option, and use it in all gpg invocations.
add a trap to subkey_to_ssh_agent.
EOF
}
+# user gpg command to define common options
+gpg_user() {
+ gpg --no-greeting --quiet --no-tty "$@"
+}
+
# take a secret key ID and check that only zero or one ID is provided,
# and that it corresponds to only a single secret key ID
check_gpg_sec_key_id() {
case "$#" in
0)
- gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
+ gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
;;
1)
- gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$keyID" | egrep '^sec:') || failure
+ gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons "$keyID" | egrep '^sec:') || failure
;;
*)
failure "You must specify only a single primary key ID."
# check that a valid authentication key does not already exist
IFS=$'\n'
- for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do
+ for line in $(gpg_user --fixed-list-mode --list-keys --with-colons "$keyID") ; do
type=$(echo "$line" | cut -d: -f1)
validity=$(echo "$line" | cut -d: -f2)
usage=$(echo "$line" | cut -d: -f12)
fi
# if authentication key is valid, prompt to continue
if [ "$validity" = 'u' ] ; then
- log error "A valid authentication key already exists for primary key '$keyID'."
+ echo "A valid authentication key already exists for primary key '$keyID'."
if [ "$PROMPT" = "true" ] ; then
read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
if [ "${OK/y/Y}" != 'Y' ] ; then
(umask 077 && mkfifo "$fifoDir/pass")
log verbose "generating subkey..."
- echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+ echo "$editCommands" | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
# FIXME: this needs to fail more gracefully if the passphrase is incorrect
passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
if [ "$sshKeyFile" = '-' ] ; then
log verbose "importing ssh key from stdin..."
ssh2openpgp \
- | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import &
+ | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import &
else
log verbose "importing ssh key from file '$sshKeyFile'..."
ssh2openpgp <"$sshKeyFile" \
- | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import &
+ | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import &
fi
# get the password if needed
# found?
# get the gpg info for userid
- gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+ gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
--with-fingerprint --with-fingerprint \
="$userID" 2>/dev/null)
rm -f "$sshKeyGPGFile"
# get the sigs for the matching key
- gpgSigOut=$(gpg --check-sigs \
+ gpgSigOut=$(gpg_user --check-sigs \
--list-options show-uid-validity \
"$keyid")
# CHECK_KEYSERVER variable in the monkeysphere.conf file.
# if the host is in the gpg keyring...
-if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then
+if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then
# do not check the keyserver
CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"}
# get list of secret keys (to work around bug
# https://bugs.g10code.com/gnupg/issue945):
- secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \
+ secretkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \
+ --fingerprint | \
grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }')
if [ -z "$secretkeys" ]; then
You might want to run 'gpg --gen-key'."
fi
- authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \
+ authsubkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \
--fingerprint --fingerprint $secretkeys | \
cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \
grep '^fpr::' | cut -f3 -d: | sort -u)
fi
workingdir=$(msmktempdir)
+ trap "rm -rf $workingdir" EXIT
umask 077
mkfifo "$workingdir/passphrase"
keysuccess=1
# fingerprint, but filtering out all / characters to make sure
# the filename is legit.
- primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /)
+ primaryuid=$(gpg_user --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /)
#kname="[monkeysphere] $primaryuid"
kname="$primaryuid"
if [ "$1" = '-d' ]; then
# we're removing the subkey:
- gpg --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname"
+ gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname"
(cd "$workingdir" && ssh-add -d "$kname")
else
# we're adding the subkey:
mkfifo "$workingdir/$kname"
- gpg --quiet --passphrase-fd 3 3<"$workingdir/passphrase" \
+ gpg_user --passphrase-fd 3 3<"$workingdir/passphrase" \
--export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
--export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" &
(cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )&
rm -f "$workingdir/$kname"
done
+ trap - EXIT
rm -rf "$workingdir"
# FIXME: sort out the return values: we're just returning the
projects / monkeysphere.git / commitdiff