Commit | Line | Data |
---|---|---|
865fc4a1 MW |
1 | #! /bin/sh |
2 | ### | |
3 | ### Delete a keeper set | |
4 | ### | |
5 | ### (c) 2012 Mark Wooding | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
10 | ### This file is part of the distorted.org.uk key management suite. | |
11 | ### | |
12 | ### distorted-keys is free software; you can redistribute it and/or modify | |
13 | ### it under the terms of the GNU General Public License as published by | |
14 | ### the Free Software Foundation; either version 2 of the License, or | |
15 | ### (at your option) any later version. | |
16 | ### | |
17 | ### distorted-keys is distributed in the hope that it will be useful, | |
18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ### GNU General Public License for more details. | |
21 | ### | |
22 | ### You should have received a copy of the GNU General Public License | |
23 | ### along with distorted-keys; if not, write to the Free Software Foundation, | |
24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | ||
26 | set -e | |
27 | case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac | |
28 | . "$KEYSLIB"/keyfunc.sh | |
29 | ||
30 | defhelp <<HELP | |
31 | KEEPER | |
32 | Delete the keeper set named KEEPER. | |
33 | HELP | |
34 | ||
3dadccdb | 35 | ## Parse the command line. |
865fc4a1 MW |
36 | case $# in 1) ;; *) usage_err ;; esac |
37 | keeper=$1 | |
38 | checkword "keeper set label" "$keeper" | |
39 | ||
3dadccdb | 40 | ## Check that the set actually exists. |
865fc4a1 MW |
41 | cd $KEYS/keeper |
42 | if [ ! -d $keeper ]; then | |
43 | echo >&2 "$quis: unknown keeper set \`$keeper'" | |
44 | exit 1 | |
45 | fi | |
46 | ||
3dadccdb MW |
47 | ## Make sure that there aren't recovery keys which would be orphaned by |
48 | ## deleting this keeper set. | |
865fc4a1 MW |
49 | unset deps |
50 | if [ -d $KEYS/recov ]; then | |
51 | cd $KEYS/recov | |
3dadccdb MW |
52 | |
53 | ## Work through the available recovery keys. | |
865fc4a1 MW |
54 | for r in $(find . -type l -name current -print); do |
55 | r=${r#./}; r=${r%/current} | |
56 | if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi | |
3dadccdb MW |
57 | |
58 | ## Now work through the instances. | |
865fc4a1 MW |
59 | for ri in $r/*; do |
60 | i=${ri##*/} | |
61 | case "$i" in *[!0-9]*) continue ;; esac | |
3dadccdb MW |
62 | |
63 | ## For each recovery key, make sure that: either it doesn't depend on | |
64 | ## this keeper set, or it also depends on at least one other set. If | |
65 | ## not, add it to the `deps' list. | |
865fc4a1 MW |
66 | this=nil others=nil |
67 | for kp in $r/current/*.param; do | |
68 | k=${kp##*/}; k=${k%.param} | |
69 | case $k in $keeper) this=t ;; *) others=t ;; esac | |
70 | done | |
71 | case $this,$others in t,nil) deps="$deps $ri" ;; esac | |
72 | done | |
73 | done | |
74 | fi | |
3dadccdb MW |
75 | |
76 | ## If we found any hard dependencies, report a failure. | |
865fc4a1 MW |
77 | case "${deps+t}" in |
78 | t) | |
79 | echo >&2 "$quis: deleting keeper \`$keeper' would orphan recovery keys:" | |
80 | for d in $deps; do echo 2>&1 " $d"; done | |
81 | exit 1 | |
82 | ;; | |
83 | esac | |
84 | ||
3dadccdb | 85 | ## Disentangle the dependent recovery keys from this keeper set. |
865fc4a1 MW |
86 | if [ -d $KEYS/recov ]; then |
87 | cd $KEYS/recov | |
3dadccdb MW |
88 | |
89 | ## Work through the recovery keys again. | |
865fc4a1 MW |
90 | for r in $(find . -type l -name current -print); do |
91 | r=${r#./}; r=${r%/current} | |
92 | if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi | |
3dadccdb MW |
93 | |
94 | ## Remove the keeper data from the key's instances. | |
865fc4a1 MW |
95 | for ri in $i/*; do |
96 | i=${ri##*/} | |
97 | case "$i" in *[!0-9]*) continue ;; esac | |
98 | rm -f $ri/$keeper.* | |
99 | done | |
3dadccdb MW |
100 | |
101 | ## Work through the current keepers, and remove our keeper's name from | |
102 | ## the list. | |
865fc4a1 MW |
103 | changep=nil |
104 | while read k rest; do | |
105 | case $k in $keeper) changep=t ;; *) echo "$k $rest" ;; esac | |
106 | done <$r/keepers >$r/keepers.new | |
107 | case $changep in | |
108 | t) mv $r/keepers.new $r/keepers ;; | |
109 | nil) rm $r/keepers.new ;; | |
110 | esac | |
111 | done | |
112 | fi | |
113 | ||
3dadccdb | 114 | ## Finally, actually delete the keeper keys. |
865fc4a1 MW |
115 | cd $KEYS/keeper |
116 | rm -r $keeper | |
117 | ||
118 | ###----- That's all, folks -------------------------------------------------- |