keys.archive -> cryptop.archive: Command was in the wrong suite.

It uses user keys, and the archives are public.  It doesn't make sense
to restrict it to administrators only.  Also, it wrote its output to the
wrong place.  Since the output is in two pieces, this is fiddly: use a
tarball.

diff --git a/Makefile.am b/Makefile.am
index e169f41..eb8e46f 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -101,7 +101,6 @@ keyfunc.sh: keyfunc.sh.in Makefile
                mv keyfunc.sh.new keyfunc.sh
 
 ## Commands.
-dist_pkglib_SCRIPTS    += keys.archive
 dist_pkglib_SCRIPTS    += keys.conceal
 dist_pkglib_SCRIPTS    += keys.keeper-cards
 dist_pkglib_SCRIPTS    += keys.keeper-nub
@@ -132,6 +131,7 @@ dist_pkglib_DATA    += ktype.seccure
 dist_profile_DATA      += profile.d/01seccure
 
 ## Commands.
+dist_pkglib_SCRIPTS    += cryptop.archive
 dist_pkglib_SCRIPTS    += cryptop.genkey
 dist_pkglib_SCRIPTS    += cryptop.list
 dist_pkglib_SCRIPTS    += cryptop.delkey

diff --git a/keys.archive b/cryptop.archive
similarity index 72%
rename from keys.archive
rename to cryptop.archive
index 3ac414e..40bc5a7 100755 (executable)
--- a/keys.archive
+++ b/cryptop.archive
@@ -28,30 +28,31 @@ case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
 . "$KEYSLIB"/keyfunc.sh
 
 defhelp <<HELP
-LABEL KEY
+LABEL KEY | tar xf -
 Write a publishable archive of the key-management state.
 
-The archive is written to LABEL.tar.gz; a signature is written to
-LABEL.KEY.sig.
+The archive is written to stdout as a tar archive containing two files:
+LABEL.tar.gz contains the actual archive, and LABEL.KEY.sig contains a
+signature.
 
 The archive doesn't contain any unecrypted secrets.  You'll probably need
-a keeper set to get anything useful.
+a keeper set to get anything useful out of it.
 HELP
 
 case $# in 2) ;; *) usage_err ;; esac
-label=$1 key=$2
-checkword "archive label" "$label"
+arch=$1 key=$2
+checkword "archive label" "$arch"
 
 mktmp
 prepare "$key" archive
-( cd $tmp
-  mkdir $label
-  ln -s $ETC $label/config
-  mkdir $label/data
-  ln -s $KEYS/* $label/data/
-  rm -f $label/data/nub
-  tar cf - $label/config/* $label/data/*/* ) | gzip -9c >$label.tar.gz.new
-c_sign $kdir $knub <$label.tar.gz.new >$label.sig.new
-for i in sig tar.gz; do mv $label.$i.new $label.$i; done
+cd $tmp
+mkdir $arch
+ln -s $ETC $arch/config
+mkdir $arch/data
+ln -s $KEYS/* $arch/data/
+rm -f $arch/data/nub
+tar cf - $arch/config/* $arch/data/*/* | gzip -9c >$arch.tar.gz
+c_sign $kdir $knub <$arch.tar.gz >$arch.sig
+tar cf - $arch.tar.gz $arch.sig
 
 ###----- That's all, folks --------------------------------------------------