Configure trustedDir with MINITRUST_DIR env var

Closes #4.

cmd/minitrust/minitrust.go

@@ -6,6 +6,7 @@ import (
 	"io"
 	"log"
 	"os"
+	"path/filepath"
 	"time"
 
 	"github.com/igoose1/minitrust"
@@ -16,13 +17,17 @@ const Usage = `Usage:
 minitrust -V [-x sigfile] [-o] -m file
 minitrust -A [-c comment] -P pubkey
 
--V		verify that a signature is valid for a given file
--A		add new public key to trusted directory
--x		signature file (default: <file>.minisig)
--o		output the file content after verification
--m		file to verify
--P		public key, as a base64 string
--c		one-line untrusted comment
+-V				verify that a signature is valid for a given file
+-A				add new public key to trusted directory
+-x				signature file (default: <file>.minisig)
+-o				output the file content after verification
+-m				file to verify
+-P				public key, as a base64 string
+-c				one-line untrusted comment
+
+Environment variables:
+
+MINITRUST_DIR	name of the trusted directory (default: ~/.minisign/trusted)
 `
 
 var logger = log.New(os.Stderr, "", log.Lshortfile)
@@ -35,6 +40,7 @@ func main() {
 		file       string
 		pubKey     string
 		comment    string
+		trustedDir string
 	)
 	verifyCommand := flag.NewFlagSet("-V", flag.ExitOnError)
 	// flag.BoolVar(&hashFlag, "H", false, "require input to be prehashed.")
@@ -48,6 +54,15 @@ func main() {
 	addCommand.StringVar(&comment, "c", "", "one-line untrusted comment")
 	addCommand.Usage = func() { fmt.Fprint(os.Stderr, Usage) }
 
+	trustedDir = os.Getenv("MINITRUST_DIR")
+	if trustedDir == "" {
+		homedir, err := os.UserHomeDir()
+		if err != nil {
+			logger.Fatal(err)
+		}
+		trustedDir = filepath.Join(homedir, ".minisign/trusted")
+	}
+
 	if len(os.Args) < 2 {
 		fmt.Fprint(os.Stderr, Usage)
 		os.Exit(0)
@@ -61,7 +76,7 @@ func main() {
 		if sigFile == "" {
 			sigFile = file + ".minisig"
 		}
-		err := verify(file, sigFile)
+		err := verify(trustedDir, file, sigFile)
 		if err != nil {
 			logger.Fatalf("Error: %v\n", err)
 		}
@@ -75,7 +90,7 @@ func main() {
 		if comment == "" {
 			comment = "key added on " + time.Now().Format("2006-01-02")
 		}
-		err := add(pubKey, comment)
+		err := add(trustedDir, pubKey, comment)
 		if err != nil {
 			logger.Fatalf("Error: %v\n", err)
 		}
@@ -84,12 +99,12 @@ func main() {
 	}
 }
 
-func add(pubKey string, comment string) error {
-	return minitrust.AddTrustedPubKey(pubKey, comment)
+func add(trustedDir, pubKey, comment string) error {
+	return minitrust.AddTrustedPubKey(trustedDir, pubKey, comment)
 }
 
-func verify(file string, sigFile string) error {
-	key, comment, err := minitrust.SearchTrustedPubKey(sigFile)
+func verify(trustedDir, file, sigFile string) error {
+	key, comment, err := minitrust.SearchTrustedPubKey(trustedDir, sigFile)
 	if err != nil {
 		return err
 	}

minitrust.go

@@ -17,21 +17,14 @@ import (
 var logger = log.New(os.Stderr, "", log.Lshortfile)
 
 const commentPrefix = "untrusted comment: "
+const trustedDirEnv = "MINITRUST_DIR"
 const (
 	trustedDirPerm = 0700
 	trustedKeyPerm = 0600
 )
 
-func getTrustedPath() string {
-	dirname, err := os.UserHomeDir()
-	if err != nil {
-		logger.Fatal(err)
-	}
-	return filepath.Join(dirname, ".minisign/trusted")
-}
-
-func ensureTrustedDir() error {
-	err := os.MkdirAll(getTrustedPath(), trustedDirPerm)
+func ensureTrustedDir(trustedDir string) error {
+	err := os.MkdirAll(trustedDir, trustedDirPerm)
 	if !os.IsExist(err) {
 		return err
 	}
@@ -75,13 +68,13 @@ func readKeyFile(keyPath string) (minisign.PublicKey, string, error) {
 	return decodeKeyFileContent(string(content))
 }
 
-func getKeyPath(keyID [8]byte) string {
-	return filepath.Join(getTrustedPath(), EncodeID(keyID)+".pub")
+func getKeyPath(trustedDir string, keyID [8]byte) string {
+	return filepath.Join(trustedDir, EncodeID(keyID)+".pub")
 }
 
 // SearchTrustedPubKey returns public key and untrusted comment.
-func SearchTrustedPubKey(sigFile string) (minisign.PublicKey, string, error) {
-	if err := ensureTrustedDir(); err != nil {
+func SearchTrustedPubKey(trustedDir, sigFile string) (minisign.PublicKey, string, error) {
+	if err := ensureTrustedDir(trustedDir); err != nil {
 		return minisign.PublicKey{}, "", errors.New("minitrust: can't create trusted directory.")
 	}
 
@@ -90,15 +83,18 @@ func SearchTrustedPubKey(sigFile string) (minisign.PublicKey, string, error) {
 		return minisign.PublicKey{}, "", err
 	}
 
-	key, comment, err := readKeyFile(getKeyPath(signature.KeyId))
+	key, comment, err := readKeyFile(getKeyPath(trustedDir, signature.KeyId))
 	if err != nil {
 		return minisign.PublicKey{}, "", err
 	}
 
 	return key, comment, nil
 }
 
-func AddTrustedPubKey(rawPubKey string, comment string) error {
+func AddTrustedPubKey(trustedDir, rawPubKey, comment string) error {
+	if err := ensureTrustedDir(trustedDir); err != nil {
+		return errors.New("minitrust: can't create trusted directory.")
+	}
 	if strings.Count(comment, "\n") != 0 {
 		return errors.New("minitrust: comment must be one-lined.")
 	}
@@ -115,5 +111,5 @@ func AddTrustedPubKey(rawPubKey string, comment string) error {
 		},
 		"\n",
 	)
-	return ioutil.WriteFile(getKeyPath(pk.KeyId), []byte(content), trustedKeyPerm)
+	return ioutil.WriteFile(getKeyPath(trustedDir, pk.KeyId), []byte(content), trustedKeyPerm)
 }