diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rwxr-xr-x | keyringer | 34 | ||||
| l--------- | lib/keyringer/actions/destroy | 1 | ||||
| -rwxr-xr-x | lib/keyringer/functions | 47 | ||||
| -rw-r--r-- | share/man/keyringer.1 | 12 | ||||
| -rw-r--r-- | share/man/keyringer.1.mdwn | 3 |
6 files changed, 92 insertions, 17 deletions
@@ -1,4 +1,14 @@ -2014-02-25 - Silvio Rhatto <rhatto@riseup.net> +2014-03-14 - 0.3.2 - Silvio Rhatto <rhatto@riseup.net> + + Subkey expiration date check shall not happen with expired keys + + Make usage more readable + + Added "destroy" alias to "teardown" action + +2014-03-14 - 0.3.1 - Silvio Rhatto <rhatto@riseup.net> + + Try to get an initial recipient (#32) New action: check (#39) @@ -39,6 +39,18 @@ function keyringer_init { exit 1 fi + # Check user configuration: git might complain if those aren't set + if [ -z "`git config --global --includes --get user.name`" ] || [ -z "`git config --global --includes --get user.email`" ]; then + echo "No git config found, so please chose a name and email address to identify your changes in the new keyring repository." + read -p "Enter your desired name/pseudonym: " name + read -p "Enter your desired email address: " email + + if [ -z "$name" ] || [ -z "$email" ]; then + echo "Aborting." + exit 1 + fi + fi + # Setup if [ ! -z "$URL" ]; then git clone "$URL" "$BASEDIR" @@ -93,11 +105,15 @@ function keyringer_init { keyringer_exec git "$BASEDIR" init keyringer_git_ignore 'tmp/*' + # Git configuration + git config user.email "$email" + git config user.name "$name" + # Edit default recipients echo "Now you have to edit the default recipient configuration to be able to encrypt secrets." echo "Press any key to proceed editing..." read key - keyringer $KEYRING recipients edit default + keyringer_exec recipients "$BASEDIR" edit default # Stage and commit keyringer_exec git "$BASEDIR" add . @@ -122,7 +138,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.3" +KEYRINGER_VERSION="0.3.2" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" @@ -161,14 +177,20 @@ fi # Load functions source "$LIB" || exit 1 +# Basic checks +if [ -z "$KEYRING" ]; then + keyringer_usage + exit 1 +elif [ ! -f "$CONFIG_BASE/$KEYRING" ] && [ "$ACTION" != "init" ]; then + echo "No such keyring $KEYRING" + exit 1 +fi + # Setup main configuration and load preferences keyringer_config_load # Dispatch -if [ -z "$KEYRING" ]; then - keyringer_usage - exit 1 -elif [ -z "$ACTION" ]; then +if [ -z "$ACTION" ]; then # Run shell if no action were given keyringer $KEYRING shell elif [ "$ACTION" == "init" ]; then diff --git a/lib/keyringer/actions/destroy b/lib/keyringer/actions/destroy new file mode 120000 index 0000000..c523618 --- /dev/null +++ b/lib/keyringer/actions/destroy @@ -0,0 +1 @@ +teardown
\ No newline at end of file diff --git a/lib/keyringer/functions b/lib/keyringer/functions index e60657a..832385e 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -519,14 +519,18 @@ function keyringer_usage { printf "Keyringer $KEYRINGER_VERSION\n" printf "Usage: %s <keyring> <action> [arguments]\n\n" "$BASENAME" - printf "Available commands: \n\n" - keyringer_show_actions | sed -e 's/^/\t/' # Display only when not in a keyring context if [ ! -z "$keyrings" ] && [ -z "$1" ]; then - printf "\tinit <path> [remote]\n\n" $BASENAME printf "Available keyrings: %s \n" "$keyrings" fi + + # Show available actions + printf "Available actions: \n\n" + if [ ! -z "$keyrings" ] && [ -z "$1" ]; then + printf "\tinit <path> [remote]\n" $BASENAME + fi + keyringer_show_actions | sed -e 's/^/\t/' } # Check repository integrity @@ -707,10 +711,10 @@ function keyringer_check_expiration { for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do if [[ "$seconds" -lt "$expiry" ]]; then not_expired="1" - fi - if [[ "$ahead" -gt "$expiry" ]] && [ "$BASENAME" == "check" ]; then - echo "Warning: subkey from $recipient will expire soon, on `date --date="@$expiry"`" + if [[ "$ahead" -gt "$expiry" ]] && [ "$BASENAME" == "check" ]; then + echo "Warning: subkey from $recipient will expire soon, on `date --date="@$expiry"`" + fi fi done @@ -772,10 +776,35 @@ function keyringer_set_new_recipients { # Create a new recipients file function keyringer_create_new_recipients { - if [ ! -e "$1" ]; then - mkdir -p "`dirname $1`" + local recipients="$1" + local recipient + local key + local uid + local fpr + + if [ ! -e "$recipients" ]; then + mkdir -p "`dirname $recipients`" echo "# Use entries in the form of 'john@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'" > "$1" - echo "" >> "$1" + echo "" >> "$recipients" + + # Try to get an initial recipient + if [ -e "$HOME/.gnupg/gpg.conf" ]; then + recipient="`grep -e "^default-key" ~/.gnupg/gpg.conf | cut -d ' ' -f 2`" + + if [ ! -z "$recipient" ]; then + key="`gpg --fingerprint --with-colons $recipient 2> /dev/null`" + + if [ "$?" == "0" ]; then + fpr="`echo "$key" | grep -e '^fpr:' | head -1 | cut -d : -f 10`" + uid="`echo "$key" | grep -e '^uid:' | head -1 | cut -d : -f 10 | sed -e 's|^[^<]*<||' -e 's|>$||'`" + + if [ ! -z "$uid" ] && [ ! -z "$fpr" ]; then + echo "Default key $fpr ($uid) found at ~/.gnupg/gpg.conf, using as initial recipient." + echo "$uid $fpr" >> "$recipients" + fi + fi + fi + fi fi } diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 8402b9c..29c618b 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -50,6 +50,11 @@ Also, an entry will be added to \f[C]$HOME/.keyringer/config\f[] allowing keyringer to find the keyring by its alias. .RE .TP +.B destroy +Alias for \f[I]teardown\f[] action. +.RS +.RE +.TP .B git <\f[I]action\f[]> <\f[I]options\f[]> Git wrapper that operates from the toplevel keyring repository. You can issue any \f[I]GIT(1)\f[] subcommand with this action to have it @@ -70,7 +75,7 @@ Create a directory inside the repository \f[I]keys\f[] folder. .RS .RE .TP -.B :rmdir <\f[I]path\f[]> +.B rmdir <\f[I]path\f[]> Remove an empty folder inside the repository \f[I]keys\f[] folder. .RS .RE @@ -101,6 +106,11 @@ Remove permanently a local copy of a repository, very dangerous if you have just a single copy. .RS .RE +.TP +.B check +Run maintenance checks in a keyring. +.RS +.RE .SH SECRET MANIPULATION ACTIONS .PP All secret manipulation actions operate upon a \f[I]secret\f[] which is diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 9412b5d..84895c2 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -50,6 +50,9 @@ init <*path*> [*remote*] Also, an entry will be added to `$HOME/.keyringer/config` allowing keyringer to find the keyring by its alias. +destroy +: Alias for *teardown* action. + git <*action*> <*options*> : Git wrapper that operates from the toplevel keyring repository. You can issue any *GIT(1)* subcommand with this action to have it applied in the keyring repository. |