cmd/age: disable golang/go#61779 tests workaround

Fixes #555
Updates #159
Updates #57

.github/workflows/build.yml

@@ -22,7 +22,7 @@ jobs:
           - {GOOS: freebsd, GOARCH: amd64}
     steps:
       - name: Install Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v2
         with:
           go-version: 1.x
       - name: Checkout repository
@@ -62,9 +62,9 @@ jobs:
           GOARCH: ${{ matrix.GOARCH }}
           GOARM: ${{ matrix.GOARM }}
       - name: Upload workflow artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
         with:
-          name: age-binaries-${{ matrix.GOOS }}-${{ matrix.GOARCH }}
+          name: age-binaries
           path: age-*
   upload:
     name: Upload release binaries
@@ -75,10 +75,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download workflow artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v2
         with:
-          pattern: age-binaries-*
-          merge-multiple: true
+          name: age-binaries
       - name: Upload release artifacts
         run: gh release upload "$GITHUB_REF_NAME" age-*
         env:

.github/workflows/ronn.yml

@@ -29,7 +29,7 @@ jobs:
             mv "$f.tmp" "$f"
           done
       - name: Upload generated files
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: man-pages
           path: |
@@ -45,7 +45,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Download generated files
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v2
         with:
           name: man-pages
           path: doc/

.github/workflows/test.yml

@@ -33,7 +33,7 @@ jobs:
       - name: Install bootstrap Go
         uses: actions/setup-go@v5
         with:
-          go-version: stable
+          go-version: 1.22
       - name: Install Go tip (UNIX)
         if: runner.os != 'Windows'
         run: |

README.md

@@ -133,12 +133,6 @@ $ age --decrypt -i key.txt data.tar.gz.age > data.tar.gz
             <code>scoop bucket add extras && scoop install age</code>
         </td>
     </tr>
-    <tr>
-        <td>pkgx</td>
-        <td>
-            <code>pkgx install age</code>
-        </td>
-    </tr>
 </table>
 
 On Windows, Linux, macOS, and FreeBSD you can use the pre-built binaries.
@@ -157,39 +151,6 @@ go install filippo.io/age/cmd/...@latest
 
 Help from new packagers is very welcome.
 
-### Verifying the release signatures
-
-If you download the pre-built binaries, you can check their
-[Sigsum](https://www.sigsum.org) proofs, which are like signatures with extra
-transparency: you can cryptographically verify that every proof is logged in a
-public append-only log, so you can hold the age project accountable for every
-binary release we ever produced. This is similar to what the [Go Checksum
-Database](https://go.dev/blog/module-mirror-launch) provides.
-
-```
-cat << EOF > age-sigsum-key.pub
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1WpnEswJLPzvXJDiswowy48U+G+G1kmgwUE2eaRHZG
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz2WM5CyPLqiNjk7CLl4roDXwKhQ0QExXLebukZEZFS
-EOF
-cat << EOF > sigsum-trust-policy.txt
-log 154f49976b59ff09a123675f58cb3e346e0455753c3c3b15d465dcb4f6512b0b https://poc.sigsum.org/jellyfish
-witness poc.sigsum.org/nisse 1c25f8a44c635457e2e391d1efbca7d4c2951a0aef06225a881e46b98962ac6c
-witness rgdd.se/poc-witness  28c92a5a3a054d317c86fc2eeb6a7ab2054d6217100d0be67ded5b74323c5806
-group  demo-quorum-rule all poc.sigsum.org/nisse rgdd.se/poc-witness
-quorum demo-quorum-rule
-EOF
-
-curl -JLO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64"
-curl -JLO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64&proof"
-
-go install sigsum.org/sigsum-go/cmd/sigsum-verify@v0.8.0
-sigsum-verify -k age-sigsum-key.pub -p sigsum-trust-policy.txt \
-    age-v1.2.0-darwin-arm64.tar.gz.proof < age-v1.2.0-darwin-arm64.tar.gz
-```
-
-You can learn more about what's happening above in the [Sigsum
-docs](https://www.sigsum.org/getting-started/).
-
 ## Usage
 
 For the full documentation, read [the age(1) man page](https://filippo.io/age/age.1).

cmd/age-keygen/keygen.go

@@ -158,5 +158,5 @@ func errorf(format string, v ...interface{}) {
 }
 
 func warning(msg string) {
-	log.Printf("age-keygen: warning: %s", msg)
+	log.Printf("age-keygen: warning: " + msg)
 }

cmd/age/age.go

@@ -11,7 +11,6 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"path/filepath"
 	"regexp"
 	"runtime/debug"
 	"strings"
@@ -224,21 +223,9 @@ func main() {
 		}
 	}
 
-	var inUseFiles []string
-	for _, i := range identityFlags {
-		if i.Type != "i" {
-			continue
-		}
-		inUseFiles = append(inUseFiles, absPath(i.Value))
-	}
-	for _, f := range recipientsFileFlags {
-		inUseFiles = append(inUseFiles, absPath(f))
-	}
-
 	var in io.Reader = os.Stdin
 	var out io.Writer = os.Stdout
 	if name := flag.Arg(0); name != "" && name != "-" {
-		inUseFiles = append(inUseFiles, absPath(name))
 		f, err := os.Open(name)
 		if err != nil {
 			errorf("failed to open input file %q: %v", name, err)
@@ -259,11 +246,6 @@ func main() {
 		}
 	}
 	if name := outFlag; name != "" && name != "-" {
-		for _, f := range inUseFiles {
-			if f == absPath(name) {
-				errorf("input and output file are the same: %q", name)
-			}
-		}
 		f := newLazyOpener(name)
 		defer func() {
 			if err := f.Close(); err != nil {
@@ -550,10 +532,3 @@ func (l *lazyOpener) Close() error {
 	}
 	return nil
 }
-
-func absPath(name string) string {
-	if abs, err := filepath.Abs(name); err == nil {
-		return abs
-	}
-	return name
-}

cmd/age/testdata/encrypted_keys.txt

@@ -2,7 +2,6 @@
 # age file password prompt during encryption
 
 [!linux] [!darwin] skip # no pty support
-[darwin] [go1.20] skip # https://go.dev/issue/61779
 
 # use an encrypted OpenSSH private key without .pub file
 age -R key_ed25519.pub -o ed25519.age input

cmd/age/testdata/output_file.txt

@@ -25,31 +25,7 @@ age -d -i key.txt -o new empty.age
 ! stderr .
 cmp new empty
 
-# https://github.com/FiloSottile/age/issues/491
-cp input inputcopy
-! age -r age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef -o inputcopy inputcopy
-stderr 'input and output file are the same'
-cmp inputcopy input
-! age -r age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef -o ./inputcopy inputcopy
-stderr 'input and output file are the same'
-cmp inputcopy input
-mkdir foo
-! age -r age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef -o inputcopy foo/../inputcopy
-stderr 'input and output file are the same'
-cmp inputcopy input
-cp key.txt keycopy
-age -e -i keycopy -o test.age input
-! age -d -i keycopy -o keycopy test.age
-stderr 'input and output file are the same'
-cmp key.txt keycopy
-
 [!linux] [!darwin] skip # no pty support
-[darwin] [go1.20] skip # https://go.dev/issue/61779
-
-ttyin terminal
-! age -p -o inputcopy inputcopy
-stderr 'input and output file are the same'
-cmp inputcopy input
 
 # https://github.com/FiloSottile/age/issues/159
 ttyin terminal

cmd/age/testdata/plugin.txt

@@ -10,15 +10,6 @@ age -d -i long-key.txt test.age
 cmp stdout input
 ! stderr .
 
-# check that path separators are rejected
-chmod 755 age-plugin-pwn/pwn
-mkdir $TMPDIR/age-plugin-pwn
-cp age-plugin-pwn/pwn $TMPDIR/age-plugin-pwn/pwn
-! age -r age1pwn/pwn19gt89dfz input
-! age -d -i pwn-identity.txt test.age
-! age -d -j pwn/pwn test.age
-! exists pwn
-
 -- input --
 test
 -- key.txt --
@@ -27,8 +18,3 @@ AGE-PLUGIN-TEST-10Q32NLXM
 age1test10pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7rc0pu8s7qj6rl8p
 -- long-key.txt --
 AGE-PLUGIN-TEST-10PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7RC0PU8S7Q5U8SUD
--- pwn-identity.txt --
-AGE-PLUGIN-PWN/PWN-19GYK4WLY
--- age-plugin-pwn/pwn --
-#!/bin/sh
-touch "$WORK/pwn"

cmd/age/testdata/scrypt.txt

@@ -1,5 +1,4 @@
 [!linux] [!darwin] skip # no pty support
-[darwin] [go1.20] skip # https://go.dev/issue/61779
 
 # encrypt with a provided passphrase
 stdin input

cmd/age/testdata/terminal.txt

@@ -1,5 +1,4 @@
 [!linux] [!darwin] skip # no pty support
-[darwin] [go1.20] skip # https://go.dev/issue/61779
 
 # controlling terminal is used instead of stdin/stderr
 ttyin terminal

doc/age-keygen.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.9.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.9.1
-.TH "AGE\-KEYGEN" "1" "June 2024" ""
+.TH "AGE\-KEYGEN" "1" "April 2023" ""
 .SH "NAME"
 \fBage\-keygen\fR \- generate age(1) key pairs
 .SH "SYNOPSIS"

doc/age-keygen.1.html

@@ -137,7 +137,7 @@ age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
 
   <ol class='man-decor man-foot man foot'>
     <li class='tl'></li>
-    <li class='tc'>June 2024</li>
+    <li class='tc'>April 2023</li>
     <li class='tr'>age-keygen(1)</li>
   </ol>
 

doc/age.1

@@ -1,6 +1,6 @@
 .\" generated with Ronn-NG/v0.9.1
 .\" http://github.com/apjanke/ronn-ng/tree/0.9.1
-.TH "AGE" "1" "June 2024" ""
+.TH "AGE" "1" "April 2023" ""
 .SH "NAME"
 \fBage\fR \- simple, modern, and secure file encryption
 .SH "SYNOPSIS"

doc/age.1.html

@@ -432,7 +432,7 @@ $ age -d -i age-yubikey-identity-388178f3.txt secrets.txt.age
 
   <ol class='man-decor man-foot man foot'>
     <li class='tl'></li>
-    <li class='tc'>June 2024</li>
+    <li class='tc'>April 2023</li>
     <li class='tr'>age(1)</li>
   </ol>
 

internal/format/format.go

@@ -201,7 +201,7 @@ func (r *StanzaReader) ReadStanza() (s *Stanza, err error) {
 		b, err := DecodeString(strings.TrimSuffix(string(line), "\n"))
 		if err != nil {
 			if bytes.HasPrefix(line, footerPrefix) || bytes.HasPrefix(line, stanzaPrefix) {
-				return nil, fmt.Errorf("malformed body line %q: stanza ended without a short line\nnote: this might be a file encrypted with an old beta version of age or rage; use age v1.0.0-beta6 or rage to decrypt it", line)
+				return nil, fmt.Errorf("malformed body line %q: stanza ended without a short line\nNote: this might be a file encrypted with an old beta version of age or rage. Use age v1.0.0-beta6 or rage to decrypt it.", line)
 			}
 			return nil, errorf("malformed body line %q: %v", line, err)
 		}

internal/stream/stream.go

@@ -12,6 +12,7 @@ import (
 	"io"
 
 	"golang.org/x/crypto/chacha20poly1305"
+	"golang.org/x/crypto/poly1305"
 )
 
 const ChunkSize = 64 * 1024
@@ -28,7 +29,7 @@ type Reader struct {
 }
 
 const (
-	encChunkSize  = ChunkSize + chacha20poly1305.Overhead
+	encChunkSize  = ChunkSize + poly1305.TagSize
 	lastChunkFlag = 0x01
 )
 

plugin/client.go

@@ -9,13 +9,13 @@ package plugin
 
 import (
 	"bufio"
+	"bytes"
 	"fmt"
 	"io"
 	"math/rand"
 	"os"
 	"path/filepath"
 	"strconv"
-	"strings"
 	"time"
 
 	exec "golang.org/x/sys/execabs"
@@ -179,9 +179,6 @@ func NewIdentity(s string, ui *ClientUI) (*Identity, error) {
 
 func NewIdentityWithoutData(name string, ui *ClientUI) (*Identity, error) {
 	s := EncodeIdentity(name, nil)
-	if s == "" {
-		return nil, fmt.Errorf("invalid plugin name: %q", name)
-	}
 	return &Identity{
 		name: name, encoding: s, ui: ui,
 	}, nil
@@ -385,6 +382,7 @@ type clientConnection struct {
 	cmd       *exec.Cmd
 	io.Reader // stdout
 	io.Writer // stdin
+	stderr    bytes.Buffer
 	close     func()
 }
 
@@ -394,8 +392,6 @@ func openClientConnection(name, protocol string) (*clientConnection, error) {
 	path := "age-plugin-" + name
 	if testOnlyPluginPath != "" {
 		path = filepath.Join(testOnlyPluginPath, path)
-	} else if strings.ContainsRune(name, os.PathSeparator) {
-		return nil, fmt.Errorf("invalid plugin name: %q", name)
 	}
 	cmd := exec.Command(path, "--age-plugin="+protocol)
 

plugin/encode.go

@@ -14,9 +14,6 @@ import (
 // EncodeIdentity encodes a plugin identity string for a plugin with the given
 // name. If the name is invalid, it returns an empty string.
 func EncodeIdentity(name string, data []byte) string {
-	if !validPluginName(name) {
-		return ""
-	}
 	s, _ := bech32.Encode("AGE-PLUGIN-"+strings.ToUpper(name)+"-", data)
 	return s
 }
@@ -33,18 +30,12 @@ func ParseIdentity(s string) (name string, data []byte, err error) {
 	}
 	name = strings.TrimSuffix(strings.TrimPrefix(hrp, "AGE-PLUGIN-"), "-")
 	name = strings.ToLower(name)
-	if !validPluginName(name) {
-		return "", nil, fmt.Errorf("invalid plugin name: %q", name)
-	}
 	return name, data, nil
 }
 
 // EncodeRecipient encodes a plugin recipient string for a plugin with the given
 // name. If the name is invalid, it returns an empty string.
 func EncodeRecipient(name string, data []byte) string {
-	if !validPluginName(name) {
-		return ""
-	}
 	s, _ := bech32.Encode("age1"+strings.ToLower(name), data)
 	return s
 }
@@ -60,21 +51,5 @@ func ParseRecipient(s string) (name string, data []byte, err error) {
 		return "", nil, fmt.Errorf("not a plugin recipient: %v", err)
 	}
 	name = strings.TrimPrefix(hrp, "age1")
-	if !validPluginName(name) {
-		return "", nil, fmt.Errorf("invalid plugin name: %q", name)
-	}
 	return name, data, nil
 }
-
-func validPluginName(name string) bool {
-	if name == "" {
-		return false
-	}
-	allowed := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-._"
-	for _, r := range name {
-		if !strings.ContainsRune(allowed, r) {
-			return false
-		}
-	}
-	return true
-}