FHS compliance (closes #18)

17 files changed, 0 insertions, 610 deletions

diff --git a/share/keyringer/append b/share/keyringer/append
deleted file mode 100755
index bcc9e5e..0000000
--- a/share/keyringer/append
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-#
-# Append information into encrypted files.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-# Get file
-keyringer_get_file "$2"
-
-OLDIFS="$IFS"
-IFS=$'\n'
-
-CONTENT=($(keyringer_exec decrypt "$BASEDIR" "$FILE"))
-
-if [ "$BASENAME" == "append" ]; then
-  # only display directions if we're running append, not append-batch
-  printf "\n%s currently has %d lines\n\n" "$FILE" "${#CONTENT[@]}"
-  printf "Now please write the content to be appended on %s, finnishing with Ctrl-D:\n" "$FILE"
-fi
-
-# FIXME: dkg doesn't know how to check that this does proper escaping
-# (2010-11-16)
-
-APPEND=($(cat -))
-
-NEW=( ${CONTENT[@]} ${APPEND[@]} )
-
-for element in $(seq 0 $((${#NEW[@]} - 1))); do
-  echo ${NEW[$element]}
-done | keyringer_exec encrypt-batch $BASEDIR $FILE
-
-err="$?"
-
-if [ "$err" != "0" ]; then
-  exit "$err"
-fi
-
-IFS="$OLDIFS"
diff --git a/share/keyringer/append-batch b/share/keyringer/append-batch
deleted file mode 120000
index 6b140f7..0000000
--- a/share/keyringer/append-batch
+++ /dev/null
@@ -1 +0,0 @@
-append
\ No newline at end of file
diff --git a/share/keyringer/commands b/share/keyringer/commands
deleted file mode 100755
index 139725a..0000000
--- a/share/keyringer/commands
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-#
-# Show available commands
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-keyringer_show_actions
diff --git a/share/keyringer/decrypt b/share/keyringer/decrypt
deleted file mode 100755
index bab9b34..0000000
--- a/share/keyringer/decrypt
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-#
-# Decrypt files.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-# Get file
-keyringer_get_file "$2"
-
-# Decrypt
-$GPG --quiet --use-agent -d "$KEYDIR/$FILE"
-
-# Exit
-exit "$?"
diff --git a/share/keyringer/del b/share/keyringer/del
deleted file mode 100755
index 4eca0e3..0000000
--- a/share/keyringer/del
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-#
-# Remove files.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-# Get file
-keyringer_get_file "$2"
-
-# Remove
-if [ -d "$BASEDIR/.git" ]; then
-  keyringer_exec git "$BASEDIR" rm "keys/$FILE"
-fi
diff --git a/share/keyringer/edit b/share/keyringer/edit
deleted file mode 100755
index fe05ecc..0000000
--- a/share/keyringer/edit
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-#
-# Edit keys.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-# Get file
-keyringer_get_file "$2"
-
-# Set recipients file
-keyringer_set_recipients "$FILE"
-
-# Warn user
-echo "Make sure that $BASEDIR is atop of an encrypted volume."
-
-# Set a tmp file
-keyringer_set_tmpfile edit
-
-# Decrypt the information to the file
-$GPG --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE"
-
-if [ "$BASENAME" == "edit" ]; then
-  APP="$EDITOR"
-elif [ "$BASENAME" == "open" ]; then
-  if which xdg-open &> /dev/null; then
-    APP="xdg-open"
-  else
-    echo "You should have xdg-open application to perform this action, aborting."
-    exit 1
-  fi
-fi
-
-# Prompt
-echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort"
-read key
-$APP "$TMPWORK"
-
-# Encrypt again
-$GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK"
-
-# Remove temp file
-keyringer_unset_tmpfile "$TMPWORK"
diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt
deleted file mode 100755
index ac305a4..0000000
--- a/share/keyringer/encrypt
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-#
-# Encrypt files to multiple recipients.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-# Aditional parameters
-if [ ! -z "$3" ]; then
-  UNENCRYPTED_FILE="$2"
-  shift 2
-  keyringer_get_new_file "$*"
-
-  if [ ! -f "$UNENCRYPTED_FILE" ]; then
-    echo "Error: cannot encrypted $UNENCRYPTED_FILE: file not found."
-    exit 1
-  fi
-else
-  UNENCRYPTED_FILE="-"
-  shift
-  keyringer_get_new_file $*
-fi
-
-# Set recipients file
-keyringer_set_recipients "$FILE"
-
-# Encrypt
-mkdir -p "$KEYDIR/`dirname $FILE`"
-
-if [ "$BASENAME" == "encrypt" ]; then
-  # Only display directions if we're running encrypt, not encrypt-batch
-  if [ "$UNENCRYPTED_FILE" == "-" ]; then
-    echo "Type your message and finish your input with EOF (Ctrl-D)."
-  fi
-fi
-
-$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$FILE" $UNENCRYPTED_FILE
-
-err="$?"
-
-if [ "$err" != "0" ]; then
-  exit "$err"
-fi
-
-if [ "$UNENCRYPTED_FILE" != "-" ]; then
-  echo "Now make to wipe the non-encrypted $UNENCRYPTED_FILE."
-fi
-
-# Stage
-if [ -d "$BASEDIR/.git" ]; then
-  keyringer_exec git "$BASEDIR" add "keys/$FILE"
-fi
-
-exit "$?"
diff --git a/share/keyringer/encrypt-batch b/share/keyringer/encrypt-batch
deleted file mode 120000
index 8267197..0000000
--- a/share/keyringer/encrypt-batch
+++ /dev/null
@@ -1 +0,0 @@
-encrypt
\ No newline at end of file
diff --git a/share/keyringer/genpair b/share/keyringer/genpair
deleted file mode 100755
index f977714..0000000
--- a/share/keyringer/genpair
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/bash
-#
-# Generate keypairs.
-#
-# This script is just a wrapper to easily generate keys for
-# automated systems.
-# 
-
-# Generate a keypair, ssh version
-function genpair_ssh {
-  echo "Make sure that $KEYDIR is atop of an encrypted volume."
-  read -p "Hit ENTER to continue." prompt
-
-  # We're using empty passphrases
-  ssh-keygen -t rsa -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
-
-  # Encrypt the result
-  echo "Encrypting secret key into keyringer..."
-  cat "$TMPWORK/id_rsa"     | keyringer_exec encrypt "$BASEDIR" "$FILE"
-  echo "Encrypting public key into keyringer..."
-  cat "$TMPWORK/id_rsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
-
-  if [ ! -z "$OUTFILE" ]; then
-    mkdir -p `dirname $OUTFILE`
-    printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
-    cat "$TMPWORK/id_rsa"     > "$OUTFILE"
-    cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub"
-  fi
-
-  echo "Done"  
-}
-
-# Generate a keypair, gpg version
-function genpair_gpg {
-  echo "Make sure that $KEYDIR is atop of an encrypted volume."
-
-  passphrase="no"
-  passphrase_confirm="confirm"
-
-  while [ "$passphrase" != "$passphrase_confirm" ]; do
-    read -s -p "Enter password for the private key: " passphrase
-    printf "\n"
-    read -s -p "Enter password again: " passphrase_confirm
-    printf "\n"
-
-    if [ "$passphrase" != "$passphrase_confirm" ]; then
-      echo "Password don't match."
-    fi
-  done
-  
-  # TODO: insert random bytes
-  # TODO: custom Name-Comment and Name-Email
-  # TODO: allow for empty passphrases
-  $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF
-    Key-Type: RSA
-    Key-Length: 4096
-    Subkey-Type: ELG-E
-    Subkey-Length: 4096
-    Name-Real: $NODE
-    Name-Email: root@$NODE
-    Expire-Date: 0
-    Passphrase: $passphrase
-    %commit
-EOF
-
-  # Encrypt the result
-  echo "Encrypting secret key into keyringer..."
-  $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE"
-  echo "Encrypting public key into keyringer..."
-  $GPG --armor --homedir "$TMPWORK" --export             | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
-  echo "Encrypting passphrase into keyringer..."
-  echo "Passphrase for $FILE: $passphrase"               | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
-
-  if [ ! -z "$OUTFILE" ]; then
-    mkdir -p `dirname $OUTFILE`
-    printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
-    $GPG --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE"
-    $GPG --armor --homedir "$TMPWORK" --export             > "$OUTFILE.pub"
-  fi
-
-  echo "Done"  
-}
-
-# Generate a keypair, ssl version
-function genpair_ssl {
-  echo "Make sure that $KEYDIR is atop of an encrypted volume."
-  read -p "Hit ENTER to continue." prompt
-
-  # Check for wildcard certs
-  if [ "`echo $NODE | cut -d . -f 1`" == "*" ]; then
-    WILDCARD="yes"
-    CNAME="$NODE"
-    NODE="`echo $NODE | sed -e 's/^\*\.//'`"
-  else
-    CNAME="${NODE}"
-  fi
-
-  # Setup
-  cd "$TMPWORK"
-
-  # Generate certificate
-cat <<EOF >> openssl.conf
-[ req ]
-default_keyfile         = ${NODE}_privatekey.pem
-distinguished_name      = req_distinguished_name
-encrypt_key             = no
-req_extensions          = v3_req # Extensions to add to certificate request
-string_mask             = nombstr
-
-[ req_distinguished_name ]
-commonName_default              = ${CNAME}
-organizationName                = Organization Name
-organizationalUnitName          = Organizational Unit Name
-emailAddress                    = Email Address
-localityName                    = Locality
-stateOrProvinceName             = State
-countryName                     = Country Name
-commonName                      = Common Name
-
-[ v3_req ]
-extendedKeyUsage=serverAuth,clientAuth
-EOF
-
-  # Add SubjectAltNames so wildcard certs can work correctly.
-  if [ "$WILDCARD" == "yes" ]; then
-cat <<EOF >> openssl.conf
-subjectAltName=DNS:${NODE}, DNS:${CNAME}
-EOF
-  fi
-
-  echo "Please review your OpenSSL configuration:"
-  cat openssl.conf
-  read -p "Hit ENTER to continue." prompt
-
-  openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \
-          -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
-
-  openssl req -noout -text -in ${NODE}_csr.pem
-
-  # Self-sign
-  if [ "$KEYTYPE" == "ssl-self" ]; then
-    openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365
-    chmod 600 "${NODE}_privatekey.pem"
-  fi
-
-  # Encrypt the result
-  echo "Encrypting private key into keyringer..."
-  cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
-  echo "Encrypting certificate request into keyringer..."
-  cat "${NODE}_csr.pem"        | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
-  
-  if [ "$KEYTYPE" == "ssl-self" ]; then
-    echo "Encrypting certificate into keyringer..."
-    cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
-  elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then
-    # Remove any existing crt
-    keyringer_exec del "$BASEDIR" "$FILE.crt"
-  fi
-
-  cd "$CWD"
-
-  if [ ! -z "$OUTFILE" ]; then
-    mkdir -p `dirname $OUTFILE`
-    printf "Saving copies at %s\n" "`dirname $OUTFILE`"
-    cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem"
-    cat "$TMPWORK/${NODE}_csr.pem"        > "$OUTFILE.csr"
-
-    if [ -f "$TMPWORK/${NODE}.crt" ]; then
-      cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt"
-    fi
-  fi
-
-  # Show cert fingerprint
-  if [ "$KEYTYPE" == "ssl-self" ]; then
-    openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint
-  fi
-
-  echo "Done"
-}
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer"
-source "$LIB/functions" || exit 1
-
-# Aditional parameters
-KEYTYPE="$2"
-FILE="$3"
-NODE="$4"
-OUTFILE="$5"
-CWD="`pwd`"
-
-# Verify
-if [ -z "$NODE" ]; then
-  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
-  echo -e "Options:"
-  echo -e "\t gpg|ssh|ssl[-self]: key type."
-  echo -e "\t file                      : base file name for encrypted output (relative to keys folder),"
-  echo -e "\t                             without spaces"
-  echo -e "\t hostname                  : host for the key pair"
-  echo -e "\t outfile                   : optional unencrypted output file, useful for deployment,"
-  echo -e "\t                             without spaces"
-  exit 1
-elif [ ! -e "$KEYDIR" ]; then
-  echo "Folder not found: $KEYDIR, leaving"
-  exit 1
-fi
-
-# Set a tmp file
-keyringer_set_tmpfile genpair -d
-
-# Dispatch
-echo "Generating $KEYTYPE key for $NODE..."
-if [ "$KEYTYPE" == "ssl-self" ]; then
-  genpair_ssl
-else
-  genpair_"$KEYTYPE"
-fi
-
-# Cleanup
-cd "$CWD"
-rm -rf "$TMPWORK"
-trap - EXIT
diff --git a/share/keyringer/git b/share/keyringer/git
deleted file mode 100755
index cd2a188..0000000
--- a/share/keyringer/git
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-#
-# Git wrapper.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-# Aditional parameters
-CWD="`pwd`"
-
-# Run git command
-shift
-mkdir -p "$BASEDIR" && cd "$BASEDIR" && git $*
-cd "$CWD"
diff --git a/share/keyringer/ls b/share/keyringer/ls
deleted file mode 100755
index 31e8805..0000000
--- a/share/keyringer/ls
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-#
-# List keys.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-# Aditional parameters
-CWD="`pwd`"
-
-# Run list command
-shift
-cd "$KEYDIR" && ls $*
-cd "$CWD"
diff --git a/share/keyringer/open b/share/keyringer/open
deleted file mode 120000
index 8491ab9..0000000
--- a/share/keyringer/open
+++ /dev/null
@@ -1 +0,0 @@
-edit
\ No newline at end of file
diff --git a/share/keyringer/options b/share/keyringer/options
deleted file mode 100755
index 3047380..0000000
--- a/share/keyringer/options
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-#
-# Recipient management.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer"
-source "$LIB/functions" || exit 1
-
-# Command parser
-keyringer_get_command "$2"
-
-# Create options file if old repository
-if [ ! -e "$OPTIONS" ]; then
-  echo "Creating options file..."
-  touch "$OPTIONS"
-  keyringer_exec git "$BASEDIR" add config/options
-fi
-
-if [ "$COMMAND" == "ls" ]; then
-  cat "$OPTIONS"
-elif [ "$COMMAND" == "edit" ]; then
-  "$EDITOR" "$OPTIONS"
-elif [ "$COMMAND" == "add" ]; then
-  shift 2
-  echo $* >> "$OPTIONS"
-else
-  printf "%s: No such command %s\n"  "$BASENAME" "$COMMAND"
-  exit 1
-fi
diff --git a/share/keyringer/preferences b/share/keyringer/preferences
deleted file mode 100755
index 2819b50..0000000
--- a/share/keyringer/preferences
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-#
-# Manipulate preferences.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-COMMAND="$2"
-
-if [ -z "$COMMAND" ]; then
-  echo "Usage: keyringer <keyring> preferences <command> [arguments]"
-  echo "Available commands:"
-  echo "	ls"
-  echo "	edit"
-  echo "	add"
-  exit 1
-fi
-
-# Create options file if old repository
-if [ ! -e "$PREFERENCES" ]; then
-  echo "Creating preferences file..."
-  touch "$PREFERENCES"
-fi
-
-if [ "$COMMAND" == "ls" ]; then
-  cat "$PREFERENCES"
-elif [ "$COMMAND" == "edit" ]; then
-  "$EDITOR" "$PREFERENCES"
-elif [ "$COMMAND" == "add" ]; then
-  shift 2
-  [[ -n $* ]] && echo $* >> "$PREFERENCES"
-else
-  printf "%s: No such command %s\n" "$BASENAME" "$COMMAND"
-  exit 1
-fi
diff --git a/share/keyringer/recipients b/share/keyringer/recipients
deleted file mode 100755
index 0460842..0000000
--- a/share/keyringer/recipients
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-#
-# Recipient management.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer"
-source "$LIB/functions" || exit 1
-
-# Command parser
-keyringer_get_command "$2"
-
-# Set recipients file
-keyringer_set_new_recipients "$3"
-
-if [ "$COMMAND" == "ls" ]; then
-  if [ ! -z "$3" ]; then
-    if [ -e "$RECIPIENTS_FILE" ]; then
-      cat "$RECIPIENTS_FILE"
-    else
-      echo "Recipients file not found: $RECIPIENTS_FILE_BASE"
-      exit 1
-    fi
-  else
-    for recipients in `ls $RECIPIENTS`; do
-      echo "In recipients file $recipients:"
-      echo "-----------------------------------------------------------------------------------"
-      cat $RECIPIENTS/$recipients
-      echo ""
-    done
-  fi
-elif [ "$COMMAND" == "edit" ]; then
-  if [ ! -z "$3" ]; then
-    keyringer_create_new_recipients $RECIPIENTS_FILE
-    $EDITOR "$RECIPIENTS_FILE"
-    keyringer_check_recipients
-    keyringer_exec git "$BASEDIR" add "$RECIPIENTS_FILE_BASE"
-  else
-    echo "Please specify one recipient to edit among the available:"
-    ls $RECIPIENTS | sed -e 's/^/\t/'
-    exit 1
-  fi
-else
-  printf "%s: No such command %s\n" "$BASENAME" "$COMMAND"
-  exit 1
-fi
diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt
deleted file mode 100755
index 63f7bc6..0000000
--- a/share/keyringer/recrypt
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-#
-# Re-encrypt files to multiple recipients.
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-function keyringer_recrypt {
-  # Get file
-  keyringer_get_file "$1"
-
-  # Set recipients file
-  keyringer_set_recipients "$FILE"
-
-  # Decrypt
-  decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)"
-
-  if [ "$?" != "0" ]; then
-    echo "Decryption error."
-    exit 1
-  fi
-
-  # Recrypt
-  recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`"
-
-  if [ "$?" != "0" ]; then
-    echo "Recryption error."
-    exit 1
-  fi
-
-  unset decrypted
-  echo "$recrypted" > "$KEYDIR/$FILE"
-}
-
-if [ ! -z "$2" ]; then
-  keyringer_recrypt $2
-else
-  cd $KEYDIR && find | while read file; do
-    if [ ! -d "$KEYDIR/$file" ]; then
-      keyringer_recrypt "$file"
-    fi
-  done
-fi
diff --git a/share/keyringer/usage b/share/keyringer/usage
deleted file mode 100755
index a4602ac..0000000
--- a/share/keyringer/usage
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-#
-# Show available commands
-#
-
-# Load functions
-LIB="`dirname $0`/../../lib/keyringer/functions"
-source "$LIB" || exit 1
-
-keyringer_usage