Change name to hc-passphrase just for PyPI

Fix Makefile: move mktemp sentence down into the install-common step to avoid
the creation of a tempdir each time make is executed.
Fix MANIFEST: the name was wrong!
Add pip instructions in README, plus some bagdes. Add a Dockerfile example in
DEVELOPERS.
Bump version to rc2.

DEVELOPERS.md

@@ -10,6 +10,14 @@ If you want to develope or contribute to this project, you can quickly start by
 
 Every contribution must be acompanied by it's tests. As a general guideline, follow PEP8 (flake8 must run without warnings) and prefer Exceptions over assumptions. Try hard on not to add dependencies: I'm going to reject PRs with external dependencies that are not entirely justified (and for this project in particular, having 0 dependencies is very important).
 
+Not sure on what to contribute with? Here you go:
+
+* Solve opened issues.
+* Review PRs.
+* Add support for unsupported OSes.
+* Improve code quality or provide code reviews.
+* Improve current tests or add new ones.
+
 ## About the package
 
 **Passphrase** modules were written with usability and security in mind. Most, if not all, methods and functions will severily restrict the data type it can process; this is to avoid unexpected issues. The library always prefers to fail (raise exception) instead of doing something wrong, so when in doubt during implementation, i.e. when using parameters from the user, use a `try-except` block.
@@ -53,8 +61,8 @@ Run `make test` or `nosetests -v`. Remove the `-v` if you don't want a verbose o
 ## How to use it as a package
 
 Download the files, preferrably fom the [latest release](https://github.com/HacKanCuBa/passphrase-py/releases/latest) - releases are always signed -. Once downloaded and verified, use `setup.py` to install (I let you decide whether to use virtualenv or not): `./setup.py install`. You can also do `make package-install` with the same outcome. Run it with `sudo` or elevated privileges to install it system-wide.  
-Using *pip* for installation is not recommended given that it's very insecure.  
-To uninstall, run `make package-uninstall` or `pip uninstall passphrase`.  
+Using *pip* for installation is not recommended given that it's very insecure. But if you insist, just do `pip install hc-passphrase`.  
+To uninstall, run `make package-uninstall` or `pip uninstall hc-passphrase`.  
 
 Please let me know if you use this in your app, I would love that :)
 
@@ -129,6 +137,27 @@ def generate_password() -> str:
     return proposedPassword
 ```
 
+#### Docker
+
+To securely use it in a Dockerfile, do:
+
+```
+ENV PASSPHRASE_VERSION 1.0.0
+
+RUN gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys 0x35710D312FDE468B
+RUN wget -O /tmp/passphrase-v${PASSPHRASE_VERSION}.tar.gz https://github.com/HacKanCuBa/passphrase-py/archive/v${PASSPHRASE_VERSION}.tar.gz
+RUN wget -O /tmp/passphrase-v${PASSPHRASE_VERSION}.tar.gz.sig https://github.com/HacKanCuBa/passphrase-py/releases/download/v1.0.0rc1/passphrase-v${PASSPHRASE_VERSION}.tar.gz.sig
+RUN gpg --trust-model always --verify /tmp/passphrase-v${PASSPHRASE_VERSION}.tar.gz.sig /tmp/passphrase-v${PASSPHRASE_VERSION}.tar.gz \
+    && cd /tmp \
+    && tar -xf passphrase-v${PASSPHRASE_VERSION}.tar.gz \
+    && cd passphrase-py-${PASSPHRASE_VERSION} \
+    && make package-install
+```
+
+It doesn't matter which OS is the base, as long as it has GnuPG package installed (either versions 1.4+ or 2+).
+
+You can also just `pip install hc-passphrase` but, again, it's insecure. Yeah, I know: it's a single line vs. all that... If only *pip* used some crypto...
+
 ## License
 
 **Passphrase** is made by [HacKan](https://hackan.net) under GNU GPL v3.0+. You are free to use, share, modify and share modifications under the terms of that [license](LICENSE).

MANIFEST.rst → MANIFEST.in

@@ -1,3 +1,3 @@
 include LICENSE
 include README.md
-include requirements.txt
+include DEVELOPERS.md

Makefile

@@ -5,7 +5,6 @@ ALTPREFIX ?= $(HOME)/.local
 DESTDIR ?=
 BINDIR ?= /bin
 MANDIR ?= /share/man
-TMPDIR := $(shell mktemp -d --tmpdir "passphrase.XXXXXXXXXX")
 
 all:
 	@echo "Passphrase by HacKan (https://hackan.net)"
@@ -28,9 +27,10 @@ package-install:
 	python3 setup.py install
 
 package-uninstall:
-	pip uninstall passphrase
+	pip uninstall hc-passphrase
 
 install-common:
+	$(eval TMPDIR := $(shell mktemp -d --tmpdir "passphrase.XXXXXXXXXX"))
 	mkdir $(TMPDIR)/src/
 	cp -f passphrase/*.py $(TMPDIR)/src/
 	@sed -i "s/from .passphrase/from passphrase/g; s/from .settings/from settings/g; s/from .aux/from aux/g" "$(TMPDIR)/src/__main__.py"

README.md

@@ -1,4 +1,6 @@
 [![GitHub license](https://img.shields.io/github/license/hackancuba/passphrase-py.svg)](https://github.com/HacKanCuBa/passphrase-py/blob/master/LICENSE) 
+[![PyPI pyversions](https://img.shields.io/pypi/pyversions/hc-passphrase.svg)](https://pypi.python.org/pypi/hc-passphrase/) 
+[![PyPI version](https://badge.fury.io/py/hc-passphrase.svg)](https://badge.fury.io/py/hc-passphrase) 
 [![GitHub release](https://img.shields.io/github/release/hackancuba/passphrase-py.svg)](https://github.com/hackancuba/passphrase-py/releases/) 
 [![GitHub version](https://badge.fury.io/gh/hackancuba%2Fpassphrase-py.svg)](https://badge.fury.io/gh/hackancuba%2Fpassphrase-py) 
 [![Build Status](https://travis-ci.org/HacKanCuBa/passphrase-py.svg?branch=master)](https://travis-ci.org/HacKanCuBa/passphrase-py) 
@@ -9,6 +11,8 @@
 
 Its security is based on Python's [os.urandom](https://docs.python.org/3/library/os.html#os.urandom) to get cryptographically secure random bits to make an integer number. It also makes use of the [EFF's Large Wordlist](https://www.eff.org/es/document/passphrase-wordlists) as words reference for passphrases.
 
+**Who is this tool for**: **Passphrase** is a library and a CLI tool, thus its intended audience are developers and advanced users that love to use the terminal :)
+
 A secure passphrase must be of at least 6 words, but 7 is better, and maybe you can add a random number to the list. If you need a password, make it bigger than 8 characters ([NIST's latest recommendation](https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/)), and prefer more than 12 (I recommend 16 or more). Passwords are comprised of digits, upper and lowercase letters and punctuation symbols - more specifically: `ascii_lowercase`, `ascii_uppercase`, `digits` and `punctuation` from [Lib/string](https://docs.python.org/3.6/library/string.html#string-constants) -.
 
 Those settings mentioned are specifically for the EFF's Large Wordlist. If you specify a different wordlist, the minimum amount of words for a passphrase to be secure changes: for shorter lists, the amount increases. The minimum secure amount of words (for a passphrase) or characters (for a password) are calculated by **Passphrase** and a warning is shown if the chosen number is too low (when used as a script), by calculating the list's entropy.
@@ -31,6 +35,8 @@ It might work with Python 3.2+, but I won't give support to old Python versions.
 **Passphrase** can be used as a *package* in other apps, or as a *stand-alone script*.  
 Start by downloading the files, preferrably fom the [latest release](https://github.com/HacKanCuBa/passphrase-py/releases/latest) - releases are always signed -.
 
+You can also use *[pip](https://pypi.python.org/pypi/hc-passphrase)* but I discourage it, given that there's no cryptographic verification of signatures nor hashes at all.
+
 ### As a package
 
 Check the [developers guide](https://github.com/HacKanCuBa/passphrase-py/blob/master/DEVELOPERS.md).
@@ -41,6 +47,8 @@ Once downloaded and verified, you can install it with `setup.py install` or `mak
 
 To uninstall, run respectively `make package-uninstall`, `make uninstall` or `make altuninstall`.
 
+Another option is to run `pip install --user hc-passphrase` (for user-wide installation) or `pip install hc-passphrase` (for system-wide installation), but I advise against this way given that pip doesn't do any cryptographic verification of signatures nor hashes at all.
+
 #### Examples of use
 
 Check the [man page](https://github.com/HacKanCuBa/passphrase-py/blob/master/man/passphrase.md) for more information.
@@ -194,6 +202,8 @@ v0.4.8        | 35.6         | 0.83             | +16%
 v0.5.0        | 35.6         | 0.83             | +0%
 v0.5.1        | 37.5         | 0.87             | +5%
 v1.0.0rc0     | 37.3         | 0.87             | -0%
+v1.0.0rc1     | 37.3         | 0.87             | +0%
+v1.0.0rc2     | 37.3         | 0.87             | +0%
 
 You can try it yourself: download each release, unpack it and time it.  
 The command to run, depending on the release version, is:

README.rst

@@ -1,4 +1,5 @@
-|GitHub license| |GitHub release| |GitHub version| |Build Status|
+|GitHub license| |PyPI pyversions| |PyPI version| |GitHub release|
+|GitHub version| |Build Status|
 
 Passphrase
 ==========
@@ -16,6 +17,10 @@ also makes use of the `EFF's Large
 Wordlist <https://www.eff.org/es/document/passphrase-wordlists>`__ as
 words reference for passphrases.
 
+**Who is this tool for**: **Passphrase** is a library and a CLI tool,
+thus its intended audience are developers and advanced users that love
+to use the terminal :)
+
 A secure passphrase must be of at least 6 words, but 7 is better, and
 maybe you can add a random number to the list. If you need a password,
 make it bigger than 8 characters (`NIST's latest
@@ -64,6 +69,10 @@ How to use it
   release <https://github.com/HacKanCuBa/passphrase-py/releases/latest>`__
   - releases are always signed -.
 
+You can also use *`pip <https://pypi.python.org/pypi/hc-passphrase>`__*
+but I discourage it, given that there's no cryptographic verification of
+signatures nor hashes at all.
+
 As a package
 ~~~~~~~~~~~~
 
@@ -82,6 +91,12 @@ plus install the man page.
 To uninstall, run respectively ``make package-uninstall``,
 ``make uninstall`` or ``make altuninstall``.
 
+Another option is to run ``pip install --user hc-passphrase`` (for
+user-wide installation) or ``pip install hc-passphrase`` (for
+system-wide installation), but I advise against this way given that pip
+doesn't do any cryptographic verification of signatures nor hashes at
+all.
+
 Examples of use
 ^^^^^^^^^^^^^^^
 
@@ -348,6 +363,10 @@ the terms of that
 
 .. |GitHub license| image:: https://img.shields.io/github/license/hackancuba/passphrase-py.svg
    :target: https://github.com/HacKanCuBa/passphrase-py/blob/master/LICENSE
+.. |PyPI pyversions| image:: https://img.shields.io/pypi/pyversions/hc-passphrase.svg
+   :target: https://pypi.python.org/pypi/hc-passphrase/
+.. |PyPI version| image:: https://badge.fury.io/py/hc-passphrase.svg
+   :target: https://badge.fury.io/py/hc-passphrase
 .. |GitHub release| image:: https://img.shields.io/github/release/hackancuba/passphrase-py.svg
    :target: https://github.com/hackancuba/passphrase-py/releases/
 .. |GitHub version| image:: https://badge.fury.io/gh/hackancuba%2Fpassphrase-py.svg

passphrase/__main__.py

@@ -34,7 +34,7 @@
 
 __author__ = 'HacKan'
 __license__ = 'GNU GPL 3.0+'
-__version__ = '1.0.0rc1'
+__version__ = '1.0.0rc2'
 __version_string__ = (
     'Passphrase v{}\nby HacKan (https://hackan.net) FOSS '
     'under GNU GPL v3.0 or newer'.format(__version__)

setup.cfg

@@ -1,2 +1,6 @@
 [nosetests]
-verbose=1
+verbose = 1
+
+[upload]
+sign = true
+identity = [email protected]

setup.py

@@ -9,7 +9,7 @@ def readme():
 
 
 setup(
-    name='passphrase',
+    name='hc-passphrase',
     version=passphrase_version,
     description='Generates cryptographically secure passphrases and '
                 'passwords',
@@ -33,7 +33,7 @@ def readme():
     ],
     keywords='cryptography passphrase password security',
     url='http://github.com/hackancuba/passphrase-py',
-    download_url='https://github.com/HacKanCuBa/passphrase-py/archive/v1.0.0rc1.tar.gz',
+    download_url='https://github.com/HacKanCuBa/passphrase-py/archive/v{}.tar.gz'.format(passphrase_version),
     author='HacKan',
     author_email='[email protected]',
     license='GNU GPL 3.0+',