1sigul(1) General Commands Manual sigul(1)
2
3
4
6 sigul - A client for accessing a signing server
7
8
10 sigul [OPTIONS] [COMMAND [COMMAND-ARGS...]]
11
12
14 Connects to a sigul server through a sigul bridge to perform COMMAND.
15
16
18 The global sigul OPTIONS above are distinct from COMMAND-specific
19 options. Only options preceding COMMAND on the command line are
20 treated as global OPTIONS.
21
22
23 --help-commands
24 List recognized COMMANDs.
25
26
27 --batch
28 Be more suitable for batch processing: Instead of reading pass‐
29 words from /dev/tty, read them from the standard input. Each
30 password on standard input is terminated by a NUL (0) byte. The
31 passwords are expected in the same order as when --batch is not
32 specified, except that a new password is expected only once, not
33 twice.
34
35
36 -c, --config-file PATH
37 Use PATH as the per-user configuration file instead of
38 ~/.sigul/client.conf.
39
40
41 -v, --verbose
42 Be more verbose. Using this option twice enables debugging out‐
43 put.
44
45
47 sigul returns with exit status 0 on success, non-zero on error.
48
49
51 These commands are only available to signing server administrators,
52 identified with a personal password.
53
54
55 list-users
56 List users recognized by the server.
57
58
59 new-user [--admin] [--with-password] USER
60 Add USER to the server. The user will be a server administrator
61 if --admin is specified, and will have a personal password
62 defined if --with-password is specified.
63
64
65 delete-user USER
66 Delete USER on the server. This operation is allowed only after
67 all key access right were revoked from USER.
68
69
70 user-info USER
71 Show information about USER.
72
73
74 modify-user [--admin {yes|no}] [--new-name NEW_NAME] [--change-pass‐
75 word] USER
76 Modify USER according to the specified options.
77
78
79 key-user-info USER KEY
80 Show whether USER has access to KEY and whether the user is an
81 administrator for this key.
82
83
84 modify-key-user [--key-admin {yes|no}] USER KEY
85 Modify the access of USER to KEY according to the specified
86 options.
87
88
89 list-keys
90 List keys stored on the server.
91
92
93 new-key [--key-admin USER] [--name-real REAL_NAME] [--name-comment COM‐
94 MENT] [--name-email EMAIL] [--expire-date YYYY-MM-DD] KEY
95 Create a new key KEY on the server, using the specified name and
96 expiry information, and write the public key to standard output.
97
98 If USER is specified, make him the key administrator and only
99 user instead of the invoking user. This is only this user and
100 the users this user grants access can use the key; even signing
101 server administrators can not use the key without knowing a key
102 passphrase of one of the authorized key users.
103
104
105 import-key [--key-admin USER] KEY KEY_FILE
106 Import a public and private key from KEY_FILE to the server,
107 naming it KEY.
108
109 If USER is specified, make him the key administrator and only
110 user instead of the invoking user. This is only this user and
111 the users this user grants access can use the key; even signing
112 server administrators can not use the key without knowing a key
113 passphrase of one of the authorized key users.
114
115 KEY_FILE should be created using the following command:
116 gpg --export-secret-key KEY_ID > KEY_FILE
117
118
119 delete-key KEY
120 Delete KEY from the server.
121
122
123 modify-key [--new-name NEW_NAME] KEY
124 Modify KEY according to the specified options.
125
126
128 These commands are available to key administrators, identified with a
129 key passphrase. Some of the commands support a --password option;
130 these commands also available to signing server administrators, identi‐
131 fied by their personal password.
132
133
134 list-key-users [--password] KEY
135 List users that have access to KEY.
136
137
138 grant-key-access KEY USER
139 Grant access to KEY to USER.
140
141
142 revoke-key-access [--password] KEY USER
143 Revoke access to KEY from USER. This command can not revoke
144 access from the last user of KEY: you must delete KEY instead.
145
146
148 These commands are available to key users, identified with a key
149 passphrase. Some of the commands support a --password option; these
150 commands also available to signing server administrators, identified by
151 their personal password.
152
153
154 get-public-key [--password] KEY
155 Write the public key for KEY to standard output.
156
157
158 change-passphrase KEY
159 Change the user's passphrase for KEY. Each user has a separate
160 passphrase for each KEY they have access to.
161
162
163 sign-text [--output OUTPUT] KEY INPUT_FILE
164 Wrap INPUT_FILE in a clear-text signature, and write it to OUT‐
165 PUT. If OUTPUT is not defined, write the signed text to stan‐
166 dard output.
167
168
169 sign-data [--output OUTPUT] KEY INPUT_FILE
170 Create a detached signature for INTPUT_FILE and write it to OUT‐
171 PUT. If OUTPUT is not defined, write the signed text to stan‐
172 dard output, which must not be a terminal.
173
174
175 sign-rpm [--output OUTPUT] [--store-in-koji] [--koji-only] KEY RPM_ID
176 Sign the rpm specified by RPM_ID. RPM_ID can either be a path
177 to a RPM file, or a name-epoch:version-release.arch string that
178 specifies a RPM stored in Koji.
179
180 If --store-in-koji is specified, store the generated signature
181 to Koji. Unless --koji-only is specified, write a signed RPM
182 file to OUTPUT, and if OUTPUT is not defined, write it to stan‐
183 dard output,
184
185
187 /etc/sigul/client.conf
188 A system-wide configuration file.
189
190
191 ~/.sigul/client.conf
192 A per-user configuration file. Values defined in this file
193 override the system-wide configuration file.
194
195
197 Miloslav Trmac <mitr@redhat.com>
198
199
201 sigul_setup-client(1), sigul_bridge(8), sigul_server(8)
202
203
204
205sigul Jan 2009 sigul(1)