aboutsummaryrefslogtreecommitdiff
path: root/lib/keyringer/functions
diff options
context:
space:
mode:
Diffstat (limited to 'lib/keyringer/functions')
-rwxr-xr-xlib/keyringer/functions82
1 files changed, 70 insertions, 12 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index bef00d9..014c2c9 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -206,10 +206,17 @@ function keyringer_shred {
echo "$message $path using $tool..."
if [ -d "$path" ]; then
- find $path -exec $tool -f {} \;
- rmdir $path
+ if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then
+ $tool -rf $path
+ else
+ find $path -exec $tool -uf {} \;
+ fi
else
- $tool -f "$path"
+ if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then
+ $tool -f "$path"
+ else
+ $tool -uf "$path"
+ fi
fi
}
@@ -283,9 +290,9 @@ function keyringer_set_env {
fi
if [ ! -z "$KEYID" ]; then
- GPG="gpg -u $KEYID"
+ GPG="gpg --quiet -u $KEYID"
else
- GPG="gpg"
+ GPG="gpg --quiet"
fi
# Check keyring config version
@@ -398,14 +405,39 @@ function keyringer_upgrade {
# Get a file argument
function keyringer_get_file {
- FILE="$(keyringer_filename "$1")"
+ FILE="$(keyringer_filename "$RELATIVE_PATH/$1")"
if [ -z "$FILE" ]; then
keyringer_action_usage
exit 1
elif [ ! -f "$KEYDIR/$FILE" ]; then
- echo "File not found: $KEYDIR/$FILE"
- exit 1
+ # Try to find a similar file
+ count=0
+ candidates=(`keyringer_exec find "$BASEDIR" "$1" | grep -e '.asc$'`)
+
+ if [ ! -z "$candidates" ]; then
+ echo "Could not find exact match \"$1\", please chose one"
+ echo "of the following secrets:"
+ echo ""
+
+ for candidate in ${candidates[@]}; do
+ echo -e "\t[$count] $candidate"
+ let count++
+ done
+
+ echo ""
+ read -p "Enter option: " option
+
+ if [[ "$option" =~ ^[0-9]+$ ]] && [ ! -z "${candidates[$option]}" ]; then
+ FILE="$(keyringer_filename "$RELATIVE_PATH/${candidates[$option]}")"
+ else
+ echo "Invalid option"
+ exit 1
+ fi
+ else
+ echo "File not found: $KEYDIR/$FILE"
+ exit 1
+ fi
fi
}
@@ -427,7 +459,7 @@ function keyringer_get_new_file {
fi
# Complete file name
- FILE="$(keyringer_filename "$FILE")"
+ FILE="$RELATIVE_PATH/$(keyringer_filename "$FILE")"
if [ -z "$*" ]; then
keyringer_action_usage
@@ -474,9 +506,10 @@ function keyringer_usage {
printf "Usage: %s <keyring> <action> [arguments]\n\n" "$BASENAME"
printf "Available commands: \n\n"
keyringer_show_actions | sed -e 's/^/\t/'
- printf "\tinit <path> [remote]\n\n" $BASENAME
- if [ ! -z "$keyrings" ]; then
+ # Display only when not in a keyring context
+ if [ ! -z "$keyrings" ] && [ -z "$1" ]; then
+ printf "\tinit <path> [remote]\n\n" $BASENAME
printf "Available keyrings: %s \n" "$keyrings"
fi
}
@@ -533,6 +566,31 @@ EOF
echo "Please check for this key or fix the recipient file."
exit 1
fi
+
+ # Current date
+ seconds="`date +%s`"
+
+ # Check the main key
+ expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`"
+
+ # Check if key is expired
+ if [ ! -z "$expiry" ] && [[ "$seconds" -gt "$expiry" ]]; then
+ echo "Fatal: primary key for $recipient expired on `date --date="@$expiry"`"
+ exit 1
+ else
+ # Check the subkeys
+ for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
+ if [[ "$seconds" -lt "$expiry" ]]; then
+ not_expired="1"
+ fi
+
+ if [ "$not_expired" != "1" ]; then
+ echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired."
+ exit 1
+ fi
+ done
+ fi
+
fi
done
}
@@ -546,7 +604,7 @@ function keyringer_set_recipients {
candidate_no_extension="`echo $1 | sed -e 's/.asc$//'`"
# Find the first matching recipient
- while [ ! -z "$candidate" ] && [ "$candidate" != "." ] && [ "$candidate" != "/" ]; do
+ while [ ! -z "$candidate" ] && [ "$candidate" != "." ] && [ "$candidate" != "/" ] && [ "$candidate" != "/." ]; do
if [ -e "$RECIPIENTS/$candidate" ]; then
RECIPIENTS_FILE="$RECIPIENTS/$candidate"
RECIPIENTS_FILE_BASE="$RECIPIENTS_BASE/$candidate"