weren't useful enough to be worth maintaining.
* Better handling of unknown users in server update-users
* Add file locking when modifying known_hosts or authorized_keys
+ * Better failure/prompting for gen-subkey
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Fri, 20 Jun 2008 00:43:44 -0400
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Sat, 21 Jun 2008 16:39:26 -0400
monkeysphere (0.1-1) experimental; urgency=low
Update monkeysphere-ssh-proxycommand man page with info about
no-connect option.
+
+File bug against seahorse about how, when creating new primary keys,
+ it presents option for "RSA (sign only)" but then creates an "esca"
+ key.
+
+File bug against enigmail about lack of ability to create subkeys.
* changes to this system *
******************************************************************************
-2008-06-20 - dkg
+2008-06-21 - micah
+ * Restored /etc/init.d/ssh to original package state and changed
+ /etc/default/ssh to have 'unset SSHD_OOM_ADJUST' instead.
+
+2008-06-20 - micah
+ * Commented out the 'export SSHD_OOM_ADJUST=-17' from the
+ /etc/init.d/ssh initscript, and the 'SSHD_OOM_ADJUST=-17' from
+ /etc/default/ssh in order to make this error go away:
+ "error writing /proc/self/oom_adj: Operation not permitted"
+ (c.f. Debian #487325)
+
+200r-06-20 - dkg
* touched /etc/environment to get rid of some spurious auth.log
entries.
* turned up sshd's LogLevel from INFO to DEBUG
# get the user's home directory
userHome=$(getent passwd "$uname" | cut -d: -f6)
- # translate ssh-style path variables
+ # translate '%u' to user name
path=${path/\%u/"$uname"}
+ # translate '%h' to user home directory
path=${path/\%h/"$userHome"}
echo "$path"
gpgOut=$(gpg --quiet --fixed-list-mode --list-keys --with-colons \
"$keyID" 2> /dev/null)
- # return 1 if there only "tru" lines are output from gpg
+ # fail if there only "tru" lines are output from gpg, which
+ # indicates the key was not found.
if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
failure "Key ID '$keyID' not found."
fi
+ # fail if multiple pub lines are returned, which means the id given
+ # is not unique
+ if [ $(echo "$gpgOut" | grep '^pub:' | wc -l) -gt '1' ] ; then
+ failure "Key ID '$keyID' is not unique."
+ fi
+
+ # prompt if an authentication subkey already exists
+ if echo "$gpgOut" | egrep "^(pub|sub):" | cut -d: -f 12 | grep -q a ; then
+ echo "An authentication subkey already exists for key '$keyID'."
+ read -p "Are you sure you would like to generate another one? [y|N]: " OK; OK=${OK:N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "aborting."
+ fi
+ fi
+
# set subkey defaults
SUBKEY_TYPE=${SUBKEY_TYPE:-"RSA"}
#SUBKEY_LENGTH=${SUBKEY_LENGTH:-"2048"}
trap cleanup EXIT
-GPGID="$1"
-
-idchars=$(echo $GPGID | wc -m)
-if [ "$idchars" -ne 17 ] ; then
- echo "GPGID is not 16 characters ($idchars)."
- exit 1
-fi
+#GPGID="$1"
+GPGID=$(echo "$1" | cut -c 25-)
FOO=$(mktemp -d)
-gpg --export-secret-key --export-options export-reset-subkey-passwd $GPGID | GNUPGHOME=$FOO gpg --import
+gpg --export-secret-key $GPGID | GNUPGHOME="$FOO" gpg --import
+
+# idea to script the password stuff. not working.
+# read -s -p "enter gpg password: " PASSWD; echo
+# cmd=$(cat <<EOF
+# passwd
+# $PASSWD
+# \n
+# \n
+# \n
+# yes
+# save
+# EOF
+# )
+# echo -e "$cmd" | GNUPGHOME="$FOO" gpg --command-fd 0 --edit-key $GPGID
-GNUPGHOME=$FOO gpg --edit-key $GPGID
+GNUPGHOME="$FOO" gpg --edit-key $GPGID
-ln -s /dev/stdin $FOO/monkeysphere-key
+ln -s /dev/stdin "$FOO"/monkeysphere-key
-GNUPGHOME=$FOO gpg --export-secret-key $GPGID | openpgp2ssh $GPGID | (cd $FOO && ssh-add -c monkeysphere-key)
+GNUPGHOME="$FOO" gpg --export-secret-key $GPGID | openpgp2ssh $GPGID | ssh-add -c /dev/stdin
projects / monkeysphere.git / commitdiff