X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=da10c204e5ca9cb86dbec3c19666e40ed09f064e;hb=5853f2d8964cb415dd803e471b8903198f9acf17;hp=c6ecaa4d88ae014752de71856c1dae146a476057;hpb=35f16f7e3eaa05b04e97337d7ef0188fb3050f8e;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index c6ecaa4..da10c20 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -128,25 +128,7 @@ key before joining the monkeysphere. You can do this with: # set subkey defaults # prompt about key expiration if not specified - if [ -z "$keyExpire" ] ; then - cat < = key expires in n days - w = key expires in n weeks - m = key expires in n months - y = key expires in n years -EOF - while [ -z "$keyExpire" ] ; do - read -p "Key is valid for? (0) " keyExpire - if ! test_gpg_expire ${keyExpire:=0} ; then - echo "invalid value" - unset keyExpire - fi - done - elif ! test_gpg_expire "$keyExpire" ; then - failure "invalid key expiration value '$keyExpire'." - fi + keyExpire=$(get_gpg_expiration "$keyExpire") # generate the list of commands that will be passed to edit-key editCommands=$(cat </dev/null ; then + failure "No ssh-agent available." + fi + + # and if it looks like it's running, but we can't actually talk to + # it, bail out: + ssh-add -l >/dev/null + sshaddresponse="$?" + if [ "$sshaddresponse" = "2" ]; then + failure "Could not connect to ssh-agent" + fi + # get list of secret keys (to work around https://bugs.g10code.com/gnupg/issue945): - secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') + secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \ + grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') + + if [ -z "$secretkeys" ]; then + failure "You have no secret keys in your keyring! +You might want to run 'gpg --gen-key'." + fi - authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint --fingerprint $secretkeys | cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | grep '^fpr::' | cut -f3 -d: | sort -u) + authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \ + --fingerprint --fingerprint $secretkeys | \ + cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \ + grep '^fpr::' | cut -f3 -d: | sort -u) + + if [ -z "$authsubkeys" ]; then + failure "no authentication-capable subkeys available. +You might want to 'monkeysphere gen-subkey'" + fi workingdir=$(mktemp -d) umask 077 mkfifo "$workingdir/passphrase" + keysuccess=1 # FIXME: we're currently allowing any other options to get passed # through to ssh-add. should we limit it to known ones? For # example: -d or -c and/or -t - # FIXME: how do we know if we succeeded or failed? ssh-add gives - # weird return values under setsid, and if there are more than one - for subkey in $authsubkeys; do - kname="MonkeySphere Key $subkey" + # choose a label by which this key will be known in the agent: + # we are labelling the key by User ID instead of by + # fingerprint, but filtering out all / characters to make sure + # the filename is legit. + + primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) + + #kname="[monkeysphere] $primaryuid" + kname="$primaryuid" if [ "$1" = '-d' ]; then # we're removing the subkey: @@ -212,15 +238,22 @@ function subkey_to_ssh_agent() { gpg --quiet --passphrase-fd 3 3<"$workingdir/passphrase" \ --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \ --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & - (cd "$workingdir" && unset -v DISPLAY && unset -v SSH_ASKPASS && /usr/bin/setsid ssh-add "$@" "$kname"