projects
/
monkeysphere.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
replaced nullmailer with postfix on george
[monkeysphere.git]
/
src
/
monkeysphere
diff --git
a/src/monkeysphere
b/src/monkeysphere
index 92beafd64e5a73d3e946659ba7b67ca90b179924..7e800cc4d61942f53deff20817f08633da6a8a74 100755
(executable)
--- a/
src/monkeysphere
+++ b/
src/monkeysphere
@@
-1,4
+1,4
@@
-#!/
bin/
bash
+#!/
usr/bin/env
bash
# monkeysphere: MonkeySphere client tool
#
# monkeysphere: MonkeySphere client tool
#
@@
-13,11
+13,11
@@
########################################################################
PGRM=$(basename $0)
########################################################################
PGRM=$(basename $0)
-S
HARE=${MONKEYSPHERE_SHARE
:-"/usr/share/monkeysphere"}
-export S
HARE
-. "${S
HARE
}/common" || exit 1
+S
YSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR
:-"/usr/share/monkeysphere"}
+export S
YSSHAREDIR
+. "${S
YSSHAREDIR
}/common" || exit 1
-#
date in UTF
format if needed
+#
UTC date in ISO 8601
format if needed
DATE=$(date -u '+%FT%T')
# unset some environment variables that could screw things up
DATE=$(date -u '+%FT%T')
# unset some environment variables that could screw things up
@@
-36,7
+36,7
@@
umask 077
usage() {
cat <<EOF >&2
usage: $PGRM <subcommand> [options] [args]
usage() {
cat <<EOF >&2
usage: $PGRM <subcommand> [options] [args]
-Monkey
S
phere client tool.
+Monkey
s
phere client tool.
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
@@
-63,7
+63,7
@@
gen_subkey(){
keyExpire=
# get options
keyExpire=
# get options
- TEMP=$(
getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@")
+ TEMP=$(
PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
if [ $? != 0 ] ; then
exit 1
if [ $? != 0 ] ; then
exit 1
@@
-93,7
+93,7
@@
gen_subkey(){
if [ -z "$1" ] ; then
# find all secret keys
if [ -z "$1" ] ; then
# find all secret keys
- keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:)
+ keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:
| sort -u
)
# if multiple sec keys exist, fail
if (( $(echo "$keyID" | wc -l) > 1 )) ; then
echo "Multiple secret keys found:"
# if multiple sec keys exist, fail
if (( $(echo "$keyID" | wc -l) > 1 )) ; then
echo "Multiple secret keys found:"
@@
-115,7
+115,7
@@
key before joining the monkeysphere. You can do this with:
# fail if multiple sec lines are returned, which means the id
# given is not unique
# fail if multiple sec lines are returned, which means the id
# given is not unique
- if [ $(echo "$gpgOut" | grep
'^sec:' | wc -l
) -gt '1' ] ; then
+ if [ $(echo "$gpgOut" | grep
-c '^sec:'
) -gt '1' ] ; then
failure "Key ID '$keyID' is not unique."
fi
failure "Key ID '$keyID' is not unique."
fi
@@
-147,7
+147,7
@@
EOF
)
log verbose "generating subkey..."
)
log verbose "generating subkey..."
- fifoDir=$(mktemp -d)
+ fifoDir=$(mktemp -d
${TMPDIR:-/tmp}/tmp.XXXXXXXXXX
)
(umask 077 && mkfifo "$fifoDir/pass")
echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
(umask 077 && mkfifo "$fifoDir/pass")
echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
@@
-172,7
+172,7
@@
function subkey_to_ssh_agent() {
if ! test_gnu_dummy_s2k_extension ; then
failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys.
if ! test_gnu_dummy_s2k_extension ; then
failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys.
-You may want to consider patching or upgrading.
+You may want to consider patching or upgrading
to GnuTLS 2.6 or later
.
For more details, see:
http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html"
For more details, see:
http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html"
@@
-210,7
+210,7
@@
You might want to run 'gpg --gen-key'."
You might want to 'monkeysphere gen-subkey'"
fi
You might want to 'monkeysphere gen-subkey'"
fi
- workingdir=$(mktemp -d)
+ workingdir=$(mktemp -d
${TMPDIR:-/tmp}/tmp.XXXXXXXXXX
)
umask 077
mkfifo "$workingdir/passphrase"
keysuccess=1
umask 077
mkfifo "$workingdir/passphrase"
keysuccess=1
@@
-270,10
+270,10
@@
unset HASH_KNOWN_HOSTS
unset AUTHORIZED_KEYS
# load global config
unset AUTHORIZED_KEYS
# load global config
-[ -r "${
ETC}/monkeysphere.conf" ] && . "${ETC
}/monkeysphere.conf"
+[ -r "${
SYSCONFIGDIR}/monkeysphere.conf" ] && . "${SYSCONFIGDIR
}/monkeysphere.conf"
# set monkeysphere home directory
# set monkeysphere home directory
-MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.
config/
monkeysphere"}
+MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.monkeysphere"}
mkdir -p -m 0700 "$MONKEYSPHERE_HOME"
# load local config
mkdir -p -m 0700 "$MONKEYSPHERE_HOME"
# load local config
@@
-318,10
+318,12
@@
case $COMMAND in
'update-known_hosts'|'update-known-hosts'|'k')
MODE='known_hosts'
'update-known_hosts'|'update-known-hosts'|'k')
MODE='known_hosts'
+ # touch the known_hosts file so that the file permission check
+ # below won't fail upon not finding the file
+ (umask 0022 && touch "$KNOWN_HOSTS")
+
# check permissions on the known_hosts file path
# check permissions on the known_hosts file path
- if ! check_key_file_permissions "$USER" "$KNOWN_HOSTS" ; then
- failure "Improper permissions on known_hosts file path."
- fi
+ check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
# if hosts are specified on the command line, process just
# those hosts
# if hosts are specified on the command line, process just
# those hosts
@@
-347,14
+349,10
@@
case $COMMAND in
MODE='authorized_keys'
# check permissions on the authorized_user_ids file path
MODE='authorized_keys'
# check permissions on the authorized_user_ids file path
- if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then
- failure "Improper permissions on authorized_user_ids file path."
- fi
+ check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" || failure
# check permissions on the authorized_keys file path
# check permissions on the authorized_keys file path
- if ! check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" ; then
- failure "Improper permissions on authorized_keys file path."
- fi
+ check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
# exit if the authorized_user_ids file is empty
if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then
# exit if the authorized_user_ids file is empty
if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then