diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile
new file mode 100755
index 0000000..ad14a9c
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile
@@ -0,0 +1,152 @@
+# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
+
+PROG=gridfire
+BOX_OS_FLAVOR="$$(cat /etc/hostname)"
+OVERLAY=/var/local/share/genkernel/overlay/
+PYVER=3
+ROLE=gpgkey
+
+TMPDIR=/mnt/tmp/Pentoo19/pyi
+build=${TMPDIR}/build/build-$(BOX_OS_FLAVOR)
+dist=dist/dist-$(BOX_OS_FLAVOR)
+
+BINS=\
+ gridfire \
+ gridfire.bash \
+ truecrypt-console.bash \
+ veracrypt-console.bash \
+ truecrypt.bash \
+ veracrypt.bash \
+ veracrypt-create.bash \
+ keepassxc-cli.bash \
+ pinentry_gridfire.bash \
+ pinentry3.bash \
+ pyassuan_password.bash \
+ pyassuan_keepassxc-cli.bash \
+ gridfire_ansible-vault.py \
+ gridfire_ansible-vault.bash \
+ gridfire_keepassxc-cli.bash \
+ gridfire_keepassxc.bash \
+ keyring_gridfire.bash \
+ gridfire_kpsh.bash \
+ gridfire_openssl.bash \
+ gridfire_secret-tool.bash \
+ gridfire_staticgpg.bash \
+ gridfire_tomb.bash \
+ gridfire_truecrypt.bash \
+ gridfire_veracrypt.bash \
+ gridfire_truecrypt-console.bash \
+ gridfire_veracrypt-console.bash \
+ pinentry_gridfire.py \
+ gpgkey_pinentry_test.exp
+
+refresh:: install_bins
+
+install:: $(dist)/$(PROG).pex
+ sh pykeepass.bash
+ python3.sh -c 'from keyring_keyutils import backend' || \
+ python-keyring-keyutils.bash
+ cd keepassxc_cmd2 && env PWD=${PWD}/keepassxc_cmd2 $(MAKE) $(FLAGS) $@
+# sh pyassuan.bash
+ [ -f /usr/local/bin/get-info.py -a /usr/local/bin/pinentry.py -a \
+ -e /usr/local/lib/python3.8/site-packages/pyassuan-0.2-py3.8.egg-info ] || \
+ ( cd /usr/local/src/gridfire/TremilyUsPyassuan && \
+ python3.sh setup.py install --prefix=/usr/local ) \
+ 2>&1|tee install.log
+ $(MAKE) $(MFLAGS) overlay
+
+update:: install install_bins pyi # cxFreeze pex
+
+$(PROG).spec.Linux::
+ [ -f $(PROG).spec ] || pyi-makespec ./$(PROG).py -F -c
+ [ -f $(PROG).spec.Linux ] || cp -p $(PROG).spec $(PROG).spec.Linux
+
+$(PROG).spec.Msys:: $(PROG).spec.Linux
+ grep -q $$PWD $(PROG).spec || sed -e "s@pathex=.'.*'.@pathex=['$$PWD']@" \
+ < $(PROG).spec.Linux > $(PROG).spec.Msys
+
+pyi:: $(dist)/$(PROG).pyi
+$(dist)/$(PROG).pyi::
+ [ -d $(build) ] || mkdir -p $(build)
+ [ -d $(dist) ] || mkdir -p $(dist)
+ [ -e $(dist)/$(PROG).pyi -a $(dist)/$(PROG).pyi -nt ./$(PROG).py ] || \
+ pyinstaller --distpath $(dist) --workpath $(build) \
+ --exclude tkinter --exclude matplotlib --exclude ctypes \
+ --exclude twisted --exclude jedi --exclude jaraco \
+ --exclude sphinx --exclude coverage --exclude nose \
+ --exclude PIL --exclude numpy --exclude OpenGL \
+ --exclude PySide2 --exclude PyQt5 --exclude IPython \
+ --onefile -c --ascii \
+ --name $(PROG)_pyi-$(BOX_OS_FLAVOR) $(PROG).py \
+ >> $(dist)/$(PROG).log 2>&1
+ [ ! -f $(dist)/$(PROG).log ] || ! grep ERROR: $(dist)/$(PROG).log
+
+overlay::
+ [ -x $(OVERLAY)/bin/$(PROG) -a $(OVERLAY)/bin/$(PROG) -nt $(dist)/$(PROG) ] || \
+ cp -p $(dist)/$(PROG) $(OVERLAY)/bin/$(PROG)
+ [ -x $(OVERLAY)/bin/keyctl -a $(OVERLAY)/bin/keyctl -nt /bin/keyctl ] || \
+ cp -p /bin/keyctl $(OVERLAY)/bin/keyctl
+
+dont_install::
+ [ -f ../../bin/$(PROG).sh -a ../../bin/$(PROG).sh -nt ./bin/$(PROG).sh ] || \
+ cp -p ./bin/$(PROG).sh ../../bin/$(PROG).sh
+
+install_bins:: install bins
+ $(MAKE) $(MFLAGS) -C keepassxc_cmd2 $@
+
+bins::
+ for elt in ${BINS} ; do \
+ [ -f ../../bin/$$elt -a ../../bin/$$elt -nt bin/$$elt ] || \
+ { cp -p bin/$$elt ../../bin/$$elt ; \
+ echo bin/$$elt ; \
+ chmod 775 ../../bin/$$elt ; } ; \
+ done
+ [ ! -x dist/dist-$(BOX_OS_FLAVOR)/gridfire_pyi-$(BOX_OS_FLAVOR) ] || \
+ [ -x $(dist)/$(PROG) -a -f ../../bin/$(PROG) -a ../../bin/$(PROG) -nt $(dist)/$(PROG) ] || \
+ cp -p dist/dist-$(BOX_OS_FLAVOR)/gridfire_pyi-$(BOX_OS_FLAVOR) /usr/local/bin/gridfire3.pyi
+# $(dist)/$(PROG) ../../bin/$(PROG)
+ [ ! -x dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
+ [ -x dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex -a -f ../../bin/$(PROG) -a ../../bin/$(PROG) -nt dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
+ cp -p dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex /usr/local/bin/gridfire.pex
+# $(dist)/$(PROG) ../../bin/$(PROG)
+ cp -p TremilyUsPyassuan/bin/pinentry.py ../../bin/pinentry_.py
+ [ -d /boot ] || cp -pi bin/gridfire.rc.win ../../bin/gridfire.rc
+ [ -d /boot ] && cp -ip bin/gridfire.rc.lin ../../bin/gridfire.rc
+
+pex:: # keepassxc_cmd2/keepassxc_cmd2.pex
+ $(MAKE) $(MFLAGS) -f Makefile.$@
+ $(MAKE) $(MFLAGS) -C keepassxc_cmd2 $@
+
+test:: # pex
+ $(MAKE) $(FLAGS) -C keepassxc_cmd2 $@
+ [ ! -f dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
+ { echo 0 | dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex test ; \
+ echo INFO tested dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ; }
+ sh pykeepass.bash test
+ $(MAKE) $(FLAGS) doctest
+
+DOC_TESTS=tomb3.txt # keyutils3.txt keyring3.txt pykeepass3.txt keyctl3.txt
+doctest::
+ for file in $(DOC_TESTS) ; do \
+ /var/local/bin/testforge_python_doctest3.bash \
+ doc/txt/$$file ; \
+ done
+ /var/local/share/doc/txt/pykeepass3.bash
+
+clean::
+ rm -f */*~ *~
+
+down:: clean
+ ( cd /o/data/TestForge/src/ansible ; \
+ rsync -vax --exclude \*.pyc --exclude __pycache__ --exclude \*~ \
+ --exclude _Old --exclude build --exclude dist \
+ --delete /usr/local/src/gridfire/ \
+ roles/gpgkey/o*/L*/usr/local/src/gridfire/ )
+up::
+ ( rsync -vax --exclude \*.pyc --exclude __pycache__ --exclude \*~ \
+ --exclude _Old --exclude build --exclude dist \
+ --exclude /usr/local/src/gridfire/dist \
+ --exclude /usr/local/src/gridfire/build \
+ --delete /usr/local/src/gridfire/ \
+ /q/Pg64/Msys64/usr/local/src/gridfire/ )
+
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.cxfreeze b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.cxfreeze
new file mode 100644
index 0000000..73b45ac
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.cxfreeze
@@ -0,0 +1,21 @@
+# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
+
+PROG=gridfire
+BOX_OS_FLAVOR=`cat /etc/hostname`
+
+cxFreeze:: cxFreeze-$(BOX_OS_FLAVOR)
+cxFreeze-$(BOX_OS_FLAVOR):: $(PROG).spec.Linux cxFreeze-$(BOX_OS_FLAVOR)/exe.linux-x86_64-$(PYTHON_MINOR)/$(PROG)
+
+#setup.py::
+# cxfreeze-quickstart
+
+cxFreeze-$(BOX_OS_FLAVOR)/exe.linux-x86_64-$(PYTHON_MINOR)/$(PROG):: $(PROG).py # setup.py
+ [ -d build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR) ] || \
+ mkdir -p build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR)
+# python3.bash setup.py build -b cxFreeze-$(BOX_OS_FLAVOR) 2>&1|tee cxFreeze-$(BOX_OS_FLAVOR)_build.log
+# TypeError: __init__() missing 1 required positional argument: 'constantsModule'
+# cxfreeze --compress $(PROG).py 2>&1|tee cxFreeze-$(BOX_OS_FLAVOR).log
+ python3 cxfreeze_main.py -c --zip-include-packages \* \
+ --include-path ${PWD}/pyassuan/bin/ \
+ --target-dir build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR) \
+ $(PROG).py 2>&1|tee build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR).log
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.keyring b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.keyring
new file mode 100644
index 0000000..8a6a6d0
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.keyring
@@ -0,0 +1,22 @@
+
+pyinstaller_keyring-$(BOX_OS_FLAVOR):: $(dist)_keyring/keyring
+$(dist)_keyring/keyring:: Makefile /usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py
+ [ -d $(build)_keyring ] || mkdir $(build)_keyring
+ [ -d $(dist)_keyring ] || mkdir $(dist)_keyring
+ [ -f keyring.log -a \
+ -e $(dist)_keyring/keyring -a \
+ $(dist)_keyring/keyring -nt /usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py ] || \
+ python$(PYVER).bash -m PyInstaller --clean \
+ --distpath $(dist)_keyring --workpath $(build)_keyring \
+ --onefile -c --ascii \
+ --name keyring_pyi-$(BOX_OS_FLAVOR) \
+ --additional-hooks-dir packaging/pyinstaller \
+ --hidden-import keyring.backends \
+ --hidden-import keyutils.keys \
+ --hidden-import keyutils.backend \
+ --exclude-module macOS \
+ /usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py \
+ > keyring.log 2>&1
+ ! grep ERROR: keyring.log
+ [ -e $(dist)_keyring/keyring -a -e $(dist)_keyring/keyring_pyi-$(BOX_OS_FLAVOR) ] || \
+ ln $(dist)_keyring/keyring_pyi-$(BOX_OS_FLAVOR) $(dist)_keyring/keyring
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.pex b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.pex
new file mode 100755
index 0000000..dbc0445
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/Makefile.pex
@@ -0,0 +1,55 @@
+# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
+
+PROG=gridfire
+BOX_OS_FLAVOR=`cat /etc/hostname`
+
+pex:: gridfire.py Makefile
+ $(MAKE) $(MFLAGS) -f Makefile.pex dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex
+
+# No bundling of so's - not a freezer
+dist/dist-Windows/gridfire.pex:: gridfire.py Makefile
+ [ -d dist/dist-$(BOX_OS_FLAVOR) ] ||mkdir -p dist/dist-$(BOX_OS_FLAVOR)
+ /usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
+ --no-index --ignore-errors --inherit-path=prefer \
+ -r gridfire.reqs --no-index \
+ --platform windows_x86_64-cp-37-cp37mu
+ zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-$(BOX_OS_FLAVOR)\* \
+ \*/.git/\* \*.log __pycache__/\* >/dev/null
+
+dist/dist-Kick150154/gridfire.pex:: gridfire.py Makefile
+ /usr/local/bin/python3.sh -c 'import pex' || \
+ apt-get install python3-pex || \
+ /usr/local/bin/pip3.sh install pex
+ [ -d dist/dist-Kick150154/ ]||mkdir -p dist/dist-Kick150154
+ /usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
+ -f /usr/lib/python3/dist-packages/ \
+ --no-index --ignore-errors --inherit-path=prefer \
+ --platform linux_x86_64-cp-27-cp27mu \
+ --platform linux_x86_64-cp-37-cp37mu
+ zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-Kick150154\* \
+ \*/.git/\* \*.log __pycache__/\* >/dev/null
+
+dist/dist-pentoo/gridfire.pex:: gridfire.py Makefile
+ /usr/local/bin/python3.sh -c 'import pex' || /usr/local/bin/pip3.sh install pex
+ [ -d dist/dist-pentoo/ ]||mkdir -p dist/dist-pentoo
+ PYTHONPATH=${PWD} /usr/local/bin/pex3.bash -D $(PWD) -m gridfire:iMain -o $@ \
+ --no-index --ignore-errors --inherit-path=prefer \
+ --platform linux_x86_64-cp-27-cp27mu \
+ --platform linux_x86_64-cp-38-cp38mu
+ zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-pentoo\* \
+ \*/.git/\* \*.log __pycache__/\* >/dev/null
+
+dist/dist-devuan/gridfire.pex:: gridfire.py Makefile
+ /usr/local/bin/python3.sh -c 'import pex' || apt-get install python3-pex
+ [ -d dist/dist-devuan/ ]||mkdir -p dist/dist-devuan
+ /usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
+ --no-index --ignore-errors --inherit-path=prefer \
+ --platform linux_x86_64-cp-39-cp39mu
+ zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-devuan\* \
+ \*/.git/\* \*.log __pycache__/\* >/dev/null
+
+clean::
+ rm *~
+
+veryclean:: clean
+ rm -f dist/dist-`cat /etc/hostname`/gridfire.pex
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/COPYING b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/COPYING
new file mode 100644
index 0000000..94a9ed0
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/COPYING
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ Copyright (C)
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/README b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/README
new file mode 100644
index 0000000..dbefa15
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/README
@@ -0,0 +1,91 @@
+Python module and tools for communicating in the Assuan_ protocol.
+
+There are a number of GnuPG_ wrappers for python `out there`__, but
+they mostly work via the ``gpg`` executable. This is an attempt to
+cut to the chase and speak directly to ``gpgme-tool`` (source__) over
+a well-defined socket protocol.
+
+__ wrappers_
+__ gpgme-tool_
+
+Installation
+============
+
+Packages
+--------
+
+Gentoo
+~~~~~~
+
+I've packaged ``pyassuan`` for Gentoo_. You need layman_ and
+my `wtk overlay`_. Install with::
+
+ # emerge -av app-portage/layman
+ # layman --add wtk
+ # emerge -av dev-python/pyassuan
+
+Dependencies
+------------
+
+``pyassuan`` is a simple package with no external dependencies outside
+the Python 3.3+ standard library.
+
+Installing by hand
+------------------
+
+``pyassuan`` is available as a Git_ repository::
+
+ $ git clone git://tremily.us/pyassuan.git
+
+See the homepage_ for details. To install the checkout, run the
+standard::
+
+ $ python setup.py install
+
+Usage
+=====
+
+Checkout the docstrings and the examples in ``bin``.
+
+Testing
+=======
+
+Run the internal unit tests with `Python 3.2+'s unittest discovery`__::
+
+ $ python -m unittest discover
+
+To test running servers by hand, you can use `gpg-connect-agent`_.
+Despite the name, this program can connect to any Assuan server::
+
+ $ gpg-connect-agent --raw-socket name
+
+__ unittest-discovery_
+
+Licence
+=======
+
+This project is distributed under the `GNU General Public License
+Version 3`_ or greater.
+
+Author
+======
+
+W. Trevor King
+wking@tremily.us
+
+
+.. _Assuan: http://www.gnupg.org/documentation/manuals/assuan/
+.. _GnuPG: http://www.gnupg.org/
+.. _wrappers: http://wiki.python.org/moin/GnuPrivacyGuard
+.. _gpgme-tool:
+ http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD
+.. _Gentoo: http://www.gentoo.org/
+.. _layman: http://layman.sourceforge.net/
+.. _wtk overlay: http://blog.tremily.us/posts/Gentoo_overlay/
+.. _Git: http://git-scm.com/
+.. _homepage: http://blog.tremily.us/posts/pyassuan/
+.. _gpg-connect-agent:
+ http://www.gnupg.org/documentation/manuals/gnupg-devel/gpg_002dconnect_002dagent.html
+.. _unittest-discovery:
+ https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery
+.. _GNU General Public License Version 3: http://www.gnu.org/licenses/gpl.html
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/__init__.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/__init__.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/get-info.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/get-info.py
new file mode 100755
index 0000000..6b25578
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/get-info.py
@@ -0,0 +1,67 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2012 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+"""Simple pinentry program for getting server info.
+"""
+
+from pyassuan import __version__
+from pyassuan import client as _client
+from pyassuan import common as _common
+from pyassuan import error as _error
+
+
+if __name__ == '__main__':
+ import argparse
+ import logging
+
+ parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument(
+ '-v', '--version', action='version',
+ version='%(prog)s {}'.format(__version__))
+ parser.add_argument(
+ '-V', '--verbose', action='count', default=0,
+ help='increase verbosity')
+ parser.add_argument(
+ 'filename',
+ help="path to server's unix socket")
+
+ args = parser.parse_args()
+
+ client = _client.AssuanClient(name='get-info', close_on_disconnect=True)
+
+ if args.verbose:
+ client.logger.setLevel(max(
+ logging.DEBUG, client.logger.level - 10*args.verbose))
+
+ client.connect(socket_path=args.filename)
+ try:
+ response = client.read_response()
+ assert response.type == 'OK', response
+ client.make_request(_common.Request('HELP'))
+ client.make_request(_common.Request('HELP GETINFO'))
+ for attribute in ['version', 'pid', 'socket_name', 'ssh_socket_name']:
+ try:
+ client.make_request(_common.Request('GETINFO', attribute))
+ except _error.AssuanError as e:
+ if e.message.startswith('No data'):
+ pass
+ else:
+ raise
+ finally:
+ client.make_request(_common.Request('BYE'))
+ client.disconnect()
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/pinentry.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/pinentry.py
new file mode 100755
index 0000000..014b175
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/bin/pinentry.py
@@ -0,0 +1,397 @@
+#!/usr/bin/python3.8
+#
+# Copyright (C) 2012-2017 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+"""Simple pinentry program for getting pins from a terminal.
+"""
+
+import copy as _copy
+import os as _os
+import os.path as _os_path
+import pprint as _pprint
+import re as _re
+import signal as _signal
+import sys as _sys
+import termios as _termios
+
+from pyassuan import __version__
+from pyassuan import server as _server
+from pyassuan import common as _common
+from pyassuan import error as _error
+
+
+class PinEntry (_server.AssuanServer):
+ """pinentry protocol server
+
+ See ``pinentry-0.8.0/doc/pinentry.texi`` at::
+
+ ftp://ftp.gnupg.org/gcrypt/pinentry/
+ http://www.gnupg.org/aegypten/
+
+ for details on the pinentry interface.
+
+ Alternatively, you can just watch the logs and guess ;). Here's a
+ trace when driven by GnuPG 2.0.28 (libgcrypt 1.6.3)::
+
+ S: OK Your orders please
+ C: OPTION grab
+ S: OK
+ C: OPTION ttyname=/dev/pts/6
+ S: OK
+ C: OPTION ttytype=xterm
+ S: OK
+ C: OPTION lc-ctype=en_US.UTF-8
+ S: OK
+ C: OPTION lc-messages=en_US.UTF-8
+ S: OK
+ C: OPTION allow-external-password-cache
+ S: OK
+ C: OPTION default-ok=_OK
+ S: OK
+ C: OPTION default-cancel=_Cancel
+ S: OK
+ C: OPTION default-yes=_Yes
+ S: OK
+ C: OPTION default-no=_No
+ S: OK
+ C: OPTION default-prompt=PIN:
+ S: OK
+ C: OPTION default-pwmngr=_Save in password manager
+ S: OK
+ C: OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
+ S: OK
+ C: OPTION default-tt-visi=Make passphrase visible
+ S: OK
+ C: OPTION default-tt-hide=Hide passphrase
+ S: OK
+ C: GETINFO pid
+ S: D 14309
+ S: OK
+ C: SETKEYINFO u/S9464F2C2825D2FE3
+ S: OK
+ C: SETDESC Enter passphrase%0A
+ S: OK
+ C: SETPROMPT Passphrase
+ S: OK
+ C: GETPIN
+ S: D testing!
+ S: OK
+ C: BYE
+ S: OK closing connection
+ """
+ _digit_regexp = _re.compile(r'\d+')
+
+ # from proc(5): pid comm state ppid pgrp session tty_nr tpgid
+ _tpgrp_regexp = _re.compile(r'\d+ \(\S+\) . \d+ \d+ \d+ \d+ (\d+)')
+
+ def __init__(self, name='pinentry', strict_options=False,
+ single_request=True, **kwargs):
+ self.strings = {}
+ self.connection = {}
+ super(PinEntry, self).__init__(
+ name=name, strict_options=strict_options,
+ single_request=single_request, **kwargs)
+ self.valid_options.append('ttyname')
+
+ def reset(self):
+ super(PinEntry, self).reset()
+ self.strings.clear()
+ self.connection.clear()
+
+ # user interface
+
+ def _connect(self):
+ self.logger.info('connecting to user')
+ self.logger.debug('options:\n{}'.format(_pprint.pformat(self.options)))
+ tty_name = self.options.get('ttyname', None)
+ if tty_name:
+ self.connection['tpgrp'] = self._get_pgrp(tty_name)
+ self.logger.info(
+ 'open to-user output stream for {}'.format(tty_name))
+ self.connection['to_user'] = open(tty_name, 'w')
+ self.logger.info(
+ 'open from-user input stream for {}'.format(tty_name))
+ self.connection['from_user'] = open(tty_name, 'r')
+ self.logger.info('get current termios line discipline')
+ self.connection['original termios'] = _termios.tcgetattr(
+ self.connection['to_user']) # [iflag, oflag, cflag, lflag, ...]
+ new_termios = _copy.deepcopy(self.connection['original termios'])
+ # translate carriage return to newline on input
+ new_termios[0] |= _termios.ICRNL
+ # do not ignore carriage return on input
+ new_termios[0] &= ~_termios.IGNCR
+ # do not echo input characters
+ new_termios[3] &= ~_termios.ECHO
+ # echo input characters
+ #new_termios[3] |= _termios.ECHO
+ # echo the NL character even if ECHO is not set
+ new_termios[3] |= _termios.ECHONL
+ # enable canonical mode
+ new_termios[3] |= _termios.ICANON
+ self.logger.info('adjust termios line discipline')
+ _termios.tcsetattr(
+ self.connection['to_user'], _termios.TCSANOW, new_termios)
+ self.logger.info('send SIGSTOP to pgrp {}'.format(
+ self.connection['tpgrp']))
+ #_os.killpg(self.connection['tpgrp'], _signal.SIGSTOP)
+ _os.kill(-self.connection['tpgrp'], _signal.SIGSTOP)
+ self.connection['tpgrp stopped'] = True
+ else:
+ self.logger.info('no TTY name given; use stdin/stdout for I/O')
+ self.connection['to_user'] = _sys.stdout
+ self.connection['from_user'] = _sys.stdin
+ self.logger.info('connected to user')
+ self.connection['to_user'].write('\n') # give a clean line to work on
+ self.connection['active'] = True
+
+ def _disconnect(self):
+ self.logger.info('disconnecting from user')
+ try:
+ if self.connection.get('original termios', None):
+ self.logger.info('restore original termios line discipline')
+ _termios.tcsetattr(
+ self.connection['to_user'], _termios.TCSANOW,
+ self.connection['original termios'])
+ if self.connection.get('tpgrp stopped', None) is True:
+ self.logger.info(
+ 'send SIGCONT to pgrp {}'.format(self.connection['tpgrp']))
+ #_os.killpg(self.connection['tpgrp'], _signal.SIGCONT)
+ _os.kill(-self.connection['tpgrp'], _signal.SIGCONT)
+ if self.connection.get('to_user', None) not in [None, _sys.stdout]:
+ self.logger.info('close to-user output stream')
+ self.connection['to_user'].close()
+ if self.connection.get('from_user',None) not in [None,_sys.stdout]:
+ self.logger.info('close from-user input stream')
+ self.connection['from_user'].close()
+ finally:
+ self.connection = {'active': False}
+ self.logger.info('disconnected from user')
+
+ def _get_pgrp(self, tty_name):
+ self.logger.info('find process group contolling {}'.format(tty_name))
+ proc = '/proc'
+ for name in _os.listdir(proc):
+ path = _os_path.join(proc, name)
+ if not (self._digit_regexp.match(name) and _os_path.isdir(path)):
+ continue # not a process directory
+ self.logger.debug('checking process {}'.format(name))
+ fd_path = _os_path.join(path, 'fd', '0')
+ try:
+ link = _os.readlink(fd_path)
+ except OSError as e:
+ self.logger.debug('not our process: {}'.format(e))
+ continue # permission denied (not one of our processes)
+ if link != tty_name:
+ self.logger.debug('wrong tty: {}'.format(link))
+ continue # not attached to our target tty
+ stat_path = _os_path.join(path, 'stat')
+ stat = open(stat_path, 'r').read()
+ self.logger.debug('check stat for pgrp: {}'.format(stat))
+ match = self._tpgrp_regexp.match(stat)
+ assert match != None, stat
+ pgrp = int(match.group(1))
+ self.logger.info('found pgrp {} for {}'.format(pgrp, tty_name))
+ return pgrp
+ raise ValueError(tty_name)
+
+ def _write(self, string):
+ "Write text to the user's terminal."
+ self.connection['to_user'].write(string + '\n')
+ self.connection['to_user'].flush()
+
+ def _read(self):
+ "Read and return a line from the user's terminal."
+ # drop trailing newline
+ return self.connection['from_user'].readline()[:-1]
+
+ def _prompt(self, prompt='?', error=None, add_colon=True):
+ if add_colon:
+ prompt += ':'
+ if error:
+ self.connection['to_user'].write(error)
+ self.connection['to_user'].write('\n')
+ self.connection['to_user'].write(prompt)
+ self.connection['to_user'].write(' ')
+ self.connection['to_user'].flush()
+ return self._read()
+
+ # assuan handlers
+
+ def _handle_GETINFO(self, arg):
+ if arg == 'pid':
+ yield _common.Response('D', str(_os.getpid()).encode('ascii'))
+ elif arg == 'version':
+ yield _common.Response('D', __version__.encode('ascii'))
+ else:
+ raise _error.AssuanError(message='Invalid parameter')
+ yield _common.Response('OK')
+
+ def _handle_SETKEYINFO(self, arg):
+ self.strings['key info'] = arg
+ yield _common.Response('OK')
+
+ def _handle_CLEARPASSPHRASE(self, arg):
+ yield _common.Response('OK')
+
+ def _handle_SETDESC(self, arg):
+ self.strings['description'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETPROMPT(self, arg):
+ self.strings['prompt'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETERROR(self, arg):
+ self.strings['error'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETTITLE(self, arg):
+ self.strings['title'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETOK(self, arg):
+ self.strings['ok'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETCANCEL(self, arg):
+ self.strings['cancel'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETNOTOK(self, arg):
+ self.strings['not ok'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETQUALITYBAR(self, arg):
+ """Adds a quality indicator to the GETPIN window.
+
+ This indicator is updated as the passphrase is typed. The
+ clients needs to implement an inquiry named "QUALITY" which
+ gets passed the current passphrase (percent-plus escaped) and
+ should send back a string with a single numerical vauelue
+ between -100 and 100. Negative values will be displayed in
+ red.
+
+ If a custom label for the quality bar is required, just add
+ that label as an argument as percent escaped string. You will
+ need this feature to translate the label because pinentry has
+ no internal gettext except for stock strings from the toolkit
+ library.
+
+ If you want to show a tooltip for the quality bar, you may use
+
+ C: SETQUALITYBAR_TT string
+ S: OK
+
+ With STRING being a percent escaped string shown as the tooltip.
+
+ Here is a real world example of these commands in use:
+
+ C: SETQUALITYBAR Quality%3a
+ S: OK
+ C: SETQUALITYBAR_TT The quality of the text entered above.%0aPlease ask your administrator for details about the criteria.
+ S: OK
+ """
+ self.strings['qualitybar'] = arg
+ yield _common.Response('OK')
+
+ def _handle_SETQUALITYBAR_TT(self, arg):
+ self.strings['qualitybar_tooltip'] = arg
+ yield _common.Response('OK')
+
+ def _handle_GETPIN(self, arg):
+ try:
+ self._connect()
+ if 'description' in self.strings and self.strings['description'].strip():
+ self._write(self.strings['description'])
+ if 'key info' in self.strings:
+ self._write('key: {}'.format(self.strings['key info']))
+ if 'qualitybar' in self.strings:
+ self._write(self.strings['qualitybar'])
+ pin = self._prompt(
+ prompt=self.strings.get('prompt','prompt:'),
+ error=self.strings.get('error'),
+ add_colon=False)
+ finally:
+ self._disconnect()
+ yield _common.Response('D', pin.encode('ascii'))
+ yield _common.Response('OK')
+
+ def _handle_CONFIRM(self, arg):
+ try:
+ self._connect()
+ self._write(self.strings['description'])
+ self._write('1) '+self.strings['ok'])
+ self._write('2) '+self.strings['not ok'])
+ value = self._prompt('?')
+ finally:
+ self._disconnect()
+ if value == '1':
+ yield _common.Response('OK')
+ else:
+ raise _error.AssuanError(message='Not confirmed')
+
+ def _handle_MESSAGE(self, arg):
+ self._write(self.strings['description'])
+ yield _common.Response('OK')
+
+ def _handle_CONFIRM(self, args):
+ assert args == '--one-button', args
+ try:
+ self._connect()
+ self._write(self.strings['description'])
+ self._write('1) '+self.strings['ok'])
+ value = self._prompt('?')
+ finally:
+ self._disconnect()
+ assert value == '1', value
+ yield _common.Response('OK')
+
+
+if __name__ == '__main__':
+ import argparse
+ import logging
+ import traceback
+
+ parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument(
+ '-v', '--version', action='version',
+ version='%(prog)s {}'.format(__version__))
+ parser.add_argument(
+ '-V', '--verbose', action='count', default=0,
+ help='increase verbosity')
+ parser.add_argument(
+ '--display',
+ help='set X display (ignored by this implementation)')
+
+ args = parser.parse_args()
+
+ p = PinEntry()
+
+ if args.verbose:
+ p.logger.setLevel(max(
+ logging.DEBUG, p.logger.level - 10*args.verbose))
+
+ try:
+ p.run()
+ except ValueError:
+ # readline of closed file
+ pass
+ except:
+ p.logger.error(
+ 'exiting due to exception:\n{}'.format(
+ traceback.format_exc().rstrip()))
+ raise
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/__init__.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/__init__.py
new file mode 100644
index 0000000..4c075c8
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/__init__.py
@@ -0,0 +1,34 @@
+# Copyright (C) 2012 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+"""A Python implementation of the `Assuan protocol`_.
+
+.. _Assuan protocol: http://www.gnupg.org/documentation/manuals/assuan/
+"""
+
+import logging as _logging
+import logging.handlers as _logging_handlers
+
+
+__version__ = '0.2'
+
+LOG = _logging.getLogger('pyassuan')
+LOG.setLevel(_logging.ERROR)
+LOG.addHandler(_logging.StreamHandler())
+#LOG.addHandler(_logging.FileHandler('/tmp/pinentry.log'))
+#LOG.addHandler(_logging_handlers.SysLogHandler(address='/dev/log'))
+LOG.handlers[0].setFormatter(
+ _logging.Formatter('%(name)s: %(levelname)s: %(message)s'))
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/client.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/client.py
new file mode 100644
index 0000000..fc4bc5e
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/client.py
@@ -0,0 +1,190 @@
+# Copyright (C) 2012 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+import logging as _logging
+import socket as _socket
+import sys as _sys
+
+from . import LOG as _LOG
+from . import common as _common
+from . import error as _error
+
+
+class AssuanClient (object):
+ """A single-threaded Assuan client based on the `development suggestions`_
+
+ .. _development suggestions:
+ http://www.gnupg.org/documentation/manuals/assuan/Client-code.html
+ """
+ def __init__(self, name, logger=_LOG, use_sublogger=True,
+ close_on_disconnect=False):
+ self.name = name
+ if use_sublogger:
+ logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
+ self.logger = logger
+ self.close_on_disconnect = close_on_disconnect
+ self.input = self.output = self.socket = None
+
+ def connect(self, socket_path=None):
+ if socket_path:
+ self.logger.info(
+ 'connect to Unix socket at {}'.format(socket_path))
+ self.socket = _socket.socket(_socket.AF_UNIX, _socket.SOCK_STREAM)
+ self.socket.connect(socket_path)
+ self.input = self.socket.makefile('rb')
+ self.output = self.socket.makefile('wb')
+ else:
+ if not self.input:
+ self.logger.info('read from stdin')
+ self.input = _sys.stdin.buffer
+ if not self.output:
+ self.logger.info('write to stdout')
+ self.output = _sys.stdout.buffer
+
+ def disconnect(self):
+ if self.close_on_disconnect:
+ self.logger.info('disconnecting')
+ if self.input is not None:
+ self.input.close()
+ self.input = None
+ if self.output is not None:
+ self.output.close()
+ self.output = None
+ if self.socket is not None:
+ self.socket.shutdown(_socket.SHUT_RDWR)
+ self.socket.close()
+ self.socket = None
+
+ def raise_error(self, error):
+ self.logger.error(str(error))
+ raise(error)
+
+ def read_response(self):
+ line = self.input.readline()
+ if not line:
+ self.raise_error(
+ _error.AssuanError(message='IPC accept call failed'))
+ if len(line) > _common.LINE_LENGTH:
+ self.raise_error(
+ _error.AssuanError(message='Line too long'))
+ if not line.endswith(b'\n'):
+ self.logger.info('S: {}'.format(line))
+ self.raise_error(
+ _error.AssuanError(message='Invalid response'))
+ line = line[:-1] # remove trailing newline
+ response = _common.Response()
+ try:
+ response.from_bytes(line)
+ except _error.AssuanError as e:
+ self.logger.error(str(e))
+ raise
+ self.logger.info('S: {}'.format(response))
+ return response
+
+ def _write_request(self, request):
+ self.logger.info('C: {}'.format(request))
+ self.output.write(bytes(request))
+ self.output.write(b'\n')
+ try:
+ self.output.flush()
+ except IOError:
+ raise
+
+ def make_request(self, request, response=True, expect=['OK']):
+ self._write_request(request=request)
+ if response:
+ return self.get_responses(requests=[request], expect=expect)
+
+ def get_responses(self, requests=None, expect=['OK']):
+ responses = list(self.responses())
+ if responses[-1].type == 'ERR':
+ eresponse = responses[-1]
+ fields = eresponse.parameters.split(' ', 1)
+ code = int(fields[0])
+ if len(fields) > 1:
+ message = fields[1].strip()
+ else:
+ message = None
+ error = _error.AssuanError(code=code, message=message)
+ if requests is not None:
+ error.requests = requests
+ error.responses = responses
+ raise error
+ if expect:
+ assert responses[-1].type in expect, [str(r) for r in responses]
+ data = []
+ for response in responses:
+ if response.type == 'D':
+ data.append(response.parameters)
+ if data:
+ data = b''.join(data)
+ else:
+ data = None
+ return (responses, data)
+
+ def responses(self):
+ while True:
+ response = self.read_response()
+ yield response
+ if response.type not in ['S', '#', 'D']:
+ break
+
+ def send_data(self, data=None, response=True, expect=['OK']):
+ """Iterate through requests necessary to send ``data`` to a server.
+
+ http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
+ """
+ requests = []
+ if data:
+ encoded_data = _common.encode(data)
+ start = 0
+ stop = min(_common.LINE_LENGTH-4, len(encoded_data)) # 'D ', CR, CL
+ self.logger.debug('sending {} bytes of encoded data'.format(
+ len(encoded_data)))
+ while stop > start:
+ d = encoded_data[start:stop]
+ request = _common.Request(
+ command='D', parameters=encoded_data[start:stop],
+ encoded=True)
+ requests.append(request)
+ self.logger.debug('send {} byte chunk'.format(stop-start))
+ self._write_request(request=request)
+ start = stop
+ stop = start + min(_common.LINE_LENGTH-4,
+ len(encoded_data) - start)
+ request = _common.Request('END')
+ requests.append(request)
+ self._write_request(request=request)
+ if response:
+ return self.get_responses(requests=requests, expect=expect)
+
+ def send_fds(self, fds):
+ """Send a file descriptor over a Unix socket.
+ """
+ msg = '# descriptors in flight: {}\n'.format(fds)
+ self.logger.info('C: {}'.format(msg.rstrip('\n')))
+ msg = msg.encode('ascii')
+ return _common.send_fds(
+ socket=self.socket, msg=msg, fds=fds, logger=None)
+
+ def receive_fds(self, msglen=200, maxfds=10):
+ """Receive file descriptors over a Unix socket.
+ """
+ msg,fds = _common.receive_fds(
+ socket=self.socket, msglen=msglen, maxfds=maxfds, logger=None)
+ msg = str(msg, 'utf-8')
+ self.logger.info('S: {}'.format(msg.rstrip('\n')))
+ return fds
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/common.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/common.py
new file mode 100644
index 0000000..12d21c3
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/common.py
@@ -0,0 +1,314 @@
+# Copyright (C) 2012 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+"""Items common to both the client and server
+"""
+
+import array as _array
+import re as _re
+import socket as _socket
+
+from . import LOG as _LOG
+from . import error as _error
+
+
+LINE_LENGTH = 1002 # 1000 + [CR,]LF
+_ENCODE_PATTERN = '(' + '|'.join(['%', '\r', '\n']) + ')'
+_ENCODE_STR_REGEXP = _re.compile(_ENCODE_PATTERN)
+_ENCODE_BYTE_REGEXP = _re.compile(_ENCODE_PATTERN.encode('ascii'))
+_DECODE_STR_REGEXP = _re.compile('(%[0-9A-Fa-f]{2})')
+_DECODE_BYTE_REGEXP = _re.compile(b'(%[0-9A-Fa-f]{2})')
+_REQUEST_REGEXP = _re.compile('^(\w+)( *)(.*)\Z')
+
+
+def encode(data):
+ r"""
+
+ >>> encode('It grew by 5%!\n')
+ 'It grew by 5%25!%0A'
+ >>> encode(b'It grew by 5%!\n')
+ b'It grew by 5%25!%0A'
+ """
+ if isinstance(data, bytes):
+ regexp = _ENCODE_BYTE_REGEXP
+ else:
+ regexp = _ENCODE_STR_REGEXP
+ return regexp.sub(
+ lambda x : to_hex(x.group()), data)
+
+def decode(data):
+ r"""
+
+ >>> decode('%22Look out!%22%0AWhere%3F')
+ '"Look out!"\nWhere?'
+ >>> decode(b'%22Look out!%22%0AWhere%3F')
+ b'"Look out!"\nWhere?'
+ """
+ if isinstance(data, bytes):
+ regexp = _DECODE_BYTE_REGEXP
+ else:
+ regexp = _DECODE_STR_REGEXP
+ return regexp.sub(
+ lambda x : from_hex(x.group()), data)
+
+def from_hex(code):
+ r"""
+
+ >>> from_hex('%22')
+ '"'
+ >>> from_hex('%0A')
+ '\n'
+ >>> from_hex(b'%0A')
+ b'\n'
+ """
+ c = chr(int(code[1:], 16))
+ if isinstance(code, bytes):
+ c =c.encode('ascii')
+ return c
+
+def to_hex(char):
+ r"""
+
+ >>> to_hex('"')
+ '%22'
+ >>> to_hex('\n')
+ '%0A'
+ >>> to_hex(b'\n')
+ b'%0A'
+ """
+ hx = '%{:02X}'.format(ord(char))
+ if isinstance(char, bytes):
+ hx = hx.encode('ascii')
+ return hx
+
+
+class Request (object):
+ """A client request
+
+ http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
+
+ >>> r = Request(command='BYE')
+ >>> str(r)
+ 'BYE'
+ >>> r = Request(command='OPTION', parameters='testing at 5%')
+ >>> str(r)
+ 'OPTION testing at 5%25'
+ >>> bytes(r)
+ b'OPTION testing at 5%25'
+ >>> r.from_bytes(b'BYE')
+ >>> r.command
+ 'BYE'
+ >>> print(r.parameters)
+ None
+ >>> r.from_bytes(b'OPTION testing at 5%25')
+ >>> r.command
+ 'OPTION'
+ >>> print(r.parameters)
+ testing at 5%
+ >>> r.from_bytes(b' invalid')
+ Traceback (most recent call last):
+ ...
+ pyassuan.error.AssuanError: 170 Invalid request
+ >>> r.from_bytes(b'in-valid')
+ Traceback (most recent call last):
+ ...
+ pyassuan.error.AssuanError: 170 Invalid request
+ """
+ def __init__(self, command=None, parameters=None, encoded=False):
+ self.command = command
+ self.parameters = parameters
+ self.encoded = encoded
+
+ def __str__(self):
+ if self.parameters:
+ if self.encoded:
+ encoded_parameters = self.parameters
+ else:
+ encoded_parameters = encode(self.parameters)
+ return '{} {}'.format(self.command, encoded_parameters)
+ return self.command
+
+ def __bytes__(self):
+ if self.parameters:
+ if self.encoded:
+ encoded_parameters = self.parameters
+ else:
+ encoded_parameters = encode(self.parameters)
+ return '{} {}'.format(
+ self.command, encoded_parameters).encode('utf-8')
+ return self.command.encode('utf-8')
+
+ def from_bytes(self, line):
+ if len(line) > 1000: # TODO: byte-vs-str and newlines?
+ raise _error.AssuanError(message='Line too long')
+ line = str(line, encoding='utf-8')
+ match = _REQUEST_REGEXP.match(line)
+ if not match:
+ raise _error.AssuanError(message='Invalid request')
+ self.command = match.group(1)
+ if match.group(3):
+ if match.group(2):
+ self.parameters = decode(match.group(3))
+ else:
+ raise _error.AssuanError(message='Invalid request')
+ else:
+ self.parameters = None
+
+
+class Response (object):
+ """A server response
+
+ http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
+
+ >>> r = Response(type='OK')
+ >>> str(r)
+ 'OK'
+ >>> r = Response(type='ERR', parameters='1 General error')
+ >>> str(r)
+ 'ERR 1 General error'
+ >>> bytes(r)
+ b'ERR 1 General error'
+ >>> r.from_bytes(b'OK')
+ >>> r.type
+ 'OK'
+ >>> print(r.parameters)
+ None
+ >>> r.from_bytes(b'ERR 1 General error')
+ >>> r.type
+ 'ERR'
+ >>> print(r.parameters)
+ 1 General error
+ >>> r.from_bytes(b' invalid')
+ Traceback (most recent call last):
+ ...
+ pyassuan.error.AssuanError: 76 Invalid response
+ >>> r.from_bytes(b'in-valid')
+ Traceback (most recent call last):
+ ...
+ pyassuan.error.AssuanError: 76 Invalid response
+ """
+ types = {
+ 'O': 'OK',
+ 'E': 'ERR',
+ 'S': 'S',
+ '#': '#',
+ 'D': 'D',
+ 'I': 'INQUIRE',
+ }
+
+ def __init__(self, type=None, parameters=None):
+ self.type = type
+ self.parameters = parameters
+
+ def __str__(self):
+ if self.parameters:
+ return '{} {}'.format(self.type, encode(self.parameters))
+ return self.type
+
+ def __bytes__(self):
+ if self.parameters:
+ if self.type == 'D':
+ return b' '.join((b'D', self.parameters))
+ else:
+ return '{} {}'.format(
+ self.type, encode(self.parameters)).encode('utf-8')
+ return self.type.encode('utf-8')
+
+ def from_bytes(self, line):
+ if len(line) > 1000: # TODO: byte-vs-str and newlines?
+ raise _error.AssuanError(message='Line too long')
+ if line.startswith(b'D'):
+ self.command = t = 'D'
+ else:
+ line = str(line, encoding='utf-8')
+ t = line[0]
+ try:
+ type = self.types[t]
+ except KeyError:
+ raise _error.AssuanError(message='Invalid response')
+ self.type = type
+ if type == 'D': # data
+ self.parameters = decode(line[2:])
+ elif type == '#': # comment
+ self.parameters = decode(line[2:])
+ else:
+ match = _REQUEST_REGEXP.match(line)
+ if not match:
+ raise _error.AssuanError(message='Invalid request')
+ if match.group(3):
+ if match.group(2):
+ self.parameters = decode(match.group(3))
+ else:
+ raise _error.AssuanError(message='Invalid request')
+ else:
+ self.parameters = None
+
+
+def error_response(error):
+ """
+
+ >>> from pyassuan.error import AssuanError
+ >>> error = AssuanError(1)
+ >>> response = error_response(error)
+ >>> print(response)
+ ERR 1 General error
+ """
+ return Response(type='ERR', parameters=str(error))
+
+
+def send_fds(socket, msg=None, fds=None, logger=_LOG):
+ """Send a file descriptor over a Unix socket using ``sendmsg``.
+
+ ``sendmsg`` suport requires Python >= 3.3.
+
+ Code from
+ http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg
+
+ Assuan equivalent is
+ http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#function-assuan_005fsendfd
+ """
+ if msg is None:
+ msg = b''.join(
+ [b'# descriptors in flight: ', str(fds).encode('ascii'), b'\n'])
+ if logger is not None:
+ logger.debug('sending file descriptors {} down {}'.format(fds, socket))
+ return socket.sendmsg(
+ [msg],
+ [(_socket.SOL_SOCKET, _socket.SCM_RIGHTS, _array.array('i', fds))])
+
+def receive_fds(socket, msglen=200, maxfds=10, logger=_LOG):
+ """Recieve file descriptors using ``recvmsg``.
+
+ ``recvmsg`` suport requires Python >= 3.3.
+
+ Code from http://docs.python.org/dev/library/socket.html
+
+ Assuan equivalent is
+ http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#fun_002dassuan_005freceivedfd
+ """
+ fds = _array.array('i') # Array of ints
+ msg,ancdata,flags,addr = socket.recvmsg(
+ msglen, _socket.CMSG_LEN(maxfds * fds.itemsize))
+ for cmsg_level,cmsg_type,cmsg_data in ancdata:
+ if (cmsg_level == _socket.SOL_SOCKET and
+ cmsg_type == _socket.SCM_RIGHTS):
+ # Append data, ignoring any truncated integers at the end.
+ fds.fromstring(
+ cmsg_data[:len(cmsg_data) - (len(cmsg_data) % fds.itemsize)])
+ if logger is not None:
+ logger.debug('receiving file descriptors {} from {} ({})'.format(
+ fds, socket, msg))
+ return (msg, list(fds))
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/error.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/error.py
new file mode 100644
index 0000000..9865601
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/error.py
@@ -0,0 +1,302 @@
+# Copyright (C) 2012 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+"""Assuan errors as defined in `libgpg-error`_.
+
+The Assuan_ docs_ suggest these error codes.
+
+.. _libgpg-error: http://www.gnupg.org/related_software/libgpg-error/
+.. _Assuan:
+ http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
+.. _docs: http://www.gnupg.org/documentation/manuals/assuan/Error-codes.html
+"""
+
+MESSAGE = { # extracted from libgpg-error-1.10/src/err-codes.h and gpg-error.h
+ 0: 'Success',
+ 1: 'General error',
+ 2: 'Unknown packet',
+ 3: 'Unknown version in packet',
+ 4: 'Invalid public key algorithm',
+ 5: 'Invalid digest algorithm',
+ 6: 'Bad public key',
+ 7: 'Bad secret key',
+ 8: 'Bad signature',
+ 9: 'No public key',
+ 10: 'Checksum error',
+ 11: 'Bad passphrase',
+ 12: 'Invalid cipher algorithm',
+ 13: 'Keyring open',
+ 14: 'Invalid packet',
+ 15: 'Invalid armor',
+ 16: 'No user ID',
+ 17: 'No secret key',
+ 18: 'Wrong secret key used',
+ 19: 'Bad session key',
+ 20: 'Unknown compression algorithm',
+ 21: 'Number is not prime',
+ 22: 'Invalid encoding method',
+ 23: 'Invalid encryption scheme',
+ 24: 'Invalid signature scheme',
+ 25: 'Invalid attribute',
+ 26: 'No value',
+ 27: 'Not found',
+ 28: 'Value not found',
+ 29: 'Syntax error',
+ 30: 'Bad MPI value',
+ 31: 'Invalid passphrase',
+ 32: 'Invalid signature class',
+ 33: 'Resources exhausted',
+ 34: 'Invalid keyring',
+ 35: 'Trust DB error',
+ 36: 'Bad certificate',
+ 37: 'Invalid user ID',
+ 38: 'Unexpected error',
+ 39: 'Time conflict',
+ 40: 'Keyserver error',
+ 41: 'Wrong public key algorithm',
+ 42: 'Tribute to D. A.',
+ 43: 'Weak encryption key',
+ 44: 'Invalid key length',
+ 45: 'Invalid argument',
+ 46: 'Syntax error in URI',
+ 47: 'Invalid URI',
+ 48: 'Network error',
+ 49: 'Unknown host',
+ 50: 'Selftest failed',
+ 51: 'Data not encrypted',
+ 52: 'Data not processed',
+ 53: 'Unusable public key',
+ 54: 'Unusable secret key',
+ 55: 'Invalid value',
+ 56: 'Bad certificate chain',
+ 57: 'Missing certificate',
+ 58: 'No data',
+ 59: 'Bug',
+ 60: 'Not supported',
+ 61: 'Invalid operation code',
+ 62: 'Timeout',
+ 63: 'Internal error',
+ 64: 'EOF (gcrypt)',
+ 65: 'Invalid object',
+ 66: 'Provided object is too short',
+ 67: 'Provided object is too large',
+ 68: 'Missing item in object',
+ 69: 'Not implemented',
+ 70: 'Conflicting use',
+ 71: 'Invalid cipher mode',
+ 72: 'Invalid flag',
+ 73: 'Invalid handle',
+ 74: 'Result truncated',
+ 75: 'Incomplete line',
+ 76: 'Invalid response',
+ 77: 'No agent running',
+ 78: 'agent error',
+ 79: 'Invalid data',
+ 80: 'Unspecific Assuan server fault',
+ 81: 'General Assuan error',
+ 82: 'Invalid session key',
+ 83: 'Invalid S-expression',
+ 84: 'Unsupported algorithm',
+ 85: 'No pinentry',
+ 86: 'pinentry error',
+ 87: 'Bad PIN',
+ 88: 'Invalid name',
+ 89: 'Bad data',
+ 90: 'Invalid parameter',
+ 91: 'Wrong card',
+ 92: 'No dirmngr',
+ 93: 'dirmngr error',
+ 94: 'Certificate revoked',
+ 95: 'No CRL known',
+ 96: 'CRL too old',
+ 97: 'Line too long',
+ 98: 'Not trusted',
+ 99: 'Operation cancelled',
+ 100: 'Bad CA certificate',
+ 101: 'Certificate expired',
+ 102: 'Certificate too young',
+ 103: 'Unsupported certificate',
+ 104: 'Unknown S-expression',
+ 105: 'Unsupported protection',
+ 106: 'Corrupted protection',
+ 107: 'Ambiguous name',
+ 108: 'Card error',
+ 109: 'Card reset required',
+ 110: 'Card removed',
+ 111: 'Invalid card',
+ 112: 'Card not present',
+ 113: 'No PKCS15 application',
+ 114: 'Not confirmed',
+ 115: 'Configuration error',
+ 116: 'No policy match',
+ 117: 'Invalid index',
+ 118: 'Invalid ID',
+ 119: 'No SmartCard daemon',
+ 120: 'SmartCard daemon error',
+ 121: 'Unsupported protocol',
+ 122: 'Bad PIN method',
+ 123: 'Card not initialized',
+ 124: 'Unsupported operation',
+ 125: 'Wrong key usage',
+ 126: 'Nothing found',
+ 127: 'Wrong blob type',
+ 128: 'Missing value',
+ 129: 'Hardware problem',
+ 130: 'PIN blocked',
+ 131: 'Conditions of use not satisfied',
+ 132: 'PINs are not synced',
+ 133: 'Invalid CRL',
+ 134: 'BER error',
+ 135: 'Invalid BER',
+ 136: 'Element not found',
+ 137: 'Identifier not found',
+ 138: 'Invalid tag',
+ 139: 'Invalid length',
+ 140: 'Invalid key info',
+ 141: 'Unexpected tag',
+ 142: 'Not DER encoded',
+ 143: 'No CMS object',
+ 144: 'Invalid CMS object',
+ 145: 'Unknown CMS object',
+ 146: 'Unsupported CMS object',
+ 147: 'Unsupported encoding',
+ 148: 'Unsupported CMS version',
+ 149: 'Unknown algorithm',
+ 150: 'Invalid crypto engine',
+ 151: 'Public key not trusted',
+ 152: 'Decryption failed',
+ 153: 'Key expired',
+ 154: 'Signature expired',
+ 155: 'Encoding problem',
+ 156: 'Invalid state',
+ 157: 'Duplicated value',
+ 158: 'Missing action',
+ 159: 'ASN.1 module not found',
+ 160: 'Invalid OID string',
+ 161: 'Invalid time',
+ 162: 'Invalid CRL object',
+ 163: 'Unsupported CRL version',
+ 164: 'Invalid certificate object',
+ 165: 'Unknown name',
+ 166: 'A locale function failed',
+ 167: 'Not locked',
+ 168: 'Protocol violation',
+ 169: 'Invalid MAC',
+ 170: 'Invalid request',
+ 171: 'Unknown extension',
+ 172: 'Unknown critical extension',
+ 173: 'Locked',
+ 174: 'Unknown option',
+ 175: 'Unknown command',
+ 176: 'Not operational',
+ 177: 'No passphrase given',
+ 178: 'No PIN given',
+ 179: 'Not enabled',
+ 180: 'No crypto engine',
+ 181: 'Missing key',
+ 182: 'Too many objects',
+ 183: 'Limit reached',
+ 184: 'Not initialized',
+ 185: 'Missing issuer certificate',
+ 198: 'Operation fully cancelled',
+ 199: 'Operation not yet finished',
+ 200: 'Buffer too short',
+ 201: 'Invalid length specifier in S-expression',
+ 202: 'String too long in S-expression',
+ 203: 'Unmatched parentheses in S-expression',
+ 204: 'S-expression not canonical',
+ 205: 'Bad character in S-expression',
+ 206: 'Bad quotation in S-expression',
+ 207: 'Zero prefix in S-expression',
+ 208: 'Nested display hints in S-expression',
+ 209: 'Unmatched display hints',
+ 210: 'Unexpected reserved punctuation in S-expression',
+ 211: 'Bad hexadecimal character in S-expression',
+ 212: 'Odd hexadecimal numbers in S-expression',
+ 213: 'Bad octal character in S-expression',
+ 257: 'General IPC error',
+ 258: 'IPC accept call failed',
+ 259: 'IPC connect call failed',
+ 260: 'Invalid IPC response',
+ 261: 'Invalid value passed to IPC',
+ 262: 'Incomplete line passed to IPC',
+ 263: 'Line passed to IPC too long',
+ 264: 'Nested IPC commands',
+ 265: 'No data callback in IPC',
+ 266: 'No inquire callback in IPC',
+ 267: 'Not an IPC server',
+ 268: 'Not an IPC client',
+ 269: 'Problem starting IPC server',
+ 270: 'IPC read error',
+ 271: 'IPC write error',
+ 273: 'Too much data for IPC layer',
+ 274: 'Unexpected IPC command',
+ 275: 'Unknown IPC command',
+ 276: 'IPC syntax error',
+ 277: 'IPC call has been cancelled',
+ 278: 'No input source for IPC',
+ 279: 'No output source for IPC',
+ 280: 'IPC parameter error',
+ 281: 'Unknown IPC inquire',
+ 1024: 'User defined error code 1',
+ 1025: 'User defined error code 2',
+ 1026: 'User defined error code 3',
+ 1027: 'User defined error code 4',
+ 1028: 'User defined error code 5',
+ 1029: 'User defined error code 6',
+ 1030: 'User defined error code 7',
+ 1031: 'User defined error code 8',
+ 1032: 'User defined error code 9',
+ 1033: 'User defined error code 10',
+ 1034: 'User defined error code 11',
+ 1035: 'User defined error code 12',
+ 1036: 'User defined error code 13',
+ 1037: 'User defined error code 14',
+ 1038: 'User defined error code 15',
+ 1039: 'User defined error code 16',
+ 16381: 'System error w/o errno',
+ 16382: 'Unknown system error',
+ 16383: 'End of file',
+ }
+UNKNOWN = 'Unknown error code'
+
+CODE = dict((message,code) for code,message in MESSAGE.items())
+
+# TODO: system errors (GPG_ERR_E2BIG = GPG_ERR_SYSTEM_ERROR | 0, etc.)
+
+class AssuanError (Exception):
+ r"""
+
+ >>> e = AssuanError(1)
+ >>> print(e)
+ 1 General error
+ >>> e = AssuanError(1024, 'testing!')
+ >>> print(e)
+ 1024 testing!
+ >>> e = AssuanError(message='Unknown packet')
+ >>> print(e)
+ 2 Unknown packet
+ """
+ def __init__(self, code=None, message=None):
+ if code is None and message is None:
+ raise ValueError('missing both `code` and `message`')
+ if message is None:
+ message = MESSAGE[code]
+ if code is None:
+ code = CODE.get(message, UNKNOWN)
+ self.code = code
+ self.message = message
+ super(AssuanError, self).__init__('{} {}'.format(code, message))
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/server.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/server.py
new file mode 100644
index 0000000..d9f5f0a
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/server.py
@@ -0,0 +1,299 @@
+# Copyright (C) 2012 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+import logging as _logging
+import re as _re
+import socket as _socket
+import sys as _sys
+import threading as _threading
+import traceback as _traceback
+
+from . import LOG as _LOG
+from . import common as _common
+from . import error as _error
+
+
+_OPTION_REGEXP = _re.compile('^-?-?([-\w]+)( *)(=?) *(.*?) *\Z')
+
+
+class AssuanServer (object):
+ """A single-threaded Assuan server based on the `devolpment suggestions`_
+
+ Extend by subclassing and adding ``_handle_XXX`` methods for each
+ command you want to handle.
+
+ .. _development suggestions:
+ http://www.gnupg.org/documentation/manuals/assuan/Server-code.html
+ """
+ def __init__(self, name, logger=_LOG, use_sublogger=True,
+ valid_options=None, strict_options=True,
+ single_request=False, listen_to_quit=False,
+ close_on_disconnect=False):
+ self.name = name
+ if use_sublogger:
+ logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
+ self.logger = logger
+ if valid_options is None:
+ valid_options = []
+ self.valid_options = valid_options
+ self.strict_options = strict_options
+ self.single_request = single_request
+ self.listen_to_quit = listen_to_quit
+ self.close_on_disconnect = close_on_disconnect
+ self.input = self.output = None
+ self.options = {}
+ self.reset()
+
+ def reset(self):
+ self.stop = False
+ self.options.clear()
+
+ def run(self):
+ self.reset()
+ self.logger.info('running')
+ self.connect()
+ try:
+ self.handle_requests()
+ finally:
+ self.disconnect()
+ self.logger.info('stopping')
+
+ def connect(self):
+ if not self.input:
+ self.logger.info('read from stdin')
+ self.input = _sys.stdin.buffer
+ if not self.output:
+ self.logger.info('write to stdout')
+ self.output = _sys.stdout.buffer
+
+ def disconnect(self):
+ if self.close_on_disconnect:
+ self.logger.info('disconnecting')
+ self.input = None
+ self.output = None
+
+ def handle_requests(self):
+ self.send_response(_common.Response('OK', 'Your orders please'))
+ self.output.flush()
+ while not self.stop:
+ line = self.input.readline()
+ if not line:
+ break # EOF
+ if len(line) > _common.LINE_LENGTH:
+ self.raise_error(
+ _error.AssuanError(message='Line too long'))
+ if not line.endswith(b'\n'):
+ self.logger.info('C: {}'.format(line))
+ self.send_error_response(
+ _error.AssuanError(message='Invalid request'))
+ continue
+ line = line[:-1] # remove the trailing newline
+ self.logger.info('C: {}'.format(line))
+ request = _common.Request()
+ try:
+ request.from_bytes(line)
+ except _error.AssuanError as e:
+ self.send_error_response(e)
+ continue
+ self.handle_request(request)
+
+ def handle_request(self, request):
+ try:
+ handle = getattr(
+ self, '_handle_{}'.format(request.command))
+ except AttributeError:
+ self.logger.warn('unknown command: {}'.format(request.command))
+ self.send_error_response(
+ _error.AssuanError(message='Unknown command'))
+ return
+ try:
+ responses = handle(request.parameters)
+ for response in responses:
+ self.send_response(response)
+ except _error.AssuanError as error:
+ self.send_error_response(error)
+ return
+ except Exception as e:
+ self.logger.error(
+ 'exception while executing {}:\n{}'.format(
+ handle, _traceback.format_exc().rstrip()))
+ self.send_error_response(
+ _error.AssuanError(message='Unspecific Assuan server fault'))
+ return
+
+ def send_response(self, response):
+ """For internal use by ``.handle_requests()``
+ """
+ rstring = str(response)
+ self.logger.info('S: {}'.format(response))
+ self.output.write(bytes(response))
+ self.output.write(b'\n')
+ try:
+ self.output.flush()
+ except IOError:
+ if not self.stop:
+ raise
+
+ def send_error_response(self, error):
+ """For internal use by ``.handle_requests()``
+ """
+ self.send_response(_common.error_response(error))
+
+ # common commands defined at
+ # http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
+
+ def _handle_BYE(self, arg):
+ if self.single_request:
+ self.stop = True
+ yield _common.Response('OK', 'closing connection')
+
+ def _handle_RESET(self, arg):
+ self.reset()
+
+ def _handle_END(self, arg):
+ raise _error.AssuanError(
+ code=175, message='Unknown command (reserved)')
+
+ def _handle_HELP(self, arg):
+ raise _error.AssuanError(
+ code=175, message='Unknown command (reserved)')
+
+ def _handle_QUIT(self, arg):
+ if self.listen_to_quit:
+ self.stop = True
+ yield _common.Response('OK', 'stopping the server')
+ raise _error.AssuanError(
+ code=175, message='Unknown command (reserved)')
+
+ def _handle_OPTION(self, arg):
+ """
+
+ >>> s = AssuanServer(name='test', valid_options=['my-op'])
+ >>> list(s._handle_OPTION('my-op = 1 ')) # doctest: +ELLIPSIS
+ []
+ >>> s.options
+ {'my-op': '1'}
+ >>> list(s._handle_OPTION('my-op 2')) # doctest: +ELLIPSIS
+ []
+ >>> s.options
+ {'my-op': '2'}
+ >>> list(s._handle_OPTION('--my-op 3')) # doctest: +ELLIPSIS
+ []
+ >>> s.options
+ {'my-op': '3'}
+ >>> list(s._handle_OPTION('my-op')) # doctest: +ELLIPSIS
+ []
+ >>> s.options
+ {'my-op': None}
+ >>> list(s._handle_OPTION('inv'))
+ Traceback (most recent call last):
+ ...
+ pyassuan.error.AssuanError: 174 Unknown option
+ >>> list(s._handle_OPTION('in|valid'))
+ Traceback (most recent call last):
+ ...
+ pyassuan.error.AssuanError: 90 Invalid parameter
+ """
+ match = _OPTION_REGEXP.match(arg)
+ if not match:
+ raise _error.AssuanError(message='Invalid parameter')
+ name,space,equal,value = match.groups()
+ if value and not space and not equal:
+ # need either space or equal to separate value
+ raise _error.AssuanError(message='Invalid parameter')
+ if name not in self.valid_options:
+ if self.strict_options:
+ raise _error.AssuanError(message='Unknown option')
+ else:
+ self.logger.info('skipping invalid option: {}'.format(name))
+ else:
+ if not value:
+ value = None
+ self.options[name] = value
+ yield _common.Response('OK')
+
+ def _handle_CANCEL(self, arg):
+ raise _error.AssuanError(
+ code=175, message='Unknown command (reserved)')
+
+ def _handle_AUTH(self, arg):
+ raise _error.AssuanError(
+ code=175, message='Unknown command (reserved)')
+
+
+class AssuanSocketServer (object):
+ """A threaded server spawning ``AssuanServer``\s for each connection
+ """
+ def __init__(self, name, socket, server, kwargs={}, max_threads=10,
+ logger=_LOG, use_sublogger=True):
+ self.name = name
+ if use_sublogger:
+ logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
+ self.logger = logger
+ self.socket = socket
+ self.server = server
+ assert 'name' not in kwargs, kwargs['name']
+ assert 'logger' not in kwargs, kwargs['logger']
+ kwargs['logger'] = self.logger
+ assert 'use_sublogger' not in kwargs, kwargs['use_sublogger']
+ kwargs['use_sublogger'] = True
+ if 'close_on_disconnect' in kwargs:
+ assert kwargs['close_on_disconnect'] == True, (
+ kwargs['close_on_disconnect'])
+ else:
+ kwargs['close_on_disconnect'] = True
+ self.kwargs = kwargs
+ self.max_threads = max_threads
+ self.threads = []
+
+ def run(self):
+ self.logger.info('listen on socket')
+ self.socket.listen()
+ thread_index = 0
+ while True:
+ socket,address = self.socket.accept()
+ self.logger.info('connection from {}'.format(address))
+ self.cleanup_threads()
+ if len(threads) > self.max_threads:
+ self.drop_connection(socket, address)
+ self.spawn_thread(
+ 'server-thread-{}'.format(thread_index), socket, address)
+ thread_index = (thread_index + 1) % self.max_threads
+
+ def cleanup_threads(self):
+ i = 0
+ while i < len(self.threads):
+ thread = self.threads[i]
+ thread.join(0)
+ if thread.is_alive():
+ self.logger.info('joined thread {}'.format(thread.name))
+ self.threads.pop(i)
+ thread.socket.shutdown()
+ thread.socket.close()
+ else:
+ i += 1
+
+ def drop_connection(self, socket, address):
+ self.logger.info('drop connection from {}'.format(address))
+ # TODO: proper error to send to the client?
+
+ def spawn_thread(self, name, socket, address):
+ server = self.server(name=name, **self.kwargs)
+ server.input = socket.makefile('rb')
+ server.output = socket.makefile('wb')
+ thread = _threading.Thread(target=server.run, name=name)
+ thread.start()
+ self.threads.append(thread)
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_common.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_common.py
new file mode 100644
index 0000000..325b49b
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_common.py
@@ -0,0 +1,25 @@
+# Copyright (C) 2012-2018 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+import doctest
+import unittest
+
+from . import common
+
+
+def load_tests(loader, tests, ignore):
+ tests.addTests(doctest.DocTestSuite(common))
+ return tests
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_error.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_error.py
new file mode 100644
index 0000000..af7badf
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_error.py
@@ -0,0 +1,25 @@
+# Copyright (C) 2012-2018 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+import doctest
+import unittest
+
+from . import error
+
+
+def load_tests(loader, tests, ignore):
+ tests.addTests(doctest.DocTestSuite(error))
+ return tests
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_server.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_server.py
new file mode 100644
index 0000000..a3a4f57
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/pyassuan/test_server.py
@@ -0,0 +1,25 @@
+# Copyright (C) 2012-2018 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+import doctest
+import unittest
+
+from . import server
+
+
+def load_tests(loader, tests, ignore):
+ tests.addTests(doctest.DocTestSuite(server))
+ return tests
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/setup.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/setup.py
new file mode 100644
index 0000000..fcd859e
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/TremilyUsPyassuan/setup.py
@@ -0,0 +1,54 @@
+# Copyright (C) 2012-2018 W. Trevor King
+#
+# This file is part of pyassuan.
+#
+# pyassuan is free software: you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+#
+# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# pyassuan. If not, see .
+
+"Python module and tools for communicating in the Assuan protocol."
+
+from distutils.core import setup as _setup
+import os.path as _os_path
+
+from pyassuan import __version__
+
+
+_this_dir = _os_path.dirname(__file__)
+
+_setup(
+ name='pyassuan',
+ version=__version__,
+ maintainer='W. Trevor King',
+ maintainer_email='wking@tremily.us',
+ url='http://blog.tremily.us/posts/pyassuan/',
+ download_url='http://git.tremily.us/?p=pyassuan.git;a=snapshot;h=v{};sf=tgz'.format(__version__),
+ license = 'GNU General Public License (GPL)',
+ platforms = ['all'],
+ description = __doc__,
+ long_description=open(_os_path.join(_this_dir, 'README'), 'r').read(),
+ classifiers = [
+ 'Development Status :: 3 - Alpha',
+ 'Intended Audience :: Developers',
+ 'Operating System :: OS Independent',
+ 'License :: OSI Approved :: GNU General Public License (GPL)',
+ 'Programming Language :: Python :: 3',
+ 'Programming Language :: Python :: 3.3',
+ 'Programming Language :: Python :: 3.4',
+ 'Programming Language :: Python :: 3.5',
+ 'Programming Language :: Python :: 3.6',
+ 'Topic :: Security :: Cryptography',
+ 'Topic :: Software Development'
+ ],
+ scripts = ['bin/get-info.py', 'bin/pinentry.py'],
+ packages = ['pyassuan'],
+ provides = ['pyassuan'],
+ zip_safe=False)
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__init__.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__main__ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__main__
new file mode 100644
index 0000000..9308235
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__main__
@@ -0,0 +1,4 @@
+if __name__ == '__main__':
+ from gridfire import main
+
+ main()
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__main__.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__main__.py
new file mode 100644
index 0000000..9308235
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/__main__.py
@@ -0,0 +1,4 @@
+if __name__ == '__main__':
+ from gridfire import main
+
+ main()
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/ansible-vault.2.8.12 b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/ansible-vault.2.8.12
new file mode 100755
index 0000000..f234ca3
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/ansible-vault.2.8.12
@@ -0,0 +1,152 @@
+#!/usr/bin/python3.7
+
+# (c) 2012, Michael DeHaan
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+########################################################
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+__requires__ = ['ansible']
+
+
+import os
+import shutil
+import sys
+import traceback
+
+from ansible import context
+from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
+from ansible.module_utils._text import to_text
+
+
+# Used for determining if the system is running a new enough python version
+# and should only restrict on our documented minimum versions
+_PY3_MIN = sys.version_info[:2] >= (3, 5)
+_PY2_MIN = (2, 6) <= sys.version_info[:2] < (3,)
+_PY_MIN = _PY3_MIN or _PY2_MIN
+if not _PY_MIN:
+ raise SystemExit('ERROR: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: %s' % ''.join(sys.version.splitlines()))
+
+
+class LastResort(object):
+ # OUTPUT OF LAST RESORT
+ def display(self, msg, log_only=None):
+ print(msg, file=sys.stderr)
+
+ def error(self, msg, wrap_text=None):
+ print(msg, file=sys.stderr)
+
+
+if __name__ == '__main__':
+
+ display = LastResort()
+
+ try: # bad ANSIBLE_CONFIG or config options can force ugly stacktrace
+ import ansible.constants as C
+ from ansible.utils.display import Display
+ except AnsibleOptionsError as e:
+ display.error(to_text(e), wrap_text=False)
+ sys.exit(5)
+
+ cli = None
+ me = os.path.basename(sys.argv[0])
+
+ try:
+ display = Display()
+ display.debug("starting run")
+
+ sub = None
+ target = me.split('-')
+ if target[-1][0].isdigit():
+ # Remove any version or python version info as downstreams
+ # sometimes add that
+ target = target[:-1]
+
+ if len(target) > 1:
+ sub = target[1]
+ myclass = "%sCLI" % sub.capitalize()
+ elif target[0] == 'ansible':
+ sub = 'adhoc'
+ myclass = 'AdHocCLI'
+ else:
+ raise AnsibleError("Unknown Ansible alias: %s" % me)
+
+ try:
+ mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
+ except ImportError as e:
+ # ImportError members have changed in py3
+ if 'msg' in dir(e):
+ msg = e.msg
+ else:
+ msg = e.message
+ if msg.endswith(' %s' % sub):
+ raise AnsibleError("Ansible sub-program not implemented: %s" % me)
+ else:
+ raise
+
+ try:
+ args = [to_text(a, errors='surrogate_or_strict') for a in sys.argv]
+ except UnicodeError:
+ display.error('Command line args are not in utf-8, unable to continue. Ansible currently only understands utf-8')
+ display.display(u"The full traceback was:\n\n%s" % to_text(traceback.format_exc()))
+ exit_code = 6
+ else:
+ cli = mycli(args)
+ exit_code = cli.run()
+
+ except AnsibleOptionsError as e:
+ cli.parser.print_help()
+ display.error(to_text(e), wrap_text=False)
+ exit_code = 5
+ except AnsibleParserError as e:
+ display.error(to_text(e), wrap_text=False)
+ exit_code = 4
+# TQM takes care of these, but leaving comment to reserve the exit codes
+# except AnsibleHostUnreachable as e:
+# display.error(str(e))
+# exit_code = 3
+# except AnsibleHostFailed as e:
+# display.error(str(e))
+# exit_code = 2
+ except AnsibleError as e:
+ display.error(to_text(e), wrap_text=False)
+ exit_code = 1
+ except KeyboardInterrupt:
+ display.error("User interrupted execution")
+ exit_code = 99
+ except Exception as e:
+ if C.DEFAULT_DEBUG:
+ # Show raw stacktraces in debug mode, It also allow pdb to
+ # enter post mortem mode.
+ raise
+ have_cli_options = bool(context.CLIARGS)
+ display.error("Unexpected Exception, this is probably a bug: %s" % to_text(e), wrap_text=False)
+ if not have_cli_options or have_cli_options and context.CLIARGS['verbosity'] > 2:
+ log_only = False
+ if hasattr(e, 'orig_exc'):
+ display.vvv('\nexception type: %s' % to_text(type(e.orig_exc)))
+ why = to_text(e.orig_exc)
+ if to_text(e) != why:
+ display.vvv('\noriginal msg: %s' % why)
+ else:
+ display.display("to see the full traceback, use -vvv")
+ log_only = True
+ display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
+ exit_code = 250
+
+ sys.exit(exit_code)
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gpgkey_pinentry_test.exp b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gpgkey_pinentry_test.exp
new file mode 100755
index 0000000..ed68de0
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gpgkey_pinentry_test.exp
@@ -0,0 +1,87 @@
+#!/usr/bin/expect --
+# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
+
+set ROLE gpgkey
+set PREFIX /usr/local
+
+set timeout 30
+
+#? spawn /usr/local/bin/pinentry.py
+spawn /usr/local/bin/pinentry_gridfire.py
+
+expect "OK Your orders please"
+send_user "OPTION grab\n"
+send "OPTION grab\n"
+expect "OK"
+send_user "OPTION ttyname=/dev/pts/6\n"
+send "OPTION ttyname=/dev/pts/6\n"
+expect "OK"
+send_user "OPTION ttytype=xterm\n"
+send "OPTION ttytype=xterm\n"
+expect "OK"
+send_user "OPTION lc-ctype=en_US.UTF-8\n"
+send "OPTION lc-ctype=en_US.UTF-8\n"
+expect "OK"
+send_user "OPTION lc-messages=en_US.UTF-8\n"
+send "OPTION lc-messages=en_US.UTF-8\n"
+expect "OK"
+send_user "OPTION allow-external-password-cache\n"
+send "OPTION allow-external-password-cache\n"
+expect "OK"
+send_user "OPTION default-ok=_OK\n"
+send "OPTION default-ok=_OK\n"
+expect "OK"
+send_user "OPTION default-cancel=_Cancel\n"
+send "OPTION default-cancel=_Cancel\n"
+expect "OK"
+send_user "OPTION default-yes=_Yes\n"
+send "OPTION default-yes=_Yes\n"
+expect "OK"
+send_user "OPTION default-no=_No\n"
+send "OPTION default-no=_No\n"
+expect "OK"
+send_user "OPTION default-prompt=PIN:\n"
+send "OPTION default-prompt=PIN:\n"
+expect "OK"
+send_user "OPTION default-pwmngr=_Save in password manager\n"
+send "OPTION default-pwmngr=_Save in password manager\n"
+expect "OK"
+send_user "OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\n"
+send "OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\n"
+expect "OK"
+send_user "OPTION default-tt-visi=Make passphrase visible\n"
+send "OPTION default-tt-visi=Make passphrase visible\n"
+expect "OK"
+send_user "OPTION default-tt-hide=Hide passphrase\n"
+send "OPTION default-tt-hide=Hide passphrase\n"
+expect "OK"
+send_user "GETINFO pid\n"
+send "GETINFO pid\n"
+expect "D 14309"
+expect "OK"
+send_user "SETKEYINFO u/S9464F2C2825D2FE3\n"
+send "SETKEYINFO u/S9464F2C2825D2FE3\n"
+expect "OK"
+send_user "SETDESC Enter passphrase%0A\n"
+send "SETDESC Enter passphrase%0A\n"
+expect "OK"
+send_user "SETPROMPT Passphrase\n"
+send "SETPROMPT Passphrase\n"
+expect "OK"
+send_user "GETPIN\n"
+send "GETPIN\n"
+expect "D testing!"
+expect "OK"
+send_user "BYE\n"
+send "BYE\n"
+expect "OK closing connection"
+
+expect -re .+ {
+ exp_continue
+ } timeout {
+ exit 1
+ } eof {
+ exit 0
+ }
+
+# expect -r .+ {send "\r"}
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.bash
new file mode 100755
index 0000000..4fbc490
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.bash
@@ -0,0 +1,11 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0`
+PREFIX=/usr/local
+ROLE=gpgkey
+[ -f $PREFIX/bin/gridfire.rc ] && . $PREFIX/bin/gridfire.rc
+
+cd /usr/local/src/gridfire || exit 3
+
+exec /usr/local/bin/python3.sh gridfire.py "$@"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.new b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.new
new file mode 100755
index 0000000..84e9eaf
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.new
@@ -0,0 +1,59 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+. /usr/local/bin/gridfire.rc
+
+declare -a ELTS LARGS RARGS
+ELTS=(
+ gridfire_ansible-vault.sh
+ gridfire_keepassxc-cli.sh
+ gridfire_keepassxc.sh
+ gridfire_keyring.sh
+ gridfire_openssl.sh
+ gridfire_secret-tool.sh
+ gridfire_staticgpg.sh
+ gridfire_truecrypt.sh
+ gridfire_veracrypt.sh
+)
+SHORTOPTS="ha:cgulbodfpwm:nv:s:D:P:H:A:"
+
+OARGS="$@"
+ARGS=$(getopt --options $SHORTOPTS -- "$@")
+[ $? != 0 ] && error 2 "Aborting."
+eval set -- "$ARGS"
+
+while true; do
+ case "$1" in
+ -h|-c|-g|-u|-l|-b|-o|-d|-f|-p|-w|-n)
+ LARGS+=($1)
+ shift;;
+ -a|-m|-v|-s|-D|-P|-H|-A)
+ LARGS+=($1)
+ shift
+ LARGS+=($1)
+ shift;;
+ '--')
+ shift
+ RARGS=("$@")
+ break
+ ;;
+ esac
+
+done
+#echo DEBUG: LARGS ${LARGS[@]}
+#echo DEBUG: RARGS ${RARGS[@]}
+case ${RARGS[0]} in
+ ansible-vault|keepassxc-cli|keepassxc|keyring|openssl|secret-tool|staticgpg|truecrypt|veracrypt|foo)
+ elt=gridfire_${RARGS[0]}.bash
+ unset ${RARGS[0]}
+ RARGS[0]=""
+ exec bash $elt ${LARGS[@]} ${RARGS[@]}
+ ;;
+ esac
+# echo ${RARGS[@]}
+
+exec python3.sh $PREFIX/src/gridfire/gridfire.py "$OARGS"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.lin b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.lin
new file mode 100644
index 0000000..8db348c
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.lin
@@ -0,0 +1,6 @@
+#!/bin/sh
+# -*-mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
+export PATH='/var/local/bin:'"$PATH"
+#export PATH='/usr/local/bin:'"$PATH"
+export TMPDIR=/tmp
+
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.win b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.win
new file mode 100755
index 0000000..3b3e8b7
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire.rc.win
@@ -0,0 +1,11 @@
+#!/bin/sh
+# -*-mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
+export PATH='/q/Pg64/KeePassXC-2.6.6-Win64:'"$PATH"
+export PATH='/q/Pg64/VeraCrypt_1.24-Update7:'"$PATH"
+# VeraCrypt Legacy Portable 1.24-Update7.exe
+export PATH='/w/Pg32/TrueCrypt:'"$PATH"
+export PATH='/q/Pg64/TrueCrypt-7.1a:'"$PATH"
+
+export PATH='/usr/local/bin:'"$PATH"
+export TMPDIR=/q/tmp
+
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.bash
new file mode 100755
index 0000000..88d739e
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.bash
@@ -0,0 +1,13 @@
+#!/bin/sh
+# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
+
+PREFIX=/usr/local
+ROLE=gpgkey
+PYVER=3
+
+. /usr/local/bin/gridfire.rc
+
+export PYTHONPATH=$PREFIX/src/gridfire
+exec $PREFIX/bin/gridfire -H "ansible-vault.py" -- \
+ $PREFIX/bin/python$PYVER.sh $PREFIX/src/gridfire/ansible-vault.py "$@"
+
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.py b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.py
new file mode 100755
index 0000000..63d03b8
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.py
@@ -0,0 +1,30 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+root=KeeC
+DEBUG=1
+
+. /usr/local/bin/usr_local_tput.bash
+. /usr/local/bin/gridfire.rc
+EXE=/var/local/bin/keepassxc.bash
+
+# not -k not -p
+[[ "$*" =~ "--pw-stdin" ]] || [[ $RARGS =~ "--pw-stdin" ]] || RARGS="--pw-stdin $RARGS"
+# not =''
+[[ "$*" =~ "--keyfile" ]] || [[ $RARGS =~ "--keyfile" ]] || RARGS="--keyfile '' $RARGS"
+
+DEBUG=1
+DEBUG $EXE $RARGS "$@" >> /tmp/${root}$$.log
+$EXE $RARGS "$@" 2>/tmp/${root}$$.err >/tmp/${root}$$.log
+retval=$?
+if [ $retval -eq 0 ] ; then
+ INFO see /tmp/${root}$$.log
+else
+ WARN see /tmp/${root}$$.err
+ cat /tmp/${root}$$.err
+fi
+exit $retval
+
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.py.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.py.bash
new file mode 100755
index 0000000..f4963a4
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_ansible-vault.py.bash
@@ -0,0 +1,174 @@
+#!/usr/local/bin/python2.sh
+# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
+
+# (c) 2012, Michael DeHaan
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+########################################################
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+__requires__ = ['ansible']
+
+
+import os
+import shutil
+import sys
+import traceback
+
+from ansible import context
+from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
+from ansible.module_utils._text import to_text
+
+from gridfire import getpass
+
+ROLE="proxy"
+# Used for determining if the system is running a new enough python version
+# and should only restrict on our documented minimum versions
+_PY3_MIN = sys.version_info[:2] >= (3, 5)
+_PY2_MIN = (2, 6) <= sys.version_info[:2] < (3,)
+_PY_MIN = _PY3_MIN or _PY2_MIN
+if not _PY_MIN:
+ raise SystemExit('ERROR: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: %s' % ''.join(sys.version.splitlines()))
+
+
+class LastResort(object):
+ # OUTPUT OF LAST RESORT
+ def display(self, msg, log_only=None):
+ print(msg, file=sys.stderr)
+
+ def error(self, msg, wrap_text=None):
+ print(msg, file=sys.stderr)
+
+ def prompt(self, msg, private=True):
+ return getpass(msg)
+
+
+if __name__ == '__main__':
+
+ display = LastResort()
+
+ try: # bad ANSIBLE_CONFIG or config options can force ugly stacktrace
+ import ansible.constants as C
+ from ansible.utils.display import Display
+ except AnsibleOptionsError as e:
+ display.error(to_text(e), wrap_text=False)
+ sys.exit(5)
+
+ _Display = Display
+ class MyDisplay(_Display):
+ name = 'getpass'
+ def prompt(self, prompt, private=True):
+ return getpass(prompt)
+
+ Display = MyDisplay
+ display = MyDisplay()
+ from ansible.parsing import vault
+ vault.display = display
+
+ cli = None
+ me = os.path.basename(sys.argv[0])
+
+ try:
+ display.v("starting run")
+
+ sub = None
+ target = me.split('-')
+ if target[-1][0].isdigit():
+ # Remove any version or python version info as downstreams
+ # sometimes add that
+ target = target[:-1]
+
+ if len(target) > 1:
+ sub = target[1]
+ myclass = "%sCLI" % sub.capitalize()
+ elif target[0] == 'ansible':
+ sub = 'adhoc'
+ myclass = 'AdHocCLI'
+ else:
+ raise AnsibleError("Unknown Ansible alias: %s" % me)
+
+ try:
+ mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
+ except ImportError as e:
+ # ImportError members have changed in py3
+ if 'msg' in dir(e):
+ msg = e.msg
+ else:
+ msg = e.message
+ if msg.endswith(' %s' % sub):
+ raise AnsibleError("Ansible sub-program not implemented: %s" % me)
+ raise
+
+ mycli.display = display
+ try:
+ args = [to_text(a, errors='surrogate_or_strict') for a in sys.argv]
+ except UnicodeError:
+ display.error('Command line args are not in utf-8, unable to continue. Ansible currently only understands utf-8')
+ display.display(u"The full traceback was:\n\n%s" % to_text(traceback.format_exc()))
+ exit_code = 6
+ else:
+ cli = mycli(args)
+ cli.parse()
+ cli.display = display
+ # import pdb; pdb.set_trace()
+ exit_code = cli.run()
+
+ except AnsibleOptionsError as e:
+ cli.parser.print_help()
+ display.error(to_text(e), wrap_text=False)
+ exit_code = 5
+ except AnsibleParserError as e:
+ display.error(to_text(e), wrap_text=False)
+ exit_code = 4
+# TQM takes care of these, but leaving comment to reserve the exit codes
+# except AnsibleHostUnreachable as e:
+# display.error(str(e))
+# exit_code = 3
+# except AnsibleHostFailed as e:
+# display.error(str(e))
+# exit_code = 2
+ except AnsibleError as e:
+ display.error(to_text(e), wrap_text=False)
+ exit_code = 1
+ except KeyboardInterrupt:
+ display.error("User interrupted execution")
+ exit_code = 99
+ except Exception as e:
+ if C.DEFAULT_DEBUG:
+ # Show raw stacktraces in debug mode, It also allow pdb to
+ # enter post mortem mode.
+ raise
+ have_cli_options = bool(context.CLIARGS)
+ display.error("Unexpected Exception, this is probably a bug: %s" % to_text(e), wrap_text=False)
+ if not have_cli_options or have_cli_options and context.CLIARGS['verbosity'] > 2:
+ log_only = False
+ if hasattr(e, 'orig_exc'):
+ display.vvv('\nexception type: %s' % to_text(type(e.orig_exc)))
+ why = to_text(e.orig_exc)
+ if to_text(e) != why:
+ display.vvv('\noriginal msg: %s' % why)
+ else:
+ display.display("to see the full traceback, use -vvv")
+ log_only = True
+ display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
+ exit_code = 250
+ finally:
+ # Remove ansible tmpdir
+ shutil.rmtree(C.DEFAULT_LOCAL_TMP, True)
+
+ sys.exit(exit_code)
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_keepassxc-cli.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_keepassxc-cli.bash
new file mode 100755
index 0000000..fe0838a
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_keepassxc-cli.bash
@@ -0,0 +1,17 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+DEBUG=1
+. /usr/local/bin/usr_local_tput.bash
+. /usr/local/bin/gridfire.rc
+
+COMMAND=$1
+shift
+RARGS="--pw-stdin"
+tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
+exec $PREFIX/bin/gridfire -H "keepassxc-cli.sh $tail" -- \
+ keepassxc-cli.sh $COMMAND $RARGS "$@"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_keepassxc.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_keepassxc.bash
new file mode 100755
index 0000000..5a3c07f
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_keepassxc.bash
@@ -0,0 +1,20 @@
+#!/bin/sh
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+DEBUG=1
+. /usr/local/bin/usr_local_tput.bash
+. /usr/local/bin/gridfire.rc
+
+
+tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
+LARGS="--bg"
+LARGS=""
+RARGS="--pw-stdin"
+INFO $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
+ keepassxc $RARGS "$@"
+exec $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
+ keepassxc $RARGS "$@"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_kpsh.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_kpsh.bash
new file mode 100644
index 0000000..4e25a5d
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_kpsh.bash
@@ -0,0 +1,58 @@
+#!/bin/sh
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+. /usr/local/bin/usr_local_tput.bash || exit 2
+
+if [ "$#" -eq 0 ] ; then
+ echo USAGE: $0 [options]
+ cat << EOF
+USAGE:
+ --password PASSWORD Database password.
+ --password-command PW_CMD
+ Password will be obtained from the output of this
+ command.
+ --keyfile KEYFILE Key file for unlocking database.
+ --pinentry PINENTRY Command used to run pinentry.
+ -c COMMAND, --command COMMAND
+ Command to execute. If command arguments contain
+ spaces, they must be enclosed in double quotes. With
+ this switch, kpsh will be started in non-interactive
+ mode. A list of available commands can be found by
+ running 'kpsh -c help':
+ {open,unlock,lock,db,ls,show,add,edit,delete,move,autotype,exit,echo,sleep,help}
+ open Change currently opened database.
+ unlock Unlock currently opened database.
+ lock Lock a database.
+ db Query opened database info.
+ ls List contents of database.
+ show Show contents of entry.
+ add Add a new entry if it doesn't exist yet.
+ edit Edit existing entry
+ delete Delete entry from database
+ move Move entry to the new path.
+ autotype Auto-type sequence of entry fields.
+ exit Exit shell.
+ echo Display a message.
+ sleep Sleep for a given number of seconds.
+
+ --prompt PROMPT Text used by shell for prompt.
+ -d, --daemon Start as a daemon listening on a socket given by
+ --socket-path
+ -s SOCKET_PATH, --socket-path SOCKET_PATH
+ Path to the socket which will be created in daemon
+ mode (default: /tmp/kpsh-$UID.sock).
+
+USAGE: $0 -- kpsh-args
+`basename $0` arguments go before the -- kpsh args go after
+
+EOF
+ exit 1
+ fi
+
+# FixMe: nonewline
+exec $PREFIX/bin/gridfire -H "kpsh password on stdin" --stdin -- \
+ kpsh "$@"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_openssl.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_openssl.bash
new file mode 100755
index 0000000..5d9cf9b
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_openssl.bash
@@ -0,0 +1,187 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+. /usr/local/bin/gridfire.rc
+
+COMMANDS=(
+ asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec
+ ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp
+ passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req
+ rsa rsautl s_client s_server s_time sess_id smime speed spkac srp
+ storeutl ts verify version x509 dgst enc
+)
+# for elt in ${COMMANDS[*]}; do echo INFO: openssl $elt;openssl $elt -help;done
+
+usage () {
+ echo "USAGE: recognized commands are - ${PASSIN_COMMANDS[*]} ${PASSOUT_COMMANDS[*]} ${PASS_COMMANDS[*]}"
+ return 0
+}
+
+
+if [ "$#" -eq 0 ] || [ "$1" = '--help' ] || [ "$1" = '-h' ] ; then
+ echo USAGE: $0 command [options]
+ cat << EOF
+Recognized commands:
+
+-passin commands: -passin pass:stdin
+ ca \
+ -passin val Input file pass phrase source
+ cms
+ -pwri_password val (No additional info)
+ -passin val Input file pass phrase source
+ dgst
+ -passin val Input file pass phrase source
+ pkeyutl
+ -passin val Input file pass phrase source
+ rsautl
+ -passin val Input file pass phrase source
+ smime
+ -passin val Input file pass phrase source
+ spkac
+ -passin val Input file pass phrase source
+ storeutl
+ -passin val Input file pass phrase source
+ ts
+ -passin val Input file pass phrase source
+ x509
+ -passin val Private key password/pass-phrase source
+ dgst
+ -passin val Input file pass phrase source
+
+-passout commands: -passout pass:stdin
+ gendsa
+ -passout val Output file pass phrase source
+ genrsa
+ -passout val Output file pass phrase source
+
+-pass commands: -pass pass:stdin
+ enc
+ -pass val Passphrase source
+ genpkey
+ -pass val Output file pass phrase source
+
+Options:
+ pass:stdin
+ pass:fd0
+EOF
+ exit 1
+ fi
+COMMAND=$1
+
+# FixMe: make sure command is first
+if [ $COMMAND = '-help' ] || [ $COMMAND = '--help' ] ; then
+ usage
+ echo "USAGE: all openssl commands are - ${COMMANDS[*]}"
+ exit 0
+fi
+if [ "${COMMAND:0:1}" = "-" ] ; then
+ echo "USAGE: command args - command must precede args"
+ usage
+ exit 1
+ fi
+
+case $COMMAND in \
+# PASSIN_COMMANDS=(
+ ca \
+ | cms \
+ | dgst \
+ | pkeyutl \
+ | rsautl \
+ | smime \
+ | spkac \
+ | storeutl \
+ | ts \
+ | x509 \
+ | dgst \
+) # FixMe: check if already there
+ LARGS="-passin pass:stdin"
+ $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
+ ;;
+
+# PASSOUT_COMMANDS=(
+ gendsa \
+ | genrsa \
+) # FixMe: check if already there
+ LARGS="-passout pass:stdin"
+ $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
+ ;;
+
+# PASS_COMMANDS=( \
+ enc \
+ | genpkey \
+) # FixMe: check if already there
+ LARGS="-pass pass:stdin"
+ $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
+ ;;
+
+# PASSNOV_COMMANDS=( \
+ passwd \
+ | '-in infile Read passwords from file' \
+ | '-noverify Never verify when reading password from terminal' \
+ | '-stdin Read passwords from stdin' \
+) # FixMe: check if already there
+ #? conflicts with -in?
+ LARGS=" -noverify -stdin"
+ bash $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
+ ;;
+
+# PASSINOUT_COMMANDS=( \
+ pkcs8 \
+ | '-passin val Input file pass phrase source' \
+ | '-passout val Output file pass phrase source' \
+ | pkey \
+ | '-passin val Input file pass phrase source' \
+ | '-passout val Output file pass phrase source' \
+ | rsa \
+ | '-passout val Output file pass phrase source' \
+ | '-passin val Input file pass phrase source' \
+ | srp \
+ | '-passin val Input file pass phrase source' \
+ | '-passout val Output file pass phrase source' \
+) # FixMe: check if already there
+ # FixMe: fd:
+ LARGS="--passin"
+ passin=`sh $PREFIX/bin/gridfire -H "openssl $LARGS" `
+ LARGS="-passin pass:$passin -passout pass:stdin"
+ bash $PREFIX/bin/gridfire -H "openssl -passout pass:stdin" -- openssl $LARGS "$@" || exit $?
+
+esac
+exit 0
+
+# PASSDPASS_COMMANDS=( \
+ s_server \
+ # -pass val Private key file pass phrase source \
+ # -dpass val Second private key file pass phrase source \
+) # FixMe: check if already there
+ # FixMe: fd:
+ pass=`sh $PREFIX/bin/gridfire.sh`
+ LARGS="-pass pass:$pass -dpass pass:stdin"
+ bash $PREFIX/bin/gridfire -- openssl $LARGS "$@" || exit $?
+
+;; # PASSKPASS_COMMANDS=( \
+ enc \
+ # -pass val Passphrase source \
+ # -kfile infile Read passphrase from file \
+) # FixMe: check if already there
+ # FixMe: fd:
+ #?pass=`sh $PREFIX/bin/gridfire.sh`
+ #?LARGS="-pass pass:$pass -dpass pass:stdin"
+ LARGS="-pass pass:stdin"
+ $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
+
+;; # PASSINOUTWORD_COMMANDS=( \ \
+ pkcs12 \
+ # -twopass Separate MAC, encryption passwords \
+ # -passin val Input file pass phrase source \
+ # -passout val Output file pass phrase source \
+ # -password val Set import/export password source \
+) # FixMe: check if already there
+
+
+ # FixMe: pass: prefix
+$PREFIX/bin/gridfire -H "-passin pass:" --single "passin" -- sh $PREFIX/bin/gridfire -H "-passout stdin" -- openssl "$@" || exit $?
+esac
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_secret-tool.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_secret-tool.bash
new file mode 100755
index 0000000..97d3fc0
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_secret-tool.bash
@@ -0,0 +1,27 @@
+#!/bin/sh
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+. /usr/local/bin/usr_local_tput.bash || exit 2
+
+if [ "$#" -eq 0 ] ; then
+ echo USAGE: $0 [options]
+ cat << EOF
+usage: secret-tool store --label='label' attribute value ...
+ secret-tool lookup attribute value ...
+ secret-tool clear attribute value ...
+ secret-tool search [--all] [--unlock] attribute value ...
+
+USAGE: $0 -- secret-tool-args
+`basename $0` arguments go before the -- secret-tool args go after
+
+EOF
+ exit 1
+ fi
+
+# FixMe: nonewline
+exec $PREFIX/bin/gridfire -H "secret-tool password on stdin" --stdin -- \
+ secret-tool "$@"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_staticgpg.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_staticgpg.bash
new file mode 100755
index 0000000..d2d2319
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_staticgpg.bash
@@ -0,0 +1,11 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+#? --pinentry-mode loopback
+
+exec $PREFIX/bin/gridfire -H "staticgpg --passphrase-fd 0" -- \
+ staticgpg --passphrase-fd 0 "$@"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_tomb.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_tomb.bash
new file mode 100755
index 0000000..9f4fd2f
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_tomb.bash
@@ -0,0 +1,104 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+PYVER=3
+EXE=/var/local/bin/tomb.bash
+
+. /usr/local/bin/usr_local_tput.bash || exit 2
+. /usr/local/bin/gridfire.rc
+
+# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
+# ~/.local/share/python_keyring
+
+# what goes on stdin - the passwd to the keyfile with the keyfile as an arg?
+# or open the keyfile?
+# passwd from gridfire or from keepass
+
+usage() {
+ echo "Syntax: tomb [options] command [arguments]"
+ echo
+ echo " // Creation:"
+ echo " dig create a new empty TOMB file of size -s in MiB"
+ echo " forge create a new KEY file and set its password"
+ echo " lock installs a lock on a TOMB to use it with KEY"
+ echo
+ echo " // Operations on tombs:"
+ echo " open open an existing TOMB (-k KEY file or - for stdin)"
+ echo " index update the search indexes of tombs"
+ echo " search looks for filenames matching text patterns"
+ echo " list list of open TOMBs and information on them"
+ echo " ps list of running processes inside open TOMBs"
+ echo " close close a specific TOMB (or 'all')"
+ echo " slam slam a TOMB killing all programs using it"
+ [[ $RESIZER == 1 ]] && {
+ echo " resize resize a TOMB to a new size -s (can only grow)"
+ }
+ echo
+ echo " // Operations on keys:"
+ echo " passwd change the password of a KEY (needs old pass)"
+ echo " setkey change the KEY locking a TOMB (needs old key and pass)"
+ echo
+ [[ $QRENCODE == 1 ]] && {
+ echo " // Backup on paper:"
+ echo " engrave makes a QR code of a KEY to be saved on paper"
+ echo
+ }
+ [[ $STEGHIDE == 1 || $CLOAKIFY == 1 || $DECLOAKIFY == 1 ]] && {
+ echo " // Steganography:"
+ [[ $STEGHIDE == 1 ]] && {
+ echo " bury hide a KEY inside a JPEG image (for use with -k)"
+ echo " exhume extract a KEY from a JPEG image (prints to stdout)"
+ }
+ [[ $CLOAKIFY == 1 ]] && {
+ echo " cloak transform a KEY into TEXT using CIPHER (for use with -k)"
+ }
+ [[ $DECLOAKIFY == 1 ]] && {
+ echo " uncloak extract a KEY from a TEXT using CIPHER (prints to stdout)"
+ }
+ echo
+ }
+ echo "Options:"
+ echo
+ echo " -s size of the tomb file when creating/resizing one (in MiB)"
+ echo " -k path to the key to be used ('-k -' to read from stdin)"
+ echo " -n don't launch the execution hooks found in tomb"
+ echo " -p preserve the ownership of all files in tomb"
+ echo " -o options passed to commands: open, lock, forge (see man)"
+ echo " -f force operation (i.e. even if swap is active)"
+ echo " -g use a GnuPG key to encrypt a tomb key"
+ echo " -r provide GnuPG recipients (separated by comma)"
+ echo " -R provide GnuPG hidden recipients (separated by comma)"
+
+ [[ $SPHINX == 1 ]] && {
+ echo " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
+ echo " --sphx-host host associated with the key (for use with pitchforkedsphinx)"
+ }
+
+ [[ $KDF == 1 ]] && {
+ echo " --kdf forge keys armored against dictionary attacks"
+ }
+
+ echo
+ echo " -q run quietly without printing informations"
+ echo " -D print debugging information at runtime"
+}
+
+# FixMe: make sure command is first
+if [ "$#" -eq 0 ] || [ "$1" = '--help' -o "$1" = 'help' ] ; then
+# usage
+# exit 0
+:
+fi
+
+LARGS="-H \"tomb $tail\""
+tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
+if [[ "$*" =~ "-- " ]];then
+ RARGS=`echo $*|sed -e "s/-- /-- $EXE/"`
+ exec $PREFIX/bin/gridfire $LARGS $RARGS
+else
+ exec $PREFIX/bin/gridfire $LARGS -- $EXE "$@"
+fi
+
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_truecrypt-console.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_truecrypt-console.bash
new file mode 100755
index 0000000..d395c5c
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_truecrypt-console.bash
@@ -0,0 +1,32 @@
+ #!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+DEBUG=1
+. /usr/local/bin/usr_local_tput.bash
+. /usr/local/bin/gridfire.rc
+
+usage () {
+ echo USAGE: $0 [options]
+ cat << EOF
+USAGE: $0 [--arg password ] -- truecrypt-args
+`basename $0` arguments go before the -- truecrypt args go after
+MINIMUM of 2 args for truecrypt
+EOF
+ exit 1
+}
+if [ "$#" -eq 0 ] ; then
+ usage
+ fi
+if [ "$#" -lt 2 ] ; then
+ usage
+ fi
+
+tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
+RARGS="--non-interactive"
+exec $PREFIX/bin/gridfire --double password -E -B -H "truecrypt-console $tail" -- \
+ $PREFIX/bin/truecrypt-console.sh $RARGS "$@"
+
+# FixMe: --new-password= New password
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_truecrypt.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_truecrypt.bash
new file mode 100755
index 0000000..c26ada5
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_truecrypt.bash
@@ -0,0 +1,25 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+. /usr/local/bin/usr_local_tput.bash || exit 2
+. /usr/local/bin/gridfire.rc
+
+if [ "$#" -eq 0 ] ; then
+ echo USAGE: $0 [options]
+ cat << EOF
+USAGE: $0 [--arg password ] -- truecrypt-args
+`basename $0` arguments go before the -- truecrypt args go after
+
+EOF
+ exit 1
+ fi
+
+tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
+exec $PREFIX/bin/gridfire -E --double password -H "truecrypt $tail" -- \
+ $PREFIX/bin/truecrypt.sh "$@"
+
+# FixMe: --new-password= New password
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_veracrypt-console.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_veracrypt-console.bash
new file mode 100755
index 0000000..ccf2c91
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_veracrypt-console.bash
@@ -0,0 +1,37 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+DEBUG=1
+. /usr/local/bin/usr_local_tput.bash
+. /usr/local/bin/gridfire.rc
+
+usage () {
+ echo USAGE: $0 [options]
+ cat << EOF
+USAGE: $0 [--arg password ] -- veracrypt-args
+`basename $0` arguments go before the -- veracrypt args go after
+MINIMUM of 2 args for veracrypt
+EOF
+ exit 1
+}
+if [ "$#" -eq 0 ] ; then
+ usage
+ exit 1
+ fi
+if [ "$#" -lt 2 ] ; then
+ usage
+ fi
+
+RARGS="--stdin --non-interactive"
+[[ "$*" =~ "--stdin" ]] || [[ $RARGS =~ "--stdin" ]] || LARGS="--stdin $LARGS"
+#no [[ "$*" =~ "--create" ]] && LARGS="--repeat $LARGS"
+#no [[ "$*" =~ "--new-password=" ]] && LARGS="--repeat $LARGS"
+
+tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
+$PREFIX/bin/gridfire $LARGS -H "veracrypt-console $tail" -- \
+ $PREFIX/bin/veracrypt-console.sh $RARGS "$@"
+
+# FixMe: --new-password= New password
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_veracrypt.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_veracrypt.bash
new file mode 100755
index 0000000..d672755
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/gridfire_veracrypt.bash
@@ -0,0 +1,15 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+
+. /usr/local/bin/usr_local_tput.bash
+. /usr/local/bin/gridfire.rc
+
+tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
+exec $PREFIX/bin/gridfire -H "veracrypt $tail" -- \
+ $PREFIX/bin/veracrypt.sh $RARGS "$@"
+
+# FixMe: --new-password= New password
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.bash b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.bash
new file mode 100755
index 0000000..ebb433f
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.bash
@@ -0,0 +1,97 @@
+#!/bin/bash
+# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
+
+prog=`basename $0 .bash`
+PREFIX=/usr/local
+ROLE=gpgkey
+root=KeeC
+DEBUG=1
+
+. /usr/local/bin/usr_local_tput.bash
+. /usr/local/bin/gridfire.rc
+EXE=/var/local/bin/keepassxc-cli.bash
+
+#? mayaybe not
+if [ "$#" -eq 0 -o "$1" = '--help' ] ; then
+ echo USAGE: $0 command [options]
+ cat << EOF
+Available commands:
+analyze Analyze passwords for weaknesses and problems.
+clip Copy an entry's attribute to the clipboard.
+close Close the currently opened database.
+db-create Create a new database.
+db-info Show a database's information.
+diceware Generate a new random diceware passphrase.
+edit Edit an entry.
+estimate Estimate the entropy of a password.
+export Exports the content of a database to standard output in the specified format.
+generate Generate a new random password.
+help Display command help.
+import Import the contents of an XML database.
+locate Find entries quickly.
+ls List database entries.
+merge Merge two databases.
+mkdir Adds a new group to a database.
+mv Moves an entry to a new group.
+open Open a database.
+rm Remove an entry from the database.
+rmdir Removes a group from a database.
+show Show an entry's information.
+
+Options:
+ -k, --key-file Key file of the database.
+EOF
+ exit 1
+ fi
+
+# [[ "$*" =~ "--pw-stdin" ]] || [[ $LARGS =~ "--pw-stdin" ]] || LARGS="--pw-stdin $LARGS"
+
+if [[ "$*" =~ "db-create" ]] ; then
+ [[ "$*" =~ "--decryption-time" ]] || [[ $RARGS =~ "--decryption-time" ]] || RARGS="--decryption-time=1000 $RARGS"
+ # not =''
+ # [[ "$*" =~ "-k" ]] || [[ $RARGS =~ "-k" ]] || RARGS="-k '' $RARGS"
+
+ [ -x $EXE ] || PANIC file not found $EXE
+ DBUG $EXE $LARGS $RARGS "$@" >> /tmp/${root}$$.log
+ password=$(cat)
+ /usr/bin/expect << EOF
+# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
+
+set ROLE gpgkey
+set PREFIX /usr/local
+
+set timeout 30
+
+spawn -noecho $EXE $LARGS $RARGS "$@"
+log_user 0
+
+expect "Enter password to encrypt database (optional):"
+send "$password\n"
+expect "Repeat password:"
+send "$password\n"
+
+expect -re .+ {
+ exp_continue
+ } timeout {
+ exit 1
+ } eof {
+ exit 0
+ }
+EOF
+ retval=$?
+ DBUG see /tmp/${root}$$.log
+ exit $retval
+fi
+
+DEBUG=1
+DEBUG $EXE $LARGS $RARGS "$@" >> /tmp/${root}$$.log
+$EXE $LARGS $RARGS "$@" 2>/tmp/${root}$$.err >>/tmp/${root}$$.log
+retval=$?
+if [ $retval -eq 0 ] ; then
+ INFO see /tmp/${root}$$.log
+ cat /tmp/${root}$$.log
+else
+ WARN see /tmp/${root}$$.err /tmp/${root}$$.log
+ cat /tmp/${root}$$.err
+fi
+exit $retval
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.exp b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.exp
new file mode 100644
index 0000000..dbe6ce8
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect --
+# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
+
+set ROLE gpgkey
+set PREFIX /usr/local
+
+set timeout 30
+
+spawn /g/Gpgkey/net/Http/github.com/keepassxreboot/keepassxc/releases/download/2.6.6/KeePassXC-2.6.6-x86_64.AppImage cli db-create -p -k /dev/shm/mausPh4.key /dev/shm/mausA3d_h0.kdbx
+
+expect "Enter password to encrypt database (optional):*"
+send_user "AA\n"
+send "AA\n"
+expect "Repeat password:*"
+send_user "AA\n"
+send "AA\n"
+
+expect -re .+ {
+ exp_continue
+ } timeout {
+ exit 1
+ } eof {
+ exit 0
+ }
+
+# expect -r .+ {send "\r"}
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.help b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.help
new file mode 100644
index 0000000..05b87ad
--- /dev/null
+++ b/roles/toxcore/overlay/Linux/usr/local/src/gridfire/bin/keepassxc-cli.help
@@ -0,0 +1,15 @@
+=== db-create ===
+
+Usage: keepassxc-cli db-create [options] database
+Create a new database.
+
+Options:
+ -q, --quiet Silence password prompt and other secondary
+ outputs.
+ -k, --set-key-file Set the key file for the database.
+ -p, --set-password Set a password for the database.
+ -t, --decryption-time