3 ### Delete a keeper set
5 ### (c) 2012 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This file is part of the distorted.org.uk key management suite.
12 ### distorted-keys is free software; you can redistribute it and/or modify
13 ### it under the terms of the GNU General Public License as published by
14 ### the Free Software Foundation; either version 2 of the License, or
15 ### (at your option) any later version.
17 ### distorted-keys is distributed in the hope that it will be useful,
18 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
19 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ### GNU General Public License for more details.
22 ### You should have received a copy of the GNU General Public License
23 ### along with distorted-keys; if not, write to the Free Software Foundation,
24 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 case "${KEYSLIB+t}" in t
) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
28 .
"$KEYSLIB"/keyfunc.sh
32 Delete the keeper set named KEEPER.
35 ## Parse the command line.
36 case $# in 1) ;; *) usage_err
;; esac
38 checkword
"keeper set label" "$keeper"
40 ## Check that the set actually exists.
42 if [ ! -d
$keeper ]; then
43 echo >&2 "$quis: unknown keeper set \`$keeper'"
47 ## Make sure that there aren't recovery keys which would be orphaned by
48 ## deleting this keeper set.
50 if [ -d
$KEYS/recov
]; then
53 ## Work through the available recovery keys.
54 for r
in $
(find .
-type l
-name current
-print
); do
55 r
=${r#./}; r
=${r%/current}
56 if ! expr >/dev
/null
"Q$r" : "Q$R_LABEL"; then continue; fi
58 ## Now work through the instances.
61 case "$i" in *[!0-9]*) continue ;; esac
63 ## For each recovery key, make sure that: either it doesn't depend on
64 ## this keeper set, or it also depends on at least one other set. If
65 ## not, add it to the `deps' list.
67 for kp
in $r/current
/*.param
; do
68 k
=${kp##*/}; k
=${k%.param}
69 case $k in $keeper) this
=t
;; *) others
=t
;; esac
71 case $this,$others in t
,nil
) deps
="$deps $ri" ;; esac
76 ## If we found any hard dependencies, report a failure.
79 echo >&2 "$quis: deleting keeper \`$keeper' would orphan recovery keys:"
80 for d
in $deps; do echo 2>&1 " $d"; done
85 ## Disentangle the dependent recovery keys from this keeper set.
86 if [ -d
$KEYS/recov
]; then
89 ## Work through the recovery keys again.
90 for r
in $
(find .
-type l
-name current
-print
); do
91 r
=${r#./}; r
=${r%/current}
92 if ! expr >/dev
/null
"Q$r" : "Q$R_LABEL"; then continue; fi
94 ## Remove the keeper data from the key's instances.
97 case "$i" in *[!0-9]*) continue ;; esac
101 ## Work through the current keepers, and remove our keeper's name from
104 while read k rest
; do
105 case $k in $keeper) changep
=t
;; *) echo "$k $rest" ;; esac
106 done <$r/keepers
>$r/keepers.new
108 t
) mv $r/keepers.new
$r/keepers
;;
109 nil
) rm $r/keepers.new
;;
114 ## Finally, actually delete the keeper keys.
118 ###----- That's all, folks --------------------------------------------------