sigul - Man Page

A client for accessing a signing server

Synopsis

sigul [Options] [COMMAND [COMMAND-ARGS...]]

Description

Connects to a sigul server through a sigul bridge to perform COMMAND.

Options

The global sigul OPTIONS above are distinct from COMMAND-specific options. Only options preceding COMMAND on the command line are treated as global OPTIONS.

--help-commands

List recognized COMMANDs.

--batch

Be more suitable for batch processing: Instead of reading passwords from /dev/tty, read them from the standard input. Each password on standard input is terminated by a NUL (0) byte. The passwords are expected in the same order as when --batch is not specified, except that a new password is expected only once, not twice.

-c,  --config-file PATH

Use PATH as the per-user configuration file instead of ~/.sigul/client.conf.

-u,  --user-name USER

Use USER as the user name sent to the server, overriding the value set in the configuration file.

-v,  --verbose

Be more verbose. Using this option twice enables debugging output.

Exit Status

sigul returns with exit status 0 on success, non-zero on error.

Administrative Commands

These commands are only available to signing server administrators, identified with a personal password.

list-users

List users recognized by the server.

new-user [--admin] [--with-password] USER

Add USER to the server. The user will be a server administrator if --admin is specified, and will have a personal password defined if --with-password is specified.

delete-user USER

Delete USER on the server. This operation is allowed only after all key access right were revoked from USER.

user-info USER

Show information about USER.

modify-user [--admin {yes|no}] [--new-name NEW_NAME] [--change-password] USER

Modify USER according to the specified options.

key-user-info USER KEY

Show whether USER has access to KEY and whether the user is an administrator for this key.

modify-key-user [--key-admin {yes|no}] USER KEY

Modify the access of USER to KEY according to the specified options.

list-keys

List keys stored on the server.

new-key [--key-admin USER] [--name-real REAL_NAME] [--name-comment COMMENT] [--name-email EMAIL] [--expire-date YYYY-MM-DD] KEY

Create a new key KEY on the server, using the specified name and expiry information, and write the public key to standard output.

If USER is specified, make him the key administrator and only user instead of the invoking user. This is only this user and the users this user grants access can use the key; even signing server administrators can not use the key without knowing a key passphrase of one of the authorized key users.

import-key [--key-admin USER] KEY KEY_FILE

Import a public and private key from KEY_FILE to the server, naming it KEY.

If USER is specified, make him the key administrator and only user instead of the invoking user. This is only this user and the users this user grants access can use the key; even signing server administrators can not use the key without knowing a key passphrase of one of the authorized key users.

KEY_FILE should be created using the following command:

gpg --export-secret-key KEY_ID > KEY_FILE

delete-key KEY

Delete KEY from the server.

modify-key [--new-name NEW_NAME] KEY

Modify KEY according to the specified options.

Key Administration Commands

These commands are available to key administrators, identified with a key passphrase. Some of the commands support a --password option; these commands also available to signing server administrators, identified by their personal password.

list-key-users [--password] KEY

List users that have access to KEY.

grant-key-access KEY USER

Grant access to KEY to USER.

revoke-key-access [--password] KEY USER

Revoke access to KEY from USER. This command can not revoke access from the last user of KEY: you must delete KEY instead.

User Commands

These commands are available to key users, identified with a key passphrase. Some of the commands support a --password option; these commands also available to signing server administrators, identified by their personal password.

get-public-key [--password] KEY

Write the public key for KEY to standard output.

change-passphrase KEY

Change the user's passphrase for KEY. Each user has a separate passphrase for each KEY they have access to.

sign-text [--output OUTPUT] KEY INPUT_FILE

Wrap INPUT_FILE in a clear-text signature, and write it to OUTPUT. If OUTPUT is not defined, write the signed text to standard output.

sign-data [--output OUTPUT] KEY INPUT_FILE

Create a detached signature for INTPUT_FILE and write it to OUTPUT. If OUTPUT is not defined, write the signed text to standard output, which must not be a terminal.

sign-rpm [--output OUTPUT] [--store-in-koji] [--koji-only] [--koji-instance INSTANCE] [--v3-signature] KEY RPM_ID

Sign the rpm specified by RPM_ID. RPM_ID can either be a path to a RPM file, or a name-epoch:version-release.arch string that specifies a RPM stored in Koji.

If --store-in-koji is specified, store the generated signature to Koji. Unless --koji-only is specified, write a signed RPM file to OUTPUT, and if OUTPUT is not defined, write it to standard output,

The --koji-instance option can be used to perform the operation using a different Koji instance, if it was set up in the configuration files of both the client and the bridge.

Use a PGP version 3 format signatue if --v3-signature is specified.

sign-rpms [--output DIR] [--store-in-koji] [--koji-only] [--koji-instance INSTANCE] [--v3-signature] KEY RPM_ID...

Sign one or more rpms specified by RPM_ID. Each RPM_ID can either be a path to a RPM file, or a name-epoch:version-release.arch string that specifies a RPM stored in Koji.

If --store-in-koji is specified, store the generated signature to Koji. If --koji-only is not specified, the --output option is mandatory, and each signed RPM will be stored as a file in the DIR directory.

The --koji-instance option can be used to perform the operation using a different Koji instance, if it was set up in the configuration files of both the client and the bridge.

Use a PGP version 3 format signatue if --v3-signature is specified.

Files

/etc/sigul/client.conf

A system-wide configuration file.

~/.sigul/client.conf

A per-user configuration file. Values defined in this file override the system-wide configuration file.

Authors

Miloslav Trmac <mitr@redhat.com>

See Also

sigul_setup-client(1), sigul_bridge(8), sigul_server(8)

Referenced By

sigul_bridge(8), sigul_server(8), sigul_setup_client(1).

Jan 2011