RoUS · April 15, 2015 21:19
diff --git a/keem.sh b/keem.sh
 #! /bin/bash
 # -*- coding: utf-8 -*-
 #--
 #   Copyright © 2015 Ken Coar
 #
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
 #   You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #   Unless required by applicable law or agreed to in writing, software
 #   distributed under the License is distributed on an "AS IS" BASIS,
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
 #++
 #
 # keem -- GPG key management.
 #
 # A bit of a kludge, but better than doing it all by hand after every
 # key signing party..
 #
 # -c <lev>    Cert level to assign to key (0-3, default 1)
 # -D          Download the keys to sign
 # -s <server> Server from which to download the keys
 # -S          Sign the keys
 # -t          Use a temporary keyring rather than installing the keys on your
 #             default keyring; doesn't update the trustdb and the files are
 #             deleted on exit
 # -T <file>   Use the specified name for the keyring and trustdb.
 # -u <keyid>  Key with which to sign (can be repeated for multiple keys)
 # -U          Upload the keys again
 # -y	      Add '--yes' tp gpg commands
 #
 # List of key IDs to sign read from the remainder of the command line..
 #
 KEYS2SIGN=''
 SIGN=''
 CERTLEVEL='1'
 KSERVER='minsky.surfnet.nl'
 DOWNLOAD=''
 UPLOAD=''
 TEMPPFX="/tmp/keem-temp-$$"
 TEMPRING="${TEMPPFX}.gpg"
 TEMPTDB="${TEMPPFX}-trust.gpg"
 USETEMP=''
 ASSUMEYES=''
 trap "rm -f ${TEMPPFX}*" EXIT

 while test -n "${1}" ; do
    case "${1}" in
        -c)			# Set the trust level to this
            shift
            CERTLEVEL="${1}"
            shift
            ;;
        -D)			# Download the keys first
            shift
            DOWNLOAD='yes'
            ;;
        -h|--help)
            cat <<EOF
 Usage:
    $0 [ options ] keyID [...]

 Options:
  -c n       Trust cert level (0-3).
  -D         Download the specified keys from a keyserver.
  -h, --help This text.
  -s server  Keyserver for download/upload operations.
  -S         Sign the keys.
  -t         Use only a temporary keyring, not your default one.
  -T keyring Use the specified filename for the keyring and trustdb.
  -u uid     (Used with -S) Key ID with which to sign.
  -U         Upload the keys to a keyserver
 EOF
            exit 0
            ;;
        -s)			# Use this server for download/upload
            shift
            KSERVER="${1}"
            shift
            ;;
        -S)			# Sign the buggers
            shift
            SIGN='yes'
            ;;
        -t)			# Use a fake keyring
            shift
            USETEMP='yes'
            ;;
        -T)			# Use a fake keyring
            shift
            USETEMP='yes'
            TEMPRING="${1}.gpg"
            TEMPTDB="${1}-trust.gpg"
            touch "${TEMPRING}"
            shift
            ;;
        -u)			# Sign with this key
            shift
            SIGNWITH="${SIGNWITH} -u ${1}"
            shift
            ;;
        -U)			# Upload the results
            shift
            UPLOAD='yes'
            ;;
        -y)			# Upload the results
            shift
            ASSUMEYES='--yes'
            ;;
        --)			# end of options
            shift
            break
            ;;
        -*)			# Huh?
            echo "$(basename ${0}): Unknown option: ${1}"
            exit 1
            ;;
        *)			# Not an option, so starting keys
            KEYS=$(echo $* | sed -e 's/,/ /g;')
            break
            ;;
    esac
 done

 if test -n "${USETEMP}" ; then
    SIGNOPT='--no-auto-check-trustdb'
 fi
 if test -z "${USETEMP}" -o "${TEMPRING}" != "${TEMPPFX}.gpg" ; then
    SIGNOPT="${SIGNOPT} --default-cert-level ${CERTLEVEL} --no-ask-cert-level"
 fi

 if test -n "${KSERVER}" ; then
    KEYSERVER="--keyserver ${KSERVER}"
 fi
 GBLOPT=
 if test -n "${USETEMP}" ; then
    GBLOPT="${GBLOPT} --primary-keyring ${TEMPRING} --trustdb-name ${TEMPTDB}"
 fi

 #
 # Got the keys..  download them.
 #
 if test -n "${DOWNLOAD}" ; then
    gpg ${GBLOPT} ${KEYSERVER} --recv-keys ${KEYS}
 fi
 #
 # Now the tedious bit.  There *really* needs to be a way to batch this..
 # being able to process multiple keys in a single gpg session would mean
 # the passphrase would only need to be entered once.  And the '--yes'
 # option doesn't apply to the 'Really sign all IDs' and 'Really sign key'
 # questions (#@*&@!!).
 #
 if test -n "${SIGN}" ; then
    for KEY in ${KEYS} ; do
        gpg ${GBLOPT} ${SIGNOPT} ${SIGNWITH} ${ASSUMEYES} --sign-key ${KEY}
    done
 fi

 if test -n "$UPLOAD" ; then
    gpg $GBLOPT $KEYSERVER --send-keys $KEYS
 fi
	#! /bin/bash
	# -- coding: utf-8 --
	#--
	# Copyright © 2015 Ken Coar
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#++
	#
	# keem -- GPG key management.
	#
	# A bit of a kludge, but better than doing it all by hand after every
	# key signing party..
	#
	# -c <lev> Cert level to assign to key (0-3, default 1)
	# -D Download the keys to sign
	# -s <server> Server from which to download the keys
	# -S Sign the keys
	# -t Use a temporary keyring rather than installing the keys on your
	# default keyring; doesn't update the trustdb and the files are
	# deleted on exit
	# -T <file> Use the specified name for the keyring and trustdb.
	# -u <keyid> Key with which to sign (can be repeated for multiple keys)
	# -U Upload the keys again
	# -y Add '--yes' tp gpg commands
	#
	# List of key IDs to sign read from the remainder of the command line..
	#
	KEYS2SIGN=''
	SIGN=''
	CERTLEVEL='1'
	KSERVER='minsky.surfnet.nl'
	DOWNLOAD=''
	UPLOAD=''
	TEMPPFX="/tmp/keem-temp-$$"
	TEMPRING="${TEMPPFX}.gpg"
	TEMPTDB="${TEMPPFX}-trust.gpg"
	USETEMP=''
	ASSUMEYES=''
	trap "rm -f ${TEMPPFX}*" EXIT

	while test -n "${1}" ; do
	case "${1}" in
	-c) # Set the trust level to this
	shift
	CERTLEVEL="${1}"
	shift
	;;
	-D) # Download the keys first
	shift
	DOWNLOAD='yes'
	;;
	-h\|--help)
	cat <<EOF
	Usage:
	$0 [ options ] keyID [...]

	Options:
	-c n Trust cert level (0-3).
	-D Download the specified keys from a keyserver.
	-h, --help This text.
	-s server Keyserver for download/upload operations.
	-S Sign the keys.
	-t Use only a temporary keyring, not your default one.
	-T keyring Use the specified filename for the keyring and trustdb.
	-u uid (Used with -S) Key ID with which to sign.
	-U Upload the keys to a keyserver
	EOF
	exit 0
	;;
	-s) # Use this server for download/upload
	shift
	KSERVER="${1}"
	shift
	;;
	-S) # Sign the buggers
	shift
	SIGN='yes'
	;;
	-t) # Use a fake keyring
	shift
	USETEMP='yes'
	;;
	-T) # Use a fake keyring
	shift
	USETEMP='yes'
	TEMPRING="${1}.gpg"
	TEMPTDB="${1}-trust.gpg"
	touch "${TEMPRING}"
	shift
	;;
	-u) # Sign with this key
	shift
	SIGNWITH="${SIGNWITH} -u ${1}"
	shift
	;;
	-U) # Upload the results
	shift
	UPLOAD='yes'
	;;
	-y) # Upload the results
	shift
	ASSUMEYES='--yes'
	;;
	--) # end of options
	shift
	break
	;;
	-*) # Huh?
	echo "$(basename ${0}): Unknown option: ${1}"
	exit 1
	;;
	*) # Not an option, so starting keys
	KEYS=$(echo $* \| sed -e 's/,/ /g;')
	break
	;;
	esac
	done

	if test -n "${USETEMP}" ; then
	SIGNOPT='--no-auto-check-trustdb'
	fi
	if test -z "${USETEMP}" -o "${TEMPRING}" != "${TEMPPFX}.gpg" ; then
	SIGNOPT="${SIGNOPT} --default-cert-level ${CERTLEVEL} --no-ask-cert-level"
	fi

	if test -n "${KSERVER}" ; then
	KEYSERVER="--keyserver ${KSERVER}"
	fi
	GBLOPT=
	if test -n "${USETEMP}" ; then
	GBLOPT="${GBLOPT} --primary-keyring ${TEMPRING} --trustdb-name ${TEMPTDB}"
	fi

	#
	# Got the keys.. download them.
	#
	if test -n "${DOWNLOAD}" ; then
	gpg ${GBLOPT} ${KEYSERVER} --recv-keys ${KEYS}
	fi
	#
	# Now the tedious bit. There really needs to be a way to batch this..
	# being able to process multiple keys in a single gpg session would mean
	# the passphrase would only need to be entered once. And the '--yes'
	# option doesn't apply to the 'Really sign all IDs' and 'Really sign key'
	# questions (#@*&@!!).
	#
	if test -n "${SIGN}" ; then
	for KEY in ${KEYS} ; do
	gpg ${GBLOPT} ${SIGNOPT} ${SIGNWITH} ${ASSUMEYES} --sign-key ${KEY}
	done
	fi

	if test -n "$UPLOAD" ; then
	gpg $GBLOPT $KEYSERVER --send-keys $KEYS
	fi