remove sphinx from tests and docs

leftover strings are in translations, maybe take them off later
This commit is contained in:
Jaromil 2024-08-31 05:18:03 +02:00
parent afe0390d93
commit c1b5e1b310
8 changed files with 4 additions and 112 deletions

View File

@ -306,17 +306,6 @@ Select a different tool than sudo for privilege escalation.
Alternatives supported so far are: pkexec, doas, sup, sud. For any
alternative to work the executable must be included in the current
PATH.
.B
.IP "--sphx-user \fI<username>\fR"
Activate the SPHINX feature for password-authenticated key agreement.
This option indicates the \fI<username>\fR used to retrieve the
password from a sphinx oracle key reachable via TCP/IP.
.B
.IP "--sphx-host \fI<domain>\fR"
Activate the SPHINX feature for password-authenticated key agreement.
This option indicates the \fI<domain>\fR used to retrieve the password
from a sphinx oracle daemon reachable via TCP/IP. This is not the
network address of the daemon, which is configured in /etc/sphinx
.B
.IP "-h"
@ -484,24 +473,6 @@ its copies are destroyed. The \fI-r\fR option can be used in the tomb
commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR,
\fIbury\fR, \fIexhume\fR and \fIresize\fR.
.SH SPHINX (PAKE)
Using the package libsphinx
.UR https://github.com/stef/libsphinx
.UE
and its python client/daemon implementation pwdsphinx
.UR https://github.com/stef/pwdsphinx
.UE
is possible to store and retrieve safely the password that locks the
tomb. Using this feature will make it impossible to retrieve the
password without the oracle sphinx server running and reachable. Each
key entry needs a username and a domain specified on creation and
a password that locks it.
SPHINX makes it impossible to maliciously retrieve the password
locking the tomb key without an attacker accessing both the
server, the sphinx password and the tomb key file.
.SH EXAMPLES
.IP \(bu

View File

@ -15,18 +15,6 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' '
tt_lock --tomb-pwd $DUMMYPASS
'
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test"
test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' '
tt_dig -s 20 &&
tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
| xxd &&
tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
fi
if test_have_prereq DOAS; then
test_export "doas_test"
test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' '

View File

@ -44,14 +44,6 @@ if test_have_prereq LSOF; then
'
fi
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing open with good password (sphinx)' '
tt_open --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt_close
'
fi
if test_have_prereq DOAS; then
test_export "doas_test" # Using already generated tomb
test_expect_success 'Testing open with good password (using doas instead of sudo)' '

View File

@ -9,20 +9,13 @@ if test_have_prereq RESIZER; then
test_expect_success 'Testing resize to 30 MB tomb' '
tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS
'
if test_have_prereq GPGRCPT; then
if test_have_prereq GPGRCPT; then
test_export "recipient" # Using already generated tomb
test_expect_success 'Testing resize to 30 MB tomb with GnuPG keys' '
tt resize -s 30 $tomb -k $tomb_key -g -r $KEY2
'
fi
fi
fi # RESIZER
if test_have_prereq RESIZER SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing resize to 30 MB tomb (sphinx)' '
tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
fi
test_done

View File

@ -21,16 +21,4 @@ test_expect_success 'Testing tomb with GnuPG keys: passwd' '
fi
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing changing tomb password with sphinx' '
tt passwd -f -k $tomb_key --unsafe \
--tomb-old-pwd $DUMMYPASS --tomb-pwd $DUMMYPASSNEW \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt passwd -f -k $tomb_key --unsafe \
--tomb-old-pwd $DUMMYPASSNEW --tomb-pwd $DUMMYPASS \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
fi
test_done

View File

@ -28,23 +28,4 @@ test_expect_success 'Testing tomb with GnuPG keys: setkey' '
'
fi
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing set key (sphinx)' '
tt forge -f -k $tomb_key_new --tomb-pwd $DUMMYPASS \
--ignore-swap --unsafe --force \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt setkey -f -k $tomb_key_new $tomb_key $tomb \
--unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt open -f -k $tomb_key_new $tomb \
--unsafe --tomb-pwd $DUMMYPASS \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
print $DUMMYPASS \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key_new \
| xxd &&
tt_close
'
fi
test_done

View File

@ -55,8 +55,6 @@ command -v lsof > /dev/null && test_set_prereq LSOF
command -v python3 > /dev/null && test_set_prereq PYTHON3
command -v cloakify > /dev/null && test_set_prereq CLOAKIFY
command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY
command -v sphinx > /dev/null && test_set_prereq SPHINX
command -v oracle > /dev/null && test_set_prereq ORACLE
command -v doas > /dev/null && test_set_prereq DOAS
command -v argon2 > /dev/null && test_set_prereq ARGON2
@ -80,10 +78,6 @@ fi
export DUMMYPASS=test
export DUMMYPASSNEW=changetest
# Dummy host and username for sphinx
export DUMMYHOST=example.com
export DUMMYUSER=user
# Test helpers

View File

@ -1,15 +0,0 @@
[client]
verbose = False
address = 127.0.0.1
port = 2355
datadir = /tmp/.sphinx/
ssl_cert = /etc/sphinx/server.crt
[server]
verbose = False
address = 127.0.0.1
port = 2355
datadir = /tmp/.sphinx/
keydir = /tmp/.sphinx/
ssl_cert = /etc/sphinx/server.crt
ssl_key = /etc/sphinx/server.key