summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVivien Kraus <vivien@planete-kraus.eu>2021-07-30 21:10:21 +0200
committerVivien Kraus <vivien@planete-kraus.eu>2021-08-01 15:25:08 +0200
commitd8c2ca930673da858d63f2dea9526c259a2dd936 (patch)
tree74dc6f309123380bac8ccdff1c0eb7056602e5fb
parent0367cbc75712f4be692a1ec3d37510cf2751ca3a (diff)
Load the encrypted password from a file
This is more secure, because you can restrict the password file to be only readable by the service user.
Diffstat
-rw-r--r--NEWS4
-rw-r--r--doc/disfluid.texi7
-rw-r--r--guix/vkraus/services/disfluid.scm16
-rw-r--r--po/disfluid.pot251
-rw-r--r--po/fr.po268
-rw-r--r--src/scm/webid-oidc/program.scm32
6 files changed, 329 insertions, 249 deletions
diff --git a/NEWS b/NEWS
index b30cd7a..d777d56 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,10 @@
#+author: Vivien Kraus
#+email: vivien@planete-kraus.eu
+* The server can now load the encrypted password from a file
+This means that the encrypted password can be hidden from the other
+users.
+
* The project is renamed!
webid-oidc was a stupid name for 2 reasons:
- it did not say anything special about the project;
diff --git a/doc/disfluid.texi b/doc/disfluid.texi
index bebc61b..d2558b4 100644
--- a/doc/disfluid.texi
+++ b/doc/disfluid.texi
@@ -190,8 +190,11 @@ because a malicious user could set the identity header.
The identity provider can only handle one user. If you want to handle
multiple users, it is highly advised to use a different host name for
each user, in case the server is accessed from a web browser. You can
-set the identity of the user with @samp{--subject}, and the user’s
-password with @samp{--encrypted-password}.
+set the identity of the user with @samp{--subject}, and write the
+user’s password in a file. Pass the file name with
+@samp{--encrypted-password-file}. You can pass the encrypted password
+directly with @samp{--encrypted-password}, but the encrypted password
+will be public.
The encrypted password format is defined by the crypt function in the
C library. For glibc, it looks like this:
diff --git a/guix/vkraus/services/disfluid.scm b/guix/vkraus/services/disfluid.scm
index ba2e976..bf7078c 100644
--- a/guix/vkraus/services/disfluid.scm
+++ b/guix/vkraus/services/disfluid.scm
@@ -40,7 +40,7 @@
(key-file disfluid-issuer-configuration-key-file
(default "/var/lib/disfluid/issuer/key.jwk"))
(subject disfluid-issuer-configuration-subject)
- (encrypted-password disfluid-issuer-configuration-encrypted-password)
+ (encrypted-password-file disfluid-issuer-configuration-encrypted-password-file)
(jwks-uri disfluid-issuer-configuration-jwks-uri)
(authorization-endpoint-uri
disfluid-issuer-configuration-authorization-endpoint-uri)
@@ -110,7 +110,7 @@
(key-file disfluid-server-configuration-key-file
(default "/var/lib/disfluid/server/key.jwk"))
(subject disfluid-server-configuration-subject)
- (encrypted-password disfluid-server-configuration-encrypted-password)
+ (encrypted-password-file disfluid-server-configuration-encrypted-password-file)
(jwks-uri disfluid-server-configuration-jwks-uri)
(authorization-endpoint-uri
disfluid-server-configuration-authorization-endpoint-uri)
@@ -130,7 +130,7 @@
disfluid-issuer-configuration-issuer
disfluid-issuer-configuration-key-file
disfluid-issuer-configuration-subject
- disfluid-issuer-configuration-encrypted-password
+ disfluid-issuer-configuration-encrypted-password-file
disfluid-issuer-configuration-jwks-uri
disfluid-issuer-configuration-authorization-endpoint-uri
disfluid-issuer-configuration-token-endpoint-uri
@@ -176,7 +176,7 @@
disfluid-server-configuration-server-name
disfluid-server-configuration-key-file
disfluid-server-configuration-subject
- disfluid-server-configuration-encrypted-password
+ disfluid-server-configuration-encrypted-password-file
disfluid-server-configuration-jwks-uri
disfluid-server-configuration-authorization-endpoint-uri
disfluid-server-configuration-token-endpoint-uri
@@ -186,7 +186,7 @@
(define disfluid-issuer-shepherd-service
(match-lambda
(($ <disfluid-issuer-configuration>
- disfluid ccs issuer key-file subject encrypted-password jwks-uri
+ disfluid ccs issuer key-file subject encrypted-password-file jwks-uri
authorization-endpoint-uri token-endpoint-uri port
extra-options)
(with-imported-modules
@@ -218,7 +218,7 @@
"--server-name" #$issuer
"--key-file" #$key-file
"--subject" #$subject
- "--encrypted-password" #$encrypted-password
+ "--encrypted-password-from-file" #$encrypted-password-file
"--jwks-uri" #$jwks-uri
"--authorization-endpoint-uri" #$authorization-endpoint-uri
"--token-endpoint-uri" #$token-endpoint-uri
@@ -371,7 +371,7 @@
(define disfluid-server-shepherd-service
(match-lambda
(($ <disfluid-server-configuration>
- disfluid ccs server-name key-file subject encrypted-password jwks-uri
+ disfluid ccs server-name key-file subject encrypted-password-file jwks-uri
authorization-endpoint-uri token-endpoint-uri port
extra-options)
(with-imported-modules
@@ -403,7 +403,7 @@
"--server-name" #$server-name
"--key-file" #$key-file
"--subject" #$subject
- "--encrypted-password" #$encrypted-password
+ "--encrypted-password-from-file" #$encrypted-password-file
"--jwks-uri" #$jwks-uri
"--authorization-endpoint-uri" #$authorization-endpoint-uri
"--token-endpoint-uri" #$token-endpoint-uri
diff --git a/po/disfluid.pot b/po/disfluid.pot
index a66640f..01c4198 100644
--- a/po/disfluid.pot
+++ b/po/disfluid.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: disfluid SNAPSHOT\n"
"Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-07-30 12:06+0200\n"
+"POT-Creation-Date: 2021-07-30 21:12+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -969,15 +969,15 @@ msgid "Warning: ~a\n"
msgstr ""
#: src/scm/webid-oidc/hello-world.scm:48 src/scm/webid-oidc/example-app.scm:116
-#: src/scm/webid-oidc/program.scm:217
+#: src/scm/webid-oidc/program.scm:218
msgid "command-line|version"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:50 src/scm/webid-oidc/program.scm:221
+#: src/scm/webid-oidc/hello-world.scm:50 src/scm/webid-oidc/program.scm:222
msgid "command-line|complete-corresponding-source"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:52 src/scm/webid-oidc/program.scm:223
+#: src/scm/webid-oidc/hello-world.scm:52 src/scm/webid-oidc/program.scm:224
msgid "command-line|help"
msgstr ""
@@ -985,11 +985,11 @@ msgstr ""
msgid "command-line|port"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:56 src/scm/webid-oidc/program.scm:253
+#: src/scm/webid-oidc/hello-world.scm:56 src/scm/webid-oidc/program.scm:256
msgid "command-line|log-file"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:58 src/scm/webid-oidc/program.scm:255
+#: src/scm/webid-oidc/hello-world.scm:58 src/scm/webid-oidc/program.scm:258
msgid "command-line|error-file"
msgstr ""
@@ -1028,7 +1028,7 @@ msgstr ""
msgid "~a version ~a\n"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:112 src/scm/webid-oidc/program.scm:609
+#: src/scm/webid-oidc/hello-world.scm:112 src/scm/webid-oidc/program.scm:617
msgid ""
"You are legally required to link to the complete corresponding source code.\n"
msgstr ""
@@ -1147,110 +1147,114 @@ msgstr ""
msgid "There was an error: ~a\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:111
+#: src/scm/webid-oidc/program.scm:112
#, scheme-format
msgid "~a: ~a: Internal server error: ~a\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:125
+#: src/scm/webid-oidc/program.scm:126
#, scheme-format
msgid ""
"The client locale ~s can’t be approximated by system locale ~s (because ~a), "
"using C.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:149
+#: src/scm/webid-oidc/program.scm:150
#, scheme-format
msgid "~a: ~s ~a ~s ~a\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:151
+#: src/scm/webid-oidc/program.scm:152
#, scheme-format
msgid "~a: ~a (~a)"
msgstr ""
-#: src/scm/webid-oidc/program.scm:155
+#: src/scm/webid-oidc/program.scm:156
#, scheme-format
msgid "~a: ~a"
msgstr ""
-#: src/scm/webid-oidc/program.scm:165
+#: src/scm/webid-oidc/program.scm:166
#, scheme-format
msgid "(there was an error: ~a)"
msgstr ""
-#: src/scm/webid-oidc/program.scm:219
+#: src/scm/webid-oidc/program.scm:220
msgid "command-line|describe-project"
msgstr ""
-#: src/scm/webid-oidc/program.scm:225
+#: src/scm/webid-oidc/program.scm:226
msgid "command-line|server|port"
msgstr ""
-#: src/scm/webid-oidc/program.scm:227
+#: src/scm/webid-oidc/program.scm:228
msgid "command-line|server|server-name"
msgstr ""
-#: src/scm/webid-oidc/program.scm:229
+#: src/scm/webid-oidc/program.scm:230
msgid "command-line|server|reverse-proxy|backend-uri"
msgstr ""
-#: src/scm/webid-oidc/program.scm:231
+#: src/scm/webid-oidc/program.scm:232
msgid "command-line|server|reverse-proxy|header"
msgstr ""
-#: src/scm/webid-oidc/program.scm:233
+#: src/scm/webid-oidc/program.scm:234
msgid "command-line|server|issuer|key-file"
msgstr ""
-#: src/scm/webid-oidc/program.scm:235
+#: src/scm/webid-oidc/program.scm:236
msgid "command-line|server|issuer|subject"
msgstr ""
-#: src/scm/webid-oidc/program.scm:237
+#: src/scm/webid-oidc/program.scm:238
msgid "command-line|server|issuer|encrypted-password"
msgstr ""
-#: src/scm/webid-oidc/program.scm:239
+#: src/scm/webid-oidc/program.scm:240
+msgid "command-line|server|issuer|encrypted-password-from-file"
+msgstr ""
+
+#: src/scm/webid-oidc/program.scm:242
msgid "command-line|server|issuer|jwks-uri"
msgstr ""
-#: src/scm/webid-oidc/program.scm:241
+#: src/scm/webid-oidc/program.scm:244
msgid "command-line|server|issuer|authorization-endpoint-uri"
msgstr ""
-#: src/scm/webid-oidc/program.scm:243
+#: src/scm/webid-oidc/program.scm:246
msgid "command-line|server|issuer|token-endpoint-uri"
msgstr ""
-#: src/scm/webid-oidc/program.scm:245
+#: src/scm/webid-oidc/program.scm:248
msgid "command-line|server|client-id"
msgstr ""
-#: src/scm/webid-oidc/program.scm:247
+#: src/scm/webid-oidc/program.scm:250
msgid "command-line|server|redirect-uri"
msgstr ""
-#: src/scm/webid-oidc/program.scm:249
+#: src/scm/webid-oidc/program.scm:252
msgid "command-line|server|client-name"
msgstr ""
-#: src/scm/webid-oidc/program.scm:251
+#: src/scm/webid-oidc/program.scm:254
msgid "command-line|server|client-uri"
msgstr ""
-#: src/scm/webid-oidc/program.scm:284
+#: src/scm/webid-oidc/program.scm:288
#, scheme-format
msgid "Usage: ~a COMMAND [OPTIONS]...\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:288
+#: src/scm/webid-oidc/program.scm:292
msgid ""
"\n"
"Run the disfluid COMMAND."
msgstr ""
-#: src/scm/webid-oidc/program.scm:291
+#: src/scm/webid-oidc/program.scm:295
msgid ""
"\n"
"This program is covered by the GNU Affero GPL, version 3 or\n"
@@ -1260,13 +1264,13 @@ msgid ""
"to all responses."
msgstr ""
-#: src/scm/webid-oidc/program.scm:298
+#: src/scm/webid-oidc/program.scm:302
msgid ""
"\n"
"Available commands:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:300
+#: src/scm/webid-oidc/program.scm:304
#, scheme-format
msgid ""
"\n"
@@ -1274,12 +1278,12 @@ msgid ""
" run an authenticating reverse proxy."
msgstr ""
-#: src/scm/webid-oidc/program.scm:303 src/scm/webid-oidc/program.scm:491
-#: src/scm/webid-oidc/program.scm:682
+#: src/scm/webid-oidc/program.scm:307 src/scm/webid-oidc/program.scm:499
+#: src/scm/webid-oidc/program.scm:700
msgid "command-line|command|reverse-proxy"
msgstr ""
-#: src/scm/webid-oidc/program.scm:304
+#: src/scm/webid-oidc/program.scm:308
#, scheme-format
msgid ""
"\n"
@@ -1287,12 +1291,12 @@ msgid ""
" run an identity provider."
msgstr ""
-#: src/scm/webid-oidc/program.scm:307 src/scm/webid-oidc/program.scm:516
-#: src/scm/webid-oidc/program.scm:704
+#: src/scm/webid-oidc/program.scm:311 src/scm/webid-oidc/program.scm:524
+#: src/scm/webid-oidc/program.scm:722
msgid "command-line|command|identity-provider"
msgstr ""
-#: src/scm/webid-oidc/program.scm:308
+#: src/scm/webid-oidc/program.scm:312
#, scheme-format
msgid ""
"\n"
@@ -1300,12 +1304,12 @@ msgid ""
" serve the pages for a public application."
msgstr ""
-#: src/scm/webid-oidc/program.scm:311 src/scm/webid-oidc/program.scm:537
-#: src/scm/webid-oidc/program.scm:748
+#: src/scm/webid-oidc/program.scm:315 src/scm/webid-oidc/program.scm:545
+#: src/scm/webid-oidc/program.scm:766
msgid "command-line|command|client-service"
msgstr ""
-#: src/scm/webid-oidc/program.scm:312
+#: src/scm/webid-oidc/program.scm:316
#, scheme-format
msgid ""
"\n"
@@ -1314,18 +1318,18 @@ msgid ""
" facility."
msgstr ""
-#: src/scm/webid-oidc/program.scm:316 src/scm/webid-oidc/program.scm:563
-#: src/scm/webid-oidc/program.scm:777
+#: src/scm/webid-oidc/program.scm:320 src/scm/webid-oidc/program.scm:571
+#: src/scm/webid-oidc/program.scm:795
msgid "command-line|command|server"
msgstr ""
-#: src/scm/webid-oidc/program.scm:318
+#: src/scm/webid-oidc/program.scm:322
msgid ""
"\n"
"General options:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:320
+#: src/scm/webid-oidc/program.scm:324
#, scheme-format
msgid ""
"\n"
@@ -1334,7 +1338,7 @@ msgid ""
" code. For instance, this would be an URI pointing to a tarball."
msgstr ""
-#: src/scm/webid-oidc/program.scm:325
+#: src/scm/webid-oidc/program.scm:329
#, scheme-format
msgid ""
"\n"
@@ -1342,7 +1346,7 @@ msgid ""
" display a short help message and exit."
msgstr ""
-#: src/scm/webid-oidc/program.scm:329
+#: src/scm/webid-oidc/program.scm:333
#, scheme-format
msgid ""
"\n"
@@ -1350,7 +1354,7 @@ msgid ""
" display the version information (~a, released ~a) and exit."
msgstr ""
-#: src/scm/webid-oidc/program.scm:335
+#: src/scm/webid-oidc/program.scm:339
#, scheme-format
msgid ""
"\n"
@@ -1358,7 +1362,7 @@ msgid ""
" describe the project in the DOAP vocabulary and exit."
msgstr ""
-#: src/scm/webid-oidc/program.scm:339
+#: src/scm/webid-oidc/program.scm:343
#, scheme-format
msgid ""
"\n"
@@ -1366,7 +1370,7 @@ msgid ""
" redirect the program standard output to FILE.log."
msgstr ""
-#: src/scm/webid-oidc/program.scm:343
+#: src/scm/webid-oidc/program.scm:347
#, scheme-format
msgid ""
"\n"
@@ -1374,13 +1378,13 @@ msgid ""
" redirect the program errors to FILE.err."
msgstr ""
-#: src/scm/webid-oidc/program.scm:348
+#: src/scm/webid-oidc/program.scm:352
msgid ""
"\n"
"General server-side options:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:350
+#: src/scm/webid-oidc/program.scm:354
#, scheme-format
msgid ""
"\n"
@@ -1388,7 +1392,7 @@ msgid ""
" set the server port to bind, 8080 by default."
msgstr ""
-#: src/scm/webid-oidc/program.scm:354
+#: src/scm/webid-oidc/program.scm:358
#, scheme-format
msgid ""
"\n"
@@ -1396,13 +1400,13 @@ msgid ""
" set the public server URI (scheme, userinfo, host, and port)."
msgstr ""
-#: src/scm/webid-oidc/program.scm:359
+#: src/scm/webid-oidc/program.scm:363
msgid ""
"\n"
"Options for the resource server:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:361
+#: src/scm/webid-oidc/program.scm:365
#, scheme-format
msgid ""
"\n"
@@ -1412,7 +1416,7 @@ msgid ""
" authentication."
msgstr ""
-#: src/scm/webid-oidc/program.scm:367
+#: src/scm/webid-oidc/program.scm:371
#, scheme-format
msgid ""
"\n"
@@ -1421,13 +1425,13 @@ msgid ""
" reverse-proxy command."
msgstr ""
-#: src/scm/webid-oidc/program.scm:373
+#: src/scm/webid-oidc/program.scm:377
msgid ""
"\n"
"Options for the identity provider:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:375
+#: src/scm/webid-oidc/program.scm:379
#, scheme-format
msgid ""
"\n"
@@ -1436,7 +1440,7 @@ msgid ""
" key is generated. The server does not offer an HTTPS service."
msgstr ""
-#: src/scm/webid-oidc/program.scm:380
+#: src/scm/webid-oidc/program.scm:384
#, scheme-format
msgid ""
"\n"
@@ -1444,7 +1448,7 @@ msgid ""
" set the identity of the subject."
msgstr ""
-#: src/scm/webid-oidc/program.scm:384
+#: src/scm/webid-oidc/program.scm:388
#, scheme-format
msgid ""
"\n"
@@ -1452,7 +1456,15 @@ msgid ""
" set the encrypted password to recognize the user."
msgstr ""
-#: src/scm/webid-oidc/program.scm:388
+#: src/scm/webid-oidc/program.scm:392
+#, scheme-format
+msgid ""
+"\n"
+" -W ENCRYPTED_PASSWORD_FILE, --~a=ENCRYPTED_PASSWORD_FILE:\n"
+" load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE."
+msgstr ""
+
+#: src/scm/webid-oidc/program.scm:396
#, scheme-format
msgid ""
"\n"
@@ -1460,7 +1472,7 @@ msgid ""
" set the URI to query the key of the server."
msgstr ""
-#: src/scm/webid-oidc/program.scm:392
+#: src/scm/webid-oidc/program.scm:400
#, scheme-format
msgid ""
"\n"
@@ -1468,7 +1480,7 @@ msgid ""
" set the authorization endpoint of the issuer."
msgstr ""
-#: src/scm/webid-oidc/program.scm:396
+#: src/scm/webid-oidc/program.scm:404
#, scheme-format
msgid ""
"\n"
@@ -1476,13 +1488,13 @@ msgid ""
" set the token endpoint of the issuer."
msgstr ""
-#: src/scm/webid-oidc/program.scm:401
+#: src/scm/webid-oidc/program.scm:409
msgid ""
"\n"
"Options for the client service:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:403
+#: src/scm/webid-oidc/program.scm:411
#, scheme-format
msgid ""
"\n"
@@ -1491,7 +1503,7 @@ msgid ""
" dereferenced to a semantic resource."
msgstr ""
-#: src/scm/webid-oidc/program.scm:408
+#: src/scm/webid-oidc/program.scm:416
#, scheme-format
msgid ""
"\n"
@@ -1500,7 +1512,7 @@ msgid ""
" page is presented with the code to paste in the application."
msgstr ""
-#: src/scm/webid-oidc/program.scm:413
+#: src/scm/webid-oidc/program.scm:421
#, scheme-format
msgid ""
"\n"
@@ -1508,7 +1520,7 @@ msgid ""
" set the user-visible application name (may be misleading...)."
msgstr ""
-#: src/scm/webid-oidc/program.scm:417
+#: src/scm/webid-oidc/program.scm:425
#, scheme-format
msgid ""
"\n"
@@ -1517,13 +1529,13 @@ msgid ""
" application (again, may be misleading)."
msgstr ""
-#: src/scm/webid-oidc/program.scm:423
+#: src/scm/webid-oidc/program.scm:431
msgid ""
"\n"
"Environment variables:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:425
+#: src/scm/webid-oidc/program.scm:433
msgid ""
"\n"
" XML_CATALOG_FILES: the server will fetch resources on the web. By\n"
@@ -1534,23 +1546,23 @@ msgid ""
" content-type."
msgstr ""
-#: src/scm/webid-oidc/program.scm:433 src/scm/webid-oidc/program.scm:440
-#: src/scm/webid-oidc/program.scm:449 src/scm/webid-oidc/program.scm:457
-#: src/scm/webid-oidc/program.scm:465
+#: src/scm/webid-oidc/program.scm:441 src/scm/webid-oidc/program.scm:448
+#: src/scm/webid-oidc/program.scm:457 src/scm/webid-oidc/program.scm:465
+#: src/scm/webid-oidc/program.scm:473
#, scheme-format
msgid ""
"the-environment-variable|\n"
" It is currently set to ~s."
msgstr ""
-#: src/scm/webid-oidc/program.scm:436
+#: src/scm/webid-oidc/program.scm:444
msgid ""
"\n"
" LANG: set the locale of the user interface (for the server commands,\n"
" the user is the system administrator)."
msgstr ""
-#: src/scm/webid-oidc/program.scm:443
+#: src/scm/webid-oidc/program.scm:451
msgid ""
"\n"
" XDG_DATA_HOME: where the program stores persistent data. The\n"
@@ -1559,7 +1571,7 @@ msgid ""
" recommended to set it to /var/lib."
msgstr ""
-#: src/scm/webid-oidc/program.scm:452
+#: src/scm/webid-oidc/program.scm:460
msgid ""
"\n"
" XDG_CACHE_HOME: where the program stores and updates the seed file,\n"
@@ -1567,7 +1579,7 @@ msgid ""
" time. The seed file will be initialized from /dev/random."
msgstr ""
-#: src/scm/webid-oidc/program.scm:460
+#: src/scm/webid-oidc/program.scm:468
msgid ""
"\n"
" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n"
@@ -1575,13 +1587,13 @@ msgid ""
" not used otherwise."
msgstr ""
-#: src/scm/webid-oidc/program.scm:469
+#: src/scm/webid-oidc/program.scm:477
msgid ""
"\n"
"Running a reverse proxy"
msgstr ""
-#: src/scm/webid-oidc/program.scm:471
+#: src/scm/webid-oidc/program.scm:479
msgid ""
"\n"
"Suppose that you operate data.provider.com. You want to run an\n"
@@ -1594,7 +1606,7 @@ msgid ""
"from this reverse proxy."
msgstr ""
-#: src/scm/webid-oidc/program.scm:481
+#: src/scm/webid-oidc/program.scm:489
#, scheme-format
msgid ""
"\n"
@@ -1608,20 +1620,20 @@ msgid ""
" --~a '/var/log/proxy.err'"
msgstr ""
-#: src/scm/webid-oidc/program.scm:496
+#: src/scm/webid-oidc/program.scm:504
msgid ""
"\n"
"Running an identity provider"
msgstr ""
-#: src/scm/webid-oidc/program.scm:498
+#: src/scm/webid-oidc/program.scm:506
msgid ""
"\n"
"The identity provider running at webid-oidc-demo.planete-kraus.eu is\n"
"invoked with the following options:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:502
+#: src/scm/webid-oidc/program.scm:510
#, scheme-format
msgid ""
"\n"
@@ -1633,27 +1645,27 @@ msgid ""
" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
-" --~a \"$ENCRYPTED_PASSWORD\" \\\n"
+" --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
" --~a $PORT"
msgstr ""
-#: src/scm/webid-oidc/program.scm:522
+#: src/scm/webid-oidc/program.scm:530
msgid ""
"\n"
"Running the public pages for an application"
msgstr ""
-#: src/scm/webid-oidc/program.scm:524
+#: src/scm/webid-oidc/program.scm:532
msgid ""
"\n"
"The example client application pages for\n"
"webid-oidc-demo.planete-kraus.eu are served this way:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:528
+#: src/scm/webid-oidc/program.scm:536
#, scheme-format
msgid ""
"\n"
@@ -1669,13 +1681,13 @@ msgid ""
" --~a $PORT"
msgstr ""
-#: src/scm/webid-oidc/program.scm:542
+#: src/scm/webid-oidc/program.scm:550
msgid ""
"\n"
"Running a full server"
msgstr ""
-#: src/scm/webid-oidc/program.scm:545
+#: src/scm/webid-oidc/program.scm:553
msgid ""
"\n"
"To run the server with identity provider and\n"
@@ -1683,7 +1695,7 @@ msgid ""
"options for the parts."
msgstr ""
-#: src/scm/webid-oidc/program.scm:549
+#: src/scm/webid-oidc/program.scm:557
#, scheme-format
msgid ""
"\n"
@@ -1695,21 +1707,21 @@ msgid ""
" --~a 'https://data.planete-kraus.eu' \\\n"
" --~a '/var/lib/disfluid/server/key.jwk' \\\n"
" --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
-" --~a '$...alg...$...salt...$...hash...' \\\n"
+" --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
" --~a 'https://data.planete-kraus.eu/keys' \\\n"
" --~a 'https://data.planete-kraus.eu/authorize' \\\n"
" --~a 'https://data.planete-kraus.eu/token' \\\n"
" --~a '...port...'"
msgstr ""
-#: src/scm/webid-oidc/program.scm:574
+#: src/scm/webid-oidc/program.scm:582
#, scheme-format
msgid ""
"\n"
"If you find a bug, then please send a report to ~a."
msgstr ""
-#: src/scm/webid-oidc/program.scm:579
+#: src/scm/webid-oidc/program.scm:587
#, scheme-format
msgid ""
"~a version ~a\n"
@@ -1717,97 +1729,108 @@ msgid ""
"Rreleased ~a\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:616
+#: src/scm/webid-oidc/program.scm:624
#, scheme-format
msgid "The --~a argument must be a number, not ~s.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:622
+#: src/scm/webid-oidc/program.scm:630
#, scheme-format
msgid "The --~a argument must be an integer, not ~s.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:628
+#: src/scm/webid-oidc/program.scm:636
#, scheme-format
msgid "The --~a argument must be positive, ~s is invalid.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:633
+#: src/scm/webid-oidc/program.scm:641
#, scheme-format
msgid "The --~a argument must be less than 65536, ~s is invalid.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:675
+#: src/scm/webid-oidc/program.scm:669
+msgid ""
+"You specified two different passwords: one directly, and one from a file. "
+"Please set only one password.\n"
+msgstr ""
+
+#: src/scm/webid-oidc/program.scm:693
#, scheme-format
msgid ""
"Usage: ~a COMMAND [OPTIONS]...\n"
"See --~a (-h).\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:685 src/scm/webid-oidc/program.scm:707
-#: src/scm/webid-oidc/program.scm:779
+#: src/scm/webid-oidc/program.scm:703 src/scm/webid-oidc/program.scm:725
+#: src/scm/webid-oidc/program.scm:797
#, scheme-format
msgid "You must pass --~a to set the server name.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:689
+#: src/scm/webid-oidc/program.scm:707
#, scheme-format
msgid "You must pass --~a to set the backend URI.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:711 src/scm/webid-oidc/program.scm:783
+#: src/scm/webid-oidc/program.scm:729 src/scm/webid-oidc/program.scm:801
#, scheme-format
msgid ""
"You must pass --~a to set the file where to store the identity provider "
"key.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:715 src/scm/webid-oidc/program.scm:787
+#: src/scm/webid-oidc/program.scm:733 src/scm/webid-oidc/program.scm:805
#, scheme-format
msgid "You must pass --~a to set the subject of the identity provider.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:719 src/scm/webid-oidc/program.scm:791
+#: src/scm/webid-oidc/program.scm:737
#, scheme-format
-msgid "You must pass --~a to set the subject’s encrypted password.\n"
+msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:723 src/scm/webid-oidc/program.scm:795
+#: src/scm/webid-oidc/program.scm:741 src/scm/webid-oidc/program.scm:813
#, scheme-format
msgid "You must pass --~a to set the JWKS URI.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:727 src/scm/webid-oidc/program.scm:799
+#: src/scm/webid-oidc/program.scm:745 src/scm/webid-oidc/program.scm:817
#, scheme-format
msgid "You must pass --~a to set the authorization endpoint URI.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:731 src/scm/webid-oidc/program.scm:803
+#: src/scm/webid-oidc/program.scm:749 src/scm/webid-oidc/program.scm:821
#, scheme-format
msgid "You must pass --~a to set the token endpoint URI.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:751
+#: src/scm/webid-oidc/program.scm:769
#, scheme-format
msgid "You must pass --~a to set the application web ID.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:755
+#: src/scm/webid-oidc/program.scm:773
#, scheme-format
msgid "You must pass --~a to set the redirection URI.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:759
+#: src/scm/webid-oidc/program.scm:777
#, scheme-format
msgid "You must pass --~a to set the informative client name.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:763
+#: src/scm/webid-oidc/program.scm:781
#, scheme-format
msgid "You must pass --~a to set the informative client URI.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:850
+#: src/scm/webid-oidc/program.scm:809
+#, scheme-format
+msgid "You must pass --~a to set the subject’s encrypted password.\n"
+msgstr ""
+
+#: src/scm/webid-oidc/program.scm:868
#, scheme-format
msgid "Unknown command ~s\n"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index e3d7ee2..28b63f7 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2,8 +2,8 @@ msgid ""
msgstr ""
"Project-Id-Version: webid-oidc 0.0.0\n"
"Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-07-30 12:06+0200\n"
-"PO-Revision-Date: 2021-07-30 12:08+0200\n"
+"POT-Creation-Date: 2021-07-30 21:12+0200\n"
+"PO-Revision-Date: 2021-07-30 21:16+0200\n"
"Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n"
"Language-Team: French <vivien@planete-kraus.eu>\n"
"Language: fr\n"
@@ -1012,15 +1012,15 @@ msgid "Warning: ~a\n"
msgstr "Avertissement : ~a\n"
#: src/scm/webid-oidc/hello-world.scm:48 src/scm/webid-oidc/example-app.scm:116
-#: src/scm/webid-oidc/program.scm:217
+#: src/scm/webid-oidc/program.scm:218
msgid "command-line|version"
msgstr "version"
-#: src/scm/webid-oidc/hello-world.scm:50 src/scm/webid-oidc/program.scm:221
+#: src/scm/webid-oidc/hello-world.scm:50 src/scm/webid-oidc/program.scm:222
msgid "command-line|complete-corresponding-source"
msgstr "code-source-correspondant-complet"
-#: src/scm/webid-oidc/hello-world.scm:52 src/scm/webid-oidc/program.scm:223
+#: src/scm/webid-oidc/hello-world.scm:52 src/scm/webid-oidc/program.scm:224
msgid "command-line|help"
msgstr "aide"
@@ -1028,11 +1028,11 @@ msgstr "aide"
msgid "command-line|port"
msgstr "port"
-#: src/scm/webid-oidc/hello-world.scm:56 src/scm/webid-oidc/program.scm:253
+#: src/scm/webid-oidc/hello-world.scm:56 src/scm/webid-oidc/program.scm:256
msgid "command-line|log-file"
msgstr "fichier-journal"
-#: src/scm/webid-oidc/hello-world.scm:58 src/scm/webid-oidc/program.scm:255
+#: src/scm/webid-oidc/hello-world.scm:58 src/scm/webid-oidc/program.scm:258
msgid "command-line|error-file"
msgstr "fichier-erreur"
@@ -1096,7 +1096,7 @@ msgstr ""
msgid "~a version ~a\n"
msgstr "~a version ~a\n"
-#: src/scm/webid-oidc/hello-world.scm:112 src/scm/webid-oidc/program.scm:609
+#: src/scm/webid-oidc/hello-world.scm:112 src/scm/webid-oidc/program.scm:617
msgid ""
"You are legally required to link to the complete corresponding source code.\n"
msgstr ""
@@ -1258,12 +1258,12 @@ msgstr ""
msgid "There was an error: ~a\n"
msgstr "Il y a eu une erreur : ~a\n"
-#: src/scm/webid-oidc/program.scm:111
+#: src/scm/webid-oidc/program.scm:112
#, scheme-format
msgid "~a: ~a: Internal server error: ~a\n"
msgstr "~a : ~a : Erreur interne du serveur : ~a\n"
-#: src/scm/webid-oidc/program.scm:125
+#: src/scm/webid-oidc/program.scm:126
#, scheme-format
msgid ""
"The client locale ~s can’t be approximated by system locale ~s (because ~a), "
@@ -1272,92 +1272,96 @@ msgstr ""
"La locale du client ~s ne peut pas être approchée par la locale système ~s "
"(parce que ~a), on utilise C.\n"
-#: src/scm/webid-oidc/program.scm:149
+#: src/scm/webid-oidc/program.scm:150
#, scheme-format
msgid "~a: ~s ~a ~s ~a\n"
msgstr "~a : ~s ~a ~s ~a\n"
-#: src/scm/webid-oidc/program.scm:151
+#: src/scm/webid-oidc/program.scm:152
#, scheme-format
msgid "~a: ~a (~a)"
msgstr "~a : ~a (~a)"
-#: src/scm/webid-oidc/program.scm:155
+#: src/scm/webid-oidc/program.scm:156
#, scheme-format
msgid "~a: ~a"
msgstr "~a : ~a"
-#: src/scm/webid-oidc/program.scm:165
+#: src/scm/webid-oidc/program.scm:166
#, scheme-format
msgid "(there was an error: ~a)"
msgstr "(il y a eu une erreur : ~a)"
-#: src/scm/webid-oidc/program.scm:219
+#: src/scm/webid-oidc/program.scm:220
msgid "command-line|describe-project"
msgstr "décrire-projet"
-#: src/scm/webid-oidc/program.scm:225
+#: src/scm/webid-oidc/program.scm:226
msgid "command-line|server|port"
msgstr "port"
-#: src/scm/webid-oidc/program.scm:227
+#: src/scm/webid-oidc/program.scm:228
msgid "command-line|server|server-name"
msgstr "nom-du-serveur"
-#: src/scm/webid-oidc/program.scm:229
+#: src/scm/webid-oidc/program.scm:230
msgid "command-line|server|reverse-proxy|backend-uri"
msgstr "uri-arrière-plan"
-#: src/scm/webid-oidc/program.scm:231
+#: src/scm/webid-oidc/program.scm:232
msgid "command-line|server|reverse-proxy|header"
msgstr "en-tête"
-#: src/scm/webid-oidc/program.scm:233
+#: src/scm/webid-oidc/program.scm:234
msgid "command-line|server|issuer|key-file"
msgstr "fichier-clé"
-#: src/scm/webid-oidc/program.scm:235
+#: src/scm/webid-oidc/program.scm:236
msgid "command-line|server|issuer|subject"
msgstr "sujet"
-#: src/scm/webid-oidc/program.scm:237
+#: src/scm/webid-oidc/program.scm:238
msgid "command-line|server|issuer|encrypted-password"
msgstr "mot-de-passe-chiffré"
-#: src/scm/webid-oidc/program.scm:239
+#: src/scm/webid-oidc/program.scm:240
+msgid "command-line|server|issuer|encrypted-password-from-file"
+msgstr "fichier-de-mot-de-passe-chiffré"
+
+#: src/scm/webid-oidc/program.scm:242
msgid "command-line|server|issuer|jwks-uri"
msgstr "uri-jwks"
-#: src/scm/webid-oidc/program.scm:241
+#: src/scm/webid-oidc/program.scm:244
msgid "command-line|server|issuer|authorization-endpoint-uri"
msgstr "uri-terminal-autorisation"
-#: src/scm/webid-oidc/program.scm:243
+#: src/scm/webid-oidc/program.scm:246
msgid "command-line|server|issuer|token-endpoint-uri"
msgstr "uri-terminal-jeton"
-#: src/scm/webid-oidc/program.scm:245
+#: src/scm/webid-oidc/program.scm:248
msgid "command-line|server|client-id"
msgstr "id-client"
-#: src/scm/webid-oidc/program.scm:247
+#: src/scm/webid-oidc/program.scm:250
msgid "command-line|server|redirect-uri"
msgstr "uri-redirection"
-#: src/scm/webid-oidc/program.scm:249
+#: src/scm/webid-oidc/program.scm:252
msgid "command-line|server|client-name"
msgstr "nom-client"
-#: src/scm/webid-oidc/program.scm:251
+#: src/scm/webid-oidc/program.scm:254
msgid "command-line|server|client-uri"
msgstr "uri-client"
-#: src/scm/webid-oidc/program.scm:284
+#: src/scm/webid-oidc/program.scm:288
#, scheme-format
msgid "Usage: ~a COMMAND [OPTIONS]...\n"
msgstr "Utilisation : ~a COMMANDE [OPTIONS]...\n"
-#: src/scm/webid-oidc/program.scm:288
+#: src/scm/webid-oidc/program.scm:292
msgid ""
"\n"
"Run the disfluid COMMAND."
@@ -1365,7 +1369,7 @@ msgstr ""
"\n"
"Exécute la COMMANDE disfluid."
-#: src/scm/webid-oidc/program.scm:291
+#: src/scm/webid-oidc/program.scm:295
msgid ""
"\n"
"This program is covered by the GNU Affero GPL, version 3 or\n"
@@ -1381,7 +1385,7 @@ msgstr ""
"code source complet correspondant (avec vos modifications) sans\n"
"frais. Le serveur ajoute un en-tête « Source: » à toutes les réponses."
-#: src/scm/webid-oidc/program.scm:298
+#: src/scm/webid-oidc/program.scm:302
msgid ""
"\n"
"Available commands:"
@@ -1389,7 +1393,7 @@ msgstr ""
"\n"
"Commandes disponibles :"
-#: src/scm/webid-oidc/program.scm:300
+#: src/scm/webid-oidc/program.scm:304
#, scheme-format
msgid ""
"\n"
@@ -1400,12 +1404,12 @@ msgstr ""
" ~a :\n"
" exécute le proxy inverse authentifiant."
-#: src/scm/webid-oidc/program.scm:303 src/scm/webid-oidc/program.scm:491
-#: src/scm/webid-oidc/program.scm:682
+#: src/scm/webid-oidc/program.scm:307 src/scm/webid-oidc/program.scm:499
+#: src/scm/webid-oidc/program.scm:700
msgid "command-line|command|reverse-proxy"
msgstr "proxy-inversé"
-#: src/scm/webid-oidc/program.scm:304
+#: src/scm/webid-oidc/program.scm:308
#, scheme-format
msgid ""
"\n"
@@ -1416,12 +1420,12 @@ msgstr ""
" ~a :\n"
" exécute un fournisseur d’identité."
-#: src/scm/webid-oidc/program.scm:307 src/scm/webid-oidc/program.scm:516
-#: src/scm/webid-oidc/program.scm:704
+#: src/scm/webid-oidc/program.scm:311 src/scm/webid-oidc/program.scm:524
+#: src/scm/webid-oidc/program.scm:722
msgid "command-line|command|identity-provider"
msgstr "fournisseur-identité"
-#: src/scm/webid-oidc/program.scm:308
+#: src/scm/webid-oidc/program.scm:312
#, scheme-format
msgid ""
"\n"
@@ -1432,12 +1436,12 @@ msgstr ""
" ~a :\n"
" sert les pages d’une application publique."
-#: src/scm/webid-oidc/program.scm:311 src/scm/webid-oidc/program.scm:537
-#: src/scm/webid-oidc/program.scm:748
+#: src/scm/webid-oidc/program.scm:315 src/scm/webid-oidc/program.scm:545
+#: src/scm/webid-oidc/program.scm:766
msgid "command-line|command|client-service"
msgstr "service-client"
-#: src/scm/webid-oidc/program.scm:312
+#: src/scm/webid-oidc/program.scm:316
#, scheme-format
msgid ""
"\n"
@@ -1450,12 +1454,12 @@ msgstr ""
" exécute un serveur complet, avec un fournisseur d’identité et\n"
" une fonction de stockage de ressources."
-#: src/scm/webid-oidc/program.scm:316 src/scm/webid-oidc/program.scm:563
-#: src/scm/webid-oidc/program.scm:777
+#: src/scm/webid-oidc/program.scm:320 src/scm/webid-oidc/program.scm:571
+#: src/scm/webid-oidc/program.scm:795
msgid "command-line|command|server"
msgstr "serveur"
-#: src/scm/webid-oidc/program.scm:318
+#: src/scm/webid-oidc/program.scm:322
msgid ""
"\n"
"General options:"
@@ -1463,7 +1467,7 @@ msgstr ""
"\n"
"Options générales :"
-#: src/scm/webid-oidc/program.scm:320
+#: src/scm/webid-oidc/program.scm:324
#, scheme-format
msgid ""
"\n"
@@ -1477,7 +1481,7 @@ msgstr ""
" correspondant. Par exemple, MOYEN serait une URI pointant vers\n"
" l’archive de code."
-#: src/scm/webid-oidc/program.scm:325
+#: src/scm/webid-oidc/program.scm:329
#, scheme-format
msgid ""
"\n"
@@ -1488,7 +1492,7 @@ msgstr ""
" -h, --~a :\n"
" affiche un court message d’aide et quitte."
-#: src/scm/webid-oidc/program.scm:329
+#: src/scm/webid-oidc/program.scm:333
#, scheme-format
msgid ""
"\n"
@@ -1499,7 +1503,7 @@ msgstr ""
" -v, --~a :\n"
" affiche le numéro de version (~a, publiée le ~a) et quitte."
-#: src/scm/webid-oidc/program.scm:335
+#: src/scm/webid-oidc/program.scm:339
#, scheme-format
msgid ""
"\n"
@@ -1510,7 +1514,7 @@ msgstr ""
" --~a :\n"
" décrit le projet dans le vocabulaire DOAP et quitte."
-#: src/scm/webid-oidc/program.scm:339
+#: src/scm/webid-oidc/program.scm:343
#, scheme-format
msgid ""
"\n"
@@ -1521,7 +1525,7 @@ msgstr ""
" -l FICHIER.journal, --~a=FICHIER.journal :\n"
" redirige la sortie standard du programme vers FICHIER.journal."
-#: src/scm/webid-oidc/program.scm:343
+#: src/scm/webid-oidc/program.scm:347
#, scheme-format
msgid ""
"\n"
@@ -1532,7 +1536,7 @@ msgstr ""
" -e FICHIER.erreurs, --~a=FICHIER.erreurs :\n"
" redirige les erreurs du programme vers FICHIER.erreurs."
-#: src/scm/webid-oidc/program.scm:348
+#: src/scm/webid-oidc/program.scm:352
msgid ""
"\n"
"General server-side options:"
@@ -1540,7 +1544,7 @@ msgstr ""
"\n"
"Options générales pour un serveur :"
-#: src/scm/webid-oidc/program.scm:350
+#: src/scm/webid-oidc/program.scm:354
#, scheme-format
msgid ""
"\n"
@@ -1551,7 +1555,7 @@ msgstr ""
" -p PORT, --~a=PORT :\n"
" définit le port à lier, 8080 par défaut."
-#: src/scm/webid-oidc/program.scm:354
+#: src/scm/webid-oidc/program.scm:358
#, scheme-format
msgid ""
"\n"
@@ -1563,7 +1567,7 @@ msgstr ""
" définit l’URI publique du serveur (schéma, identifiant de\n"
" l’utilisateur, hôte et port)."
-#: src/scm/webid-oidc/program.scm:359
+#: src/scm/webid-oidc/program.scm:363
msgid ""
"\n"
"Options for the resource server:"
@@ -1571,7 +1575,7 @@ msgstr ""
"\n"
"Options pour le serveur de ressources :"
-#: src/scm/webid-oidc/program.scm:361
+#: src/scm/webid-oidc/program.scm:365
#, scheme-format
msgid ""
"\n"
@@ -1586,7 +1590,7 @@ msgstr ""
" authentifié, XXX-Agent par défaut. Pour un serveur complet, ceci\n"
" désactive l’authentification par Solid-OIDC."
-#: src/scm/webid-oidc/program.scm:367
+#: src/scm/webid-oidc/program.scm:371
#, scheme-format
msgid ""
"\n"
@@ -1599,7 +1603,7 @@ msgstr ""
" définit l’URI sortante du proxy inversé, seulement pour la\n"
" commande proxy-inversé."
-#: src/scm/webid-oidc/program.scm:373
+#: src/scm/webid-oidc/program.scm:377
msgid ""
"\n"
"Options for the identity provider:"
@@ -1607,7 +1611,7 @@ msgstr ""
"\n"
"Options du fournisseur d’identité :"
-#: src/scm/webid-oidc/program.scm:375
+#: src/scm/webid-oidc/program.scm:379
#, scheme-format
msgid ""
"\n"
@@ -1621,7 +1625,7 @@ msgstr ""
" nouvelle clé sera générée. Le serveur n’offre pas de service\n"
" HTTPS."
-#: src/scm/webid-oidc/program.scm:380
+#: src/scm/webid-oidc/program.scm:384
#, scheme-format
msgid ""
"\n"
@@ -1632,7 +1636,7 @@ msgstr ""
" -s WEBID, --~a=WEBID :\n"
" définit l'identité du sujet."
-#: src/scm/webid-oidc/program.scm:384
+#: src/scm/webid-oidc/program.scm:388
#, scheme-format
msgid ""
"\n"
@@ -1643,7 +1647,20 @@ msgstr ""
" -w MOT_DE_PASSE_CHIFFRÉ, --~a=MOT_DE_PASSE_CHIFFRÉ :\n"
" définit le mot de passe chiffré pour reconnaître l’utilisateur."
-#: src/scm/webid-oidc/program.scm:388
+#: src/scm/webid-oidc/program.scm:392
+#, scheme-format
+msgid ""
+"\n"
+" -W ENCRYPTED_PASSWORD_FILE, --~a=ENCRYPTED_PASSWORD_FILE:\n"
+" load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE."
+msgstr ""
+"\n"
+" -w FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ, --"
+"~a=FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ :\n"
+" lit le mot de passe chiffré de l’utilisateur dans "
+"FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ."
+
+#: src/scm/webid-oidc/program.scm:396
#, scheme-format
msgid ""
"\n"
@@ -1654,7 +1671,7 @@ msgstr ""
" -j URI, --~a=URI :\n"
" définit l’URI pour requêter les clés du serveur."
-#: src/scm/webid-oidc/program.scm:392
+#: src/scm/webid-oidc/program.scm:400
#, scheme-format
msgid ""
"\n"
@@ -1666,7 +1683,7 @@ msgstr ""
" définit l'URI du terminal d'autorisation de l’émetteur\n"
" d’identité."
-#: src/scm/webid-oidc/program.scm:396
+#: src/scm/webid-oidc/program.scm:404
#, scheme-format
msgid ""
"\n"
@@ -1677,7 +1694,7 @@ msgstr ""
" -t URI, --~a=URI :\n"
" définit le terminal de jeton de l’émetteur d’identité."
-#: src/scm/webid-oidc/program.scm:401
+#: src/scm/webid-oidc/program.scm:409
msgid ""
"\n"
"Options for the client service:"
@@ -1685,7 +1702,7 @@ msgstr ""
"\n"
"Options pour le service associé à un client :"
-#: src/scm/webid-oidc/program.scm:403
+#: src/scm/webid-oidc/program.scm:411
#, scheme-format
msgid ""
"\n"
@@ -1698,7 +1715,7 @@ msgstr ""
" définit l’identifiant web de l’application client, qui est\n"
" déréférencé pour une ressource sémantique."
-#: src/scm/webid-oidc/program.scm:408
+#: src/scm/webid-oidc/program.scm:416
#, scheme-format
msgid ""
"\n"
@@ -1712,7 +1729,7 @@ msgstr ""
" d’autorisation. La page de redirection affiche le code à coller\n"
" dans l’application."
-#: src/scm/webid-oidc/program.scm:413
+#: src/scm/webid-oidc/program.scm:421
#, scheme-format
msgid ""
"\n"
@@ -1724,7 +1741,7 @@ msgstr ""
" définit le nom de l’application visible par l’utilisateur (peut\n"
" être trompeur…)."
-#: src/scm/webid-oidc/program.scm:417
+#: src/scm/webid-oidc/program.scm:425
#, scheme-format
msgid ""
"\n"
@@ -1737,7 +1754,7 @@ msgstr ""
" définit l’URI présentant plus d’informations à propos de\n"
" l’application (peut aussi être trompeur)."
-#: src/scm/webid-oidc/program.scm:423
+#: src/scm/webid-oidc/program.scm:431
msgid ""
"\n"
"Environment variables:"
@@ -1745,7 +1762,7 @@ msgstr ""
"\n"
"Variables d’environnement :"
-#: src/scm/webid-oidc/program.scm:425
+#: src/scm/webid-oidc/program.scm:433
msgid ""
"\n"
" XML_CATALOG_FILES: the server will fetch resources on the web. By\n"
@@ -1764,9 +1781,9 @@ msgstr ""
" fichiers depuis le système de fichiers, parce qu’il n’y a pas de\n"
" moyen de spécifier le type de contenu."
-#: src/scm/webid-oidc/program.scm:433 src/scm/webid-oidc/program.scm:440
-#: src/scm/webid-oidc/program.scm:449 src/scm/webid-oidc/program.scm:457
-#: src/scm/webid-oidc/program.scm:465
+#: src/scm/webid-oidc/program.scm:441 src/scm/webid-oidc/program.scm:448
+#: src/scm/webid-oidc/program.scm:457 src/scm/webid-oidc/program.scm:465
+#: src/scm/webid-oidc/program.scm:473
#, scheme-format
msgid ""
"the-environment-variable|\n"
@@ -1775,7 +1792,7 @@ msgstr ""
" \n"
" Elle vaut actuellement ~s."
-#: src/scm/webid-oidc/program.scm:436
+#: src/scm/webid-oidc/program.scm:444
msgid ""
"\n"
" LANG: set the locale of the user interface (for the server commands,\n"
@@ -1785,7 +1802,7 @@ msgstr ""
" LANG : définit la locale de l’interface utilisateur (pour les\n"
" commandes serveur, l’utilisateur est l’administrateur système)."
-#: src/scm/webid-oidc/program.scm:443
+#: src/scm/webid-oidc/program.scm:451
msgid ""
"\n"
" XDG_DATA_HOME: where the program stores persistent data. The\n"
@@ -1800,7 +1817,7 @@ msgstr ""
" ici. Pour un service système, il est recommandé d’utiliser\n"
" /var/lib."
-#: src/scm/webid-oidc/program.scm:452
+#: src/scm/webid-oidc/program.scm:460
msgid ""
"\n"
" XDG_CACHE_HOME: where the program stores and updates the seed file,\n"
@@ -1813,7 +1830,7 @@ msgstr ""
" supprimer ce dossier n’importe quand. Le fichier de graine sera\n"
" initialisé à partir de /dev/random."
-#: src/scm/webid-oidc/program.scm:460
+#: src/scm/webid-oidc/program.scm:468
msgid ""
"\n"
" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n"
@@ -1825,7 +1842,7 @@ msgstr ""
" valeur est calculée à partir de la variable d’environnement\n"
" HOME. Elle n’est pas utilisée autrement."
-#: src/scm/webid-oidc/program.scm:469
+#: src/scm/webid-oidc/program.scm:477
msgid ""
"\n"
"Running a reverse proxy"
@@ -1833,7 +1850,7 @@ msgstr ""
"\n"
"Exécution d’un proxy inversé"
-#: src/scm/webid-oidc/program.scm:471
+#: src/scm/webid-oidc/program.scm:479
msgid ""
"\n"
"Suppose that you operate data.provider.com. You want to run an\n"
@@ -1855,7 +1872,7 @@ msgstr ""
"authentifié. https://private.data.provider.com ne doit accepter que\n"
"les requêtes depuis ce proxy inversé."
-#: src/scm/webid-oidc/program.scm:481
+#: src/scm/webid-oidc/program.scm:489
#, scheme-format
msgid ""
"\n"
@@ -1879,7 +1896,7 @@ msgstr ""
" --~a '/var/log/proxy.log' \\\n"
" --~a '/var/log/proxy.err'"
-#: src/scm/webid-oidc/program.scm:496
+#: src/scm/webid-oidc/program.scm:504
msgid ""
"\n"
"Running an identity provider"
@@ -1887,7 +1904,7 @@ msgstr ""
"\n"
"Exécution d’un fournisseur d’identité"
-#: src/scm/webid-oidc/program.scm:498
+#: src/scm/webid-oidc/program.scm:506
msgid ""
"\n"
"The identity provider running at webid-oidc-demo.planete-kraus.eu is\n"
@@ -1898,7 +1915,7 @@ msgstr ""
"webid-oidc-demo.planete-kraus.eu est invoqué avec les options\n"
"suivantes :"
-#: src/scm/webid-oidc/program.scm:502
+#: src/scm/webid-oidc/program.scm:510
#, scheme-format
msgid ""
"\n"
@@ -1910,7 +1927,7 @@ msgid ""
" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
-" --~a \"$ENCRYPTED_PASSWORD\" \\\n"
+" --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
@@ -1926,13 +1943,13 @@ msgstr ""
" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
-" --~a \"$MOT_DE_PASSE_CHIFFRÉ\" \\\n"
+" --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
" --~a $PORT"
-#: src/scm/webid-oidc/program.scm:522
+#: src/scm/webid-oidc/program.scm:530
msgid ""
"\n"
"Running the public pages for an application"
@@ -1940,7 +1957,7 @@ msgstr ""
"\n"
"Service des pages publiques pour une application"
-#: src/scm/webid-oidc/program.scm:524
+#: src/scm/webid-oidc/program.scm:532
msgid ""
"\n"
"The example client application pages for\n"
@@ -1950,7 +1967,7 @@ msgstr ""
"Les pages de l’application client d’exemple pour\n"
"webid-oidc-demo.planete-kraus.eu sont servies de cette façon :"
-#: src/scm/webid-oidc/program.scm:528
+#: src/scm/webid-oidc/program.scm:536
#, scheme-format
msgid ""
"\n"
@@ -1978,7 +1995,7 @@ msgstr ""
"html#Running-a-client' \\\n"
" --~a $PORT"
-#: src/scm/webid-oidc/program.scm:542
+#: src/scm/webid-oidc/program.scm:550
msgid ""
"\n"
"Running a full server"
@@ -1986,7 +2003,7 @@ msgstr ""
"\n"
"Exécution d’un serveur complet"
-#: src/scm/webid-oidc/program.scm:545
+#: src/scm/webid-oidc/program.scm:553
msgid ""
"\n"
"To run the server with identity provider and\n"
@@ -1998,7 +2015,7 @@ msgstr ""
"un serveur de ressources pour un utilisateur particulier, vous devez\n"
"combiner les options des parties."
-#: src/scm/webid-oidc/program.scm:549
+#: src/scm/webid-oidc/program.scm:557
#, scheme-format
msgid ""
"\n"
@@ -2010,7 +2027,7 @@ msgid ""
" --~a 'https://data.planete-kraus.eu' \\\n"
" --~a '/var/lib/disfluid/server/key.jwk' \\\n"
" --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
-" --~a '$...alg...$...salt...$...hash...' \\\n"
+" --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
" --~a 'https://data.planete-kraus.eu/keys' \\\n"
" --~a 'https://data.planete-kraus.eu/authorize' \\\n"
" --~a 'https://data.planete-kraus.eu/token' \\\n"
@@ -2026,13 +2043,13 @@ msgstr ""
" --~a 'https://data.planete-kraus.eu' \\\n"
" --~a '/var/lib/disfluid/server/key.jwk' \\\n"
" --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
-" --~a '$...alg...$...sel...$...condensat...' \\\n"
+" --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
" --~a 'https://data.planete-kraus.eu/keys' \\\n"
" --~a 'https://data.planete-kraus.eu/authorize' \\\n"
" --~a 'https://data.planete-kraus.eu/token' \\\n"
" --~a '...port...'"
-#: src/scm/webid-oidc/program.scm:574
+#: src/scm/webid-oidc/program.scm:582
#, scheme-format
msgid ""
"\n"
@@ -2041,7 +2058,7 @@ msgstr ""
"\n"
"Si vous trouvez une erreur, veuillez en envoyer un rapport à ~a."
-#: src/scm/webid-oidc/program.scm:579
+#: src/scm/webid-oidc/program.scm:587
#, scheme-format
msgid ""
"~a version ~a\n"
@@ -2052,27 +2069,35 @@ msgstr ""
"\n"
"Publiée le ~a\n"
-#: src/scm/webid-oidc/program.scm:616
+#: src/scm/webid-oidc/program.scm:624
#, scheme-format
msgid "The --~a argument must be a number, not ~s.\n"
msgstr "L’argument de --~a doit être un nombre, pas ~s.\n"
-#: src/scm/webid-oidc/program.scm:622
+#: src/scm/webid-oidc/program.scm:630
#, scheme-format
msgid "The --~a argument must be an integer, not ~s.\n"
msgstr "L’argument de --~a doit être un entier, pas ~s.\n"
-#: src/scm/webid-oidc/program.scm:628
+#: src/scm/webid-oidc/program.scm:636
#, scheme-format
msgid "The --~a argument must be positive, ~s is invalid.\n"
msgstr "L’argument de --~a doit être positif, ~s est invalide.\n"
-#: src/scm/webid-oidc/program.scm:633
+#: src/scm/webid-oidc/program.scm:641
#, scheme-format
msgid "The --~a argument must be less than 65536, ~s is invalid.\n"
msgstr "L’argument de --~a doit être inférieur à 65536, ~s est invalide.\n"
-#: src/scm/webid-oidc/program.scm:675
+#: src/scm/webid-oidc/program.scm:669
+msgid ""
+"You specified two different passwords: one directly, and one from a file. "
+"Please set only one password.\n"
+msgstr ""
+"Vous avez spécifié deux mots de passe différents : l’un directement,\n"
+"et un autre depuis un fichier. Veuillez n’en spécifier qu’un.\n"
+
+#: src/scm/webid-oidc/program.scm:693
#, scheme-format
msgid ""
"Usage: ~a COMMAND [OPTIONS]...\n"
@@ -2081,18 +2106,18 @@ msgstr ""
"Utilisation : ~a COMMANDE [OPTIONS]...\n"
"Voir --~a (-h).\n"
-#: src/scm/webid-oidc/program.scm:685 src/scm/webid-oidc/program.scm:707
-#: src/scm/webid-oidc/program.scm:779
+#: src/scm/webid-oidc/program.scm:703 src/scm/webid-oidc/program.scm:725
+#: src/scm/webid-oidc/program.scm:797
#, scheme-format
msgid "You must pass --~a to set the server name.\n"
msgstr "Vous devez passer --~a pour définir le nom du serveur.\n"
-#: src/scm/webid-oidc/program.scm:689
+#: src/scm/webid-oidc/program.scm:707
#, scheme-format
msgid "You must pass --~a to set the backend URI.\n"
msgstr "Vous devez passer --~a pour définir l'URI du service d’arrière-plan.\n"
-#: src/scm/webid-oidc/program.scm:711 src/scm/webid-oidc/program.scm:783
+#: src/scm/webid-oidc/program.scm:729 src/scm/webid-oidc/program.scm:801
#, scheme-format
msgid ""
"You must pass --~a to set the file where to store the identity provider "
@@ -2101,59 +2126,66 @@ msgstr ""
"Vous devez passer --~a pour définir le nom du fichier pour sauvegarder\n"
"la clé du fournisseur d’identité.\n"
-#: src/scm/webid-oidc/program.scm:715 src/scm/webid-oidc/program.scm:787
+#: src/scm/webid-oidc/program.scm:733 src/scm/webid-oidc/program.scm:805
#, scheme-format
msgid "You must pass --~a to set the subject of the identity provider.\n"
msgstr ""
"Vous devez passer --~a pour définir le sujet du fournisseur d’identité.\n"
-#: src/scm/webid-oidc/program.scm:719 src/scm/webid-oidc/program.scm:791
+#: src/scm/webid-oidc/program.scm:737
#, scheme-format
-msgid "You must pass --~a to set the subject’s encrypted password.\n"
+msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n"
msgstr ""
-"Vous devez passer --~a pour définir le mot de passe chiffré du sujet.\n"
+"Vous devez passer --~a ou --~a pour définir le mot de passe chiffré du "
+"sujet.\n"
-#: src/scm/webid-oidc/program.scm:723 src/scm/webid-oidc/program.scm:795
+#: src/scm/webid-oidc/program.scm:741 src/scm/webid-oidc/program.scm:813
#, scheme-format
msgid "You must pass --~a to set the JWKS URI.\n"
msgstr "Vous devez passer --~a pour définir l'URI du JWKS.\n"
-#: src/scm/webid-oidc/program.scm:727 src/scm/webid-oidc/program.scm:799
+#: src/scm/webid-oidc/program.scm:745 src/scm/webid-oidc/program.scm:817
#, scheme-format
msgid "You must pass --~a to set the authorization endpoint URI.\n"
msgstr ""
"Vous devez passer --~a pour définir l'URI du terminal d'autorisation.\n"
-#: src/scm/webid-oidc/program.scm:731 src/scm/webid-oidc/program.scm:803
+#: src/scm/webid-oidc/program.scm:749 src/scm/webid-oidc/program.scm:821
#, scheme-format
msgid "You must pass --~a to set the token endpoint URI.\n"
msgstr "Vous devez passer --~a pour définir l'URI du terminal de jeton.\n"
-#: src/scm/webid-oidc/program.scm:751
+#: src/scm/webid-oidc/program.scm:769
#, scheme-format
msgid "You must pass --~a to set the application web ID.\n"
msgstr ""
"Vous devez passer --~a pour définir l'identifiant web de l’application.\n"
-#: src/scm/webid-oidc/program.scm:755
+#: src/scm/webid-oidc/program.scm:773
#, scheme-format
msgid "You must pass --~a to set the redirection URI.\n"
msgstr "Vous devez passer --~a pour définir l'URI de redirection.\n"
-#: src/scm/webid-oidc/program.scm:759
+#: src/scm/webid-oidc/program.scm:777
#, scheme-format
msgid "You must pass --~a to set the informative client name.\n"
msgstr ""
"Vous devez passer --~a pour donner un nom pour l’application à titre "
"informatif.\n"
-#: src/scm/webid-oidc/program.scm:763
+#: src/scm/webid-oidc/program.scm:781
#, scheme-format
msgid "You must pass --~a to set the informative client URI.\n"
msgstr ""
"Vous devez passer --~a pour définir l'URI du client, à titre informatif.\n"
-#: src/scm/webid-oidc/program.scm:850
+#: src/scm/webid-oidc/program.scm:809
+#, scheme-format
+msgid "You must pass --~a to set the subject’s encrypted password.\n"
+msgstr ""
+"Vous devez passer --~a pour définir le mot de passe chiffré du sujet.\n"
+
+#: src/scm/webid-oidc/program.scm:868
#, scheme-format
msgid "Unknown command ~s\n"
msgstr "Commande inconnue ~s\n"
diff --git a/src/scm/webid-oidc/program.scm b/src/scm/webid-oidc/program.scm
index 4d469f3..2eda34c 100644
--- a/src/scm/webid-oidc/program.scm
+++ b/src/scm/webid-oidc/program.scm
@@ -34,6 +34,7 @@
#:use-module (ice-9 control)
#:use-module (ice-9 threads)
#:use-module (ice-9 futures)
+ #:use-module (ice-9 textual-ports)
#:use-module (srfi srfi-19)
#:use-module (rnrs bytevectors)
#:use-module (web uri)
@@ -235,6 +236,8 @@
(string->symbol (G_ "command-line|server|issuer|subject")))
(encrypted-password-sym
(string->symbol (G_ "command-line|server|issuer|encrypted-password")))
+ (encrypted-password-from-file-sym
+ (string->symbol (G_ "command-line|server|issuer|encrypted-password-from-file")))
(jwks-uri-sym
(string->symbol (G_ "command-line|server|issuer|jwks-uri")))
(authorization-endpoint-uri-sym
@@ -267,6 +270,7 @@
(,key-file-sym (single-char #\k) (value #t))
(,subject-sym (single-char #\s) (value #t))
(,encrypted-password-sym (single-char #\w) (value #t))
+ (,encrypted-password-from-file-sym (single-char #\W) (value #t))
(,jwks-uri-sym (single-char #\j) (value #t))
(,authorization-endpoint-uri-sym (single-char #\a) (value #t))
(,token-endpoint-uri-sym (single-char #\t) (value #t))
@@ -386,6 +390,10 @@ Options for the identity provider:"))
set the encrypted password to recognize the user.")
encrypted-password-sym)
(format #t (G_ "
+ -W ENCRYPTED_PASSWORD_FILE, --~a=ENCRYPTED_PASSWORD_FILE:
+ load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE.")
+ encrypted-password-from-file-sym)
+ (format #t (G_ "
-j URI, --~a=URI:
set the URI to query the key of the server.")
jwks-uri-sym)
@@ -507,7 +515,7 @@ invoked with the following options:"))
--~a 'https://webid-oidc-demo.planete-kraus.eu' \\
--~a '/var/lib/webid-oidc/issuer/key.jwk' \\
--~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\
- --~a \"$ENCRYPTED_PASSWORD\" \\
+ --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\
--~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\
--~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\
--~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\
@@ -515,7 +523,7 @@ invoked with the following options:"))
(car (command-line))
(G_ "command-line|command|identity-provider")
complete-corresponding-source-sym
- server-name-sym key-file-sym subject-sym encrypted-password-sym
+ server-name-sym key-file-sym subject-sym encrypted-password-from-file-sym
jwks-uri-sym authorization-endpoint-uri-sym
token-endpoint-uri-sym port-sym)
(format #t "\n")
@@ -554,7 +562,7 @@ options for the parts."))
--~a 'https://data.planete-kraus.eu' \\
--~a '/var/lib/disfluid/server/key.jwk' \\
--~a 'https://data.planete-kraus.eu/vivien#me' \\
- --~a '$...alg...$...salt...$...hash...' \\
+ --~a '/etc/disfluid/data.planete-kraus.eu/password' \\
--~a 'https://data.planete-kraus.eu/keys' \\
--~a 'https://data.planete-kraus.eu/authorize' \\
--~a 'https://data.planete-kraus.eu/token' \\
@@ -565,7 +573,7 @@ options for the parts."))
server-name-sym
key-file-sym
subject-sym
- encrypted-password-sym
+ encrypted-password-from-file-sym
jwks-uri-sym
authorization-endpoint-uri-sym
token-endpoint-uri-sym
@@ -650,7 +658,17 @@ Rreleased ~a\n")
(subject
(let ((str (option-ref options subject-sym #f)))
(and str (string->uri str))))
- (encrypted-password (option-ref options encrypted-password-sym #f))
+ (encrypted-password
+ (let ((direct (option-ref options encrypted-password-sym #f))
+ (from-file
+ (let ((filename (option-ref options encrypted-password-from-file-sym #f)))
+ (and filename
+ (call-with-input-file filename get-line)))))
+ (when (and direct from-file (not (equal? direct from-file)))
+ (format (current-error-port)
+ (G_ "You specified two different passwords: one directly, and one from a file. Please set only one password.\n"))
+ (exit 1))
+ (or direct from-file)))
(jwks-uri
(let ((str (option-ref options jwks-uri-sym #f)))
(and str (string->uri str))))
@@ -716,8 +734,8 @@ Rreleased ~a\n")
subject-sym)
(exit 1))
(unless encrypted-password
- (format (current-error-port) (G_ "You must pass --~a to set the subject’s encrypted password.\n")
- encrypted-password-sym)
+ (format (current-error-port) (G_ "You must pass --~a or --~a to set the subject’s encrypted password.\n")
+ encrypted-password-sym encrypted-password-from-file-sym)
(exit 1))
(unless jwks-uri
(format (current-error-port) (G_ "You must pass --~a to set the JWKS URI.\n")
generated by cgit v1.2.3 (git 2.44.0) at 2024-04-19 22:12:35 +0000