GNUPGHOME="$GNUPGHOME_CORE"
export GNUPGHOME
- gpg "$@"
+ gpg --no-greeting --quiet --no-tty "$@"
}
# function to interact with the gpg sphere keyring
GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME
- su_monkeysphere_user "gpg $@"
+ su_monkeysphere_user "gpg --no-greeting --quiet --no-tty $@"
}
# output to stdout the core fingerprint from the gpg core secret
# keyring
core_fingerprint() {
log debug "determining core key fingerprint..."
- gpg_core --quiet --list-secret-key \
- --with-colons --fixed-list-mode --with-fingerprint \
+ gpg_core --list-secret-key --with-colons \
+ --fixed-list-mode --with-fingerprint \
| grep ^fpr: | cut -d: -f10
}
gpg_core_sphere_sig_transfer() {
log debug "exporting core local sigs to sphere..."
gpg_core --export-options export-local-sigs --export | \
- gpg_sphere "--import-options import-local-sigs --import" \
- 2>&1 | log debug
+ gpg_sphere "--import-options import-local-sigs --import"
}
########################################################################
# function to interact with the gpg keyring
gpg_host() {
- GNUPGHOME="$GNUPGHOME_HOST" gpg "$@"
+ GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --no-tty "$@"
}
# command to list the info about the host key, in colon format, to
# FIXME: should we supress all the edit script spew? or pipe it
# through log debug?
gpg_host_edit() {
- gpg_host --no-greeting --quiet \
- --command-fd 0 --no-tty --edit-key \
- "0x${HOST_FINGERPRINT}!" "$@" 2>&1 | log debug
+ gpg_host --command-fd 0 --edit-key "0x${HOST_FINGERPRINT}!" "$@"
}
# export the host public key to the monkeysphere gpg pub key file
# gpg host secret key
load_fingerprint_secret() {
HOST_FINGERPRINT=$( \
- gpg_host --quiet --list-secret-key \
- --with-colons --with-fingerprint \
+ gpg_host --list-secret-key --with-colons --with-fingerprint \
| grep '^fpr:' | cut -d: -f10 )
}
check_host_no_key() {
[ -s "$HOST_KEY_FILE" ] \
|| failure "You don't appear to have a Monkeysphere host key on this server.
-Please run 'monkeysphere-host import-key' first."
+Please run 'monkeysphere-host import-key...' first."
}
# output the index of a user ID on the host key
# core ltsigns the newly imported certifier key
log debug "executing core ltsign script..."
if echo "$ltsignCommand" | \
- gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \
- 2>&1 | log debug ; then
+ gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then
# transfer the new sigs back to the sphere keyring
gpg_core_sphere_sig_transfer
# update the sphere trustdb
log debug "updating sphere trustdb..."
- gpg_sphere "--check-trustdb" 2>&1 | log debug
+ gpg_sphere "--check-trustdb"
log info "Identity certifier added."
else
log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
PEM2OPENPGP_USAGE_FLAGS=certify \
PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
- | gpg_core --import 2>&1 | log debug \
+ | gpg_core --import \
|| failure "Could not import new key for Monkeysphere authentication trust core"
# get fingerprint of core key. should definitely not be empty at this point
# export the core key to the sphere keyring
log debug "exporting core pub key to sphere keyring..."
- gpg_core --quiet --export | gpg_sphere "--quiet --import"
+ gpg_core --export | gpg_sphere "--import"
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
log debug "setting ultimate owner trust on core key in gpg_sphere..."
- printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust"
- gpg_sphere "--export-ownertrust" 2>&1 | log debug
+ printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust"
+ gpg_sphere "--export-ownertrust"
# check the owner trust
log debug "checking gpg_sphere owner trust set properly..."
local ORIG_TRUST
- if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then
+ if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
fi
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
- local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \
+ local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
# download the key from the keyserver as the monkeysphere user
su_monkeysphere_user \
- "GNUPGHOME=$TMPLOC gpg --keyserver $KEYSERVER --recv-key 0x${keyID}!"
+ "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!"
# export the new key to the host keyring
- su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --export 0x${keyID}!" \
+ su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --quiet --export 0x${keyID}!" \
| gpg_host --import
fi
log verbose "importing ssh key..."
# translate ssh key to a private key
PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
- | gpg_host --import 2>&1 | log debug
+ | gpg_host --import
# load the new host fpr into the fpr variable. this is so we can
# create the gpg pub key file. we have to do this from the secret key