X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-host;h=64023e056c7ad6de9e6a1c5bf978d503010ecfbf;hb=0c874fdd6abfa4b74d7805f2d2d121f08211b4aa;hp=f79c2bb064714f7c40b1cf65230b2f866af7675c;hpb=07316c65eb5302a1d5385301876be7971e26fd1f;p=monkeysphere.git diff --git a/src/monkeysphere-host b/src/monkeysphere-host index f79c2bb..64023e0 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -32,9 +32,12 @@ MHSHAREDIR="${SYSSHAREDIR}/mh" # datadir for host functions MHDATADIR="${SYSDATADIR}/host" +# temp directory for temp gnupghome directories for add_revoker +MHTMPDIR="${MHDATADIR}/tmp" +export MHTMPDIR + # host pub key files -HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" -HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +HOST_KEY_FILE="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" # UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') @@ -91,34 +94,12 @@ gpg_host_edit() { "0x${HOST_FINGERPRINT}!" "$@" } -# export the host key to stdout -gpg_host_export() { - gpg_host --export --armor --export-options export-minimal \ - "0x${HOST_FINGERPRINT}!" -} - -# export the host secret key to the monkeysphere ssh sec key file -# NOTE: assumes that the primary key is the proper key to use -create_ssh_sec_file() { - log debug "creating ssh secret key file..." - (umask 077 && \ - gpg_host --export-secret-key "$HOST_FINGERPRINT" | \ - openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key") - log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key" -} - -# export the host public key to the monkeysphere ssh pub key file -create_ssh_pub_file() { - log debug "creating ssh public key file..." - ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB" - log info "SSH host public key file: $HOST_KEY_PUB" -} - # export the host public key to the monkeysphere gpg pub key file create_gpg_pub_file() { log debug "creating openpgp public key file..." - gpg_host_export > "$HOST_KEY_PUB_GPG" - log info "GPG host public key file: $HOST_KEY_PUB_GPG" + gpg_host --export --armor --export-options export-minimal \ + "0x${HOST_FINGERPRINT}!" > "$HOST_KEY_FILE" + log info "GPG host public key file: $HOST_KEY_FILE" } # load the host fingerprint into the fingerprint variable, using the @@ -127,12 +108,12 @@ create_gpg_pub_file() { # stuff. is there a way we can do this without having to create temp # files? load_fingerprint() { - if [ -f "$HOST_KEY_PUB_GPG" ] ; then + if [ -f "$HOST_KEY_FILE" ] ; then HOST_FINGERPRINT=$( \ (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \ && gpg --quiet --import \ && gpg --quiet --list-keys --with-colons --with-fingerprint \ - && rm -rf "$FUBAR") <"$HOST_KEY_PUB_GPG" \ + && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \ | grep '^fpr:' | cut -d: -f10 ) else HOST_FINGERPRINT= @@ -148,13 +129,6 @@ load_fingerprint_secret() { | grep '^fpr:' | cut -d: -f10 ) } -# output host key ssh fingerprint -load_ssh_fingerprint() { - [ -f "$HOST_KEY_PUB" ] || return 0 - HOST_FINGERPRINT_SSH=$(ssh-keygen -l -f "$HOST_KEY_PUB" \ - | awk '{ print $1, $2, $4 }') -} - # fail if host key present check_host_key() { [ -z "$HOST_FINGERPRINT" ] \ @@ -194,18 +168,16 @@ find_host_userid() { # show info about the host key show_key() { gpg_host --fingerprint --list-key --list-options show-unusable-uids \ - "0x${HOST_FINGERPRINT}!" 2>/dev/null + "0x${HOST_FINGERPRINT}!" 2>/dev/null || true # FIXME: make sure expiration date is shown echo "OpenPGP fingerprint: $HOST_FINGERPRINT" - load_ssh_fingerprint - - if [ "$HOST_FINGERPRINT_SSH" ] ; then - echo "ssh fingerprint: $HOST_FINGERPRINT_SSH" - else - log error "SSH host key not found." - fi + echo -n "ssh fingerprint: " + ssh-keygen -l -f /dev/stdin \ + <<<$( gpg_host --export FEE16FA3 2>/dev/null \ + | openpgp2ssh 8445B5203A8443B4B04F637DD4DE66B2FEE16FA3 2>/dev/null) \ + | awk '{ print $1, $2, $4 }' # FIXME: other relevant key parameters? } @@ -242,7 +214,6 @@ export KEYSERVER export GNUPGHOME_HOST export GNUPGHOME export HOST_FINGERPRINT= -export HOST_FINGERPRINT_SSH= # get subcommand COMMAND="$1"