diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-02-17 23:33:55 -0500 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-02-17 23:33:55 -0500 |
commit | 278c20f82d2ee0954a04b8daae5cbc2788c0015c (patch) | |
tree | d38fb83491979a432d7cade2129d0a831ef8c148 /src/share | |
parent | ad44601e1869bc0bf3ce6ca88a7476379aa3c459 (diff) | |
parent | c1924de73702d0f999a44bc63df9bee0d432636a (diff) |
Merge commit 'jrollins/master'
Diffstat (limited to 'src/share')
-rw-r--r-- | src/share/ma/add_certifier | 5 | ||||
-rw-r--r-- | src/share/ma/setup | 12 | ||||
-rw-r--r-- | src/share/mh/import_key | 4 | ||||
-rw-r--r-- | src/share/mh/set_expire | 2 |
4 files changed, 13 insertions, 10 deletions
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 54ea673..d34f0de 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -151,14 +151,15 @@ EOF # core ltsigns the newly imported certifier key log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ - gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then + gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \ + 2>&1 | log debug ; then # transfer the new sigs back to the sphere keyring gpg_core_sphere_sig_transfer # update the sphere trustdb log debug "updating sphere trustdb..." - gpg_sphere "--check-trustdb" + gpg_sphere "--check-trustdb" 2>&1 | log debug log info "Identity certifier added." else diff --git a/src/share/ma/setup b/src/share/ma/setup index f59187b..a17e4f2 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -59,7 +59,7 @@ EOF log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..." PEM2OPENPGP_USAGE_FLAGS=certify \ PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \ - | gpg_core --import \ + | gpg_core --import 2>&1 | log debug \ || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point @@ -75,17 +75,17 @@ EOF # export the core key to the sphere keyring log debug "exporting core pub key to sphere keyring..." - gpg_core --export | gpg_sphere --import + gpg_core --quiet --export | gpg_sphere "--quiet --import" # ensure that the authentication sphere checker has absolute ownertrust on the expected key. log debug "setting ultimate owner trust on core key in gpg_sphere..." - printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust - gpg_sphere --export-ownertrust | log debug + printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust" + gpg_sphere "--export-ownertrust" 2>&1 | log debug # check the owner trust log debug "checking gpg_sphere owner trust set properly..." local ORIG_TRUST - if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then + if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings." fi @@ -98,7 +98,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ + local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then diff --git a/src/share/mh/import_key b/src/share/mh/import_key index d14fc13..557bb7f 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -46,7 +46,7 @@ chmod 700 "${GNUPGHOME_HOST}" log verbose "importing ssh key..." # translate ssh key to a private key PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import + | gpg_host --import 2>&1 | log debug # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key @@ -57,6 +57,8 @@ load_fingerprint_secret # export to gpg public key to file update_gpg_pub_file +log info "host key imported:" + # show info about new key show_key diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index 14d2501..ae7c13a 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -30,7 +30,7 @@ else log debug "extending without prompting." fi -log info "setting host key expiration to ${extendTo}:" +log info "setting host key expiration to ${extendTo}." log debug "executing host expire script..." gpg_host_edit expire <<EOF |