require 'optparse'

require 'thread'

require 'tempfile'

require 'yaml'

Thread​.​abort_on_exception = true

GNUPG = "gpg"

GROUP_PATTERN = "@[a-zA-Z0-9_-]+"

USER_PATTERN = "[a-zA-Z0-9:_-]+"

$program_name = File.basename($0, '.*')

CONFIG_FILE = ENV['HOME']+ "/.pws.yaml"

$editor = ENV['EDITOR']

if $editor == nil

%​w​{​/usr/​bin​/​sensible​-​editor /usr/bin/editor /usr/bin/vi}.each do |editor|

if FileTest​.​executable​?(​editor​)

$editor = editor

if $editor == nil

STDERR.puts "Cannot find an editor"

class GnuPG

@@my_keys = nil

@@my_fprs = nil

@@keyid_fpr_mapping = {}

@@extra_args = []

def GnuPG.extra_args=(val)

@@extra_args = val

def GnuPG.readwrite3(intxt, infd, stdoutfd, stderrfd, statusfd=nil)

outtxt, stderrtxt, statustxt = ''

thread_in = Thread.new {

infd.print intxt

infd.close

thread_out = Thread.new {

outtxt = stdoutfd.read

stdoutfd.close

thread_err = Thread.new {

errtxt = stderrfd.read

stderrfd.close

thread_status = Thread.new {

statustxt = statusfd.read

statusfd.close

} if (statusfd)

thread_in.join

thread_out.join

thread_err.join

thread_status.join if thread_status

return outtxt, stderrtxt, statustxt

def GnuPG.open3call(cmd, intxt, args, require_success = false, do_status=true)

inR, inW = IO.pipe

outR, outW = IO.pipe

errR, errW = IO.pipe

statR, statW = IO.pipe if do_status

pid = Kernel.fork do

inW.close

outR.close

errR.close

statR.close if do_status

STDIN.reopen(inR)

STDOUT.reopen(outW)

STDERR.reopen(errW)

fds = {

STDIN=>inR,

STDOUT=>outW,

STDERR=>errW,

if do_status

fds[statW.fileno] = statW

exec(cmd, "--status-fd=#{statW.fileno}"​, *(@@extra_args + args), fds)

exec(cmd, *(@@extra_args + args), fds)

rescue Exception => e

outW​.​puts​(​"[PWSEXECERROR]: #{e}")

raise ("Calling gnupg failed")

inR.close

outW.close

errW.close

if do_status

statW.close

(outtxt, stderrtxt, statustxt) = readwrite3(intxt, inW, outR, errR, statR);

(outtxt, stderrtxt) = readwrite3(intxt, inW, outR, errR);

wpid, status = Process.waitpid2 pid

throw "Unexpected pid: #{pid} vs #{wpid}" unless pid == wpid

throw "Process has not exited!?" unless status.exited?

if (require_success and status.exitstatus != 0)

STDERR.puts "#{cmd} call did not exit sucessfully."

STDERR.puts "output on stdout:"

STDERR.puts outtxt

STDERR.puts "output on stderr:"

STDERR.puts stderrtxt

if do_status

STDERR.puts "output on statusfd:"

STDERR.puts statustxt

if m=/^\[PWSEXECERROR\]: (.*)/.match(outtxt) then

STDERR.puts "Could not run GnuPG: #{m[1]}"

if do_status

return outtxt, stderrtxt, statustxt, status.exitstatus

return outtxt, stderrtxt, status.exitstatus

def GnuPG.gpgcall(intxt, args, require_success = false)

return open3call(GNUPG, intxt, args, require_success)

def GnuPG.init_keys()

return if @@my_keys

(outtxt, stderrtxt, statustxt) = GnuPG.gpgcall('', %w{--fast-list-mode --with-colons --with-fingerprint --list-secret-keys}, true)

@@my_keys = []

@@my_fprs = []

outtxt.split("\n").each do |line|

parts = line.split(':')

if (parts[0] == "ssb" or parts[0] == "sec")

@@my_keys.push parts[4]

elsif (parts[0] == "fpr")

@@my_fprs.push parts[9]

def GnuPG.get_my_keys()

def GnuPG.get_my_fprs()

def GnuPG​.​get_fpr_from_keyid​(​keyid​)

fpr = @​@keyid_fpr_mapping​[​keyid​]

unless fpr

STDERR.puts "Warning: No key found for keyid #{keyid}"

return fpr

def GnuPG​.​get_fprs_from_keyids​(​keyids​)

learn_fingerprints_from_keyids​(​keyids​)

return keyids.collect{ |k| get_fpr_from_keyid(k) or "unknown" }

def GnuPG​.​learn_fingerprints_from_keyids​(​keyids​)

need_to_learn = keyids.reject{ |k| @​@keyid_fpr_mapping​.​has_key​?(​k​) }

if need_to_learn.size > 0

args = %w{--with-colons --with-fingerprint --list-keys}

args​.​push​(​"--keyring=./.keyring"​, "--no-default-keyring") if FileTest.exists?(".keyring")

args.concat need_to_learn

(outtxt, stderrtxt, statustxt) = GnuPG.gpgcall('', args)

pub = nil

fpr = nil

outtxt.split("\n").each do |line|

parts = line.split(':')

if (parts[0] == "pub")

pub = parts[4]

fpr = nil

elsif (parts[0] == "fpr") and fpr.nil?

fpr = parts[9]

@​@keyid_fpr_mapping​[​pub​] = fpr

elsif (parts[0] == "sub")

@​@keyid_fpr_mapping​[​parts​[​4​]] = fpr

need_to_learn.reject{ |k| @​@keyid_fpr_mapping​.​has_key​?(​k​) }.each { |k| @@keyid_fpr_mapping[k] = nil }

def read_input(query, default_yes=true)

if default_yes

append = '[Y/n]'

append = '[y/N]'

while true

print "#{query} #{append} "

i = STDIN​.​readline​.​chomp​.​downcase

rescue EOFError

return default_yes

if i==""

return default_yes

elsif i=="y"

return true

elsif i=="n"

return false

class GroupConfig

attr_reader :dirname

def initialize(dirname=".", trusted_users=nil)

@dirname = dirname

if trusted_users

@trusted_users_source = trusted_users

elsif FileTest​.​exists​?(​CONFIG_FILE​)

t = {}

yaml = YAML​::​load_file​(​CONFIG_FILE​)

yaml["trusted_users"].each do |k,v|

t[File.expand_path(k)] = v

@trusted_users_source = CONFIG_FILE

d = File​.​expand_path​(​dirname​)

while d != "/"

if t.include?(d)

@trusted_users = t[d]

@dirname = d

d = File.split(d)[0]

if @trusted_users.nil? or d == "/"

raise ("Could not find #{File.expand_path(dirname)} or its parents in configuration file #{CONFIG_FILE}")

rescue Psych::SyntaxError, ArgumentError => e

@trusted_users_source = ENV​[​'HOME'​]+​'/.pws-trusted-users'

f = File​.​open​(​@trusted_users_source​)

rescue Exception => e

raise e

trusted = []

f.readlines.each do |line|

line.chomp!

next if line =~ /^$/

next if line =~ /^#/

trusted.push line

@trusted_users = trusted

def verify(content)

args = []

args.push "--keyring=#{@dirname}/.keyring" if FileTest​.​exists​?(​File​.​join​(​@dirname​, ".keyring"))

(outtxt, stderrtxt, statustxt, exitstatus) = GnuPG.gpgcall(content, args)

goodsig = false

validsig = nil

statustxt.split("\n").each do |line|

if m = /^\[GNUPG:\] GOODSIG/.match(line)

goodsig = true

elsif m = /^\[GNUPG:\] VALIDSIG \S+ \S+ \S+ \S+ \S+ \S+ \S+ \S+ \S+ ([0-9A-F]+)/.match(line)

validsig = m[1]

if not goodsig

STDERR.puts ".users file is not signed properly. GnuPG said on stdout:"

STDERR.puts outtxt

STDERR.puts "and on stderr:"

STDERR.puts stderrtxt

STDERR.puts "and via statusfd:"

STDERR.puts statustxt

raise "Not goodsig"

if not @trusted_users​.​include​?(​validsig​)

raise ".users file is signed by #{validsig} which is not in #{@trusted_users_source}"

if not exitstatus==0

raise "gpg verify failed for .users file"

return outtxt

def parse_file

f = File​.​open​(​File​.​join​(​@dirname​, '.users'))

rescue Exception => e

raise e

users = f.read

f.close

users = verify(users)

@users = {}

@groups = {}

lno = 0

users.split("\n").each do |line|

lno = lno+1

next if line =~ /^$/

next if line =~ /^#/

if (m = /^(#{USER_PATTERN})\s*=\s*([0-9A-Fa-f]{40})\s*$/​.​match line)

user = m[1]

fpr = m[2]

if @users.has_key?(user)

STDERR.puts "User #{user} redefined at line #{lno}!"

@users[user] = fpr

elsif (m = /^(#{GROUP_PATTERN})\s*=\s*(.*)$/​.​match line)

group = m[1]

members = m[2].strip

if @groups.has_key?(group)

STDERR.puts "Group #{group} redefined at line #{lno}!"

members = members.split(/[\t ,]+/)

@groups[group] = { "members" => members }

def is_group(name)

return (name =~ /^@/)

def check_exists(x, whence, fatal=true)

if is_group(x)

ok=false unless (@groups.has_key?(x))

ok=false unless @users.has_key?(x)

unless ok

STDERR.puts( (fatal ? "Error: " : "Warning: ") + "#{whence} contains unknown member #{x}")

exit(1) if fatal

return ok

def expand_groups

@groups.each_pair do |groupname, group|

group['members'].each do |member|

check_exists(member, "Group #{groupname}")

group['members_to_do'] = group['members'].clone

while true

had_progress = false

all_expanded = true

@groups.each_pair do |groupname, group|

group['keys'] = [] unless group['keys']

still_contains_groups = false

group​[​'members_to_do'​].​clone​.​each do |member|

if is_group(member)

if @groups​[​member​][​'members_to_do'​].​size == 0

group['keys'].concat @groups[member]['keys']

group​[​'members_to_do'​].​delete​(​member​)

had_progress = true

still_contains_groups = true

group['keys'].push @users[member]

group​[​'members_to_do'​].​delete​(​member​)

had_progress = true

all_expanded = false if still_contains_groups

break if all_expanded

unless had_progress

cyclic_groups = @groups​.​keys​.​reject​{|​name​| @groups​[​name​][​'members_to_do'​].​size == 0}.join(", ")

STDERR.puts "Cyclic group memberships in #{cyclic_groups}?"

def expand_targets(targets)

fprs = []

ok = true

targets.each do |t|

unless check_exists(t, "access line", false)

ok = false

if is_group(t)

fprs.concat @groups[t]['keys']

fprs.push @users[t]

return ok, fprs.uniq

def get_users()

return @users

class EncryptedData

attr_reader :accessible, :encrypted, :readable, :readers

def EncryptedData​.​determine_readable​(​readers​)

GnuPG.get_my_keys.each do |keyid|

return true if readers.include?(keyid)

return false

def EncryptedData​.​list_readers​(​statustxt​)

readers = []

statustxt.split("\n").each do |line|

m = /^\[GNUPG:\] ENC_TO ([0-9A-F]+)/.match line

next unless m

readers.push m[1]

return readers

def EncryptedData​.​targets​(​text​)

text.split("\n").each do |line|

if /^(#|---)/.match line

m = /^access: "?((?:(?:#{GROUP_PATTERN}|#{USER_PATTERN}),?\s*)+)"?/​.​match line

return [] unless m

return m[1].strip.split(/[\t ,]+/)

def initialize​(​encrypted_content​, label, keyring_directory = ".", ignore_decrypt_errors = false)

@ignore_decrypt_errors = ignore_decrypt_errors

@label = label

@keyring_dir = keyring_directory

@encrypted_content = encrypted_content

(outtxt, stderrtxt, statustxt) = GnuPG​.​gpgcall​(​@encrypted_content​, %w{--with-colons --no-options --no-default-keyring --secret-keyring=/dev/null --keyring=/dev/null})

@encrypted = !(statustxt =~ /\[GNUPG:\] NODATA/)

if @encrypted

@readers = EncryptedData​.​list_readers​(​statustxt​)

@readable = EncryptedData​.​determine_readable​(​@readers​)

def decrypt

(outtxt, stderrtxt, statustxt, exitstatus) = GnuPG​.​gpgcall​(​@encrypted_content​, %w{--decrypt})

if !@ignore_decrypt_errors and exitstatus != 0

proceed = read_input("Warning: gpg returned non-zero exit status #{exitstatus} when decrypting #{@label}. Proceed?", false)

exit(0) unless proceed

elsif !@ignore_decrypt_errors and outtxt.length == 0

proceed = read_input("Warning: #{@label} decrypted to an empty file. Proceed?")

exit(0) unless proceed

return outtxt

def encrypt(content, recipients)

args = recipients.collect{ |r| "--recipient=#{r}"}

args.push "--trust-model=always"

args​.​push​(​"--keyring=#{@keyring_dir}/.keyring"​, "--no-default-keyring") if FileTest​.​exists​?(​"#{@keyring_dir}/.keyring"​)

args.push "--armor"

args.push "--encrypt"

(outtxt, stderrtxt, statustxt, exitstatus) = GnuPG.gpgcall(content, args)

invalid = []

statustxt.split("\n").each do |line|

m = /^\[GNUPG:\] INV_RECP \S+ ([0-9A-F]+)/.match line

next unless m

invalid.push m[1]

if invalid.size > 0

again = read_input("Warning: the following recipients are invalid: #{invalid.join(", ")}. Try again (or proceed)?")

return false if again

if outtxt.length == 0

tryagain = read_input("Error: #{@label} encrypted to an empty file. Edit again (or exit)?")

return false if tryagain

if exitstatus != 0

proceed = read_input("Warning: gpg returned non-zero exit status #{exitstatus} when encrypting #{@label}. Said:\n#{stderrtxt}\n#{statustxt}\n\nProceed (or try again)?")

return false unless proceed

return true, outtxt

def determine_encryption_targets​(​content​)

targets = EncryptedData​.​targets​(​content​)

if targets.size == 0

tryagain = read_input("Warning: Did not find targets to encrypt to in header. Try again (or exit)?", true)

return false if tryagain

ok, expanded = @groupconfig​.​expand_targets​(​targets​)

if (expanded.size == 0)

tryagain = read_input("Errors in access header. Edit again (or exit)?", true)

return false if tryagain

elsif (not ok)

tryagain = read_input("Warnings in access header. Edit again (or continue)?", true)

return false if tryagain

to_me = false

GnuPG.get_my_fprs.each do |fpr|

if expanded.include?(fpr)

to_me = true

unless to_me

tryagain = read_input("File is not being encrypted to you. Edit again (or continue)?", true)

return false if tryagain

return true, expanded

class EncryptedFile < EncryptedData

def initialize(filename, new=false, trusted_file=nil)

@groupconfig = GroupConfig​.​new​(​dirname​=​File​.​dirname​(​filename​), trusted_users=trusted_file)

@new = new

if @new

@readers = []

@filename = filename

@accessible = FileTest​.​readable​?(​filename​)

@filename = filename

if @accessible

encrypted_content = File.read(filename)

encrypted_content = nil

super(encrypted_content, filename, @groupconfig.dirname, @new)

def write_back(content, targets)

ok, encrypted = encrypt(content, targets)

return false unless ok

File​.​open​(​@filename​,​"w"​).​write​(​encrypted​)

return true

class Ls

def help(parser, code=0, io=STDOUT)

io.puts "Usage: #{$program_name} ls [<directory> ...]"

io.puts parser.summarize

io.puts "Lists the contents of the given directory/directories, or the current"

io.puts "directory if none is given. For each file show whether it is PGP-encrypted"

io.puts "file, and if yes whether we can read it."

exit(code)

def ls_dir(dirname)

dir = Dir.open(dirname)

rescue Exception => e

STDERR.puts e

Dir.chdir(dirname) do

unless FileTest.exists?(".users")

STDERR.puts "The .users file does not exists here. This is not a password store, is it?"

dir.sort.each do |filename|

next if (filename =~ /^\./) and not (@all >= 3)

stat = File::Stat.new(filename)

if stat.symlink?

puts "(sym) #{filename}" if (@all >= 2)

elsif stat.directory?

puts "(dir) #{filename}" if (@all >= 2)

elsif !stat.file?

puts "(other) #{filename}" if (@all >= 2)

f = EncryptedFile​.​new​(​filename​)

if !f.accessible

elsif !f.encrypted

puts "(file) #{filename}" if (@all >= 2)

elsif f.readable

puts "(locked) #{filename}" if (@all >= 1)

def initialize()

@all = 0

ARGV.options do |opts|

opts.on_tail("-h", "--help" , "Display this help screen") { help(opts) }

opts.on_tail("-a", "--all" , "Show all files (use up to 3 times to show even more than all)") { @all = @all+1 }

opts.parse!

dirs = ARGV

dirs.push('.') unless dirs.size > 0

dirs.each { |dir| ls_dir(dir) }

class Ed

def help(parser, code=0, io=STDOUT)

io.puts "Usage: #{$program_name} ed <filename>"

io.puts parser.summarize

io.puts "Decrypts the file, spawns an editor, and encrypts it again"

exit(code)

def do_edit(content)

oldsize = content.length

tempfile = Tempfile.open('pws')

tempfile.puts content

tempfile.flush

system($editor, tempfile.path)

status = $?

throw "Process has not exited!?" unless status.exited?

unless status.exitstatus == 0

proceed = read_input("Warning: Editor did not exit successfully (exit code #{status.exitstatus}. Proceed?")

exit(0) unless proceed

reopened = File.open(tempfile.path, "r+")

rescue Exception => e

STDERR.puts e

content = reopened.read

newsize = content.length

clearsize = (newsize > oldsize) ? newsize : oldsize

[tempfile, reopened].each do |f|

f.seek(0, IO::SEEK_SET)

f.print "\0"*clearsize

f.fsync

reopened.close

tempfile.close(true)

return content

def edit(filename)

encrypted_file = EncryptedFile​.​new​(​filename​, @new)

if !@new and !encrypted_file.readable && !@force

STDERR.puts "#{filename} is probably not readable"

encrypted_to = GnuPG​.​get_fprs_from_keyids​(​encrypted_file​.​readers​).​sort

content = encrypted_file.decrypt

original_content = content

while true

content = do_edit(content)

if content.length == 0

proceed = read_input("Warning: Content is now empty. Proceed?")

exit(0) unless proceed

ok, targets = encrypted_file​.​determine_encryption_targets​(​content​)

next unless ok

if (original_content == content && ! @reencrypt_on_change)

if (targets.sort == encrypted_to)

STDERR.puts("Notice: list of keys changed -- re-encryption recommended. Run #{$program_name} rc #{filename}")

success = encrypted_file​.​write_back​(​content​, targets)

break if success

def initialize​(​reencrypt_on_change​=​false​)

ARGV.options do |opts|

opts.on_tail("-h", "--help" , "Display this help screen") { help(opts) }

opts.on_tail("-n", "--new" , "Edit new file") { |new| @new=new }

opts.on_tail("-f", "--force" , "Spawn an editor even if the file is probably not readable") { |force| @force=force }

opts.parse!

help(ARGV.options, 1, STDERR) if ARGV.length != 1

filename = ARGV.shift

if @new

if FileTest.exists?(filename)

STDERR.puts "#{filename} does exist"

if !FileTest.exists?(filename)

STDERR.puts "#{filename} does not exist"

elsif !FileTest.file?(filename)

STDERR.puts "#{filename} is not a regular file"

elsif !​FileTest​.​readable​?(​filename​)

STDERR.puts "#{filename} is not accessible (unix perms)"

@reencrypt_on_change = reencrypt_on_change

dirname = File.dirname(filename)

basename = File.basename(filename)

Dir.chdir(dirname) {

edit(basename)

class Reencrypt < Ed

def help(parser, code=0, io=STDOUT)

io.puts "Usage: #{$program_name} rc <filename>"

io.puts parser.summarize

io.puts "Reencrypts the file"

exit(code)

def do_edit(content)

return content

def initialize()

class Get

def help(parser, code=0, io=STDOUT)

io.puts "Usage: #{$program_name} get <filename> <query>"

io.puts parser.summarize

io.puts "Decrypts the file, fetches a key and outputs it to stdout."

io.puts "The file must be in YAML format."

io.puts "query is a query, formatted like /host/users/root"

exit(code)

def get(filename, what)

encrypted_file = EncryptedFile​.​new​(​filename​, @new)

if !encrypted_file.readable

STDERR.puts "#{filename} is probably not readable"

yaml = YAML​::​load​(​encrypted_file​.​decrypt​)

rescue Psych::SyntaxError, ArgumentError => e

STDERR.puts "Could not parse YAML: #{e.message}"

require 'pp'

a = what.split("/")[1..-1]

hit = yaml

if a.nil?

hit.keys.each do |k|

a.each do |k|

hit = hit[k]

if hit.nil?

STDERR.puts("No such key or invalid lookup expression")

elsif hit.respond_to?(:keys)

hit.keys.each do |k|

def initialize()

ARGV.options do |opts|

opts.on_tail("-h", "--help" , "Display this help screen") { help(opts) }

opts.parse!

help(ARGV.options, 1, STDERR) if ARGV.length != 2

filename = ARGV.shift

what = ARGV.shift

if !FileTest.exists?(filename)

STDERR.puts "#{filename} does not exist"

elsif !FileTest.file?(filename)

STDERR.puts "#{filename} is not a regular file"

elsif !​FileTest​.​readable​?(​filename​)

STDERR.puts "#{filename} is not accessible (unix perms)"

dirname = File.dirname(filename)

basename = File.basename(filename)

Dir.chdir(dirname) {

get(basename, what)

class KeyringUpdater

def help(parser, code=0, io=STDOUT)

io.puts "Usage: #{$program_name} update-keyring"

io.puts parser.summarize

io.puts "Updates the local .keyring file"

exit(code)

def initialize()

ARGV.options do |opts|

opts.on_tail("-h", "--help" , "Display this help screen") { help(opts) }

opts.parse!

help(ARGV.options, 1, STDERR) if ARGV.length > 1

groupconfig = GroupConfig.new

users = groupconfig.get_users()

File.open('.keyring', 'w') do |keyring|

users.each_pair() do |uid, keyid|

user_keyfile = File.join('keys', "#{uid}.key")

if File.file?(user_keyfile)

keyring​.​write​(​File​.​read​(​user_keyfile​))

puts "No key file found for user " + uid

class GitDiff

def help(parser, code=0, io=STDOUT)

io.puts "Usage: #{$program_name} gitdiff <commit> <file>"

io.puts parser.summarize

io.puts "Shows a diff between the version of <file> in your directory and the"

io.puts "version in git at <commit> (or HEAD). Requires that your tree be git"

io.puts "managed, obviously."

exit(code)

def check_readable(e, label)

if !e.readable && !@force

STDERR.puts "#{label} is probably not readable."

def get_file_at_commit()

label = @commit+':'+@filename

(encrypted_content, stderrtxt, exitcode) = GnuPG.open3call('git', '', ['show', label], require_success=true, do_status=false)

data = EncryptedData​.​new​(​encrypted_content​, label)

check_readable(data, label)

return data.decrypt

def get_file_current()

data = EncryptedFile​.​new​(​@filename​)

check_readable(data, @filename)

return data.decrypt

def diff()

old = get_file_at_commit()

cur = get_file_current()

t1 = Tempfile.open('pws')

t1.puts old

t1.flush

t2 = Tempfile.open('pws')

t2.puts cur

t2.flush

system("diff", "-u", t1.path, t2.path)

t1.seek(0, IO::SEEK_SET)

t1.print "\0"*old.length

t1.fsync

t1.close(true)

t2.seek(0, IO::SEEK_SET)

t2.print "\0"*cur.length

t2.fsync

t2.close(true)

def initialize()

ARGV.options do |opts|

opts.on_tail("-h", "--help" , "Display this help screen") { help(opts) }

opts.on_tail("-f", "--force" , "Do it even if the file is probably not readable") { |force| @force=force }

opts.parse!

if ARGV.length == 1

@commit = 'HEAD'

@filename = ARGV.shift

elsif ARGV.length == 2

@commit = ARGV.shift

@filename = ARGV.shift

help(ARGV.options, 1, STDERR)

def help(code=0, io=STDOUT)

io.puts "Usage: #{$program_name} ed"

io.puts " #{$program_name} rc"

io.puts " #{$program_name} ls"

io.puts " #{$program_name} gitdiff"

io.puts " #{$program_name} update-keyring"

io.puts " #{$program_name} help"

io.puts "Call #{$program_name} <command> --help for additional options/parameters"

exit(code)

def parse_command

case ARGV.shift

when 'ls' then Ls.new

when 'ed' then Ed.new

when 'rc' then Reencrypt.new

when 'gitdiff' then GitDiff.new

when 'get' then Get.new

when 'update-keyring' then KeyringUpdater.new

when 'help' then

case ARGV.length

when 0 then help

when 1 then

ARGV.push "--help"

else help(1, STDERR)

help(1, STDERR)

if __FILE__ == $0

rescue RuntimeError => e

STDERR.puts e.message

Powered by Gitiles