chiark / gitweb /
claim-dir: New `mode' option for non-private pieces of filesystem.
[distorted-keys] / keys.keeper-cards
... / ...
CommitLineData
1#! /bin/sh
2###
3### Issue cards containing a bunch of keeper secrets
4###
5### (c) 2011 Mark Wooding
6###
7
8###----- Licensing notice ---------------------------------------------------
9###
10### This file is part of the distorted.org.uk key management suite.
11###
12### distorted-keys is free software; you can redistribute it and/or modify
13### it under the terms of the GNU General Public License as published by
14### the Free Software Foundation; either version 2 of the License, or
15### (at your option) any later version.
16###
17### distorted-keys is distributed in the hope that it will be useful,
18### but WITHOUT ANY WARRANTY; without even the implied warranty of
19### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20### GNU General Public License for more details.
21###
22### You should have received a copy of the GNU General Public License
23### along with distorted-keys; if not, write to the Free Software Foundation,
24### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25
26set -e
27case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
28. "$KEYSLIB"/keyfunc.sh
29
30defhelp <<HELP
31[-pt] KEEPER [INDICES ...]
32Typeset cards for a set of keeper secrets.
33
34This program creates a set of printable cards containing key nubs from the
35keeper set KEEPER, specifically the keys with the given INDICES. Elements of
36the list are either simple integers or ranges [LOW]-[HIGH]; if LOW is
37omitted, it means 0, and if HIGH is omitted, it means the highest possible
38index. If no INDICES are given then all secret keys are written.
39
40The public keys are found in $KEYS/keeper/KEEPER/I.pub;
41key nubs are read from the safe place where \`keys new-keeper' left
42them.
43
44If the \`-p' option is given, then the output is a PostScript file which
45can be printed immediately. If the \`-t' option is given, then the output
46is a \`tar' archive containing a TeX source file and images, which must
47be processed using \`latex' and \`dvips'. The default is \`-t'.
48HELP
49
50## Read options.
51mode=tar
52while getopts "pt" opt; do
53 case "$opt" in
54 p) mode=ps ;;
55 t) mode=tar ;;
56 *) usage_err ;;
57 esac
58done
59shift $(( $OPTIND - 1 ))
60
61## Parse the command line.
62case $# in 0) usage_err ;; esac
63keeper=$1; shift
64checkword "keeper set label" "$keeper"
65
66## Find out about the set.
67if [ ! -f $KEYS/keeper/$keeper/meta ]; then
68 echo >&2 "$quis: unknown keeper set \`$keeper'"
69 exit 1
70fi
71read n hunoz <$KEYS/keeper/$keeper/meta
72
73## Check that nubs are available for the keeper set.
74reqsafe
75if [ ! -d $SAFE/keys.keeper/$keeper/ ]; then
76 echo >&2 "$quis: no nubs available for keeper set \`$keeper'"
77 exit 1
78fi
79cd $SAFE/keys.keeper/$keeper/
80
81## Build a colon-separated list of the indices we actually want.
82want=:
83case $# in 0) set 0- ;; esac
84for range in "$@"; do
85 case "$range" in
86 *[!-0-9]* | *[!0-9]*-* | *-*[!0-9]*)
87 echo >&2 "$quis: bad index range \`$range'"
88 exit 1
89 ;;
90 *-*)
91 low=${range%-*} high=${range#*-}
92 ;;
93 *)
94 low=$range high=$range
95 ;;
96 esac
97 case "$low" in ?*) ;; *) low=0 ;; esac
98 case "$high" in ?*) ;; *) high=$(( $n - 1 )) ;; esac
99 if [ 0 -gt $low -o $low -gt $high -o $high -ge $n ]; then
100 echo >&2 "$quis: invalid index range \`$range'"
101 exit 1
102 fi
103 i=$(( $low + 0 ))
104 while [ $i -le $high ]; do
105 case $want in *:"$i":*) ;; *) want=$want$i: ;; esac
106 i=$(( $i + 1 ))
107 done
108done
109
110## Start working on the output file. This will contain deep secrets, so
111## don't leave stuff easily readable.
112mktmp
113umask 077
114exec 3>$tmp/$keeper.tex
115cat >&3 $ETC/keeper-cards.tex
116
117## Write the basic configuration stuff.
118cat >&3 <<EOF
119
120%% General configuration for the cards.
121\def\keeper{$keeper}
122\def\total{$n}
123EOF
124
125## Start the document body.
126cat >&3 <<'EOF'
127
128%% The actual content.
129\begin{document}
130EOF
131
132## Work through the requested indices.
133i=0
134while [ $i -lt $n ]; do
135 case $want in
136 *:"$i":*)
137 read secret <$i
138 tr -d '\n' <$i | qrencode -m0 -s1 -o$tmp/$i.png
139 convert $tmp/$i.png $tmp/$i.eps
140 cat >&3 <<EOF
141\card{$i}{$secret}
142EOF
143 esac
144 i=$(( $i + 1 ))
145done
146
147## Wrap up and build the document.
148cat >&3 <<'EOF'
149\end{document}
150EOF
151exec 3>&-
152
153case $mode in
154 ps)
155 if ! (cd $tmp
156 exec </dev/null >tex.out 2>&1
157 latex $keeper.tex && dvips -o$keeper.ps $keeper.dvi); then
158 echo >&2 "$quis: document formatting failed"
159 sed >&2 's/^/| /' $tmp/tex.out
160 exit 1
161 fi
162 cat $tmp/$keeper.ps
163 ;;
164 tar)
165 (cd $tmp; tar cf - $keeper.tex *.eps)
166 ;;
167esac
168
169###----- That's all, folks --------------------------------------------------