# or later.
########################################################################
+set -e
+
PGRM=$(basename $0)
SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
export SYSSHAREDIR
-. "${SYSSHAREDIR}/common" || exit 1
+. "${SYSSHAREDIR}/defaultenv"
+. "${SYSSHAREDIR}/common"
# sharedir for host functions
MSHAREDIR="${SYSSHAREDIR}/m"
# unset some environment variables that could screw things up
unset GREP_OPTIONS
-# default return code
-RETURN=0
-
# set the file creation mask to be only owner rw
umask 077
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
update-authorized_keys (a) update authorized_keys file
- import-subkey (i) FILE [KEYID] import existing ssh key as gpg subkey
gen-subkey (g) [KEYID] generate an authentication subkey
--length (-l) BITS key length in bits (2048)
ssh-proxycommand monkeysphere ssh ProxyCommand
EOF
}
+# user gpg command to define common options
+gpg_user() {
+ gpg --no-greeting --quiet --no-tty "$@"
+}
+
# take a secret key ID and check that only zero or one ID is provided,
# and that it corresponds to only a single secret key ID
check_gpg_sec_key_id() {
case "$#" in
0)
- gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
+ gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
;;
1)
- gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$keyID" | egrep '^sec:') || failure
+ gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure
;;
*)
failure "You must specify only a single primary key ID."
echo "$gpgSecOut" | cut -d: -f5
;;
*)
- echo "Multiple primary secret keys found:" | log error
- echo "$gpgSecOut" | cut -d: -f5 | log error
- echo "Please specify which primary key to use." | log error
- failure
+ local seckeys=$(echo "$gpgSecOut" | cut -d: -f5)
+ failure "Multiple primary secret keys found:
+$seckeys
+Please specify which primary key to use."
;;
esac
}
# check that a valid authentication key does not already exist
IFS=$'\n'
- for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do
+ for line in $(gpg_user --fixed-list-mode --list-keys --with-colons "$keyID") ; do
type=$(echo "$line" | cut -d: -f1)
validity=$(echo "$line" | cut -d: -f2)
usage=$(echo "$line" | cut -d: -f12)
fi
# if authentication key is valid, prompt to continue
if [ "$validity" = 'u' ] ; then
- log error "A valid authentication key already exists for primary key '$keyID'."
+ echo "A valid authentication key already exists for primary key '$keyID'." 1>&2
if [ "$PROMPT" = "true" ] ; then
read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
if [ "${OK/y/Y}" != 'Y' ] ; then
AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"}
REQUIRED_HOST_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_HOST_KEY_CAPABILITY:="a"}
REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
+LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '}
# export GNUPGHOME and make sure gpg home exists with proper
# permissions
# those hosts
if [ "$1" ] ; then
update_known_hosts "$@"
- RETURN="$?"
# otherwise, if no hosts are specified, process every host
# in the user's known_hosts file
else
process_known_hosts
- RETURN="$?"
fi
;;
# process authorized_user_ids file
process_authorized_user_ids "$AUTHORIZED_USER_IDS"
- RETURN="$?"
;;
'import-subkey'|'i')
;;
'version'|'v')
- echo "$VERSION"
+ version
;;
'--help'|'help'|'-h'|'h'|'?')
Type '$PGRM help' for usage."
;;
esac
-
-exit "$RETURN"
projects / monkeysphere.git / blobdiff