diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2015-03-30 09:04:23 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2015-03-30 09:04:23 -0300 |
| commit | e6f6d21f9955ac7c428d8fe43def599c6bc36a8b (patch) | |
| tree | 3f7836af002df7bd20b1b4011fa78b95855ec721 /lib/keyringer | |
| parent | cffe8137d024091d0f1bee9c2484c28d2986febc (diff) | |
| parent | 347f255ec06b26a0437b653d87b5753d57d3c998 (diff) | |
| download | keyringer-e6f6d21f9955ac7c428d8fe43def599c6bc36a8b.tar.gz keyringer-e6f6d21f9955ac7c428d8fe43def599c6bc36a8b.tar.bz2 | |
Merge branch 'release/0.3.8'0.3.8
Diffstat (limited to 'lib/keyringer')
29 files changed, 273 insertions, 256 deletions
diff --git a/lib/keyringer/actions/append b/lib/keyringer/actions/append index fbb6c1c..df21e03 100755 --- a/lib/keyringer/actions/append +++ b/lib/keyringer/actions/append @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Append information into encrypted files. # diff --git a/lib/keyringer/actions/check b/lib/keyringer/actions/check index c80fa8f..a647e95 100755 --- a/lib/keyringer/actions/check +++ b/lib/keyringer/actions/check @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Check a keyring. # diff --git a/lib/keyringer/actions/commands b/lib/keyringer/actions/commands index cb49c02..4888317 100755 --- a/lib/keyringer/actions/commands +++ b/lib/keyringer/actions/commands @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Show available commands # diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit index b124927..84ead14 100755 --- a/lib/keyringer/actions/commit +++ b/lib/keyringer/actions/commit @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Git commit wrapper. # diff --git a/lib/keyringer/actions/cp b/lib/keyringer/actions/cp index 0629b61..1f4ccee 100755 --- a/lib/keyringer/actions/cp +++ b/lib/keyringer/actions/cp @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Copy secrets. # @@ -27,7 +27,10 @@ if ! echo "$ORIG" | grep -q '*' && [ ! -e "$KEYDIR/$RELATIVE_PATH/$ORIG" ]; then exit 1 fi -# Run move command +# Ensure destination folder exists +mkdir -p `dirname "$KEYDIR/$FILE"` + +# Run copy command cd "$KEYDIR" && cp -a "./$RELATIVE_PATH/$ORIG" "./$FILE" keyringer_exec git "$BASEDIR" add "keys/$FILE" cd "$CWD" diff --git a/lib/keyringer/actions/decrypt b/lib/keyringer/actions/decrypt index b63b74e..c6510ee 100755 --- a/lib/keyringer/actions/decrypt +++ b/lib/keyringer/actions/decrypt @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Decrypt files. # diff --git a/lib/keyringer/actions/del b/lib/keyringer/actions/del index d160ac4..2abc414 100755 --- a/lib/keyringer/actions/del +++ b/lib/keyringer/actions/del @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Remove files. # diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index c9f3f12..4338518 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Edit keys. # diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt index 7415267..3818fa3 100755 --- a/lib/keyringer/actions/encrypt +++ b/lib/keyringer/actions/encrypt @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Encrypt files to multiple recipients. # diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find index 9b18d66..dc9d6d1 100755 --- a/lib/keyringer/actions/find +++ b/lib/keyringer/actions/find @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Find secrets. # diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys new file mode 100755 index 0000000..f49d6d0 --- /dev/null +++ b/lib/keyringer/actions/genkeys @@ -0,0 +1,227 @@ +#!/usr/bin/env bash +# +# Generate keypairs. +# +# This script is just a wrapper to easily generate keys for +# automated systems. +# + +# Generate a keypair, ssh version +function genkeys_ssh { + echo "Make sure that $KEYDIR is atop of an encrypted volume." + read -p "Hit ENTER to continue." prompt + + # We're using empty passphrases + ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE" + + # Encrypt the result + echo "Encrypting secret key into keyringer..." + cat "$TMPWORK/id_rsa" | keyringer_exec encrypt "$BASEDIR" "$FILE" + echo "Encrypting public key into keyringer..." + cat "$TMPWORK/id_rsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" + + if [ ! -z "$OUTFILE" ]; then + mkdir -p `dirname $OUTFILE` + printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" + cat "$TMPWORK/id_rsa" > "$OUTFILE" + cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub" + fi + + echo "Done" +} + +# Generate a keypair, gpg version +function genkeys_gpg { + echo "Make sure that $KEYDIR is atop of an encrypted volume." + + passphrase="no" + passphrase_confirm="confirm" + + while [ "$passphrase" != "$passphrase_confirm" ]; do + read -s -p "Enter password for the private key: " passphrase + printf "\n" + read -s -p "Enter password again: " passphrase_confirm + printf "\n" + + if [ "$passphrase" != "$passphrase_confirm" ]; then + echo "Password don't match." + fi + done + + # TODO: insert random bytes + # TODO: custom Name-Comment and Name-Email + # TODO: allow for empty passphrases + $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF + Key-Type: RSA + Key-Length: 4096 + Subkey-Type: ELG-E + Subkey-Length: 4096 + Name-Real: $NODE + Name-Email: root@$NODE + Expire-Date: 0 + Passphrase: $passphrase + %commit +EOF + + # Encrypt the result + echo "Encrypting secret key into keyringer..." + $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE" + echo "Encrypting public key into keyringer..." + $GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" + echo "Encrypting passphrase into keyringer..." + echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd" + + if [ ! -z "$OUTFILE" ]; then + mkdir -p `dirname $OUTFILE` + printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" + $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE" + $GPG --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub" + fi + + echo "Done" +} + +# Alias +function genkeys_ssl { + genkeys_x509 $* +} + +# Generate a keypair, ssl version +function genkeys_x509 { + echo "Make sure that $KEYDIR is atop of an encrypted volume." + read -p "Hit ENTER to continue." prompt + + # Check for wildcard certs + if [ "`echo $NODE | cut -d . -f 1`" == "*" ]; then + WILDCARD="yes" + CNAME="$NODE" + NODE="`echo $NODE | sed -e 's/^\*\.//'`" + else + CNAME="${NODE}" + fi + + # Setup + cd "$TMPWORK" + + # Generate certificate +cat <<EOF >> openssl.conf +[ req ] +default_keyfile = ${NODE}_privatekey.pem +distinguished_name = req_distinguished_name +encrypt_key = no +req_extensions = v3_req # Extensions to add to certificate request +string_mask = nombstr + +[ req_distinguished_name ] +commonName_default = ${CNAME} +organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +emailAddress = Email Address +localityName = Locality +stateOrProvinceName = State +countryName = Country Name +commonName = Common Name + +[ v3_req ] +extendedKeyUsage=serverAuth,clientAuth +EOF + + # Add SubjectAltNames so wildcard certs can work correctly. + if [ "$WILDCARD" == "yes" ]; then +cat <<EOF >> openssl.conf +subjectAltName=DNS:${NODE}, DNS:${CNAME} +EOF + fi + + echo "Please review your OpenSSL configuration:" + cat openssl.conf + read -p "Hit ENTER to continue." prompt + + openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \ + -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem + + openssl req -noout -text -in ${NODE}_csr.pem + + # Self-sign + if [ "$KEYTYPE" == "ssl-self" ]; then + openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365 + chmod 600 "${NODE}_privatekey.pem" + fi + + # Encrypt the result + echo "Encrypting private key into keyringer..." + cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem" + echo "Encrypting certificate request into keyringer..." + cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr" + + if [ "$KEYTYPE" == "ssl-self" ]; then + echo "Encrypting certificate into keyringer..." + cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt" + elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then + # Remove any existing crt + keyringer_exec del "$BASEDIR" "$FILE.crt" + fi + + cd "$CWD" + + if [ ! -z "$OUTFILE" ]; then + mkdir -p `dirname $OUTFILE` + printf "Saving copies at %s\n" "`dirname $OUTFILE`" + cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem" + cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr" + + if [ -f "$TMPWORK/${NODE}.crt" ]; then + cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt" + fi + fi + + # Show cert fingerprint + if [ "$KEYTYPE" == "ssl-self" ]; then + openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint + fi + + echo "Done" +} + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# Aditional parameters +KEYTYPE="$2" +FILE="$RELATIVE_PATH/$3" +NODE="$4" +OUTFILE="$5" +CWD="`pwd`" + +# Verify +if [ -z "$NODE" ]; then + echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|x509|x509-self|ssl|ssl-self> <file> <hostname> [outfile]" + echo -e "Options:" + echo -e "\t gpg|ssh|x509[-self]|ssl|ssl[-self]: key type." + echo -e "\t file : base file name for encrypted output (relative to keys folder)," + echo -e "\t without spaces" + echo -e "\t hostname : host for the key pair" + echo -e "\t outfile : optional unencrypted output file, useful for deployment," + echo -e "\t without spaces" + exit 1 +elif [ ! -e "$KEYDIR" ]; then + echo "Folder not found: $KEYDIR, leaving" + exit 1 +fi + +# Set a tmp file +keyringer_set_tmpfile genpair -d + +# Dispatch +echo "Generating $KEYTYPE key for $NODE..." +if [ "$KEYTYPE" == "ssl-self" ] || [ "$KEYTYPE" == "x509-self" ]; then + genkeys_x509 +else + genkeys_"$KEYTYPE" +fi + +# Cleanup +cd "$CWD" +rm -rf "$TMPWORK" +trap - EXIT diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair index 6fc6dcd..d936499 100755..120000 --- a/lib/keyringer/actions/genpair +++ b/lib/keyringer/actions/genpair @@ -1,222 +1 @@ -#!/bin/bash -# -# Generate keypairs. -# -# This script is just a wrapper to easily generate keys for -# automated systems. -# - -# Generate a keypair, ssh version -function genpair_ssh { - echo "Make sure that $KEYDIR is atop of an encrypted volume." - read -p "Hit ENTER to continue." prompt - - # We're using empty passphrases - ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE" - - # Encrypt the result - echo "Encrypting secret key into keyringer..." - cat "$TMPWORK/id_rsa" | keyringer_exec encrypt "$BASEDIR" "$FILE" - echo "Encrypting public key into keyringer..." - cat "$TMPWORK/id_rsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" - - if [ ! -z "$OUTFILE" ]; then - mkdir -p `dirname $OUTFILE` - printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" - cat "$TMPWORK/id_rsa" > "$OUTFILE" - cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub" - fi - - echo "Done" -} - -# Generate a keypair, gpg version -function genpair_gpg { - echo "Make sure that $KEYDIR is atop of an encrypted volume." - - passphrase="no" - passphrase_confirm="confirm" - - while [ "$passphrase" != "$passphrase_confirm" ]; do - read -s -p "Enter password for the private key: " passphrase - printf "\n" - read -s -p "Enter password again: " passphrase_confirm - printf "\n" - - if [ "$passphrase" != "$passphrase_confirm" ]; then - echo "Password don't match." - fi - done - - # TODO: insert random bytes - # TODO: custom Name-Comment and Name-Email - # TODO: allow for empty passphrases - $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF - Key-Type: RSA - Key-Length: 4096 - Subkey-Type: ELG-E - Subkey-Length: 4096 - Name-Real: $NODE - Name-Email: root@$NODE - Expire-Date: 0 - Passphrase: $passphrase - %commit -EOF - - # Encrypt the result - echo "Encrypting secret key into keyringer..." - $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE" - echo "Encrypting public key into keyringer..." - $GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" - echo "Encrypting passphrase into keyringer..." - echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd" - - if [ ! -z "$OUTFILE" ]; then - mkdir -p `dirname $OUTFILE` - printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" - $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE" - $GPG --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub" - fi - - echo "Done" -} - -# Generate a keypair, ssl version -function genpair_ssl { - echo "Make sure that $KEYDIR is atop of an encrypted volume." - read -p "Hit ENTER to continue." prompt - - # Check for wildcard certs - if [ "`echo $NODE | cut -d . -f 1`" == "*" ]; then - WILDCARD="yes" - CNAME="$NODE" - NODE="`echo $NODE | sed -e 's/^\*\.//'`" - else - CNAME="${NODE}" - fi - - # Setup - cd "$TMPWORK" - - # Generate certificate -cat <<EOF >> openssl.conf -[ req ] -default_keyfile = ${NODE}_privatekey.pem -distinguished_name = req_distinguished_name -encrypt_key = no -req_extensions = v3_req # Extensions to add to certificate request -string_mask = nombstr - -[ req_distinguished_name ] -commonName_default = ${CNAME} -organizationName = Organization Name -organizationalUnitName = Organizational Unit Name -emailAddress = Email Address -localityName = Locality -stateOrProvinceName = State -countryName = Country Name -commonName = Common Name - -[ v3_req ] -extendedKeyUsage=serverAuth,clientAuth -EOF - - # Add SubjectAltNames so wildcard certs can work correctly. - if [ "$WILDCARD" == "yes" ]; then -cat <<EOF >> openssl.conf -subjectAltName=DNS:${NODE}, DNS:${CNAME} -EOF - fi - - echo "Please review your OpenSSL configuration:" - cat openssl.conf - read -p "Hit ENTER to continue." prompt - - openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \ - -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem - - openssl req -noout -text -in ${NODE}_csr.pem - - # Self-sign - if [ "$KEYTYPE" == "ssl-self" ]; then - openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365 - chmod 600 "${NODE}_privatekey.pem" - fi - - # Encrypt the result - echo "Encrypting private key into keyringer..." - cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem" - echo "Encrypting certificate request into keyringer..." - cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr" - - if [ "$KEYTYPE" == "ssl-self" ]; then - echo "Encrypting certificate into keyringer..." - cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt" - elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then - # Remove any existing crt - keyringer_exec del "$BASEDIR" "$FILE.crt" - fi - - cd "$CWD" - - if [ ! -z "$OUTFILE" ]; then - mkdir -p `dirname $OUTFILE` - printf "Saving copies at %s\n" "`dirname $OUTFILE`" - cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem" - cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr" - - if [ -f "$TMPWORK/${NODE}.crt" ]; then - cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt" - fi - fi - - # Show cert fingerprint - if [ "$KEYTYPE" == "ssl-self" ]; then - openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint - fi - - echo "Done" -} - -# Load functions -LIB="`dirname $0`/../functions" -source "$LIB" || exit 1 - -# Aditional parameters -KEYTYPE="$2" -FILE="$RELATIVE_PATH/$3" -NODE="$4" -OUTFILE="$5" -CWD="`pwd`" - -# Verify -if [ -z "$NODE" ]; then - echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]" - echo -e "Options:" - echo -e "\t gpg|ssh|ssl[-self]: key type." - echo -e "\t file : base file name for encrypted output (relative to keys folder)," - echo -e "\t without spaces" - echo -e "\t hostname : host for the key pair" - echo -e "\t outfile : optional unencrypted output file, useful for deployment," - echo -e "\t without spaces" - exit 1 -elif [ ! -e "$KEYDIR" ]; then - echo "Folder not found: $KEYDIR, leaving" - exit 1 -fi - -# Set a tmp file -keyringer_set_tmpfile genpair -d - -# Dispatch -echo "Generating $KEYTYPE key for $NODE..." -if [ "$KEYTYPE" == "ssl-self" ]; then - genpair_ssl -else - genpair_"$KEYTYPE" -fi - -# Cleanup -cd "$CWD" -rm -rf "$TMPWORK" -trap - EXIT +genkeys
\ No newline at end of file diff --git a/lib/keyringer/actions/git b/lib/keyringer/actions/git index 059b20e..218273f 100755 --- a/lib/keyringer/actions/git +++ b/lib/keyringer/actions/git @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Git wrapper. # diff --git a/lib/keyringer/actions/ls b/lib/keyringer/actions/ls index 93f5f75..b992ad4 100755 --- a/lib/keyringer/actions/ls +++ b/lib/keyringer/actions/ls @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # List keys. # diff --git a/lib/keyringer/actions/mkdir b/lib/keyringer/actions/mkdir index b31eb0b..63442a4 100755 --- a/lib/keyringer/actions/mkdir +++ b/lib/keyringer/actions/mkdir @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Create folders. # diff --git a/lib/keyringer/actions/mv b/lib/keyringer/actions/mv index daac7b0..2324145 100755 --- a/lib/keyringer/actions/mv +++ b/lib/keyringer/actions/mv @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Move secrets. # diff --git a/lib/keyringer/actions/options b/lib/keyringer/actions/options index b210e1a..eea73e8 100755 --- a/lib/keyringer/actions/options +++ b/lib/keyringer/actions/options @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Repository options management. # diff --git a/lib/keyringer/actions/preferences b/lib/keyringer/actions/preferences index 114f9ac..6e36ef4 100755 --- a/lib/keyringer/actions/preferences +++ b/lib/keyringer/actions/preferences @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Manipulate user preferences. # diff --git a/lib/keyringer/actions/recipients b/lib/keyringer/actions/recipients index 4149786..29f9d38 100755 --- a/lib/keyringer/actions/recipients +++ b/lib/keyringer/actions/recipients @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Recipient management. # diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt index 30c9254..5dce1ba 100755 --- a/lib/keyringer/actions/recrypt +++ b/lib/keyringer/actions/recrypt @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Re-encrypt files to multiple recipients. # diff --git a/lib/keyringer/actions/rmdir b/lib/keyringer/actions/rmdir index 398cf11..da7abe5 100755 --- a/lib/keyringer/actions/rmdir +++ b/lib/keyringer/actions/rmdir @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Remove folders. # diff --git a/lib/keyringer/actions/shell b/lib/keyringer/actions/shell index ab170b1..491fe0a 100755 --- a/lib/keyringer/actions/shell +++ b/lib/keyringer/actions/shell @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Interactive shell. # diff --git a/lib/keyringer/actions/teardown b/lib/keyringer/actions/teardown index 64da740..5bfb121 100755 --- a/lib/keyringer/actions/teardown +++ b/lib/keyringer/actions/teardown @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Remove a keyring. # diff --git a/lib/keyringer/actions/tree b/lib/keyringer/actions/tree index 8f9d7cd..9c09bfc 100755 --- a/lib/keyringer/actions/tree +++ b/lib/keyringer/actions/tree @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # List keys, tree version. # diff --git a/lib/keyringer/actions/usage b/lib/keyringer/actions/usage index 2ca7639..15096a0 100755 --- a/lib/keyringer/actions/usage +++ b/lib/keyringer/actions/usage @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Show available commands # diff --git a/lib/keyringer/actions/xclip b/lib/keyringer/actions/xclip index 7afdf05..0e60bbd 100755 --- a/lib/keyringer/actions/xclip +++ b/lib/keyringer/actions/xclip @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Decrypt secret header to clipboard. # diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer index 27cf919..fc952eb 100644 --- a/lib/keyringer/completions/bash/keyringer +++ b/lib/keyringer/completions/bash/keyringer @@ -93,12 +93,12 @@ _keyringer() { recipients) opts="ls edit" ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find) + ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find|mv|cp) cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" ;; - genpair) - opts="gpg ssh ssl ssl-self" + genkeys|genpair) + opts="gpg ssh x509 x509-self ssl ssl-self" ;; git) opts="$(_keyringer_git_complete ${cur})" @@ -112,11 +112,15 @@ _keyringer() { esac elif [ "${#COMP_WORDS[@]}" == "5" ]; then case "${command}" in + mv|cp) + cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash + opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" + ;; recipients) cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(cd $path/config/recipients && ls --color=never -p ${cur}* 2> /dev/null)" ;; - genpair) + genkeys|genpair) cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" ;; diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer index ab95c3d..d4b89b1 100644 --- a/lib/keyringer/completions/zsh/_keyringer +++ b/lib/keyringer/completions/zsh/_keyringer @@ -49,12 +49,12 @@ _keyringer() { recipients) compadd "$@" ls edit ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find) + ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|find|mv|cp) words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null) ;; - genpair) - compadd "$@" gpg ssh ssl ssl-self + genkeys|genpair) + compadd "$@" gpg ssh x509 x509-self ssl ssl-self ;; git) compadd "$@" $(_keyringer_git_complete $words[4]) @@ -68,11 +68,15 @@ _keyringer() { ;; misc) case "$words[3]" in + mv|cp) + words[5]="`echo $words[5] | sed -e "s|^/*||"`" # avoid leading slash + compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null) + ;; recipients) words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash compadd "$@" $(cd $keyring_path/config/recipients && ls --color=never -p $words[5]* 2> /dev/null) ;; - genpair) + genkeys|genpair) words[5]="$(echo $words[5] | sed -e "s|^/||")" # TODO: avoid leading slash compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[5]'*' 2> /dev/null) ;; diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 42c047d..ab519b2 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Common functions. # |