Adds pm key remove <id>

2018-02-26 19:31:31 -08:00 · 2018-02-26 19:31:31 -08:00 · e043384c67
parent 040b438cd1
commit e043384c67
2 changed files with 51 additions and 0 deletions
--- a/cmd/pm/main.go
+++ b/cmd/pm/main.go
@ -22,6 +22,7 @@ subcommands:
  export      (e)  --  export a public key to stdout
  import      (i)  --  import a public key from stdin
  list        (ls) --  list configured key info
+  remove      (rm) --  remove a key from the keyring
  sign        (s)  --  sign a file
  verify      (v)  --  verify a detached signature
 `
@ -114,6 +115,14 @@ func main() {
 			if err := keyring.Import(root, os.Stdin); err != nil {
 				fatalf("importing key: %v\n", err)
 			}
+		case "remove", "rm":
+			if len(args) != 1 {
+				fatalf("missing key id\n\nusage: pm key remove <id>\n")
+			}
+			id := args[0]
+			if err := keyring.Remove(root, id); err != nil {
+				fatalf("removing key for %q: %v\n", id, err)
+			}
 		default:
 			fatalf("unknown keyring subcommand: %q\n\nusage: %v", sub, keyUsage)
 		}
--- a/keyring/keyring.go
+++ b/keyring/keyring.go
@ -220,6 +220,48 @@ func Verify(root string, file, sig io.Reader) error {
 	return nil
 }

+// Remove removes public key information for a given id.
+//
+// It skips public keys that have matching secret keys, and does not effect
+// private keys.
+func Remove(root string, id string) error {
+	if err := ensureDir(root); err != nil {
+		return errors.Wrap(err, "can't find or create pgp dir")
+	}
+	srn, prn := getNames(root)
+	secs, pubs, err := getELs(srn, prn)
+	if err != nil {
+		return errors.Wrap(err, "getting existing keyrings")
+	}
+	victim, err := findKey(pubs, id)
+	if err != nil {
+		return errors.Wrapf(err, "finding key %q", id)
+	}
+
+	pr, err := os.Create(prn)
+	if err != nil {
+		return errors.Wrap(err, "opening pubring")
+	}
+	var rerr error
+	for _, p := range pubs {
+		if victim.PrimaryKey.KeyId == p.PrimaryKey.KeyId {
+			if len(secs.KeysById(victim.PrimaryKey.KeyId)) == 0 {
+				continue
+			}
+			rerr = fmt.Errorf("skipping pubkey with matching privkey: %v", p.PrimaryKey.KeyIdShortString())
+		}
+
+		if err := p.Serialize(pr); err != nil {
+			return errors.Wrapf(err, "serializing %v", p.PrimaryKey.KeyIdString())
+		}
+	}
+	if err := pr.Close(); err != nil {
+		return errors.Wrap(err, "closing pubring")
+	}
+
+	return rerr
+}
+
 func pGPDir(root string) string {
 	return filepath.Join(root, "var", "lib", "pm", "pgp")
 }