src/zlevis: restructured argument path structure

2025-02-14 23:46:19 +01:00 · 2025-02-14 23:46:19 +01:00 · 17eb015918
commit 17eb015918
parent d42a13b560
1 changed files with 53 additions and 20 deletions
--- a/src/zlevis
+++ b/src/zlevis
@ -12,31 +12,64 @@ if [ "$1" = "--summary" ]; then
    exit 0
 fi

-# Function to display usage information when called
+# Function to display usage information of zlevis
 info() {
    exec >&2
-    echo "Usage: \"zlevis {decrypt|encrypt} {pool|key} [options]\""
+    echo "Usage: \"zlevis {decrypt|encrypt} {pool|key}\""
    exit 2
 }

-# Case statement to handle the argument path
-case "$1" in
-    "decrypt") 
-        case "$2" in
-            "pool") zfs list -Ho tpm:jwe "$3" | zlevis-decrypt;;
-            "key") zlevis-decrypt;;
-            *) info;;
-        esac
-    ;;
-    "encrypt")
-        case "$2" in
-            "pool") read -r -d . key && zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt "$4") "$3";;
-            "key") zlevis-encrypt "$3";;
-            *) info;;
-        esac
-    ;;
-    *) info;;
-esac
+# Function to display usage information of zlevis encrypt pool
+encrypt_pool_info() {
+    exec >&2
+    echo "Usage: \"zlevis encrypt pool <pool> '{\"property\":\"value\"}' < file.key\""
+    echo
+    echo "This command uses the following configuration properties:"
+    echo "  hash: <string> -> Hash algorithm used in the computation of the object name (default: sha256)."
+    echo "  key: <string> -> Algorithm type for the generated key (default: ecc)."
+    echo "  pcr_bank: <string> -> PCR algorithm bank to use for policy (default: first supported by TPM)."
+    echo "  pcr_ids: <string> -> PCR list used for policy. If not present, no policy is used."
+    echo "  pcr_digest: <string> -> Binary PCR hashes encoded in base64. If not present, the hash values are looked up."
+    exit 2
+}
+
+# Determine the argument path and execute the relevant script or function
+if [ -t 0]; then
+    case "$1" in
+        "decrypt") 
+            case "$2" in
+                "pool") zfs list -Ho tpm:jwe "$3" | zlevis-decrypt;;
+                "key") zlevis-decrypt;;
+                *) info;;
+            esac
+        ;;
+        "encrypt")
+            case "$2" in
+                "pool") encrypt_pool_info;;
+                "key") zlevis-encrypt;;
+                *) info;;
+            esac
+        ;;
+        *) info;;
+    esac
+else
+    case "$1" in
+        "decrypt") 
+            case "$2" in
+                "key") zlevis-decrypt;;
+                *) info;;
+            esac
+        ;;
+        "encrypt")
+            case "$2" in
+                "pool") read -r -d . key || zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt "$4") "$3";;
+                "key") zlevis-encrypt "$3";;
+                *) info;;
+            esac
+        ;;
+        *) info;;
+    esac
+fi

 # Exit with the status of the last command
 exit $?