diff options
Diffstat (limited to 'lib/keyringer/functions')
| -rwxr-xr-x | lib/keyringer/functions | 82 |
1 files changed, 70 insertions, 12 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions index bef00d9..014c2c9 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -206,10 +206,17 @@ function keyringer_shred { echo "$message $path using $tool..." if [ -d "$path" ]; then - find $path -exec $tool -f {} \; - rmdir $path + if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then + $tool -rf $path + else + find $path -exec $tool -uf {} \; + fi else - $tool -f "$path" + if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then + $tool -f "$path" + else + $tool -uf "$path" + fi fi } @@ -283,9 +290,9 @@ function keyringer_set_env { fi if [ ! -z "$KEYID" ]; then - GPG="gpg -u $KEYID" + GPG="gpg --quiet -u $KEYID" else - GPG="gpg" + GPG="gpg --quiet" fi # Check keyring config version @@ -398,14 +405,39 @@ function keyringer_upgrade { # Get a file argument function keyringer_get_file { - FILE="$(keyringer_filename "$1")" + FILE="$(keyringer_filename "$RELATIVE_PATH/$1")" if [ -z "$FILE" ]; then keyringer_action_usage exit 1 elif [ ! -f "$KEYDIR/$FILE" ]; then - echo "File not found: $KEYDIR/$FILE" - exit 1 + # Try to find a similar file + count=0 + candidates=(`keyringer_exec find "$BASEDIR" "$1" | grep -e '.asc$'`) + + if [ ! -z "$candidates" ]; then + echo "Could not find exact match \"$1\", please chose one" + echo "of the following secrets:" + echo "" + + for candidate in ${candidates[@]}; do + echo -e "\t[$count] $candidate" + let count++ + done + + echo "" + read -p "Enter option: " option + + if [[ "$option" =~ ^[0-9]+$ ]] && [ ! -z "${candidates[$option]}" ]; then + FILE="$(keyringer_filename "$RELATIVE_PATH/${candidates[$option]}")" + else + echo "Invalid option" + exit 1 + fi + else + echo "File not found: $KEYDIR/$FILE" + exit 1 + fi fi } @@ -427,7 +459,7 @@ function keyringer_get_new_file { fi # Complete file name - FILE="$(keyringer_filename "$FILE")" + FILE="$RELATIVE_PATH/$(keyringer_filename "$FILE")" if [ -z "$*" ]; then keyringer_action_usage @@ -474,9 +506,10 @@ function keyringer_usage { printf "Usage: %s <keyring> <action> [arguments]\n\n" "$BASENAME" printf "Available commands: \n\n" keyringer_show_actions | sed -e 's/^/\t/' - printf "\tinit <path> [remote]\n\n" $BASENAME - if [ ! -z "$keyrings" ]; then + # Display only when not in a keyring context + if [ ! -z "$keyrings" ] && [ -z "$1" ]; then + printf "\tinit <path> [remote]\n\n" $BASENAME printf "Available keyrings: %s \n" "$keyrings" fi } @@ -533,6 +566,31 @@ EOF echo "Please check for this key or fix the recipient file." exit 1 fi + + # Current date + seconds="`date +%s`" + + # Check the main key + expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`" + + # Check if key is expired + if [ ! -z "$expiry" ] && [[ "$seconds" -gt "$expiry" ]]; then + echo "Fatal: primary key for $recipient expired on `date --date="@$expiry"`" + exit 1 + else + # Check the subkeys + for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do + if [[ "$seconds" -lt "$expiry" ]]; then + not_expired="1" + fi + + if [ "$not_expired" != "1" ]; then + echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired." + exit 1 + fi + done + fi + fi done } @@ -546,7 +604,7 @@ function keyringer_set_recipients { candidate_no_extension="`echo $1 | sed -e 's/.asc$//'`" # Find the first matching recipient - while [ ! -z "$candidate" ] && [ "$candidate" != "." ] && [ "$candidate" != "/" ]; do + while [ ! -z "$candidate" ] && [ "$candidate" != "." ] && [ "$candidate" != "/" ] && [ "$candidate" != "/." ]; do if [ -e "$RECIPIENTS/$candidate" ]; then RECIPIENTS_FILE="$RECIPIENTS/$candidate" RECIPIENTS_FILE_BASE="$RECIPIENTS_BASE/$candidate" |