diff options
| author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-08-25 00:17:00 -0700 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-08-25 00:17:00 -0700 |
| commit | f12a516aa8dce8d1e951f3c47481abe960366f5b (patch) | |
| tree | e6f550ec9cb120e19dc01a9054b4448e963df32b | |
| parent | 050302344aba552900a199d76fab57fd49c05795 (diff) | |
small tweak to subkey-to-agent function, including tweak to key naming
convention (i'm still not entirely satisfied with how to do sec key
naming here).
| -rwxr-xr-x | src/monkeysphere | 21 | ||||
| -rw-r--r-- | website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn | 12 |
2 files changed, 18 insertions, 15 deletions
diff --git a/src/monkeysphere b/src/monkeysphere index 2690db8..da10c20 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -159,13 +159,14 @@ EOF function subkey_to_ssh_agent() { # try to add all authentication subkeys to the agent: - local authsubkeys + local sshaddresponse local secretkeys - local subkey + local authsubkeys local workingdir - local kname - local sshaddresponse local keysuccess + local subkey + local publine + local kname if ! test_gnu_dummy_s2k_extension ; then failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys. @@ -189,14 +190,18 @@ For more details, see: fi # get list of secret keys (to work around https://bugs.g10code.com/gnupg/issue945): - secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') + secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \ + grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') if [ -z "$secretkeys" ]; then failure "You have no secret keys in your keyring! You might want to run 'gpg --gen-key'." fi - authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint --fingerprint $secretkeys | cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | grep '^fpr::' | cut -f3 -d: | sort -u) + authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \ + --fingerprint --fingerprint $secretkeys | \ + cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \ + grep '^fpr::' | cut -f3 -d: | sort -u) if [ -z "$authsubkeys" ]; then failure "no authentication-capable subkeys available. @@ -221,7 +226,7 @@ You might want to 'monkeysphere gen-subkey'" primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) #kname="[monkeysphere] $primaryuid" - kname="'$primaryuid'" + kname="$primaryuid" if [ "$1" = '-d' ]; then # we're removing the subkey: @@ -235,7 +240,7 @@ You might want to 'monkeysphere gen-subkey'" --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )& - passphrase_prompt "Enter passphrase for key for $primaryuid: " "$workingdir/passphrase" + passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase" wait %2 fi keysuccess="$?" diff --git a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn index 052b4ed..46d6e43 100644 --- a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn +++ b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn @@ -88,13 +88,11 @@ I'm open to suggestions, problems, etc :). ------ -Hey, your Royal Highness, push your branch where you did this work to -your public repo so that I can pull it and check out the changes you -made. I think it's good that I look over these changes, because there -is definitely some stuff (ie. key processing) that requires that -things go to standard error and definitely not to standard out. I can -see that if that were changed, it's possible that things could go -wrong (ie. cause a `known_hosts` file to get truncated maybe). +Hey, your Royal Highness. I do think it's good that I look over these +changes, because there are definitely some stuff (ie. key processing) +that requires that things go to stderr and definitely not to stdout. +I can see that if that were changed, it's possible that things could +go wrong (ie. cause a `known_hosts` file to get truncated maybe). I have to say that I'm still not sure I totally see why it's necessary to implement such nuanced output switches. All of the stuff you were |