projects
/
monkeysphere.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
eff43ad
)
add no-tty, quiet, and no-greeting to gpg wrapper invocations to supress as much...
author
Jameson Graef Rollins
<jrollins@finestructure.net>
Thu, 19 Feb 2009 01:38:23 +0000
(20:38 -0500)
committer
Jameson Graef Rollins
<jrollins@finestructure.net>
Thu, 19 Feb 2009 01:38:23 +0000
(20:38 -0500)
src/monkeysphere-authentication
patch
|
blob
|
history
src/monkeysphere-host
patch
|
blob
|
history
src/share/ma/add_certifier
patch
|
blob
|
history
src/share/ma/list_certifiers
patch
|
blob
|
history
src/share/ma/setup
patch
|
blob
|
history
src/share/mh/add_revoker
patch
|
blob
|
history
src/share/mh/import_key
patch
|
blob
|
history
diff --git
a/src/monkeysphere-authentication
b/src/monkeysphere-authentication
index 8a4146f36c9df4a2fa1f417d29dd9532a6117c1e..1def4cdeec34100e207edeed5785269720947fe9 100755
(executable)
--- a/
src/monkeysphere-authentication
+++ b/
src/monkeysphere-authentication
@@
-75,7
+75,7
@@
gpg_core() {
GNUPGHOME="$GNUPGHOME_CORE"
export GNUPGHOME
GNUPGHOME="$GNUPGHOME_CORE"
export GNUPGHOME
- gpg "$@"
+ gpg
--no-greeting --quiet --no-tty
"$@"
}
# function to interact with the gpg sphere keyring
}
# function to interact with the gpg sphere keyring
@@
-85,15
+85,15
@@
gpg_sphere() {
GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME
GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME
- su_monkeysphere_user "gpg $@"
+ su_monkeysphere_user "gpg
--no-greeting --quiet --no-tty
$@"
}
# output to stdout the core fingerprint from the gpg core secret
# keyring
core_fingerprint() {
log debug "determining core key fingerprint..."
}
# output to stdout the core fingerprint from the gpg core secret
# keyring
core_fingerprint() {
log debug "determining core key fingerprint..."
- gpg_core --
quiet --list-secret-key
\
- --
with-colons --
fixed-list-mode --with-fingerprint \
+ gpg_core --
list-secret-key --with-colons
\
+ --fixed-list-mode --with-fingerprint \
| grep ^fpr: | cut -d: -f10
}
| grep ^fpr: | cut -d: -f10
}
@@
-101,8
+101,7
@@
core_fingerprint() {
gpg_core_sphere_sig_transfer() {
log debug "exporting core local sigs to sphere..."
gpg_core --export-options export-local-sigs --export | \
gpg_core_sphere_sig_transfer() {
log debug "exporting core local sigs to sphere..."
gpg_core --export-options export-local-sigs --export | \
- gpg_sphere "--import-options import-local-sigs --import" \
- 2>&1 | log debug
+ gpg_sphere "--import-options import-local-sigs --import"
}
########################################################################
}
########################################################################
diff --git
a/src/monkeysphere-host
b/src/monkeysphere-host
index c7e011b6b1f759513c074e82c6290d8c7685c6b5..7e8dd27caa82ccf74911a7543f9d198090fb4f57 100755
(executable)
--- a/
src/monkeysphere-host
+++ b/
src/monkeysphere-host
@@
-77,7
+77,7
@@
EOF
# function to interact with the gpg keyring
gpg_host() {
# function to interact with the gpg keyring
gpg_host() {
- GNUPGHOME="$GNUPGHOME_HOST" gpg "$@"
+ GNUPGHOME="$GNUPGHOME_HOST" gpg
--no-greeting --quiet --no-tty
"$@"
}
# command to list the info about the host key, in colon format, to
}
# command to list the info about the host key, in colon format, to
@@
-93,9
+93,7
@@
gpg_host_list() {
# FIXME: should we supress all the edit script spew? or pipe it
# through log debug?
gpg_host_edit() {
# FIXME: should we supress all the edit script spew? or pipe it
# through log debug?
gpg_host_edit() {
- gpg_host --no-greeting --quiet \
- --command-fd 0 --no-tty --edit-key \
- "0x${HOST_FINGERPRINT}!" "$@" 2>&1 | log debug
+ gpg_host --command-fd 0 --edit-key "0x${HOST_FINGERPRINT}!" "$@"
}
# export the host public key to the monkeysphere gpg pub key file
}
# export the host public key to the monkeysphere gpg pub key file
@@
-127,8
+125,7
@@
load_fingerprint() {
# gpg host secret key
load_fingerprint_secret() {
HOST_FINGERPRINT=$( \
# gpg host secret key
load_fingerprint_secret() {
HOST_FINGERPRINT=$( \
- gpg_host --quiet --list-secret-key \
- --with-colons --with-fingerprint \
+ gpg_host --list-secret-key --with-colons --with-fingerprint \
| grep '^fpr:' | cut -d: -f10 )
}
| grep '^fpr:' | cut -d: -f10 )
}
@@
-142,7
+139,7
@@
check_host_key() {
check_host_no_key() {
[ -s "$HOST_KEY_FILE" ] \
|| failure "You don't appear to have a Monkeysphere host key on this server.
check_host_no_key() {
[ -s "$HOST_KEY_FILE" ] \
|| failure "You don't appear to have a Monkeysphere host key on this server.
-Please run 'monkeysphere-host import-key' first."
+Please run 'monkeysphere-host import-key
...
' first."
}
# output the index of a user ID on the host key
}
# output the index of a user ID on the host key
diff --git
a/src/share/ma/add_certifier
b/src/share/ma/add_certifier
index d34f0dec08d44ce8f1a362cefc8090a543ebf49f..2f297598c28fa4fe437238f38f9d6f27a1c03024 100644
(file)
--- a/
src/share/ma/add_certifier
+++ b/
src/share/ma/add_certifier
@@
-151,15
+151,14
@@
EOF
# core ltsigns the newly imported certifier key
log debug "executing core ltsign script..."
if echo "$ltsignCommand" | \
# core ltsigns the newly imported certifier key
log debug "executing core ltsign script..."
if echo "$ltsignCommand" | \
- gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \
- 2>&1 | log debug ; then
+ gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then
# transfer the new sigs back to the sphere keyring
gpg_core_sphere_sig_transfer
# update the sphere trustdb
log debug "updating sphere trustdb..."
# transfer the new sigs back to the sphere keyring
gpg_core_sphere_sig_transfer
# update the sphere trustdb
log debug "updating sphere trustdb..."
- gpg_sphere "--check-trustdb"
2>&1 | log debug
+ gpg_sphere "--check-trustdb"
log info "Identity certifier added."
else
log info "Identity certifier added."
else
diff --git
a/src/share/ma/list_certifiers
b/src/share/ma/list_certifiers
index a02487dd033000eb2762e069a296730a85786d89..38a3222db32e721c7cb8adaf70913c8659be5f50 100644
(file)
--- a/
src/share/ma/list_certifiers
+++ b/
src/share/ma/list_certifiers
@@
-86,5
+86,4
@@
gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \
esac
done
esac
done
-
}
}
diff --git
a/src/share/ma/setup
b/src/share/ma/setup
index a17e4f2cad07e18515fbfa30071a06526f85165b..6969d71dd4954f59b2905c28e95612218494db2e 100644
(file)
--- a/
src/share/ma/setup
+++ b/
src/share/ma/setup
@@
-59,7
+59,7
@@
EOF
log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
PEM2OPENPGP_USAGE_FLAGS=certify \
PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
PEM2OPENPGP_USAGE_FLAGS=certify \
PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
- | gpg_core --import
2>&1 | log debug
\
+ | gpg_core --import \
|| failure "Could not import new key for Monkeysphere authentication trust core"
# get fingerprint of core key. should definitely not be empty at this point
|| failure "Could not import new key for Monkeysphere authentication trust core"
# get fingerprint of core key. should definitely not be empty at this point
@@
-75,17
+75,17
@@
EOF
# export the core key to the sphere keyring
log debug "exporting core pub key to sphere keyring..."
# export the core key to the sphere keyring
log debug "exporting core pub key to sphere keyring..."
- gpg_core --
quiet --export | gpg_sphere "--quiet
--import"
+ gpg_core --
export | gpg_sphere "
--import"
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
log debug "setting ultimate owner trust on core key in gpg_sphere..."
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
log debug "setting ultimate owner trust on core key in gpg_sphere..."
- printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--
quiet --
import-ownertrust"
- gpg_sphere "--export-ownertrust"
2>&1 | log debug
+ printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust"
+ gpg_sphere "--export-ownertrust"
# check the owner trust
log debug "checking gpg_sphere owner trust set properly..."
local ORIG_TRUST
# check the owner trust
log debug "checking gpg_sphere owner trust set properly..."
local ORIG_TRUST
- if ORIG_TRUST=$(gpg_sphere "--
quiet --
export-ownertrust" | grep '^[^#]') ; then
+ if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
fi
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
fi
@@
-98,7
+98,7
@@
EOF
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
- local TRUST_MODEL=$(gpg_sphere "--
quiet --
with-colons --fixed-list-mode --list-keys" \
+ local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
diff --git
a/src/share/mh/add_revoker
b/src/share/mh/add_revoker
index b4113df309fe639f1e4282d343b2faf37859dfb8..dfce4e11f1a64b4b4c46e1d93f73531d5eda94df 100644
(file)
--- a/
src/share/mh/add_revoker
+++ b/
src/share/mh/add_revoker
@@
-57,10
+57,10
@@
else
# download the key from the keyserver as the monkeysphere user
su_monkeysphere_user \
# download the key from the keyserver as the monkeysphere user
su_monkeysphere_user \
- "GNUPGHOME=$TMPLOC gpg --keyserver $KEYSERVER --recv-key 0x${keyID}!"
+ "GNUPGHOME=$TMPLOC gpg --
quiet --
keyserver $KEYSERVER --recv-key 0x${keyID}!"
# export the new key to the host keyring
# export the new key to the host keyring
- su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --export 0x${keyID}!" \
+ su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --
quiet --
export 0x${keyID}!" \
| gpg_host --import
fi
| gpg_host --import
fi
diff --git
a/src/share/mh/import_key
b/src/share/mh/import_key
index 557bb7faaee6712942bfe5bdd0eb5b195013c505..266bf05ea1cdaa8537a6481f3fee6227756376d1 100644
(file)
--- a/
src/share/mh/import_key
+++ b/
src/share/mh/import_key
@@
-46,7
+46,7
@@
chmod 700 "${GNUPGHOME_HOST}"
log verbose "importing ssh key..."
# translate ssh key to a private key
PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
log verbose "importing ssh key..."
# translate ssh key to a private key
PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
- | gpg_host --import
2>&1 | log debug
+ | gpg_host --import
# load the new host fpr into the fpr variable. this is so we can
# create the gpg pub key file. we have to do this from the secret key
# load the new host fpr into the fpr variable. this is so we can
# create the gpg pub key file. we have to do this from the secret key