diff options
author | Jonas Smedegaard <dr@jones.dk> | 2013-03-09 17:19:05 +0100 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2013-03-13 11:33:10 +0100 |
commit | 049467f2dec0cf511b403dde9b9b07c6abf5cbc9 (patch) | |
tree | 2d84414b881864db893f67eb6c87b46876e6a0e9 /src/share/mh/publish_key | |
parent | 0c081207c94b0ed338a704fafac10166ce98bba7 (diff) |
Simplify arguments passed to su_monkeysphere_user() and gpg_sphere
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
This patch improves argument passing like this:
a) Each argument is passed individually (not all as a single string)
b) Arguments containing no variables are not quoted
c) Dynamic arguments are double-quoted ( "$@" )
Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@")
arguments are collapsed into single strings, and this change is
therefore mostly¹ cosmetic.
It does improve clarity, however. Also, it eases switching to safer
quoted arguments in the future.
¹ma/update_users had $STRICT_MODES properly dual-quoted line 82 which is
dropped with this change (to keep patches simple). Next patch will
restore proper quoting generally (i.e. including this one now relaxed).
Diffstat (limited to 'src/share/mh/publish_key')
-rw-r--r-- | src/share/mh/publish_key | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index c8da847..9c41bc2 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -40,20 +40,20 @@ trap "rm -rf $GNUPGHOME" EXIT # import the key into the tmp dir su_monkeysphere_user \ - "gpg --quiet --import" <"$HOST_KEY_FILE" + gpg --quiet --import <"$HOST_KEY_FILE" -KEYSERVER_OPTIONS="" +ANCHORFILE="" for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do - if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile" ] ; then + if [ -z "$ANCHORFILE" ] && [ -r "$anchorfile" ] ; then log debug "using trust anchor file: $anchorfile" - KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'" + ANCHORFILE="$anchorfile" fi done # publish key log debug "publishing key with the following gpg command line and options:" su_monkeysphere_user \ - "gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'" + gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!" # remove the tmp file trap - EXIT |