validp=t
case "$thing" in
- *"$nl"*) validp=nil ;;
- *) if ! expr >/dev/null "Q$thing" : "Q$ckpat\$"; then validp=nil; fi ;;
+ *"$nl"*)
+ validp=nil
+ ;;
+ *)
+ if ! expr >/dev/null "Q$thing" : "\(Q$ckpat\)\$"; then
+ validp=nil
+ fi
+ ;;
esac
case $validp in
nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;;
## to demonstrate the same idiocy as GNU mumblesum.
set _ $({ echo "distorted-keys nubid"; cat -; } |
openssl dgst -${kprop_nubid_hash-sha256})
+ if [ $# -gt 2 ]; then shift; fi
echo $2
}
## Create directory structure and start writing metadata.
rm -rf "$kdir.new"
mkdir -m755 -p "$kdir.new"
- case "$knub" in */*) mkdir -m700 -p "${knub%/*}" ;; esac
+ case "$knub" in */*) mkdir -m755 -p "${knub%/*}" ;; esac
cat >"$kdir.new/meta" <<EOF
$profile
EOF
## Generate the key.
- umask=$(umask); umask 077; >"$knub.new"; umask $umask
+ (umask 077; makenub >"$knub.new")
k_generate "$kdir.new" "$knub.new"
$hook "$kdir.new" "$knub.new"
}
recover () {
- recov=$1 label=$2
+ recov=$1 inst=$2 label=$3
## Recover a stashed secret, protected by RECOV and stored as LABEL, and
## write it to stdout.
checkword "recovery key label" "$recov"
+ checkword "recovery instance" "$inst"
checklabel "secret" "$label"
- rdir=$KEYS/recov/$recov/current
+ rdir=$KEYS/recov/$recov/$inst
if [ ! -f $rdir/$label.recov ]; then
- echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov'"
+ echo >&2 "$quis: recovery key \`$recov/$inst' has no blob for \`$label'"
exit 1
fi
reqsafe
- nub=$SAFE/keys.reveal/$recov.current/nub
+ tag=$recov.$inst
+ nub=$SAFE/keys.reveal/$tag/nub
if [ ! -f $nub ]; then
- echo >&2 "$quis: current recovery key \`$recov' not revealed"
+ echo >&2 "$quis: recovery key \`$recov/$inst' not revealed"
exit 1;
fi
mktmp
### Subcommand handling.
version () {
- echo "$PACKAGE version $VERSION"
+ echo "$quis, $PACKAGE version $VERSION"
}
unset cmdargs
EOF
case $foundp in
t)
+ usage; echo
eval help=\$help_$cmdname; echo "$help"
;;
nil)