diff options
author | James Crayne <jim.crayne@gmail.com> | 2015-06-24 03:37:09 -0400 |
---|---|---|
committer | James Crayne <jim.crayne@gmail.com> | 2015-06-24 03:42:39 -0400 |
commit | aa82708a6ee2ff26c093dbd3e25fea8ceed349aa (patch) | |
tree | 3cceda23eed927ae8f91cf97d43f2d147b1fdfe0 /kiki.hs | |
parent | cdcf38baa587a7d44d200dd4fa33a5b20a8765c9 (diff) |
Improving documentation...
Diffstat (limited to 'kiki.hs')
-rw-r--r-- | kiki.hs | 157 |
1 files changed, 91 insertions, 66 deletions
@@ -513,7 +513,11 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
513 | ," [--wallets FILE ...]" | 513 | ," [--wallets FILE ...]" |
514 | ,"" | 514 | ,"" |
515 | ," sync-secret syncs the information inside your OpenGPG keyring with information" | 515 | ," sync-secret syncs the information inside your OpenGPG keyring with information" |
516 | ," in other files. Information flows both in and out of your keyring." | 516 | ," in other files. Information flows both in and out of your keyring. This one command" |
517 | ," is powerful enough to impliment all the functionality of kiki commands in the import-*," | ||
518 | ," export-*, and sync-* families. Those other commands are mainly added to facilitate" | ||
519 | ," a redundant safe gaurd which restricts the flow of information in such a way that is" | ||
520 | ," theoretically less error prone." | ||
517 | ,"" | 521 | ,"" |
518 | ," sync-secret works by first creating a combined database containing all information" | 522 | ," sync-secret works by first creating a combined database containing all information" |
519 | ," and then updating all files (including OpenGPG files, as well as files specified as" | 523 | ," and then updating all files (including OpenGPG files, as well as files specified as" |
@@ -531,10 +535,10 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
531 | ," specified, they will all have the same keys after the the operation completes." | 535 | ," specified, they will all have the same keys after the the operation completes." |
532 | ,"" | 536 | ,"" |
533 | ," The --hosts option is experimental and may be removed in the future. Any files given" | 537 | ," The --hosts option is experimental and may be removed in the future. Any files given" |
534 | ," as arguments to this option will be assumed to be in the format /etc/hosts, and will" | 538 | ," as arguments to this option will be assumed to be in the format of /etc/hosts, and will" |
535 | ," be updated with any hostname information currently stored within your OpenGPG keyring." | 539 | ," be updated with any hostname information currently stored within your OpenGPG keyring." |
536 | ," Additionally, if the file has hostnames for the ip corresponding to a master key, then" | 540 | ," Additionally, if the file has hostnames for the ip corresponding to a master key, then" |
537 | ," then the mastekey is updated with unsigned annotations recording the additional hostnames." | 541 | ," then the masterkey is updated with unsigned annotations recording the additional hostnames." |
538 | ," Warning: this effects all master keys, regardless of whether they have secret key" | 542 | ," Warning: this effects all master keys, regardless of whether they have secret key" |
539 | ," information, hence the annotations being unsigned." | 543 | ," information, hence the annotations being unsigned." |
540 | ,"" | 544 | ,"" |
@@ -545,33 +549,7 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
545 | ," If KEYSPEC arguments appear prior to any of --keyrings, --wallets, or --hosts," | 549 | ," If KEYSPEC arguments appear prior to any of --keyrings, --wallets, or --hosts," |
546 | ," then they are interpretted as if arguments to --keypairs." | 550 | ," then they are interpretted as if arguments to --keypairs." |
547 | ,"" | 551 | ,"" |
548 | ,"FLAGS" | 552 | ] ++ syncflags ++ specifyingFiles |
549 | ," --help Gives usage information" | ||
550 | ,"" | ||
551 | ," --homedir PATH Specifies the path where pubring.gpg and secring.gpg are located." | ||
552 | ," Typically this would be your ~/.gnupg or the contents of the" | ||
553 | ," GNUPGHOME environment variable." | ||
554 | ,"" | ||
555 | ," --passphrase-fd FD The file descriptor from which to read a passphrase." | ||
556 | ,"" | ||
557 | ," --import Update home keyring files (pubring.gpg and secring.gpg) with" | ||
558 | ," new master keys found in the input files specified by the" | ||
559 | ," --keyrings option. Note that new subkeys for known master-key" | ||
560 | ," identities will be imported regardless." | ||
561 | ,"" | ||
562 | ," --import-if-authentic" | ||
563 | ," Like --import except that it requires a signature from the" | ||
564 | ," working key on any new identities that are imported into the" | ||
565 | ," home keyring files." | ||
566 | ,"" | ||
567 | ," --autosign Create or sign a self-authenticating UID based on tor key." | ||
568 | ," Combine this with --import-if-authentic to import self-authenticating" | ||
569 | ," identities that may not have previously been signed." | ||
570 | ,"" | ||
571 | ," --show-wk After the operation completes, output the possibly modified working" | ||
572 | ," key identity information." | ||
573 | ,"" | ||
574 | ] ++ syncflags | ||
575 | "sync-public" -> unlines $ | 553 | "sync-public" -> unlines $ |
576 | ["kiki sync-public [options...]" | 554 | ["kiki sync-public [options...]" |
577 | ,"" | 555 | ,"" |
@@ -592,7 +570,7 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
592 | ," specifying a substring of an associated UID." | 570 | ," specifying a substring of an associated UID." |
593 | ,"" | 571 | ,"" |
594 | ," (See 'kiki help spec' for more information.)" | 572 | ," (See 'kiki help spec' for more information.)" |
595 | ] ++ syncflags | 573 | ] ++ syncflags ++ specifyingFiles |
596 | "import-secret" -> unlines $ | 574 | "import-secret" -> unlines $ |
597 | ["kiki import-secret [options...]" | 575 | ["kiki import-secret [options...]" |
598 | ,"" | 576 | ,"" |
@@ -600,7 +578,9 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
600 | ," alter any files outside of the home directory (see --homedir)." | 578 | ," alter any files outside of the home directory (see --homedir)." |
601 | ,"" | 579 | ,"" |
602 | ," The files pubring.gpg and secring.gpg in the directory specified by the " | 580 | ," The files pubring.gpg and secring.gpg in the directory specified by the " |
603 | ," --homedir option are implicitly included in the keyring set." | 581 | ," --homedir option are implicitly included in the keyring set. Unlike the" |
582 | ," sync-secret command, information will flow into these files, but not out" | ||
583 | ," of them." | ||
604 | ,"" | 584 | ,"" |
605 | ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" | 585 | ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" |
606 | ," indicates what the key is for. This tag can be used as a SPEC to select a" | 586 | ," indicates what the key is for. This tag can be used as a SPEC to select a" |
@@ -608,7 +588,7 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
608 | ," specifying a substring of an associated UID." | 588 | ," specifying a substring of an associated UID." |
609 | ,"" | 589 | ,"" |
610 | ," (See 'kiki help spec' for more information.)" | 590 | ," (See 'kiki help spec' for more information.)" |
611 | ] ++ syncflags | 591 | ] ++ syncflags ++ specifyingFiles |
612 | "import-public" -> unlines $ | 592 | "import-public" -> unlines $ |
613 | ["kiki import-public [options...]" | 593 | ["kiki import-public [options...]" |
614 | ,"" | 594 | ,"" |
@@ -629,18 +609,21 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
629 | ," specifying a substring of an associated UID." | 609 | ," specifying a substring of an associated UID." |
630 | ,"" | 610 | ,"" |
631 | ," (See 'kiki help spec' for more information.)" | 611 | ," (See 'kiki help spec' for more information.)" |
632 | ] ++ syncflags | 612 | ] ++ syncflags ++ specifyingFiles |
633 | "export-secret" -> unlines $ | 613 | "export-secret" -> unlines $ |
634 | ["kiki export-secret [options...]" | 614 | ["kiki export-secret [options...]" |
635 | ,"" | 615 | ,"" |
636 | ," export-secret updates a set of key files using information from your keyring." | 616 | ," export-secret updates a set of key files using information from your keyring." |
637 | ,"" | 617 | ,"" |
638 | ," The files pubring.gpg and secring.gpg in the directory specified by the " | 618 | ," The files pubring.gpg and secring.gpg in the directory specified by the" |
639 | ," --homedir option are implicitly included in the keyring set." | 619 | ," --homedir option are implicitly included in the keyring set. Unlike with the" |
620 | ," sync-secret command, information only flows out of these files and not in to" | ||
621 | ," them. Barring this however, the usage and behavior of export-secret is similar" | ||
622 | ," to that of sync-secret." | ||
640 | ,"" | 623 | ,"" |
641 | ," (See 'kiki help spec' for more information.)" | 624 | ," (See 'kiki help spec' for more information.)" |
642 | ,"" | 625 | ,"" |
643 | ] ++ syncflags | 626 | ] ++ syncflags ++ specifyingFiles |
644 | "export-public" -> unlines $ | 627 | "export-public" -> unlines $ |
645 | ["kiki export-public [options...]" | 628 | ["kiki export-public [options...]" |
646 | ,"" | 629 | ,"" |
@@ -653,39 +636,43 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
653 | ,"" | 636 | ,"" |
654 | ," (See 'kiki help spec' for more information.)" | 637 | ," (See 'kiki help spec' for more information.)" |
655 | ,"" | 638 | ,"" |
656 | ] ++ syncflags | 639 | ] ++ specifyingFiles |
657 | "spec" -> unlines keyspec | 640 | "spec" -> unlines keyspec |
658 | where | 641 | where |
659 | commonOptions :: [String] | 642 | commonOptions :: [String] |
660 | commonOptions = | 643 | commonOptions = |
661 | [" --homedir DIR" | 644 | [" --help" |
662 | ," Where to find the the files secring.gpg and pubring.gpg. The " | 645 | ," Gives usage information" |
663 | ," default location is taken from the environment variable " | ||
664 | ," GNUPGHOME." | ||
665 | ,"" | 646 | ,"" |
666 | ," --passphrase-fd N" | 647 | ," --homedir DIR" |
667 | ," Read passphrase from the given file descriptor." | 648 | ," Where to find the files secring.gpg and pubring.gpg. The" |
649 | ," default location is taken from the environment variable" | ||
650 | ," GNUPGHOME. If this environment variable is not set and no" | ||
651 | ," directory is specified using this option then a hardcoded" | ||
652 | ," default of ~/.gnupg is assumed. " | ||
653 | ,"" | ||
654 | ," WARNING: Confusingly, this is *not* your home directory as" | ||
655 | ," given by the HOME environment variable. The option is named" | ||
656 | ," or rather misnamed in a fashion similar to the gpg option with" | ||
657 | ," exactly the same functionality." | ||
658 | ,""] ++ documentPassphraseFDFlag bExport bImport bSecret ++ showwk | ||
659 | showwk :: [String] | ||
660 | showwk = | ||
661 | [" --show-wk" | ||
662 | ," After the operation completes, output the possibly modified" | ||
663 | ," working key identity information." | ||
668 | ,"" | 664 | ,"" |
669 | ] | 665 | ] |
670 | syncflags :: [String] | 666 | syncflags :: [String] |
671 | syncflags = | 667 | syncflags = |
672 | ["" | 668 | ["" |
673 | ,"Flags:"] ++ commonOptions ++ | 669 | ,"Flags:"] ++ commonOptions |
674 | [" --import Add master keys to pubring.gpg. Without this option, only UID" | 670 | ++ documentImportFlag bExport bImport bSecret |
675 | ," and subkey data is updated. " | 671 | ++ documentImportIfAuthenticFlag bExport bImport bSecret |
676 | ,"" | 672 | ++ documentAutoSignFlag bExport bImport bSecret |
677 | ," --import-if-authentic" | 673 | specifyingFiles :: [String] |
678 | ," Add signed master keys to pubring.gpg. Like --import except that" | 674 | specifyingFiles = |
679 | ," only keys with signatures from the working key (--show-wk) are" | 675 | ["SPECIFYING FILES:" |
680 | ," imported." | ||
681 | ,"" | ||
682 | ," --autosign Sign all cross-certified tor-style UIDs." | ||
683 | ," A tor-style UID is of the form:" | ||
684 | ," Anonymous <root@HOSTNAME.onion>" | ||
685 | ," It is considered cross certified if there exists a cross-certified" | ||
686 | ," 'tor' subkey corresponding to the address HOSTNAME.onion." | ||
687 | ,"" | ||
688 | ,"SPECIFYING FILES:" | ||
689 | ] ++ documentKeyPairsOption bExport bImport bSecret | 676 | ] ++ documentKeyPairsOption bExport bImport bSecret |
690 | ++ documentKeyRingsOption bExport bImport bSecret | 677 | ++ documentKeyRingsOption bExport bImport bSecret |
691 | ++ documentWalletsOption bExport bImport bSecret | 678 | ++ documentWalletsOption bExport bImport bSecret |
@@ -728,6 +715,37 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
728 | ," 5E24CD442AA6965D2012E62A905C24185D5379C2" | 715 | ," 5E24CD442AA6965D2012E62A905C24185D5379C2" |
729 | ] | 716 | ] |
730 | 717 | ||
718 | documentPassphraseFDFlag bExport bImport bSecret = | ||
719 | [" --passphrase-fd FD" | ||
720 | ," The file descripter from which to read a passphrase. If FD is" | ||
721 | ," 0, then the passphrase is inputted via stdin. Note that this" | ||
722 | ," requires the user to issue CTRL-D to send EOF, so that kiki" | ||
723 | ," knows to continue." | ||
724 | ,""] | ||
725 | |||
726 | documentImportFlag bExport bImport bSecret = | ||
727 | if bImport then | ||
728 | [" --import Add master keys to pubring.gpg. Without this option, only UID" | ||
729 | ," and subkey data is updated. " | ||
730 | ,""] | ||
731 | else [] | ||
732 | |||
733 | documentImportIfAuthenticFlag bExport bImport bSecret = | ||
734 | if bImport then | ||
735 | [" --import-if-authentic" | ||
736 | ," Add signed master keys to pubring.gpg. Like --import except that" | ||
737 | ," only keys with signatures from the working key (--show-wk) are" | ||
738 | ," imported." | ||
739 | ,""] | ||
740 | else [] | ||
741 | |||
742 | documentAutoSignFlag bExport bImport bSecret = | ||
743 | [" --autosign Sign all cross-certified tor-style UIDs." | ||
744 | ," A tor-style UID is of the form:" | ||
745 | ," Anonymous <root@HOSTNAME.onion>" | ||
746 | ," It is considered cross certified if there exists a cross-certified" | ||
747 | ," 'tor' subkey corresponding to the address HOSTNAME.onion." | ||
748 | ,""] | ||
731 | documentKeyPairsOption :: Bool -> Bool -> Bool -> [String] | 749 | documentKeyPairsOption :: Bool -> Bool -> Bool -> [String] |
732 | documentKeyPairsOption bExport bImport bSecret = | 750 | documentKeyPairsOption bExport bImport bSecret = |
733 | [" --keypairs [KEYSPEC ...]" | 751 | [" --keypairs [KEYSPEC ...]" |
@@ -759,6 +777,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
759 | ," file for import. Unlike the sync-secret command, this command" | 777 | ," file for import. Unlike the sync-secret command, this command" |
760 | ," leaves no possibility of secret key information leaking from" | 778 | ," leaves no possibility of secret key information leaking from" |
761 | ," your OpenGPG keyring into specified files." | 779 | ," your OpenGPG keyring into specified files." |
780 | ,"" | ||
762 | ] ++ afterSecond | 781 | ] ++ afterSecond |
763 | (False,True,True) -> -- import-secret | 782 | (False,True,True) -> -- import-secret |
764 | [" This option specifies the paths of such private PEM files which" | 783 | [" This option specifies the paths of such private PEM files which" |
@@ -768,6 +787,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
768 | ," command will be executed in a modified environment with the" | 787 | ," command will be executed in a modified environment with the" |
769 | ," expectation of creating the PEM file for import. Files external" | 788 | ," expectation of creating the PEM file for import. Files external" |
770 | ," to your OpenGPG keyring will not be modified by this command." | 789 | ," to your OpenGPG keyring will not be modified by this command." |
790 | ,"" | ||
771 | ] ++ afterSecond | 791 | ] ++ afterSecond |
772 | (False,True,False) -> -- import-public | 792 | (False,True,False) -> -- import-public |
773 | [" This option specifies the paths of PEM files, of both the" | 793 | [" This option specifies the paths of PEM files, of both the" |
@@ -781,6 +801,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
781 | ," Unlike the import-secret command, this command leaves no" | 801 | ," Unlike the import-secret command, this command leaves no" |
782 | ," possibility of secret key information leaking from your OpenGPG" | 802 | ," possibility of secret key information leaking from your OpenGPG" |
783 | ," keyring. " | 803 | ," keyring. " |
804 | ,"" | ||
784 | ] ++ afterSecond | 805 | ] ++ afterSecond |
785 | (True,False,True) -> -- export-secret | 806 | (True,False,True) -> -- export-secret |
786 | [" This option specifies the paths of such private PEM files, of" | 807 | [" This option specifies the paths of such private PEM files, of" |
@@ -790,6 +811,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
790 | ," command. Unlike the export-secret comamnd, this command leaves" | 811 | ," command. Unlike the export-secret comamnd, this command leaves" |
791 | ," no possibility that secret key information will leak from your" | 812 | ," no possibility that secret key information will leak from your" |
792 | ," OpenGPG keyring." | 813 | ," OpenGPG keyring." |
814 | ,"" | ||
793 | ] ++ afterSecond | 815 | ] ++ afterSecond |
794 | (True,False,False) -> -- export-public | 816 | (True,False,False) -> -- export-public |
795 | [" This option specifies the paths of PEM files, of the private or" | 817 | [" This option specifies the paths of PEM files, of the private or" |
@@ -797,6 +819,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
797 | ," the export-secret command, this command leaves no possibility" | 819 | ," the export-secret command, this command leaves no possibility" |
798 | ," of secret key information leaking from your OpenGPG keyring" | 820 | ," of secret key information leaking from your OpenGPG keyring" |
799 | ," into the specified files." | 821 | ," into the specified files." |
822 | ,"" | ||
800 | ] ++ afterSecond | 823 | ] ++ afterSecond |
801 | _ -> afterSecond | 824 | _ -> afterSecond |
802 | where afterSecond = | 825 | where afterSecond = |
@@ -844,6 +867,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
844 | ," information." | 867 | ," information." |
845 | ,"" | 868 | ,"" |
846 | ," (See 'kiki help spec' for more information.)" | 869 | ," (See 'kiki help spec' for more information.)" |
870 | ,"" | ||
847 | ] | 871 | ] |
848 | 872 | ||
849 | documentKeyRingsOption :: Bool -> Bool -> Bool -> [String] | 873 | documentKeyRingsOption :: Bool -> Bool -> Bool -> [String] |
@@ -858,7 +882,7 @@ documentKeyRingsOption bExport bImport bSecret = | |||
858 | 882 | ||
859 | documentWalletsOption :: Bool -> Bool -> Bool -> [String] | 883 | documentWalletsOption :: Bool -> Bool -> Bool -> [String] |
860 | documentWalletsOption bExport bImport bSecret = | 884 | documentWalletsOption bExport bImport bSecret = |
861 | [" --wallets FILE FILE..." | 885 | [" --wallets [FILE ...]" |
862 | ," Provide wallet files with secret crypto-coin keys in Wallet" | 886 | ," Provide wallet files with secret crypto-coin keys in Wallet" |
863 | ," Import Format. The keys will be treated as subkeys of your" | 887 | ," Import Format. The keys will be treated as subkeys of your" |
864 | ," current working key (the one shown by --show-wk)." | 888 | ," current working key (the one shown by --show-wk)." |
@@ -867,11 +891,12 @@ documentWalletsOption bExport bImport bSecret = | |||
867 | documentHostsOption :: Bool -> Bool -> Bool -> [String] | 891 | documentHostsOption :: Bool -> Bool -> Bool -> [String] |
868 | documentHostsOption bExport bImport bSecret = | 892 | documentHostsOption bExport bImport bSecret = |
869 | [" --hosts [FILE ...]" | 893 | [" --hosts [FILE ...]" |
870 | ," EXPERIMENTAL! May be removed in the future. This option specifies files" | 894 | ," EXPERIMENTAL! May be removed in the future. This option" |
871 | ," from which to read or write hostname aliases. The format is the same as" | 895 | ," specifies files from which to read or write hostname aliases." |
872 | ," /etc/hosts on unix systems. WARNING: hostname aliases may be imported into" | 896 | ," The format is the same as /etc/hosts on unix systems. WARNING:" |
873 | ," the gpg keyring files, but they are currently NOT signed and may be altered" | 897 | ," hostname aliases may be imported into the gpg keyring files," |
874 | ," in transit." | 898 | ," but they are currently NOT signed and may be altered in" |
899 | ," transit." | ||
875 | ,""] | 900 | ,""] |
876 | 901 | ||
877 | 902 | ||