extract-profile: Add manpage.

[distorted-keys] / keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index dda8a2eea0327f41ceb9c758faca6afb57308991..dca8deef9b0545527f07c44d330a4f5e970087f9 100644 (file)
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -154,8 +154,14 @@ check () {
 
   validp=t
   case "$thing" in
-    *"$nl"*) validp=nil ;;
-    *) if ! expr >/dev/null "Q$thing" : "Q$ckpat\$"; then validp=nil; fi ;;
+    *"$nl"*)
+      validp=nil
+      ;;
+    *)
+      if ! expr >/dev/null "Q$thing" : "\(Q$ckpat\)\$"; then
+      validp=nil
+      fi
+      ;;
   esac
   case $validp in
     nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;;
@@ -322,6 +328,7 @@ nubid () {
   ## to demonstrate the same idiocy as GNU mumblesum.
   set _ $({ echo "distorted-keys nubid"; cat -; } |
     openssl dgst -${kprop_nubid_hash-sha256})
+  if [ $# -gt 2 ]; then shift; fi
   echo $2
 }
 
@@ -418,19 +425,20 @@ c_genkey () {
   ## options to the key type.
 
   ## Set options and check them.
+  kopt_owner=$kowner kopt_label=$klabel
   setprops "option" kopt_ "$@"
   checkprops "option" kopt_ "$k_genopts"
 
   ## Create directory structure and start writing metadata.
   rm -rf "$kdir.new"
   mkdir -m755 -p "$kdir.new"
-  case "$knub" in */*) mkdir -m700 -p "${knub%/*}" ;; esac
+  case "$knub" in */*) mkdir -m755 -p "${knub%/*}" ;; esac
   cat >"$kdir.new/meta" <<EOF
 $profile
 EOF
 
   ## Generate the key.
-  umask=$(umask); umask 077; >"$knub.new"; umask $umask
+  (umask 077; makenub >"$knub.new")
   k_generate "$kdir.new" "$knub.new"
   $hook "$kdir.new" "$knub.new"
 
@@ -611,21 +619,23 @@ stash () {
 }
 
 recover () {
-  recov=$1 label=$2
+  recov=$1 inst=$2 label=$3
   ## Recover a stashed secret, protected by RECOV and stored as LABEL, and
   ## write it to stdout.
   checkword "recovery key label" "$recov"
+  checkword "recovery instance" "$inst"
   checklabel "secret" "$label"
 
-  rdir=$KEYS/recov/$recov/current
+  rdir=$KEYS/recov/$recov/$inst
   if [ ! -f $rdir/$label.recov ]; then
-    echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov'"
+    echo >&2 "$quis: recovery key \`$recov/$inst' has no blob for \`$label'"
     exit 1
   fi
   reqsafe
-  nub=$SAFE/keys.reveal/$recov.current/nub
+  tag=$recov.$inst
+  nub=$SAFE/keys.reveal/$tag/nub
   if [ ! -f $nub ]; then
-    echo >&2 "$quis: current recovery key \`$recov' not revealed"
+    echo >&2 "$quis: recovery key \`$recov/$inst' not revealed"
     exit 1;
   fi
   mktmp
@@ -661,7 +671,7 @@ usage_err () { usage >&2; exit 1; }
 ### Subcommand handling.
 
 version () {
-  echo "$PACKAGE version $VERSION"
+  echo "$quis, $PACKAGE version $VERSION"
 }
 
 unset cmdargs
@@ -717,6 +727,7 @@ $cmds
 EOF
        case $foundp in
          t)
+           usage; echo
            eval help=\$help_$cmdname; echo "$help"
            ;;
          nil)