X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-keys/blobdiff_plain/2a877b7f36d155683f4896c72779a62f20f4b1c3..5cff41ea66c1dd4e60bd255b0f68d7d1f8d22383:/keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index bfcb26b..f134198 100644
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -28,13 +28,14 @@ quis=${0##*/}
 ###--------------------------------------------------------------------------
 ### Configuration variables.
 
+## Automatically configured pathnames.
 PACKAGE="@PACKAGE@" VERSION="@VERSION@"
 bindir="@bindir@"
 
-case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
-
+## Read user configuration.
 if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi
 
+## Maybe turn on debugging.
 case "${KEYS_DEBUG+t}" in t) set -x ;; esac
 
 ###--------------------------------------------------------------------------
@@ -425,7 +426,8 @@ k_verify () { notsupp verify; }
 prepare () {
   key=$1 op=$2
   ## Prepare for a crypto operation OP, using the KEY.  This validates the
-  ## key label, reads the profile, and checks the access-control list.
+  ## key label, reads the profile, and checks the access-control list.  If OP
+  ## is `-' then allow the operation unconditionally.
 
   ## Find the key properties.
   parse_keylabel "$key"
@@ -435,6 +437,7 @@ prepare () {
 
   ## Check whether we're allowed to do this thing.  This is annoyingly
   ## fiddly.
+  case $op in -) return ;; esac
   eval acl=\${kprop_acl_$op-!owner}
   verdict=forbid
   while :; do