
+  test:
+    name: Compile and test Rust ${{ matrix.rust }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        rust: [1.42.0, stable, beta, nightly]
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          profile: minimal
+          override: true
+      - run: sudo apt-get install libhidapi-dev
+      - run: cargo build --workspace --bins --tests --verbose
+      - run: cargo build --workspace --bins --tests --verbose --release
+      - run: cargo test --workspace --verbose
+
+  clippy:
+    name: Lint with clippy
+    runs-on: ubuntu-latest
+    env:
+      RUSTFLAGS: -Dwarnings
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.42.0
+          components: clippy
+          override: true
+      - run: cargo clippy --workspace --all-targets --all-features --verbose -- -A unknown_lints -D warnings
+
+  reuse:
+    name: Check license annotations
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+      - run: pip3 install reuse
+      - run: reuse lint
+
+  rustfmt:
+    name: Verify code formatting
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: 1.42.0
+          components: rustfmt
+          override: true
+      - run: cargo fmt --all -- --check

CHANGELOG.md

@@ -1,9 +1,17 @@
 Unreleased
 ----------
+- Introduced extension support crate, `nitrocli-ext`
+- Introduced `otp-cache` and `pws-cache` core extensions
 - Enabled usage of empty PWS slot fields
+- Changed error reporting format to make up only a single line
+- Added `NITROCLI_RESOLVED_USB_PATH` environment variable to be used by
+  extensions
 - Allowed entering of `base32` encoded strings containing spaces
 - Fixed pinentry dialog highlighting some messages incorrectly as errors
+- Switched to using GitHub Actions as the project's CI pipeline
 - Bumped `nitrokey` dependency to `0.9.0`
+- Added the `--only-aes-key` option to the `reset` command to build a new AES
+  key without performing a factory reset
 
 
 0.4.0

Cargo.toml

@@ -39,12 +39,12 @@ version = "1.0"
 [dependencies.base32]
 version = "0.4.0"
 
-[dependencies.envy]
-version = "0.4.2"
-
 [dependencies.directories]
 version = "3"
 
+[dependencies.envy]
+version = "0.4.2"
+
 [dependencies.libc]
 version = "0.2"
 
@@ -82,3 +82,6 @@ version = "1"
 
 [dev-dependencies.tempfile]
 version = "3.1"
+
+[workspace]
+members = ["ext/*"]

doc/nitrocli.1

@@ -1,4 +1,4 @@
-.TH NITROCLI 1 2020-10-11
+.TH NITROCLI 1 2021-04-17
 .SH NAME
 nitrocli \- access Nitrokey devices
 .SH SYNOPSIS
@@ -79,12 +79,16 @@ This command locks the password safe (see the Password safe section). On the
 Nitrokey Storage, it will also close any active encrypted or hidden volumes (see
 the Storage section).
 .TP
-.B nitrocli reset
+.B nitrocli reset \fR[\fB\-\-only-aes-key\fR]
 Perform a factory reset on the Nitrokey.
 This command performs a factory reset on the OpenPGP smart card, clears the
 flash storage and builds a new AES key.
 The user PIN is reset to 123456, the admin PIN to 12345678.
 
+If the \fB\-\-only-aes-key\fR option is set, the command does not perform a
+full factory reset but only creates a new AES key.
+The AES key is for example used to encrypt the password safe.
+
 This command requires the admin PIN.
 To avoid accidental calls of this command, the user has to enter the PIN even
 if it has been cached.
@@ -427,12 +431,18 @@ The program conveys basic configuration information to any extension being
 started this way. Specifically, it will set each environment variable as
 described in the Configuration subsection of the Environment section above, if
 the corresponding \fBnitrocli\fR program configuration was set. In addition, the
-following variable will be set unconditionally:
+following variables will be set:
 .TP
 .B NITROCLI_BINARY
 The absolute path to the \fBnitrocli\fR binary through which the extension was
 invoked. This path may be used to recursively invoke \fBnitrocli\fR to implement
 certain functionality.
+.TP
+.B NITROCLI_RESOLVED_USB_PATH
+The USB path of the device that \fBnitrocli\fR would connect to based on the
+\fB\-\-model\fR, \fB\-\-serial-number\fR, and \fB\-\-usb-path\fR options.
+If there is no matching Nitrokey device, or if multiple devices match the
+options, the environment variable is not set.
 
 .P
 All other variables present in the environment will be passed through to the

ext/ext/Cargo.toml

@@ -0,0 +1,15 @@
+# Cargo.toml
+
+# Copyright (C) 2021 The Nitrocli Developers
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[package]
+name = "nitrocli-ext"
+version = "0.1.0"
+authors = ["Robin Krahl <[email protected]>"]
+edition = "2018"
+
+[dependencies]
+anyhow = "1"
+directories = "3"
+nitrokey = "0.9"