case $# in 0) ;; *) usage_err ;; esac
+## Collect information about available recovery keys.
if [ -d $KEYS/recov ]; then
cd $KEYS/recov
+
+ ## No keeper sets encountered yet.
kk=:
- for r in $(find . -type l -name current -print); do
- r=${r#./}; r=${r%/current}
- if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi
- set _ $(echo $r | md5sum); rh=$2
- eval rcur_$rh=$(readlink $r/current) r_$rh=\$r
+
+ ## Iterate over recovery keys.
+ for r in *; do
+ if [ ! -d $r ]; then continue; fi
+
+ ## Now work through the instances of this recovery key.
for ri in $r/*; do
+
+ ## Get the instance number.
i=${ri##*/}
case "$i" in *[!0-9]*) continue ;; esac
+
+ ## Read the keeper sharing parameters.
for kp in $ri/*.param; do
+
+ ## Find the keeper name.
k=${kp##*/}; k=${k%.param}
+
+ ## Add this keeper to the list if we haven't already, and clear the
+ ## list of associated recovery keys.
case $kk in *:$k:*) ;; *) kk=$kk$k:; unset rr_$k ;; esac
- eval t_$k_$rh_$i='$(sharethresh $kp)'
- eval "rr_$k=\${rr_$k+\$rr_$k }$rh/$i"
+
+ ## Associate this recovery key instance with the keeper set, and
+ ## store information about the sharing.
+ eval t_$k_$r_$i='$(sharethresh $kp)'
+ eval "rr_$k=\${rr_$k+\$rr_$k }$r/$i"
done
done
done
fi
+## Now work through the keeper sets.
if [ ! -d $KEYS/keeper ]; then
echo >&2 "$quis: no keepers"
else
cd $KEYS/keeper
+
+ ## Iterate over the keeper sets.
+ firstp=t
for k in *; do
+
+ ## Make sure that this really looks like a keeper set.
checkword "keeper set label" "$k"
if [ ! -r $k/meta ]; then continue; fi
+
+ ## Read the keeper metadata, and print basic stuff about it.
read n hunoz <$k/meta
readmeta $k/0
+ case $firstp in t) firstp=nil ;; nil) echo ;; esac
echo "$k profile=$profile n=$n"
+
+ ## Print the sharing information, including the keeper nubids.
echo " share"
i=0; while [ $i -lt $n ]; do
nubid=$(cat $k/$i/nubid)
echo " $i nubid=$nubid"
i=$(( $i + 1 ))
done
+
+ ## Print the associated recovery keys.
echo " recov"
eval rr=\$rr_$k
for ri in $rr; do
- rh=${ri%/*} i=${ri##*/}
- eval r=\$r_$rh
- eval t=\$t_$k_$rh_$i
+
+ ## Pick out the hash and instance number, and extract the rest of the
+ ## data from this recovery key.
+ r=${ri%/*} i=${ri##*/}
+ eval t=\$t_$k_$r_$i
+
+ ## Start assembling an information line.
info="$r/$i t=$t"
- set $(echo $r/$i | tr / .) revealed
- eval rcur=\$rcur_$rh
- case $rcur in $i) set "$@" $(echo $r/current | tr / .) current ;; esac
+
+ ## Determine the revelation status of the recovery key. There are
+ ## maybe things to check: the revelation of the key by explicit
+ ## instance, or, if applicable, as the current instance. Build in the
+ ## positional parameters a sequence of DIR WHAT pairs to process.
+ set $r.$i revealed
+ eval rcur=\$rcur_$r
+ case $rcur in $i) set "$@" $r.current current ;; esac
while [ $# -gt 0 ]; do
rd=$SAFE/keys.reveal/$1 attr=$2; shift 2
if [ ! -d $rd ]; then
info="$info $attr=$ss"
fi
done
+
+ ## Print this information.
echo " $info"
done
done
~mdw / distorted-keys / blobdiff