X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=1db4f20ce48fba8670aeb4507d4bed4b9ca0f853;hb=a746da0ddeed35013ef135e7a0f0aba82d568767;hp=2ca36365d19e43615010899c3bcc4c58a8dfa080;hpb=3c65d3d8ce819bc94cce81724f0374765e405906;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index 2ca3636..1db4f20 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -1,9 +1,11 @@ -#!/bin/bash +#!/usr/bin/env bash # monkeysphere: MonkeySphere client tool # # The monkeysphere scripts are written by: # Jameson Rollins +# Jamie McClelland +# Daniel Kahn Gillmor # # They are Copyright 2008, and are all released under the GPL, version 3 # or later. @@ -11,11 +13,11 @@ ######################################################################## PGRM=$(basename $0) -SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"} -export SHARE -. "${SHARE}/common" || exit 1 +SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} +export SYSSHAREDIR +. "${SYSSHAREDIR}/common" || exit 1 -# date in UTF format if needed +# UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up @@ -32,9 +34,9 @@ umask 077 ######################################################################## usage() { - cat <&2 usage: $PGRM [options] [args] -MonkeySphere client tool. +Monkeysphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file @@ -61,7 +63,7 @@ gen_subkey(){ keyExpire= # get options - TEMP=$(getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") + TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?" if [ $? != 0 ] ; then exit 1 @@ -91,7 +93,7 @@ gen_subkey(){ if [ -z "$1" ] ; then # find all secret keys - keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) + keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u) # if multiple sec keys exist, fail if (( $(echo "$keyID" | wc -l) > 1 )) ; then echo "Multiple secret keys found:" @@ -113,7 +115,7 @@ key before joining the monkeysphere. You can do this with: # fail if multiple sec lines are returned, which means the id # given is not unique - if [ $(echo "$gpgOut" | grep '^sec:' | wc -l) -gt '1' ] ; then + if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then failure "Key ID '$keyID' is not unique." fi @@ -128,25 +130,7 @@ key before joining the monkeysphere. You can do this with: # set subkey defaults # prompt about key expiration if not specified - if [ -z "$keyExpire" ] ; then - cat < = key expires in n days - w = key expires in n weeks - m = key expires in n months - y = key expires in n years -EOF - while [ -z "$keyExpire" ] ; do - read -p "Key is valid for? (0) " keyExpire - if ! test_gpg_expire ${keyExpire:=0} ; then - echo "invalid value" - unset keyExpire - fi - done - elif ! test_gpg_expire "$keyExpire" ; then - failure "invalid key expiration value '$keyExpire'." - fi + keyExpire=$(get_gpg_expiration "$keyExpire") # generate the list of commands that will be passed to edit-key editCommands=$(cat </dev/null ; then @@ -199,29 +192,25 @@ function subkey_to_ssh_agent() { fi # get list of secret keys (to work around https://bugs.g10code.com/gnupg/issue945): - secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') + secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \ + grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') if [ -z "$secretkeys" ]; then failure "You have no secret keys in your keyring! -You might want to 'gpg --gen-key'" +You might want to run 'gpg --gen-key'." fi - authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint --fingerprint $secretkeys | cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | grep '^fpr::' | cut -f3 -d: | sort -u) + authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \ + --fingerprint --fingerprint $secretkeys | \ + cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \ + grep '^fpr::' | cut -f3 -d: | sort -u) if [ -z "$authsubkeys" ]; then failure "no authentication-capable subkeys available. You might want to 'monkeysphere gen-subkey'" fi - if ! test_gnu_dummy_s2k_extension ; then - failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys. -You may want to consider patching or upgrading. - -For more details, see: - http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html" - fi - - workingdir=$(mktemp -d) + workingdir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) umask 077 mkfifo "$workingdir/passphrase" keysuccess=1 @@ -238,7 +227,8 @@ For more details, see: primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) - kname="[monkeysphere] $primaryuid" + #kname="[monkeysphere] $primaryuid" + kname="$primaryuid" if [ "$1" = '-d' ]; then # we're removing the subkey: @@ -252,7 +242,7 @@ For more details, see: --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname"