From e043384c6756d7de65814d2077690827332516ad Mon Sep 17 00:00:00 2001
From: stephen mcquay <stephen@mcquay.me>
Date: Mon, 26 Feb 2018 19:31:31 -0800
Subject: [PATCH] Adds pm key remove <id>

---
 cmd/pm/main.go     |  9 +++++++++
 keyring/keyring.go | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/cmd/pm/main.go b/cmd/pm/main.go
index 7432082..0c972ed 100644
--- a/cmd/pm/main.go
+++ b/cmd/pm/main.go
@@ -22,6 +22,7 @@ subcommands:
   export      (e)  --  export a public key to stdout
   import      (i)  --  import a public key from stdin
   list        (ls) --  list configured key info
+  remove      (rm) --  remove a key from the keyring
   sign        (s)  --  sign a file
   verify      (v)  --  verify a detached signature
 `
@@ -114,6 +115,14 @@ func main() {
 			if err := keyring.Import(root, os.Stdin); err != nil {
 				fatalf("importing key: %v\n", err)
 			}
+		case "remove", "rm":
+			if len(args) != 1 {
+				fatalf("missing key id\n\nusage: pm key remove <id>\n")
+			}
+			id := args[0]
+			if err := keyring.Remove(root, id); err != nil {
+				fatalf("removing key for %q: %v\n", id, err)
+			}
 		default:
 			fatalf("unknown keyring subcommand: %q\n\nusage: %v", sub, keyUsage)
 		}
diff --git a/keyring/keyring.go b/keyring/keyring.go
index 2385336..43dc428 100644
--- a/keyring/keyring.go
+++ b/keyring/keyring.go
@@ -220,6 +220,48 @@ func Verify(root string, file, sig io.Reader) error {
 	return nil
 }
 
+// Remove removes public key information for a given id.
+//
+// It skips public keys that have matching secret keys, and does not effect
+// private keys.
+func Remove(root string, id string) error {
+	if err := ensureDir(root); err != nil {
+		return errors.Wrap(err, "can't find or create pgp dir")
+	}
+	srn, prn := getNames(root)
+	secs, pubs, err := getELs(srn, prn)
+	if err != nil {
+		return errors.Wrap(err, "getting existing keyrings")
+	}
+	victim, err := findKey(pubs, id)
+	if err != nil {
+		return errors.Wrapf(err, "finding key %q", id)
+	}
+
+	pr, err := os.Create(prn)
+	if err != nil {
+		return errors.Wrap(err, "opening pubring")
+	}
+	var rerr error
+	for _, p := range pubs {
+		if victim.PrimaryKey.KeyId == p.PrimaryKey.KeyId {
+			if len(secs.KeysById(victim.PrimaryKey.KeyId)) == 0 {
+				continue
+			}
+			rerr = fmt.Errorf("skipping pubkey with matching privkey: %v", p.PrimaryKey.KeyIdShortString())
+		}
+
+		if err := p.Serialize(pr); err != nil {
+			return errors.Wrapf(err, "serializing %v", p.PrimaryKey.KeyIdString())
+		}
+	}
+	if err := pr.Close(); err != nil {
+		return errors.Wrap(err, "closing pubring")
+	}
+
+	return rerr
+}
+
 func pGPDir(root string) string {
 	return filepath.Join(root, "var", "lib", "pm", "pgp")
 }