X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fm%2Fsubkey_to_ssh_agent;h=4ce14f898709a4002de77b075bcde9b27f746457;hb=9e5a8d819afd3ded051bef739dbc4bfb1446dc2e;hp=a92718efee93ce042fe82b848e0573c2df790365;hpb=e2b547631eae05103fe3219f4e2c7a4f618ef5d0;p=monkeysphere.git diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index a92718e..4ce14f8 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -13,12 +13,15 @@ # try to add all authentication subkeys to the agent +# FIXME: what if you only want to add one authentication subkey to the +# agent? + subkey_to_ssh_agent() { - local sshaddresponse + local sshaddresponse=0 local secretkeys local authsubkeys local workingdir - local keysuccess + local keysuccess=0 local subkey local publine local kname @@ -38,15 +41,15 @@ For more details, see: # and if it looks like it's running, but we can't actually talk to # it, bail out: - ssh-add -l >/dev/null - sshaddresponse="$?" + ssh-add -l >/dev/null || sshaddresponse="$?" if [ "$sshaddresponse" = "2" ]; then failure "Could not connect to ssh-agent" fi # get list of secret keys (to work around bug # https://bugs.g10code.com/gnupg/issue945): - secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \ + secretkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ + --fingerprint | \ grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') if [ -z "$secretkeys" ]; then @@ -54,7 +57,7 @@ For more details, see: You might want to run 'gpg --gen-key'." fi - authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \ + authsubkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ --fingerprint --fingerprint $secretkeys | \ cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \ grep '^fpr::' | cut -f3 -d: | sort -u) @@ -65,9 +68,9 @@ You might want to 'monkeysphere gen-subkey'" fi workingdir=$(msmktempdir) + trap "rm -rf $workingdir" EXIT umask 077 mkfifo "$workingdir/passphrase" - keysuccess=1 # FIXME: we're currently allowing any other options to get passed # through to ssh-add. should we limit it to known ones? For @@ -79,35 +82,35 @@ You might want to 'monkeysphere gen-subkey'" # fingerprint, but filtering out all / characters to make sure # the filename is legit. - primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) + primaryuid=$(gpg_user --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) #kname="[monkeysphere] $primaryuid" kname="$primaryuid" if [ "$1" = '-d' ]; then # we're removing the subkey: - gpg --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" - (cd "$workingdir" && ssh-add -d "$kname") + gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" + (cd "$workingdir" && ssh-add -d "$kname") || keysuccess="$?" else # we're adding the subkey: mkfifo "$workingdir/$kname" - gpg --quiet --passphrase-fd 3 3<"$workingdir/passphrase" \ + gpg_user --passphrase-fd 3 3<"$workingdir/passphrase" \ --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \ --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname"