]> err.no Git - pwstore/blobdiff - pws.rb
projects / pwstore / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add configuration file and use that to look up per-repository trusted uesrs
[pwstore] / pws.rb
diff --git a/pws.rb b/pws.rb
index f153ef799700ae594af94616fe214f1d8bfa77cb..d90c94003fa22e91fafe9aae5c8c31a81e0a87e9 100755 (executable)
--- a/pws.rb
+++ b/pws.rb
@@ -2,7 +2,8 @@
 
 # password store management tool
 
-# Copyright (c) 2008, 2009 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2008, 2009, 2011, 2013 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2014 Fastly
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -34,6 +35,7 @@ GNUPG = "/usr/bin/gpg"
 GROUP_PATTERN = "@[a-zA-Z0-9-]+"
 USER_PATTERN = "[a-zA-Z0-9:-]+"
 $program_name = File.basename($0, '.*')
+CONFIG_FILE = ENV['HOME']+ "/.pws.yaml"
 
 $editor = ENV['EDITOR']
 if $editor == nil
@@ -236,17 +238,31 @@ class GroupConfig
   def initialize(dirname=".", trusted_users=nil)
     @dirname = dirname
     if trusted_users
-      @trusted_users = trusted_users
+      @trusted_users = load_trusted_users(trusted_users)
+    elsif FileTest.exists?(CONFIG_FILE)
+      t = {}
+      begin
+        yaml = YAML::load_file(CONFIG_FILE)
+        yaml["trusted_users"].each do |k,v|
+            t[File.expand_path(k)] = v
+        end
+        @trusted_users = t[File.expand_path(dirname)]
+        if @trusted_users.nil?
+          raise ("Could not find #{File.expand_path(dirname)} in configuration file #{CONFIG_FILE}")
+        end
+      rescue Psych::SyntaxError, ArgumentError => e
+        raise("Could not parse YAML: #{e.message}")
+      end
     else
-      @trusted_users = ENV['HOME']+'/.pws-trusted-users'
+      @trusted_users = load_trusted_users(ENV['HOME']+'/.pws-trusted-users')
     end
     parse_file
     expand_groups
   end
 
-  def verify(content)
+  def load_trusted_users(trusted_users_file)
     begin
-      f = File.open(@trusted_users)
+      f = File.open(trusted_users_file)
     rescue Exception => e
       raise e
     end
@@ -259,6 +275,10 @@ class GroupConfig
 
       trusted.push line
     end
+    trusted
+  end
+
+  def verify(content)
 
     args = []
     args.push "--keyring=./.keyring" if FileTest.exists?(".keyring")
@@ -283,7 +303,7 @@ class GroupConfig
       raise "Not goodsig"
     end
 
-    if not trusted.include?(validsig)
+    if not @trusted_users.include?(validsig)
       raise ".users file is signed by #{validsig} which is not in #{@trusted_users}"
     end
 
@@ -363,7 +383,7 @@ class GroupConfig
       had_progress = false
       all_expanded = true
       @groups.each_pair do |groupname, group|
-        group['keys'] = [] unless group['keys'] 
+        group['keys'] = [] unless group['keys']
 
         still_contains_groups = false
         group['members_to_do'].clone.each do |member|
Unnamed repository; edit this file 'description' to name the repository.