[distorted-keys] / keys.delete-keeper

#! /bin/sh
###
### Delete a keeper set
###
### (c) 2012 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk key management suite.
###
### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

set -e
case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
. "$KEYSLIB"/keyfunc.sh

defhelp <<HELP
KEEPER
Delete the keeper set named KEEPER.
HELP

## Parse the command line.
case $# in 1) ;; *) usage_err ;; esac
keeper=$1
checkword "keeper set label" "$keeper"

## Check that the set actually exists.
cd $KEYS/keeper
if [ ! -d $keeper ]; then
  echo >&2 "$quis: unknown keeper set \`$keeper'"
  exit 1
fi

## Make sure that there aren't recovery keys which would be orphaned by
## deleting this keeper set.
unset deps
if [ -d $KEYS/recov ]; then
  cd $KEYS/recov

  ## Work through the available recovery keys.
  for r in $(find . -type l -name current -print); do
    r=${r#./}; r=${r%/current}
    if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi

    ## Now work through the instances.
    for ri in $r/*; do
      i=${ri##*/}
      case "$i" in *[!0-9]*) continue ;; esac

      ## For each recovery key, make sure that: either it doesn't depend on
      ## this keeper set, or it also depends on at least one other set.  If
      ## not, add it to the `deps' list.
      this=nil others=nil
      for kp in $r/current/*.param; do
	k=${kp##*/}; k=${k%.param}
	case $k in $keeper) this=t ;; *) others=t ;; esac
      done
      case $this,$others in t,nil) deps="$deps $ri" ;; esac
    done
  done
fi

## If we found any hard dependencies, report a failure.
case "${deps+t}" in
  t)
    echo >&2 "$quis: deleting keeper \`$keeper' would orphan recovery keys:"
    for d in $deps; do echo 2>&1 "	$d"; done
    exit 1
    ;;
esac

## Disentangle the dependent recovery keys from this keeper set.
if [ -d $KEYS/recov ]; then
  cd $KEYS/recov

  ## Work through the recovery keys again.
  for r in $(find . -type l -name current -print); do
    r=${r#./}; r=${r%/current}
    if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi

    ## Remove the keeper data from the key's instances.
    for ri in $i/*; do
      i=${ri##*/}
      case "$i" in *[!0-9]*) continue ;; esac
      rm -f $ri/$keeper.*
    done

    ## Work through the current keepers, and remove our keeper's name from
    ## the list.
    changep=nil
    while read k rest; do
      case $k in $keeper) changep=t ;; *) echo "$k $rest" ;; esac
    done <$r/keepers >$r/keepers.new
    case $changep in
      t) mv $r/keepers.new $r/keepers ;;
      nil) rm $r/keepers.new ;;
    esac
  done
fi

## Finally, actually delete the keeper keys.
cd $KEYS/keeper
rm -r $keeper

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
865fc4a1 MW	1	#! /bin/sh
	2	###
	3	### Delete a keeper set
	4	###
	5	### (c) 2012 Mark Wooding
	6	###
	7
	8	###----- Licensing notice ---------------------------------------------------
	9	###
	10	### This file is part of the distorted.org.uk key management suite.
	11	###
	12	### distorted-keys is free software; you can redistribute it and/or modify
	13	### it under the terms of the GNU General Public License as published by
	14	### the Free Software Foundation; either version 2 of the License, or
	15	### (at your option) any later version.
	16	###
	17	### distorted-keys is distributed in the hope that it will be useful,
	18	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	### GNU General Public License for more details.
	21	###
	22	### You should have received a copy of the GNU General Public License
	23	### along with distorted-keys; if not, write to the Free Software Foundation,
	24	### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25
	26	set -e
	27	case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
	28	. "$KEYSLIB"/keyfunc.sh
	29
	30	defhelp <<HELP
	31	KEEPER
	32	Delete the keeper set named KEEPER.
	33	HELP
	34
3dadccdb	35	## Parse the command line.
865fc4a1 MW	36	case $# in 1) ;; *) usage_err ;; esac
	37	keeper=$1
	38	checkword "keeper set label" "$keeper"
	39
3dadccdb	40	## Check that the set actually exists.
865fc4a1 MW	41	cd $KEYS/keeper
	42	if [ ! -d $keeper ]; then
	43	echo >&2 "$quis: unknown keeper set \`$keeper'"
	44	exit 1
	45	fi
	46
3dadccdb MW	47	## Make sure that there aren't recovery keys which would be orphaned by
3dadccdb MW	48	## deleting this keeper set.
865fc4a1 MW	49	unset deps
	50	if [ -d $KEYS/recov ]; then
	51	cd $KEYS/recov
3dadccdb MW	52
3dadccdb MW	53	## Work through the available recovery keys.
865fc4a1 MW	54	for r in $(find . -type l -name current -print); do
	55	r=${r#./}; r=${r%/current}
	56	if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi
3dadccdb MW	57
3dadccdb MW	58	## Now work through the instances.
865fc4a1 MW	59	for ri in $r/*; do
	60	i=${ri##*/}
	61	case "$i" in [!0-9]) continue ;; esac
3dadccdb MW	62
	63	## For each recovery key, make sure that: either it doesn't depend on
	64	## this keeper set, or it also depends on at least one other set. If
	65	## not, add it to the `deps' list.
865fc4a1 MW	66	this=nil others=nil
	67	for kp in $r/current/*.param; do
	68	k=${kp##*/}; k=${k%.param}
	69	case $k in $keeper) this=t ;; *) others=t ;; esac
	70	done
	71	case $this,$others in t,nil) deps="$deps $ri" ;; esac
	72	done
	73	done
	74	fi
3dadccdb MW	75
3dadccdb MW	76	## If we found any hard dependencies, report a failure.
865fc4a1 MW	77	case "${deps+t}" in
	78	t)
	79	echo >&2 "$quis: deleting keeper \`$keeper' would orphan recovery keys:"
	80	for d in $deps; do echo 2>&1 " $d"; done
	81	exit 1
	82	;;
	83	esac
	84
3dadccdb	85	## Disentangle the dependent recovery keys from this keeper set.
865fc4a1 MW	86	if [ -d $KEYS/recov ]; then
865fc4a1 MW	87	cd $KEYS/recov
3dadccdb MW	88
3dadccdb MW	89	## Work through the recovery keys again.
865fc4a1 MW	90	for r in $(find . -type l -name current -print); do
	91	r=${r#./}; r=${r%/current}
	92	if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi
3dadccdb MW	93
3dadccdb MW	94	## Remove the keeper data from the key's instances.
865fc4a1 MW	95	for ri in $i/*; do
	96	i=${ri##*/}
	97	case "$i" in [!0-9]) continue ;; esac
	98	rm -f $ri/$keeper.*
	99	done
3dadccdb MW	100
	101	## Work through the current keepers, and remove our keeper's name from
	102	## the list.
865fc4a1 MW	103	changep=nil
	104	while read k rest; do
	105	case $k in $keeper) changep=t ;; *) echo "$k $rest" ;; esac
	106	done <$r/keepers >$r/keepers.new
	107	case $changep in
	108	t) mv $r/keepers.new $r/keepers ;;
	109	nil) rm $r/keepers.new ;;
	110	esac
	111	done
	112	fi
	113
3dadccdb	114	## Finally, actually delete the keeper keys.
865fc4a1 MW	115	cd $KEYS/keeper
	116	rm -r $keeper
	117
	118	###----- That's all, folks --------------------------------------------------