- Update to 0.11.0+0:

Added:
  * Partial French translation!
Fixed:
  * [Unix] Files can now be encrypted with rage --passphrase when
    piped over stdin, without requiring an explicit - argument as
    INPUT.

OBS-URL: https://build.opensuse.org/package/show/security/rage-encryption?expand=0&rev=37

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

_service

@@ -0,0 +1,24 @@
+<services>
+  <service mode="manual" name="obs_scm">
+    <param name="url">https://github.com/str4d/rage.git</param>
+    <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
+    <param name="scm">git</param>
+    <param name="revision">v0.11.0</param>
+    <param name="match-tag">*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="versionrewrite-replacement">\1</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">william.brown@suse.com</param>
+  </service>
+  <service mode="manual" name="tar" />
+  <service mode="manual" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+  <service mode="manual" name="set_version"/>
+  <service name="cargo_vendor" mode="manual">
+     <param name="srcdir">rage</param>
+     <param name="compression">zst</param>
+     <param name="update">true</param>
+  </service>
+</services>

_servicedata

@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/str4d/rage.git</param>
+              <param name="changesrevision">17446612f865c705e44fe392d9d41dd102fed137</param></service></servicedata>

rage-0.10.0+0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a1eb1f73868b31bbb20e074b384f4b710572c98ebc1e31ad8fb3b35fdc234fd
+size 1646541

rage-0.11.0+0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e5896b280a872d407b6bdd50dbc3324421a08177d094565e1a58ac5c603073b1
+size 1664647

rage-encryption.changes

@@ -0,0 +1,237 @@
+-------------------------------------------------------------------
+Sun Nov  3 19:04:23 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
+
+- Update to 0.11.0+0:
+  Added:
+  * Partial French translation!
+Fixed:
+  * [Unix] Files can now be encrypted with rage --passphrase when
+    piped over stdin, without requiring an explicit - argument as
+    INPUT.
+
+-------------------------------------------------------------------
+Fri Sep 20 04:57:20 UTC 2024 - William Brown <william.brown@suse.com>
+
+- bsc#1229959 - RUSTSEC-2024-0006 - CVE-2024-43806
+  - rust-shlex: Multiple issues involving quote API
+
+-------------------------------------------------------------------
+Wed Sep  4 01:43:07 UTC 2024 - William Brown <william.brown@suse.com>
+
+- bsc#1229959 - RUSTSEC-2024-0006 - rust-shlex: Multiple issues involving quote API
+
+-------------------------------------------------------------------
+Mon Apr 22 12:15:24 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
+
+- Enable tests
+- Install all language manpages
+- Fix -keygen installing to -mount
+- Switch from obsoleted practices to modern ones:
+  * %setup is now %autosetup
+  * cargo_config is now part of vendor file
+  * disabledrun is now manualrun
+- Update to version 0.10.0+0:
+  Added:
+  * Russian translation
+  * rage-keygen -y IDENTITY_FILE to convert identity files to
+    recipients.
+  Changed:
+  * MSRV is now 1.65.0.
+  * Migrated from gumdrop to clap for argument parsing.
+  * -R/--recipients-file and -i/--identity now support "read-once"
+    files, like those used by process substitution (-i
+    <(other_binary get-age-identity)) and named pipes.
+  * The filename - (hyphen) is now treated as an explicit request
+    to read from standard input when used with -R/--recipients-file
+    or -i/--identity. It must only occur once across the
+    -R/--recipients-file and -i/--identity flags, and the input
+    file. It cannot be used if the input file is omitted.
+  Fixed:
+  * OpenSSH private keys passed to -i/--identity that contain
+    invalid public keys are no longer ignored when encrypting, and
+    instead cause an error.
+  * Weak ssh-rsa public keys that are smaller than 2048 bits are
+    now rejected.
+  * rage-keygen no longer overwrites existing key files with the
+    -o/--output flag. This was its behaviour prior to 0.6.0, but
+    was unintentionally changed when rage was modified to overwrite
+    existing files. Key file overwriting can still be achieved by
+    omitting -o/--output and instead piping stdout to the file.
+  * rage-keygen now prints fatal errors directly instead of them
+    being hidden behind the RUST_LOG=error environment variable. It
+    also now sets its return code appropriately instead of always
+    returning 0.
+
+-------------------------------------------------------------------
+Tue Sep 26 03:59:43 UTC 2023 - William Brown <william.brown@suse.com>
+
+- bsc#1215657 - chosen ciphertext attack possible against aes-gcm
+  * update vendor.tar.zst to contain aes-gcm >= 0.10.3
+
+-------------------------------------------------------------------
+Tue Sep 26 01:06:56 UTC 2023 - william.brown@suse.com
+
+- Update to version 0.9.2+0:
+  * CI: Ensure `apt` repository is up-to-date before installing build deps
+  * CI: Build Linux releases using `ubuntu-20.04` runner
+  * CI: Remove most uses of `actions-rs` actions
+
+-------------------------------------------------------------------
+Tue Jun 13 00:35:46 UTC 2023 - william.brown@suse.com
+
+- Update to version 0.9.2+0:
+  * v0.9.2
+  * Fix changelog bugs and add missing entry
+  * Document `PINENTRY_PROGRAM` environment variable
+  * age: Add `Decryptor::new_async_buffered`
+  * age: `impl AsyncBufRead for ArmoredReader`
+  * Pre-initialize vectors when the capacity is known, or use arrays
+  * Use `PINENTRY_PROGRAM` as environment variable for `pinentry`
+  * Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely
+  * cargo update
+  * cargo vet prune
+  * Migrate to `cargo-vet 0.7`
+  * build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1
+  * Correct spelling in documentation
+  * build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4
+  * StreamWriter AsyncWrite: fix usage with futures::io::copy()
+  * rage: Use `Decryptor::new_buffered`
+  * age: Add `Decryptor::new_buffered`
+  * age: `impl BufRead for ArmoredReader`
+  * Update Homebrew formula to v0.9.1
+  * feat/pinentry: Use env var to define pinentry binary
+
+-------------------------------------------------------------------
+Tue Apr 11 11:13:29 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- As per https://en.opensuse.org/openSUSE:Package_description_guidelines
+  mention distinctive characteristics that offset this solution
+  from e.g. gpg.
+
+-------------------------------------------------------------------
+Sun Mar 26 07:04:54 UTC 2023 - Soc Virnyl Estela <socvirnyl.estela@gmail.com>
+
+- Update to version 0.9.1+0:
+  * ssh: Fix parsing of OpenSSH private key format
+  * ssh: Support `aes256-gcm@openssh.com` ciphers for encrypted keys
+  * ssh: Add `aes256-gcm@openssh.com` cipher to test cases
+  * ssh: Extract common key material derivation logic for encrypted keys
+  * ssh: Use associated constants for key and IV sizes
+  * ssh: Add test cases for encrypted keys
+- Add shell completions for fish and zsh.
+
+-------------------------------------------------------------------
+Fri Jan 13 03:23:28 UTC 2023 - William Brown <william.brown@suse.com>
+
+- bsc#1207039 - CVE-2023-22895 - update bzip2 crate
+- Update of vendored dependencies
+
+-------------------------------------------------------------------
+Thu Jan 05 03:20:27 UTC 2023 - william.brown@suse.com
+
+- Update of vendored dependencies
+
+-------------------------------------------------------------------
+Mon Nov 21 15:00:46 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Do not have the main package recommend the bash-completion
+  sub-package, but rather have the subpackage supplement the
+  combination of tage-encryption and bash-completion.
+
+-------------------------------------------------------------------
+Mon Oct 31 02:20:35 UTC 2022 - william.brown@suse.com
+
+- Update to version 0.9.0+0:
+  * v0.9.0
+  * use pkcs1 crate to parse RSAPrivateKey ASN.1 object
+  * qa: Add workflow that runs `cargo vet --locked`
+  * qa: Import `cargo vet` audits from Firefox and zcashd
+  * qa: Add `crypto-reviewed` criteria or `cargo vet`
+  * qa: `cargo vet init`
+
+-------------------------------------------------------------------
+Tue Aug 09 03:56:26 UTC 2022 - william.brown@suse.com
+
+- Set minimum rust requirement to 1.59
+- Update to version 0.8.1+0:
+  * v0.8.1
+  * Revert updates to `dashmap` and `indexmap`
+  * cargo update
+  * age: Add passphrase to scrypt_work_factor_23 testkit test file
+  * age: Reject invalid or non-canonical X25519 recipient stanzas
+  * age: Require "contributory" behaviour for X25519 recipient stanzas
+  * age: Add testkit test files from reference impl
+  * Update Homebrew formula to v0.8.0
+
+-------------------------------------------------------------------
+Tue May 03 00:27:46 UTC 2022 - william.brown@suse.com
+
+- Update to version 0.8.0+0:
+  * v0.8.0
+  * age: Allow ciphertexts that encrypt the empty plaintext
+  * Update Italian translation
+  * Don't allow -i/--identity with passphrase-encrypted files
+  * age: Require the last STREAM chunk to be non-empty
+  * age: Return correct response encoding for `confirm` command
+  * age: Base64-decode metadata arguments to "confirm" message
+  * age: Extract "confirm" command handling into a helper function
+
+-------------------------------------------------------------------
+Tue Apr  5 05:38:22 UTC 2022 - William Brown <william.brown@suse.com>
+
+- Automatic update of vendored dependencies
+
+-------------------------------------------------------------------
+Mon Mar 14 22:53:25 UTC 2022 - william.brown@suse.com
+
+- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS
+
+-------------------------------------------------------------------
+Mon Mar 14 12:00:00 UTC 2022 - cunix@mail.de
+
+- switched to vendored_licenses_packager as build dependency
+- define macro "rust_tier1_arches" if undefined
+
+-------------------------------------------------------------------
+Tue Feb 15 03:58:13 UTC 2022 - William Brown <william.brown@suse.com>
+
+- Add specific lock file path to _service for cargo audit to prevent
+  confusion with the lock files in the fuzz folders.
+
+-------------------------------------------------------------------
+Mon Jan 31 12:00:00 UTC 2022 - cunix@mail.de
+
+- Update to version 0.7.1
+  * Fixed a bug where non-canonical recipient stanza bodies in an age
+    file header would cause rage to crash instead of being rejected
+  * vendor.tar.xz updated from source code Cargo.lock file
+
+- Added:
+  * binary rage-mount
+  * bash-completion for rage, rage-keygen and rage-mount
+  * manual pages for rage, rage-keygen and rage-mount
+  * Licenses files
+  * Licenses files of vendored crates extracted
+    with script "vendored_licenses_packager.sh"
+  * README and CHANGELOG files
+  * possibility to build without cargo-packaging for "older" distros
+
+-------------------------------------------------------------------
+Fri Nov 19 01:08:01 UTC 2021 - william.brown@suse.com
+
+- Update to version 0.7.0~git0.c93b914:
+  * v0.7.0
+  * cargo update fuzz*
+  * Update lockfiles for fuzzers
+  * rage: Pin clap to 3.0.0-beta.2
+  * CI: Add bitrot check to ensure examples and benchmarks still compile
+  * console 0.15
+  * age: Re-export `secrecy` crate
+  * age-core: Improve crate documentation
+  * age-core: Re-export `secrecy` crate
+  * age-core: Add `plugin::Error` enum
+
+-------------------------------------------------------------------
+Tue Nov 16 02:26:14 UTC 2021 - William Brown <william.brown@suse.com>
+
+- Initial commit of rage

rage-encryption.spec

@@ -0,0 +1,156 @@
+#
+# spec file for package rage-encryption
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%{?!rust_tier1_arches:%global rust_tier1_arches x86_64 aarch64}
+
+Name:           rage-encryption
+#               This will be set by osc services, that will run after this.
+Version:        0.11.0+0
+Release:        0
+Summary:        X25519-based, simple, modern, and secure file encryption tool
+#               If you know the license, put it's SPDX string here.
+#               Alternately, you can use cargo lock2rpmprovides to help generate this.
+License:        (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND MIT
+#               Select a group from this link:
+#               https://en.opensuse.org/openSUSE:Package_group_guidelines
+Group:          Productivity/Security
+URL:            https://github.com/str4d/rage
+Source0:        rage-%{version}.tar.gz
+Source1:        vendor.tar.zst
+%if %{suse_version} > 1500
+BuildRequires:  cargo-packaging
+%endif
+# Requires >1.59 for thread::available_parallelism
+BuildRequires:  cargo >= 1.59
+BuildRequires:  libzstd-devel
+BuildRequires:  vendored_licenses_packager
+# for feature mount
+BuildRequires:  fuse-devel
+Recommends:     pinentry
+BuildRequires:  zstd
+Conflicts:      rage
+ExclusiveArch:  %{rust_tier1_arches}
+
+%description
+Rage is a simple, modern, and secure file encryption tool, using the
+age format. It features small explicit keys, no config options, and
+UNIX-style composability.
+
+Keys are based on X25519 which are similar to the ones used by SSH.
+rage-encryption can also use ssh-ed25519 and ssh-rsa keys as
+alternatives to age1 keys.
+
+%package bash-completion
+Summary:        Bash completion for %{name}
+Group:          Productivity/Security
+BuildArch:      noarch
+Requires:       %{name}
+Requires:       bash-completion
+Supplements:    (%{name} and bash-completion)
+Conflicts:      rage
+
+%description bash-completion
+Bash command line completion support for %{name}
+
+%package        fish-completion
+Summary:        Fish Completion for %{name}
+Group:          Productivity/Security
+Supplements:    (%{name} and fish)
+Requires:       fish
+BuildArch:      noarch
+
+%description    fish-completion
+Fish command-line completion support for %{name}.
+
+%package        zsh-completion
+Summary:        Zsh Completion for %{name}
+Group:          Productivity/Security
+Supplements:    (%{name} and zsh)
+Requires:       zsh
+BuildArch:      noarch
+
+%description    zsh-completion
+Zsh command-line completion support for %{name}.
+
+%prep
+%autosetup -a 1 -n rage-%{version}
+%vendored_licenses_packager_prep
+
+%build
+%define build_args --manifest-path rage/Cargo.toml --features "mount" --release %{?_smp_mflags}
+
+%if %{suse_version} > 1500
+%{cargo_build} --features "mount"
+%else
+cargo build %{build_args}
+%endif
+
+%check
+%if %{suse_version} > 1500
+%{cargo_test} --features "mount"
+%else
+cargo test %{build_args}
+%endif
+
+%install
+pushd target/release
+
+# Install each part of the tool and their respective completions.
+for i in "" -keygen -mount; do
+  install -D -m 0755 rage$i %{buildroot}%{_bindir}/rage$i
+  install -D -p -m 644 completions/rage$i.bash %{buildroot}%{_datadir}/bash-completion/completions/rage$i
+  install -D -p -m 644 completions/_rage$i  %{buildroot}%{_datadir}/zsh/site-functions/_rage$i
+  install -D -p -m 644 completions/rage$i.fish %{buildroot}%{_datadir}/fish/vendor_completions.d/rage$i.fish
+done
+
+pushd manpages
+mv es_AR es  # es_AR doesn't seem to be a correct manpage locale
+find . -name "*.1.gz" -exec install -Dpm644 {} %{buildroot}%{_mandir}/{} \;
+popd
+popd
+
+%vendored_licenses_packager_install
+%find_lang rage{,-keygen,-mount} rage.lang --with-man --all-name
+
+%files -f rage.lang
+%{_bindir}/rage
+%{_bindir}/rage-keygen
+%{_bindir}/rage-mount
+%doc README.md rage/CHANGELOG.md
+# accept duplicates here
+%license LICENSE-APACHE LICENSE-MIT
+%vendored_licenses_packager_files
+%{_mandir}/man1/rage*.1%{?ext_man}
+
+%files bash-completion
+%license LICENSE-APACHE LICENSE-MIT
+%{_datadir}/bash-completion/completions/rage*
+
+%files fish-completion
+%license LICENSE-APACHE LICENSE-MIT
+%dir %{_datadir}/fish
+%dir %{_datadir}/fish/vendor_completions.d
+%{_datadir}/fish/vendor_completions.d/rage*.fish
+
+%files zsh-completion
+%license LICENSE-APACHE LICENSE-MIT
+%dir %{_datadir}/zsh
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_rage*
+
+%changelog

vendor.tar.zst

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e159f7c24abc8e3525da96ff31290b404434241f9a6321db162bdb3086fdfd72
+size 28348059