1sigul(1) General Commands Manual sigul(1)
2
6 sigul - A client for accessing a signing server
7
10 sigul [OPTIONS] [COMMAND [COMMAND-ARGS...]]
11
14 Connects to a sigul server through a sigul bridge to perform COMMAND.
15
18 The global sigul OPTIONS above are distinct from COMMAND-specific
19 options. Only options preceding COMMAND on the command line are
20 treated as global OPTIONS.
21 --help-commands
24 List recognized COMMANDs.
25 --batch
28 Be more suitable for batch processing: Instead of reading pass‐
29 words from /dev/tty, read them from the standard input. Each
30 password on standard input is terminated by a NUL (0) byte. The
31 passwords are expected in the same order as when --batch is not
32 specified, except that a new password is expected only once, not
33 twice.
34 -c, --config-file PATH
37 Use PATH as the per-user configuration file instead of
38 ~/.sigul/client.conf.
39 -u, --user-name USER
42 Use USER as the user name sent to the server, overriding the
43 value set in the configuration file.
44 -v, --verbose
47 Be more verbose. Using this option twice enables debugging out‐
48 put.
49
52 sigul returns with exit status 0 on success, non-zero on error.
53
56 These commands are only available to signing server administrators,
57 identified with a personal password.
58 list-users
61 List users recognized by the server.
62 new-user [--admin] [--with-password] USER
65 Add USER to the server. The user will be a server administrator
66 if --admin is specified, and will have a personal password
67 defined if --with-password is specified.
68 delete-user USER
71 Delete USER on the server. This operation is allowed only after
72 all key access right were revoked from USER.
73 user-info USER
76 Show information about USER.
77 modify-user [--admin {yes|no}] [--new-name NEW_NAME] [--change-pass‐
80 word] USER
81 Modify USER according to the specified options.
82 key-user-info USER KEY
85 Show whether USER has access to KEY and whether the user is an
86 administrator for this key.
87 modify-key-user [--key-admin {yes|no}] USER KEY
90 Modify the access of USER to KEY according to the specified
91 options.
92 list-keys
95 List keys stored on the server.
96 new-key [--key-admin USER] [--name-real REAL_NAME] [--name-comment COM‐
99 MENT] [--name-email EMAIL] [--expire-date YYYY-MM-DD] KEY
100 Create a new key KEY on the server, using the specified name and
101 expiry information, and write the public key to standard output.
102 If USER is specified, make him the key administrator and only
104 user instead of the invoking user. This is only this user and
105 the users this user grants access can use the key; even signing
106 server administrators can not use the key without knowing a key
107 passphrase of one of the authorized key users.
108 import-key [--key-admin USER] KEY KEY_FILE
111 Import a public and private key from KEY_FILE to the server,
112 naming it KEY.
113 If USER is specified, make him the key administrator and only
115 user instead of the invoking user. This is only this user and
116 the users this user grants access can use the key; even signing
117 server administrators can not use the key without knowing a key
118 passphrase of one of the authorized key users.
119 KEY_FILE should be created using the following command:
121 gpg --export-secret-key KEY_ID > KEY_FILE
122 delete-key KEY
125 Delete KEY from the server.
126 modify-key [--new-name NEW_NAME] KEY
129 Modify KEY according to the specified options.
130
133 These commands are available to key administrators, identified with a
134 key passphrase. Some of the commands support a --password option;
135 these commands also available to signing server administrators, identi‐
136 fied by their personal password.
137 list-key-users [--password] KEY
140 List users that have access to KEY.
141 grant-key-access KEY USER
144 Grant access to KEY to USER.
145 revoke-key-access [--password] KEY USER
148 Revoke access to KEY from USER. This command can not revoke
149 access from the last user of KEY: you must delete KEY instead.
150
153 These commands are available to key users, identified with a key
154 passphrase. Some of the commands support a --password option; these
155 commands also available to signing server administrators, identified by
156 their personal password.
157 get-public-key [--password] KEY
160 Write the public key for KEY to standard output.
161 change-passphrase KEY
164 Change the user's passphrase for KEY. Each user has a separate
165 passphrase for each KEY they have access to.
166 sign-text [--output OUTPUT] KEY INPUT_FILE
169 Wrap INPUT_FILE in a clear-text signature, and write it to OUT‐
170 PUT. If OUTPUT is not defined, write the signed text to stan‐
171 dard output.
172 sign-data [--output OUTPUT] KEY INPUT_FILE
175 Create a detached signature for INTPUT_FILE and write it to OUT‐
176 PUT. If OUTPUT is not defined, write the signed text to stan‐
177 dard output, which must not be a terminal.
178 sign-rpm [--output OUTPUT] [--store-in-koji] [--koji-only]
181 [--koji-instance INSTANCE] [--v3-signature] KEY RPM_ID
182 Sign the rpm specified by RPM_ID. RPM_ID can either be a path
183 to a RPM file, or a name-epoch:version-release.arch string that
184 specifies a RPM stored in Koji.
185 If --store-in-koji is specified, store the generated signature
187 to Koji. Unless --koji-only is specified, write a signed RPM
188 file to OUTPUT, and if OUTPUT is not defined, write it to stan‐
189 dard output,
190 The --koji-instance option can be used to perform the operation
192 using a different Koji instance, if it was set up in the config‐
193 uration files of both the client and the bridge.
194 Use a PGP version 3 format signatue if --v3-signature is speci‐
196 fied.
197 sign-rpms [--output DIR] [--store-in-koji] [--koji-only]
200 [--koji-instance INSTANCE] [--v3-signature] KEY RPM_ID...
201 Sign one or more rpms specified by RPM_ID. Each RPM_ID can
202 either be a path to a RPM file, or a name-epoch:version-
203 release.arch string that specifies a RPM stored in Koji.
204 If --store-in-koji is specified, store the generated signature
206 to Koji. If --koji-only is not specified, the --output option
207 is mandatory, and each signed RPM will be stored as a file in
208 the DIR directory.
209 The --koji-instance option can be used to perform the operation
211 using a different Koji instance, if it was set up in the config‐
212 uration files of both the client and the bridge.
213 Use a PGP version 3 format signatue if --v3-signature is speci‐
215 fied.
216
219 /etc/sigul/client.conf
220 A system-wide configuration file.
221 ~/.sigul/client.conf
224 A per-user configuration file. Values defined in this file
225 override the system-wide configuration file.
226
229 Miloslav Trmac <mitr@redhat.com>
230
233 sigul_setup-client(1), sigul_bridge(8), sigul_server(8)
234sigul Jan 2011 sigul(1)