Remove `--force' from keys.new-keeper; introduce explicit delete command.

[distorted-keys] / keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index 89decccd77af900104ddacea1f1ce96c7c0f12bf..6cba169629c18ad1761cfdc833a95622aa1787e2 100644 (file)
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -322,6 +322,7 @@ nubid () {
   ## to demonstrate the same idiocy as GNU mumblesum.
   set _ $({ echo "distorted-keys nubid"; cat -; } |
     openssl dgst -${kprop_nubid_hash-sha256})
   ## to demonstrate the same idiocy as GNU mumblesum.
   set _ $({ echo "distorted-keys nubid"; cat -; } |
     openssl dgst -${kprop_nubid_hash-sha256})

+  if [ $# -gt 2 ]; then shift; fi

   echo $2
 }
 
   echo $2
 }
 


@@ -461,6 +462,7 @@ c_verify () { k_verify "$@"; }
 ## Stub implementations.
 notsupp () { op=$1; echo >&2 "$quis: operation \`$op' not supported"; }
 k_info () { :; }
 ## Stub implementations.
 notsupp () { op=$1; echo >&2 "$quis: operation \`$op' not supported"; }
 k_info () { :; }

+k_import () { :; }

 k_encrypt () { notsupp encrypt; }
 k_decrypt () { notsupp decrypt; }
 k_sign () { notsupp sign; }
 k_encrypt () { notsupp encrypt; }
 k_decrypt () { notsupp decrypt; }
 k_sign () { notsupp sign; }


@@ -610,21 +612,23 @@ stash () {
 }
 
 recover () {
 }
 
 recover () {

-  recov=$1 label=$2
+  recov=$1 inst=$2 label=$3

   ## Recover a stashed secret, protected by RECOV and stored as LABEL, and
   ## write it to stdout.
   checkword "recovery key label" "$recov"
   ## Recover a stashed secret, protected by RECOV and stored as LABEL, and
   ## write it to stdout.
   checkword "recovery key label" "$recov"

+  checkword "recovery instance" "$inst"

   checklabel "secret" "$label"
 
   checklabel "secret" "$label"
 

-  rdir=$KEYS/recov/$recov/current
+  rdir=$KEYS/recov/$recov/$inst

   if [ ! -f $rdir/$label.recov ]; then
   if [ ! -f $rdir/$label.recov ]; then

-    echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov'"
+    echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov/$inst'"

     exit 1
   fi
   reqsafe
     exit 1
   fi
   reqsafe

-  nub=$SAFE/keys.reveal/$recov.current/nub
+  tag=$recov.$inst
+  nub=$SAFE/keys.reveal/$tag/nub

   if [ ! -f $nub ]; then
   if [ ! -f $nub ]; then

-    echo >&2 "$quis: current recovery key \`$recov' not revealed"
+    echo >&2 "$quis: current recovery key \`$recov/$inst' not revealed"

     exit 1;
   fi
   mktmp
     exit 1;
   fi
   mktmp


@@ -636,7 +640,7 @@ recover () {
 
 defhelp () {
   read umsg
 
 defhelp () {
   read umsg

-  usage="usage: $quis${umsg+ }$umsg"
+  usage=$umsg

   help=$(cat)
   case "$KEYS_HELP" in t) help; exit ;; esac
 }
   help=$(cat)
   case "$KEYS_HELP" in t) help; exit ;; esac
 }


@@ -644,13 +648,17 @@ defhelp () {
 help () { showhelp; }
 showhelp () {
   cat <<EOF
 help () { showhelp; }
 showhelp () {
   cat <<EOF

-$usage
+Usage: $quis${usage:+ $usage}

 
 $help
 EOF
 }
 
 
 $help
 EOF
 }
 

-usage_err () { echo >&2 "$usage"; exit 1; }
+usage () {
+  : ${cmdargs=$usage}
+  echo "usage: $quis${cmdname:+ $cmdname}${cmdargs:+ $cmdargs}"
+}
+usage_err () { usage >&2; exit 1; }

 
 ###--------------------------------------------------------------------------
 ### Subcommand handling.
 
 ###--------------------------------------------------------------------------
 ### Subcommand handling.


@@ -659,6 +667,20 @@ version () {
   echo "$PACKAGE version $VERSION"
 }
 
   echo "$PACKAGE version $VERSION"
 }
 

+unset cmdargs
+unset cmdname
+cmds=""
+defcmd () {
+  cmd=$1; shift; args=$*
+  help=$(cat)
+  eval help_$cmd=\$help
+  cmds="${cmds:+$cmds
+}$cmd $args"
+}
+
+defcmd help "[COMMAND ...]" <<EOF
+Show help about the COMMANDs, or about $quis if none are named.
+EOF

 cmd_help () {
   rc=0
   version
 cmd_help () {
   rc=0
   version


@@ -666,30 +688,50 @@ cmd_help () {
     0)
       cat <<EOF
 
     0)
       cat <<EOF
 

-$usage
+Usage: $quis${usage:+ $usage}

 
 Options:
   -h           Show this help text.
   -v           Show the program version number.
 
 
 Options:
   -h           Show this help text.
   -v           Show the program version number.
 

-Commands installed:
+Commands provided:

 EOF
 EOF

-      cd "$KEYSLIB"
-      for i in $prefix.*; do
-       if [ ! -x "$i" ]; then continue; fi
-       sed -n "/<<HELP/{n;s/^/ ${i#$prefix.} /;p;q;}" "$i"
-      done
+      while read cmd args; do echo "   $cmd${args:+ $args}"; done <<EOF
+$cmds
+EOF
+      case ${prefix+t} in
+       t)
+         cd $KEYSLIB
+         for i in $prefix.*; do
+           if [ ! -x "$i" ]; then continue; fi
+           sed -n "/<<HELP/{n;s/^/     ${i#$prefix.} /;p;q;}" "$i"
+         done
+         ;;
+      esac

       ;;
     *)
       ;;
     *)

-      for i in "$@"; do
+      for cmd in "$@"; do

        echo
        echo

-       if [ ! -x "$KEYSLIB/$prefix.$i" ]; then
-         echo >&2 "$quis: unrecognized command \`$i'"
-         rc=1
-         continue
-       elif ! KEYS_HELP=t "$KEYSLIB/$prefix.$i"; then
-         rc=1
-       fi
+       foundp=nil
+       while read cmdname cmdargs; do
+         case $cmdname in "$cmd") foundp=t; break ;; esac
+       done <<EOF
+$cmds
+EOF
+       case $foundp in
+         t)
+           eval help=\$help_$cmdname; echo "$help"
+           ;;
+         nil)
+           if [ ! -x "$KEYSLIB/$prefix.$cmd" ]; then
+             echo >&2 "$quis: unrecognized command \`$cmd'"
+             rc=1
+             continue
+           elif ! KEYS_HELP=t "$KEYSLIB/$prefix.$cmd"; then
+             rc=1
+           fi
+           ;;
+       esac

       done
       ;;
   esac
       done
       ;;
   esac


@@ -697,16 +739,28 @@ EOF
 }
 
 dispatch () {
 }
 
 dispatch () {

-  case $# in 0) echo >&2 "$usage"; exit 1 ;; esac
+  case $# in 0) usage_err ;; esac

   cmd=$1; shift
   cmd=$1; shift

-  case "$cmd" in help) cmd_help "$@"; exit ;; esac
-  if [ ! -x "$KEYSLIB/$prefix.$cmd" ]; then
-    echo >&2 "$quis: unrecognized command \`$cmd'"
-    exit 1
-  fi
-
-  unset KEYS_HELP
-  exec "$KEYSLIB/$prefix.$cmd" "$@"
+  foundp=nil
+  while read cmdname cmdargs; do
+    case $cmdname in "$cmd") foundp=t; break ;; esac
+  done <<EOF
+$cmds
+EOF
+  case $foundp in
+    t)
+      OPTIND=1
+      cmd_$cmdname "$@"
+      ;;
+    nil)
+      if [ ! -x "$KEYSLIB/$prefix.$cmd" ]; then
+       echo >&2 "$quis: unrecognized command \`$cmd'"
+       exit 1
+      fi
+      unset KEYS_HELP
+      exec "$KEYSLIB/$prefix.$cmd" "$@"
+      ;;
+  esac

 }
 
 ###----- That's all, folks --------------------------------------------------
 }
 
 ###----- That's all, folks --------------------------------------------------