From 78fe687a40613136c72bf3fcf16939d4415d4a1c Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 15 Aug 2008 16:51:35 -0400
Subject: [PATCH] fixing gen-subkey when no agent is present.

---
 debian/changelog                                   |  3 ++-
 debian/control                                     |  2 +-
 src/monkeysphere                                   | 14 ++++++++++++--
 ...onkeysphere-gen-subkey-fails-without-agent.mdwn |  7 +++++++
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 59aea1e..e6dfccd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low
   * More monkeysphere-server diagnostics
   * monkeysphere --gen-subkey now guesses what KeyID you meant.
   * set up host-key revocation
+  * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey works
 
   [ Jameson Graef Rollins ]
   * fix another bug for when ssh key files are missing.
@@ -15,7 +16,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low
   * enabled host key publication.
   * added checking of gpg.conf for keyserver
 
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Fri, 15 Aug 2008 10:46:23 -0700
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Fri, 15 Aug 2008 16:06:31 -0400
 
 monkeysphere (0.7-1) experimental; urgency=low
 
diff --git a/debian/control b/debian/control
index 0b3d871..7fbcbc7 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,7 @@ Format: 3.0 (git)
 Package: monkeysphere
 Architecture: any
 Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, adduser, ${shlibs:Depends}
-Recommends: netcat | socat
+Recommends: netcat | socat, ssh-askpass
 Enhances: openssh-client, openssh-server
 Description: use the OpenPGP web of trust to verify ssh connections
  SSH key-based authentication is tried-and-true, but it lacks a true
diff --git a/src/monkeysphere b/src/monkeysphere
index 6d9e6c3..57597e2 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -48,7 +48,6 @@ EOF
 }
 
 # generate a subkey with the 'a' usage flags set
-# FIXME: this needs some tweaking to clean it up
 gen_subkey(){
     local keyLength
     local keyExpire
@@ -163,7 +162,18 @@ EOF
 )
 
     log "generating subkey..."
-    echo "$editCommands" | gpg --expert --command-fd 0 --edit-key "$keyID"
+    fifoDir=$(mktemp -d)
+    (umask 077 && mkfifo "$fifoDir/pass")
+    echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+    
+    if [ "$DISPLAY" ] && which ssh-askpass >/dev/null; then
+	ssh-askpass "Please enter your passphrase for $keyID: " > "$fifoDir/pass"
+    else
+	read -s -p "Please enter your passphrase for $keyID: " PASS
+	echo "$PASS" > "$fifoDir/pass"
+    fi
+    rm -rf "$fifoDir"
+    wait
     log "done."
 }
 
diff --git a/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn b/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn
index 51cf57e..e97b49c 100644
--- a/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn
+++ b/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn
@@ -135,3 +135,10 @@ it.
 Alternately, we could use `--passwd-fd` and `ssh-agent`, along the
 lines i proposed [for handling passphrase-locked secret
 keys](/bugs/handle-passphrase-locked-secret-keys).
+
+--- 
+
+[[bugs/done]] as of 2008-08-15 16:48:26-0400 (to be released in 0.8-1)
+
+I opted to go with the `ssh-askpass` route, and fall back to echoing
+stuff to a fifo directly if `ssh-askpass` is not available.
-- 
2.25.1