if [ "$sshaddresponse" = "2" ]; then
failure "Could not connect to ssh-agent"
fi
# get list of secret keys (to work around bug
# https://bugs.g10code.com/gnupg/issue945):
if [ "$sshaddresponse" = "2" ]; then
failure "Could not connect to ssh-agent"
fi
# get list of secret keys (to work around bug
# https://bugs.g10code.com/gnupg/issue945):
--fingerprint --fingerprint $secretkeys | \
cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \
grep '^fpr::' | cut -f3 -d: | sort -u)
--fingerprint --fingerprint $secretkeys | \
cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \
grep '^fpr::' | cut -f3 -d: | sort -u)
# FIXME: we're currently allowing any other options to get passed
# through to ssh-add. should we limit it to known ones? For
# FIXME: we're currently allowing any other options to get passed
# through to ssh-add. should we limit it to known ones? For
- gpg --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname"
- (cd "$workingdir" && ssh-add -d "$kname")
+ gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname"
+ (cd "$workingdir" && ssh-add -d "$kname") || keysuccess="$?"
--export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
--export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" &
(cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )&
passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
--export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
--export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" &
(cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )&
passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
- # success or failure of the final authentication subkey in this
- # case. What if earlier ones failed?
- exit "$keysuccess"
+ # failure code of the last authentication subkey which fails.
+ # what if more than one authentication subkey fails?
+ return "$keysuccess"