diff options
-rw-r--r-- | README | 20 | ||||
-rwxr-xr-x | keyringer | 50 | ||||
-rwxr-xr-x | lib/keyringer/csr.sh | 28 | ||||
-rw-r--r-- | lib/keyringer/functions | 68 | ||||
-rwxr-xr-x | share/keyringer/append | 17 | ||||
-rwxr-xr-x | share/keyringer/decrypt | 6 | ||||
-rwxr-xr-x | share/keyringer/del | 6 | ||||
-rwxr-xr-x | share/keyringer/edit | 12 | ||||
-rwxr-xr-x | share/keyringer/encrypt | 10 | ||||
-rwxr-xr-x | share/keyringer/genpair | 60 | ||||
-rwxr-xr-x | share/keyringer/git | 6 | ||||
-rwxr-xr-x | share/keyringer/ls | 6 | ||||
-rwxr-xr-x | share/keyringer/options | 16 | ||||
-rwxr-xr-x | share/keyringer/recipients | 10 | ||||
-rwxr-xr-x | share/keyringer/recrypt | 6 |
15 files changed, 166 insertions, 155 deletions
@@ -29,15 +29,17 @@ You can also package it to your preferred distro. Creating a keyringer repository ------------------------------- -The first step will would like to take is to setup a keyring. Keyringer suport -management of multiple isolated keyrings. To start a new keyring (or register -an existing one at your config file), type +The first step is to setup a keyring. + +Keyringer supports management of multiple isolated keyrings. To start +a new keyring (or register an existing one with your config file), +run: keyringer <keyring> init <path> [remote] This will - 1. Add an entry at $HOME/.keyringer aliasing 'keyring' to 'path'. + 1. Add an entry at $HOME/.keyringer/config aliasing 'keyring' to 'path'. 2. Initialize a git repository if needed. For example, @@ -47,8 +49,8 @@ For example, will create an alias "friends" pointing to $HOME/keyrings/friends. Call all other keyring actions using this alias. -If there is an existing remote keyring repository and you just want to checkout -it, use +If there is an existing remote keyring git repository and you just +want to checkout it, use keyringer friends init $HOME/keyrings/friends <repository-url> @@ -98,8 +100,8 @@ To edit a key, use keyringer <keyring> edit <file> -Use this option with caution as it keeps temporary unencrypted data into keyringer -temp folder and at your $EDITOR temp files. +Use this option with caution as it keeps temporary unencrypted data +into keyringer temp folder and at your editor's temp files. Listing keys @@ -222,6 +224,8 @@ There are lots of things that can be enhanced, like: - Rewrite using an object-oriented programming language? + - tab completion subcommand support for popular shells like bash + Development ----------- @@ -35,7 +35,7 @@ function keyringer_init { # Setup if [ ! -z "$URL" ]; then - git clone $URL $BASEDIR + git clone "$URL" "$BASEDIR" if [ "$?" != "0" ]; then echo "Error cloning remote $URL" exit 1 @@ -48,36 +48,36 @@ function keyringer_init { fi else # Setup folders - mkdir -p $BASEDIR/{config,keys} + mkdir -p "$BASEDIR/"{config,keys} # Setup recipients - echo "# Use entries in the form of 'john@doe.com XXXXXXXX" > $RECIPIENTS - echo "" >> $RECIPIENTS + echo "# Use entries in the form of 'john@doe.com XXXXXXXX" > "$RECIPIENTS" + echo "" >> "$RECIPIENTS" # Setup options - touch $OPTIONS + touch "$OPTIONS" # Setup README - echo "Keyring repository powered by http://git.sarava.org/?p=keyringer.git;a=summary" > $BASEDIR/README - echo "" >> $BASEDIR/README + echo "Keyring repository powered by http://git.sarava.org/?p=keyringer.git;a=summary" > "$BASEDIR/README" + echo "" >> "$BASEDIR/README" fi # Secure - chmod 600 $RECIPIENTS + chmod 600 "$RECIPIENTS" fi # Reparse basedir to force absolute folder BASEDIR="`cd $BASEDIR && pwd`" # Add entry - chmod 700 $BASEDIR - echo "$KEYRING=\"$BASEDIR\"" >> $CONFIG + chmod 700 "$BASEDIR" + echo "$KEYRING=\"$BASEDIR\"" >> "$CONFIG" # Init - if ! keyringer_is_git $BASEDIR; then - keyringer_exec git $BASEDIR init - keyringer_exec git $BASEDIR add . - keyringer_exec git $BASEDIR commit -m Importing + if ! keyringer_is_git "$BASEDIR"; then + keyringer_exec git "$BASEDIR" init + keyringer_exec git "$BASEDIR" add . + keyringer_exec git "$BASEDIR" commit -m Importing fi } @@ -87,7 +87,7 @@ function keyringer_dispatch { # Dispatch if [ ! -z "$BASEDIR" ]; then shift 2 - keyringer_exec $ACTION $BASEDIR $* + keyringer_exec "$ACTION" "$BASEDIR" $* exit $? else echo "No keydir configured for $KEYRING" @@ -106,18 +106,18 @@ function keyringer_preferences { # Create options file if old repository if [ ! -e "$PREFERENCES" ]; then echo "Creating preferences file..." - touch $PREFERENCES + touch "$PREFERENCES" fi if [ "$COMMAND" == "ls" ]; then - cat $PREFERENCES + cat "$PREFERENCES" elif [ "$COMMAND" == "edit" ]; then - $EDITOR $PREFERENCES + "$EDITOR" "$PREFERENCES" elif [ "$COMMAND" == "add" ]; then shift 3 - echo $* >> $PREFERENCES + echo $* >> "$PREFERENCES" else - echo "$BASENAME: No such command $COMMAND" + printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" exit 1 fi } @@ -128,20 +128,20 @@ CONFIG="$HOME/.$NAME/config" BASENAME="`basename $0`" KEYRING="$1" ACTION="$2" -ACTIONS="`dirname $0`/share/$NAME" +ACTIONS="`dirname $(readlink -f $0)`/share/$NAME" # Export preferences for other scripts export PREFERENCES="`dirname $CONFIG`/$KEYRING" # Load functions -LIB="`dirname $0`/lib/$NAME/functions" -source $LIB || exit 1 +LIB="`dirname $(readlink -f $0)`/lib/$NAME/functions" +source "$LIB" | exit 1 # Setup main configuration and load preferences keyringer_config_load if [ -z "$ACTION" ]; then - echo "Usage: $BASENAME <keyring> <action> [arguments]" + printf "Usage: %s <keyring> <action> [arguments]\n" "$BASENAME" exit 1 fi @@ -149,7 +149,7 @@ if [ "$ACTION" == "init" ]; then keyringer_init $* elif [ "$ACTION" == "preferences" ]; then keyringer_preferences $* -elif keyringer_has_action $ACTION; then +elif keyringer_has_action "$ACTION"; then keyringer_dispatch $* else echo "No such action $ACTION" diff --git a/lib/keyringer/csr.sh b/lib/keyringer/csr.sh index 195b355..881a46f 100755 --- a/lib/keyringer/csr.sh +++ b/lib/keyringer/csr.sh @@ -38,7 +38,7 @@ LASTUMASK=`umask` umask 077 # OpenSSL for HPUX needs a random file -RANDOMFILE=$HOME/.rnd +RANDOMFILE="$HOME/.rnd" # create a config file for openssl CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX` @@ -86,16 +86,16 @@ fi # Config File Generation -cat <<EOF > $CONFIG +cat <<EOF > "$CONFIG" # -------------- BEGIN custom openssl.cnf ----- HOME = $HOME EOF if [ "`uname -s`" = "HP-UX" ]; then - echo " RANDFILE = $RANDOMFILE" >> $CONFIG + echo " RANDFILE = $RANDOMFILE" >> "$CONFIG" fi -cat <<EOF >> $CONFIG +cat <<EOF >> "$CONFIG" oid_section = new_oids [ new_oids ] [ req ] @@ -107,10 +107,10 @@ cat <<EOF >> $CONFIG EOF if [ ! "$SANAMES" = "" ]; then - echo "req_extensions = v3_req # Extensions to add to certificate request" >> $CONFIG + echo "req_extensions = v3_req # Extensions to add to certificate request" >> "$CONFIG" fi -cat <<EOF >> $CONFIG +cat <<EOF >> "$CONFIG" [ req_distinguished_name ] commonName = Common Name (eg, YOUR name) commonName_default = $COMMONNAME @@ -119,27 +119,27 @@ cat <<EOF >> $CONFIG EOF if [ ! "$SANAMES" = "" ]; then - echo "subjectAltName=$SANAMES" >> $CONFIG + echo "subjectAltName=$SANAMES" >> "$CONFIG" fi -echo "# -------------- END custom openssl.cnf -----" >> $CONFIG +echo "# -------------- END custom openssl.cnf -----" >> "$CONFIG" echo "Running OpenSSL..." # The first one doesn't work, the second one does: -#openssl req -batch -config $CONFIG -newkey rsa -out ${HOST}_csr.pem -openssl req -batch -config $CONFIG -newkey rsa:2048 -out ${HOST}_csr.pem +#openssl req -batch -config "$CONFIG" -newkey rsa -out ${HOST}_csr.pem +openssl req -batch -config "$CONFIG" -newkey rsa:2048 -out "${HOST}_csr.pem" echo "Copy the following Certificate Request and paste into CAcert website to obtain a Certificate." echo "When you receive your certificate, you 'should' name it something like ${HOST}_server.pem" echo cat ${HOST}_csr.pem echo -echo The Certificate request is also available in ${HOST}_csr.pem -echo The Private Key is stored in ${HOST}_privatekey.pem +printf "The Certificate request is also available in '%s_csr.pem'\n" "$HOST" +printf "The Private Key is stored in '%s_privatekey.pem'\n" "$HOST" echo -rm $CONFIG +rm "$CONFIG" #restore umask -umask $LASTUMASK +umask "$LASTUMASK" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index c78b9d3..9c8dfd7 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -7,18 +7,18 @@ function keyringer_config_load { if [ -f "$HOME/.$NAME" ]; then echo "Converting legacy configuration scheme..." - mv $HOME/.$NAME $HOME/.$NAME.tmp - mkdir $HOME/.$NAME - mv $HOME/.$NAME.tmp $CONFIG + mv "$HOME/.$NAME" "$HOME/.$NAME.tmp" + mkdir "$HOME/.$NAME" + mv "$HOME/.$NAME.tmp" "$CONFIG" fi if [ ! -e "$CONFIG" ]; then echo "Creating $CONFIG..." - mkdir `dirname $CONFIG` - touch $CONFIG - chmod 600 $CONFIG - echo "# Keyringer config file." > $CONFIG - echo "" >> $CONFIG + mkdir -p `dirname $CONFIG` + touch "$CONFIG" + chmod 600 "$CONFIG" + echo "# Keyringer config file." > "$CONFIG" + echo "" >> "$CONFIG" fi keyringer_config_load_preferences @@ -28,7 +28,7 @@ function keyringer_config_load { function keyringer_config_load_preferences { # Load custom keyring preferences if [ ! -z "$PREFERENCES" ] && [ -f "$PREFERENCES" ]; then - source $PREFERENCES + source "$PREFERENCES" fi } @@ -38,7 +38,7 @@ function keyringer_config { echo "Your have to set CONFIG variable in the code" exit 1 elif [ -e "$CONFIG" ]; then - grep -e "^$1=" $CONFIG | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//' + grep -e "^$1=" "$CONFIG" | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//' else echo "Config file not found: $CONFIG" exit 1 @@ -47,7 +47,7 @@ function keyringer_config { # Return the list of recipients function keyringer_recipients { - grep -v '^#' $1 | grep -v '^$' | awk '{ print "-r " $2 }' | xargs + grep -v '^#' "$1" | grep -v '^$' | awk '{ print "-r " $2 }' | xargs } # Check if keyringer has a given action @@ -72,8 +72,8 @@ function keyringer_exec { shift 2 # Dispatch - if keyringer_has_action $action; then - $ACTIONS/$action $basedir $* + if keyringer_has_action "$action"; then + "$ACTIONS/$action" "$basedir" $* fi } @@ -82,7 +82,7 @@ function keyringer_filename { if [ -z "$1" ]; then return else - echo `dirname $1`/`basename $1 .asc`.asc + printf "%s/%s.asc\n" "$(dirname "$1")" "$(basename "$1" .asc)" fi } @@ -96,7 +96,7 @@ function keyringer_is_git { true else cwd="`pwd`" - cd $1 && git="`git status &> /dev/null`" && cd $cwd + cd "$1" && git="`git status &> /dev/null`" && cd "$cwd" if [ "$git" != "128" ]; then true @@ -119,17 +119,17 @@ function keyringer_set_tmpfile { template="$BASEDIR/tmp/$1.XXXXXXXXXX" fi - mkdir -p $BASEDIR/tmp + mkdir -p "$BASEDIR/tmp" keyringer_git_ignore 'tmp/*' if [ "$2" == "-d" ]; then - TMPWORK="`mktemp -d $template`" + TMPWORK="$(mktemp -d "$template")" else - TMPWORK="`mktemp $template`" + TMPWORK="$(mktemp "$template")" fi if [ "$?" != "0" ]; then - echo "Error: can't set TMPWORK $TMPWORK" + printf "Error: can't set TMPWORK %s\n" "$TMPWORK" exit 1 fi @@ -142,7 +142,7 @@ function keyringer_unset_tmpfile { echo "No tmp file set" fi - rm -f $1 + rm -f "$1" if [ "$?" != "0" ]; then echo "Warning: could not delete file $1. Please delete it manually as it might have sensitive information." @@ -153,11 +153,11 @@ function keyringer_unset_tmpfile { # Add a pattern into gitignore function keyringer_git_ignore { if [ ! -z "$BASEDIR/.gitignore" ]; then - echo $1 > $BASEDIR/.gitignore - keyringer_exec git $BASEDIR add .gitignore + echo "$1" > "$BASEDIR/.gitignore" + keyringer_exec git "$BASEDIR" add .gitignore else - if ! grep -q -e "^$1$" $BASEDIR/.gitignore; then - echo $1 >> $BASEDIR/.gitignore + if ! grep -q -e "^$1$" "$BASEDIR/.gitignore"; then + echo "$1" >> "$BASEDIR/.gitignore" fi fi } @@ -187,8 +187,14 @@ function keyringer_set_env { fi if [ -z "$EDITOR" ]; then - echo "You have to set EDITOR env variable" - exit 1 + if type sensible-editor > /dev/null 2>&1 ; then + EDITOR=sensible-editor + elif type editor > /dev/null 2>&1 ; then + EDITOR=editor + else + echo "You have to set EDITOR env variable" + exit 1 + fi fi if [ ! -f "$OPTIONS" ]; then @@ -197,12 +203,12 @@ function keyringer_set_env { fi # Ensure that keydir exists - mkdir -p $KEYDIR && chmod 700 $KEYDIR + mkdir -p "$KEYDIR" && chmod 700 "$KEYDIR" } # Get a file argument function keyringer_get_file { - FILE="`keyringer_filename $1`" + FILE="$(keyringer_filename "$1")" if [ -z "$FILE" ]; then keyringer_action_usage @@ -215,7 +221,7 @@ function keyringer_get_file { # Get a new file argument function keyringer_get_new_file { - FILE="`keyringer_filename $1`" + FILE="$(keyringer_filename "$1")" if [ -z "$FILE" ]; then keyringer_action_usage @@ -238,7 +244,7 @@ function keyringer_get_command { function keyringer_action_usage { if [ "`type -t "keyringer_usage_$BASENAME"`" == "function" ]; then # Use custom action usage - keyringer_usage_$BASENAME + "keyringer_usage_$BASENAME" else # Default usage if [ "$1" == "command" ]; then @@ -250,6 +256,6 @@ function keyringer_action_usage { } # Setup environment -if [ "`basename $0`" != "keyringer" ]; then +if [ "$(basename "$0")" != "keyringer" ]; then keyringer_set_env $* fi diff --git a/share/keyringer/append b/share/keyringer/append index 27211a6..045ba86 100755 --- a/share/keyringer/append +++ b/share/keyringer/append @@ -5,24 +5,25 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" -OLDIFS=$IFS +OLDIFS="$IFS" IFS=$'\n' -CONTENT=($(keyringer_exec decrypt $BASEDIR $FILE)) +CONTENT=($(keyringer_exec decrypt "$BASEDIR" "$FILE")) if [ "$BASENAME" == "append" ]; then # only display directions if we're running append, not append-batch - echo " " - echo "$FILE currently has ${#CONTENT[@]} lines" - echo " " - echo "Now please write the content to be appended on $FILE, finnishing with Ctrl-D:" + printf "\n%s currently has %d lines\n\n" "$FILE" "${#CONTENT[@]}" + printf "Now please write the content to be appended on %s, finnishing with Ctrl-D:\n" "$FILE" fi +# FIXME: dkg doesn't know how to check that this does proper escaping +# (2010-11-16) + APPEND=($(cat -)) NEW=( ${CONTENT[@]} ${APPEND[@]} ) diff --git a/share/keyringer/decrypt b/share/keyringer/decrypt index a3adca7..c0584f2 100755 --- a/share/keyringer/decrypt +++ b/share/keyringer/decrypt @@ -5,10 +5,10 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Decrypt -gpg --quiet --use-agent -d $KEYDIR/$FILE +gpg --quiet --use-agent -d "$KEYDIR/$FILE" diff --git a/share/keyringer/del b/share/keyringer/del index befc014..ed09f93 100755 --- a/share/keyringer/del +++ b/share/keyringer/del @@ -5,12 +5,12 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Remove if [ -d "$KEYDIR/.git" ]; then - ./git $KEYDIR rm $FILE --force + ./git "$KEYDIR" rm "$FILE" --force fi diff --git a/share/keyringer/edit b/share/keyringer/edit index b4e13a0..0c25f64 100755 --- a/share/keyringer/edit +++ b/share/keyringer/edit @@ -5,10 +5,10 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Warn user echo "Make sure that $BASEDIR is atop of an encrypted volume." @@ -17,15 +17,15 @@ echo "Make sure that $BASEDIR is atop of an encrypted volume." keyringer_set_tmpfile edit # Decrypt the information to the file -gpg --yes -o $TMPWORK --use-agent -d $KEYDIR/$FILE +gpg --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE" # Prompt echo "Press any key to open the decrypted data into $EDITOR, Ctrl-C to abort" read key -$EDITOR $TMPWORK +"$EDITOR" "$TMPWORK" # Encrypt again -gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPWORK +gpg --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") "$TMPWORK" # Remove temp file -keyringer_unset_tmpfile $TMPWORK +keyringer_unset_tmpfile "$TMPWORK" diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt index c073a58..8cbf72a 100755 --- a/share/keyringer/encrypt +++ b/share/keyringer/encrypt @@ -5,22 +5,22 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Aditional parameters -keyringer_get_new_file $2 +keyringer_get_new_file "$2" # Encrypt -mkdir -p $KEYDIR/`dirname $FILE` +mkdir -p "$KEYDIR/`dirname $FILE`" if [ "$BASENAME" == "encrypt" ]; then # Only display directions if we're running encrypt, not encrypt-batch echo "Type your message and finish your input with EOF (Ctrl-D)." fi -gpg --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) - > $KEYDIR/$FILE +gpg --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") - > "$KEYDIR/$FILE" # Stage if [ -d "$BASEDIR/.git" ]; then - keyringer_exec git $BASEDIR add "keys/$FILE" + keyringer_exec git "$BASEDIR" add "keys/$FILE" fi diff --git a/share/keyringer/genpair b/share/keyringer/genpair index 89ee828..a71e472 100755 --- a/share/keyringer/genpair +++ b/share/keyringer/genpair @@ -12,20 +12,20 @@ function genpair_ssh { read -p "Hit ENTER to continue." prompt # TODO: programatically enter blank passphrase twice - ssh-keygen -t dsa -f $TMPWORK/id_dsa -C "root@$NODE" + ssh-keygen -t dsa -f "$TMPWORK/id_dsa" -C "root@$NODE" # Encrypt the result echo "Encrypting secret key into keyringer..." - cat $TMPWORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE + cat "$TMPWORK/id_dsa" | keyringer_exec encrypt "$BASEDIR" "$FILE" echo "Encrypting public key into keyringer..." - cat $TMPWORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub + cat "$TMPWORK/id_dsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" # TODO: add outfiles into version control if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` - echo Saving copies at $OUTFILE and $OUTFILE.pub - cat $TMPWORK/id_dsa > $OUTFILE - cat $TMPWORK/id_dsa.pub > $OUTFILE.pub + printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" + cat "$TMPWORK/id_dsa" > "$OUTFILE" + cat "$TMPWORK/id_dsa.pub" > "$OUTFILE.pub" fi echo "Done" @@ -39,7 +39,7 @@ function genpair_gpg { # TODO: insert 279 random bytes # TODO: custom Name-Comment and Name-Email # TODO: allow for empty passphrases - gpg --homedir $TMPWORK --gen-key --batch <<EOF + gpg --homedir "$TMPWORK" --gen-key --batch <<EOF Key-Type: RSA Key-Length: 4096 Subkey-Type: ELG-E @@ -54,18 +54,18 @@ EOF # Encrypt the result echo "Encrypting secret key into keyringer..." - gpg --armor --homedir $TMPWORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE + gpg --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE" echo "Encrypting public key into keyringer..." - gpg --armor --homedir $TMPWORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub + gpg --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" echo "Encrypting passphrase into keyringer..." - echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt $BASEDIR $FILE.passwd + echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd" # TODO: add outfiles into version control if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` - echo Saving copies at $OUTFILE and $OUTFILE.pub - gpg --armor --homedir $TMPWORK --export-secret-keys > $OUTFILE - gpg --armor --homedir $TMPWORK --export > $OUTFILE.pub + printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" + gpg --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE" + gpg --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub" fi echo "Done" @@ -77,42 +77,42 @@ function genpair_ssl { read -p "Hit ENTER to continue." prompt # Setup - cd $TMPWORK + cd "$TMPWORK" # Generate certificate - $LIB/csr.sh $NODE + "$LIB/csr.sh" "$NODE" # Self-sign - openssl x509 -in $NODE"_csr.pem" -out $NODE.crt -req -signkey $NODE"_privatekey.pem" -days 365 - chmod 600 $NODE"_privatekey.pem" + openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365 + chmod 600 "${NODE}_privatekey.pem" # Encrypt the result echo "Encrypting private key into keyringer..." - cat $NODE"_privatekey.pem" | keyringer_exec encrypt $BASEDIR $FILE.pem + cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem" echo "Encrypting certificate request into keyringer..." - cat $NODE"_csr.pem" | keyringer_exec encrypt $BASEDIR $FILE.csr + cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr" echo "Encrypting certificate into keyringer..." - cat $NODE.crt | keyringer_exec encrypt $BASEDIR $FILE.crt + cat "$NODE.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt" - cd $CWD + cd "$CWD" if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` - echo Saving copies at $OUTFILE.pem, $OUTFILE.csr and $OUTFILE.crt - cat $TMPWORK/$NODE"_privatekey.pem" > $OUTFILE.pem - cat $TMPWORK/$NODE"_csr.pem" > $OUTFILE.csr - cat $TMPWORK/$NODE.crt > $OUTFILE.crt + printf "Saving copies at %s.pem, %s.csr and %s.crt\n" "$OUTFILE" "$OUTFILE" "$OUTFILE" + cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem" + cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr" + cat "$TMPWORK/$NODE.crt" > "$OUTFILE.crt" fi # Show cert fingerprint - openssl x509 -noout -in $TMPWORK/$NODE.crt -fingerprint + openssl x509 -noout -in "$TMPWORK/$NODE.crt" -fingerprint echo "Done" } # Load functions LIB="`dirname $0`/../../lib/keyringer" -source $LIB/functions || exit 1 +source "$LIB/functions" || exit 1 # Aditional parameters KEYTYPE="$2" @@ -140,9 +140,9 @@ keyringer_set_tmpfile genpair -d # Dispatch echo "Generating $KEYTYPE for $NODE..." -genpair_$KEYTYPE +"genpair_$KEYTYPE" # Cleanup -cd $CWD -rm -rf $TMPWORK +cd "$CWD" +rm -rf "$TMPWORK" trap - EXIT diff --git a/share/keyringer/git b/share/keyringer/git index 439198a..cd2a188 100755 --- a/share/keyringer/git +++ b/share/keyringer/git @@ -5,12 +5,12 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Aditional parameters CWD="`pwd`" # Run git command shift -mkdir -p $BASEDIR && cd $BASEDIR && git $* -cd $CWD +mkdir -p "$BASEDIR" && cd "$BASEDIR" && git $* +cd "$CWD" diff --git a/share/keyringer/ls b/share/keyringer/ls index e28637b..31e8805 100755 --- a/share/keyringer/ls +++ b/share/keyringer/ls @@ -5,12 +5,12 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Aditional parameters CWD="`pwd`" # Run list command shift -cd $KEYDIR && ls $* -cd $CWD +cd "$KEYDIR" && ls $* +cd "$CWD" diff --git a/share/keyringer/options b/share/keyringer/options index 9eb2a1f..3047380 100755 --- a/share/keyringer/options +++ b/share/keyringer/options @@ -5,26 +5,26 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer" -source $LIB/functions || exit 1 +source "$LIB/functions" || exit 1 # Command parser -keyringer_get_command $2 +keyringer_get_command "$2" # Create options file if old repository if [ ! -e "$OPTIONS" ]; then echo "Creating options file..." - touch $OPTIONS - keyringer_exec git $BASEDIR add config/options + touch "$OPTIONS" + keyringer_exec git "$BASEDIR" add config/options fi if [ "$COMMAND" == "ls" ]; then - cat $OPTIONS + cat "$OPTIONS" elif [ "$COMMAND" == "edit" ]; then - $EDITOR $OPTIONS + "$EDITOR" "$OPTIONS" elif [ "$COMMAND" == "add" ]; then shift 2 - echo $* >> $OPTIONS + echo $* >> "$OPTIONS" else - echo "$BASENAME: No such command $COMMAND" + printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" exit 1 fi diff --git a/share/keyringer/recipients b/share/keyringer/recipients index 593a994..c9dbdbb 100755 --- a/share/keyringer/recipients +++ b/share/keyringer/recipients @@ -5,16 +5,16 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer" -source $LIB/functions || exit 1 +source "$LIB/functions" || exit 1 # Command parser -keyringer_get_command $2 +keyringer_get_command "$2" if [ "$COMMAND" == "ls" ]; then - cat $RECIPIENTS + cat "$RECIPIENTS" elif [ "$COMMAND" == "edit" ]; then - $EDITOR $RECIPIENTS + "$EDITOR" "$RECIPIENTS" else - echo "$BASENAME: No such command $COMMAND" + printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" exit 1 fi diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt index 48a5f87..a7607e0 100755 --- a/share/keyringer/recrypt +++ b/share/keyringer/recrypt @@ -5,10 +5,10 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Recrypt -gpg --use-agent -d $KEYDIR/$FILE | gpg --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) > $KEYDIR/$FILE +gpg --use-agent -d "$KEYDIR/$FILE" | gpg --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") > "$KEYDIR/$FILE" |