1sigul(1)                    General Commands Manual                   sigul(1)
2
3
4

name

6       sigul - A client for accessing a signing server
7
8

SYNOPSIS

10       sigul [OPTIONS] [COMMAND [COMMAND-ARGS...]]
11
12

DESCRIPTION

14       Connects to a sigul server through a sigul bridge to perform COMMAND.
15
16

OPTIONS

18       The  global  sigul  OPTIONS  above  are  distinct from COMMAND-specific
19       options.  Only options  preceding  COMMAND  on  the  command  line  are
20       treated as global OPTIONS.
21
22
23       --help-commands
24              List recognized COMMANDs.
25
26
27       --batch
28              Be  more suitable for batch processing: Instead of reading pass‐
29              words from /dev/tty, read them from the  standard  input.   Each
30              password on standard input is terminated by a NUL (0) byte.  The
31              passwords are expected in the same order as when --batch is  not
32              specified, except that a new password is expected only once, not
33              twice.
34
35
36       -c, --config-file PATH
37              Use  PATH  as  the  per-user  configuration  file   instead   of
38              ~/.sigul/client.conf.
39
40
41       -u, --user-name USER
42              Use  USER  as  the  user name sent to the server, overriding the
43              value set in the configuration file.
44
45
46       -v, --verbose
47              Be more verbose.  Using this option twice enables debugging out‐
48              put.
49
50

EXIT STATUS

52       sigul returns with exit status 0 on success, non-zero on error.
53
54

ADMINISTRATIVE COMMANDS

56       These  commands  are  only  available to signing server administrators,
57       identified with a personal password.
58
59
60       list-users
61              List users recognized by the server.
62
63
64       new-user [--admin] [--with-password] USER
65              Add USER to the server.  The user will be a server administrator
66              if  --admin  is  specified,  and  will  have a personal password
67              defined if --with-password is specified.
68
69
70       delete-user USER
71              Delete USER on the server.  This operation is allowed only after
72              all key access right were revoked from USER.
73
74
75       user-info USER
76              Show information about USER.
77
78
79       modify-user  [--admin  {yes|no}]  [--new-name NEW_NAME] [--change-pass‐
80       word] USER
81              Modify USER according to the specified options.
82
83
84       key-user-info USER KEY
85              Show whether USER has access to KEY and whether the user  is  an
86              administrator for this key.
87
88
89       modify-key-user [--key-admin {yes|no}] USER KEY
90              Modify  the  access  of  USER  to KEY according to the specified
91              options.
92
93
94       list-keys
95              List keys stored on the server.
96
97
98       new-key [--key-admin USER] [--name-real REAL_NAME] [--name-comment COM‐
99       MENT] [--name-email EMAIL] [--expire-date YYYY-MM-DD] KEY
100              Create a new key KEY on the server, using the specified name and
101              expiry information, and write the public key to standard output.
102
103              If USER is specified, make him the key  administrator  and  only
104              user  instead  of the invoking user.  This is only this user and
105              the users this user grants access can use the key; even  signing
106              server  administrators can not use the key without knowing a key
107              passphrase of one of the authorized key users.
108
109
110       import-key [--key-admin USER] KEY KEY_FILE
111              Import a public and private key from  KEY_FILE  to  the  server,
112              naming it KEY.
113
114              If  USER  is  specified, make him the key administrator and only
115              user instead of the invoking user.  This is only this  user  and
116              the  users this user grants access can use the key; even signing
117              server administrators can not use the key without knowing a  key
118              passphrase of one of the authorized key users.
119
120              KEY_FILE should be created using the following command:
121                     gpg --export-secret-key KEY_ID > KEY_FILE
122
123
124       delete-key KEY
125              Delete KEY from the server.
126
127
128       modify-key [--new-name NEW_NAME] KEY
129              Modify KEY according to the specified options.
130
131

KEY ADMINISTRATION COMMANDS

133       These  commands  are available to key administrators, identified with a
134       key passphrase.  Some of the  commands  support  a  --password  option;
135       these commands also available to signing server administrators, identi‐
136       fied by their personal password.
137
138
139       list-key-users [--password] KEY
140              List users that have access to KEY.
141
142
143       grant-key-access KEY USER
144              Grant access to KEY to USER.
145
146
147       revoke-key-access [--password] KEY USER
148              Revoke access to KEY from USER.  This  command  can  not  revoke
149              access from the last user of KEY: you must delete KEY instead.
150
151

USER COMMANDS

153       These  commands  are  available  to  key  users,  identified with a key
154       passphrase.  Some of the commands support a  --password  option;  these
155       commands also available to signing server administrators, identified by
156       their personal password.
157
158
159       get-public-key [--password] KEY
160              Write the public key for KEY to standard output.
161
162
163       change-passphrase KEY
164              Change the user's passphrase for KEY.  Each user has a  separate
165              passphrase for each KEY they have access to.
166
167
168       sign-text [--output OUTPUT] KEY INPUT_FILE
169              Wrap  INPUT_FILE in a clear-text signature, and write it to OUT‐
170              PUT.  If OUTPUT is not defined, write the signed text  to  stan‐
171              dard output.
172
173
174       sign-data [--output OUTPUT] KEY INPUT_FILE
175              Create a detached signature for INTPUT_FILE and write it to OUT‐
176              PUT.  If OUTPUT is not defined, write the signed text  to  stan‐
177              dard output, which must not be a terminal.
178
179
180       sign-rpm     [--output    OUTPUT]    [--store-in-koji]    [--koji-only]
181       [--koji-instance INSTANCE] [--v3-signature] KEY RPM_ID
182              Sign the rpm specified by RPM_ID.  RPM_ID can either be  a  path
183              to  a RPM file, or a name-epoch:version-release.arch string that
184              specifies a RPM stored in Koji.
185
186              If --store-in-koji is specified, store the  generated  signature
187              to  Koji.   Unless  --koji-only is specified, write a signed RPM
188              file to OUTPUT, and if OUTPUT is not defined, write it to  stan‐
189              dard output,
190
191              The  --koji-instance option can be used to perform the operation
192              using a different Koji instance, if it was set up in the config‐
193              uration files of both the client and the bridge.
194
195              Use  a PGP version 3 format signatue if --v3-signature is speci‐
196              fied.
197
198
199       sign-rpms    [--output     DIR]     [--store-in-koji]     [--koji-only]
200       [--koji-instance INSTANCE] [--v3-signature] KEY RPM_ID...
201              Sign  one  or  more  rpms  specified by RPM_ID.  Each RPM_ID can
202              either be a  path  to  a  RPM  file,  or  a  name-epoch:version-
203              release.arch string that specifies a RPM stored in Koji.
204
205              If  --store-in-koji  is specified, store the generated signature
206              to Koji.  If --koji-only is not specified, the  --output  option
207              is  mandatory,  and  each signed RPM will be stored as a file in
208              the DIR directory.
209
210              The --koji-instance option can be used to perform the  operation
211              using a different Koji instance, if it was set up in the config‐
212              uration files of both the client and the bridge.
213
214              Use a PGP version 3 format signatue if --v3-signature is  speci‐
215              fied.
216
217

FILES

219       /etc/sigul/client.conf
220              A system-wide configuration file.
221
222
223       ~/.sigul/client.conf
224              A  per-user  configuration  file.   Values  defined in this file
225              override the system-wide configuration file.
226
227

AUTHORS

229       Miloslav Trmac <mitr@redhat.com>
230
231

SEE ALSO

233       sigul_setup-client(1), sigul_bridge(8), sigul_server(8)
234
235
236
237sigul                              Jan 2011                           sigul(1)
Impressum