Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Re-add Picocrypt #1114

Closed
1 task done
sbstn87 opened this issue Jun 26, 2024 · 10 comments · Fixed by #1128
Closed
1 task done

Re-add Picocrypt #1114

sbstn87 opened this issue Jun 26, 2024 · 10 comments · Fixed by #1128

Comments

@sbstn87
Copy link

sbstn87 commented Jun 26, 2024

  • I have checked that this app does not already have a pending request and has not previously been declined.
  • App Name: Picocrypt
  • Download URL: https://github.com/Picocrypt/Picocrypt/releases
  • Website URL: https://github.com/Picocrypt/Picocrypt
  • App Summary: Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA.

Picocrypt has been previously available via deb-get (#167), but it stopped publishing .deb packages. Now, they are available again:

Picocrypt/Picocrypt#10
@sbstn87 sbstn87 mentioned this issue Jun 26, 2024
Closed
@sbstn87
Copy link
Author

sbstn87 commented Jun 26, 2024

By the way, it is one of the recommended encryption tool on the Privacy Tools website:

https://www.privacytools.io/secure-file-encryption

@philclifford
Copy link
Member

Please check https://github.com/wimpysworld/deb-get/blob/main/01-main/CONTRIBUTING.md#adding-software - in particular :

  • Only stable/production releases. Daily/nightly, betas or pre-release versions will not be accepted.
  • GitHub Releases and direct downloads must have a reliable means to dynamically determine the current upstream published version. Hardcoded versions will be not accepted.

The second is critical: we must be able to determine the version available to compare with any installed package. Typically we do this for github releases by using the api to get the "latest" release and extract the version tag.

It is likely that nightly automated releases will not be acceptable in any case (yes there are "exceptions" - which may at any time be tidied up of course). I'd recommend tweaking the automated workflows to make periodic intentional stable release versions labelled "latest" and label the nightlies as "nightly". Otherwise if declined there is always the option of an external deb-get repository supporting the nightly release, but being included in the core repo would of course be best all round.

I note also in the discussion linked above that there are indications that debian < 12 and derivatives may now be unsupported (the deb compression support). Ideally the more widely acceptable compression option has been adopted, but if not we would need to specify supported releases in the definition, so confirmation either way would be helpful.

I have a "working" definition (https://github.com/philclifford/deb-get/blob/extras/81-betas/packages/picocrypt-gui ) almost ready for a PR once the app version is not hard-coded to 1 and tagged in the release.

@HACKERALERT
Copy link

Thanks for the info. I'll make a latest tag some time today or tomorrow that only releases manually.

As for the Debian version, I fixed it. Debian 11 and Ubuntu 22 should be supported.

@philclifford
Copy link
Member

@HACKERALERT Thanks!

@HACKERALERT
Copy link

@philclifford Stable tagged releases out now!

https://github.com/Picocrypt/Picocrypt/releases

Let me know if this is sufficient.

@philclifford
Copy link
Member

philclifford commented Jul 8, 2024
edited
Loading

@HACKERALERT Thanks Evan - sorry for the delayed response! That's sorted the github release aspect. The .deb still has the version hard-coded as "1" though, so the installed version will appear to be older than the release forever.

dpkg-deb --info ./Picocrypt.deb
 new Debian package, version 2.0.
 size 2359820 bytes: control archive=380 bytes.
     240 bytes,     6 lines      control              
 Package: picocrypt-gui
 Version: 1
 Architecture: amd64

deb-get show picocrypt-gui 
   [+] Including local package picocrypt-gui
  [!] Please consider contributing back new entries, an issue (or raise a PR) directly at https://github.com/wimpysworld/deb-get/pulls
Picocrypt
  Package:	picocrypt-gui
  Repository:	99-local
  Updater:	deb-get
  Installed:	1
  Published:	1.36
  Architecture:	amd64
  Download:	https://github.com/Picocrypt/Picocrypt/releases/download/1.36/Picocrypt.deb
  Website:	https://github.com/Picocrypt/Picocrypt/
  Summary:	Picocrypt is a very small, very simple, yet very secure encryption tool

If you could ensure the .deb is packaged with the "version" the same as the release tag.
( you might find this helpful. )

@philclifford philclifford mentioned this issue Jul 8, 2024
Merged
@HACKERALERT
Copy link

Oops, missed that. I'll fix that in a few days (busy atm). Thanks for pointing it out.

@HACKERALERT
Copy link

@philclifford had a minute today, fixed. Can you try again?

@philclifford
Copy link
Member

@HACKERALERT That's fine, thanks. PR now awaiting review.

@HACKERALERT
Copy link

Thanks!

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add picocrypt-gui philclifford/deb-get
3 participants
@philclifford @sbstn87 @HACKERALERT