summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsrc/monkeysphere-authentication2
-rw-r--r--src/share/ma/add_certifier2
-rw-r--r--src/share/ma/setup4
-rw-r--r--src/share/ma/update_users2
-rw-r--r--src/share/mh/add_revoker10
-rw-r--r--src/share/mh/publish_key10
6 files changed, 15 insertions, 15 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 46f349a..edc7995 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -81,7 +81,7 @@ gpg_sphere() {
GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME
- su_monkeysphere_user "gpg --fixed-list-mode --no-greeting --quiet --no-tty $@"
+ su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@"
}
# output to stdout the core fingerprint from the gpg core secret
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 86c2fd4..1d450e7 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- "${SYSSHAREDIR}/common list_primary_fingerprints" < "$keyID")
+ "${SYSSHAREDIR}/common" list_primary_fingerprints < "$keyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
diff --git a/src/share/ma/setup b/src/share/ma/setup
index e65f875..6745da7 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -99,7 +99,7 @@ EOF
# check the owner trust
log debug "checking gpg_sphere owner trust set properly..."
local ORIG_TRUST
- if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then
+ if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
fi
@@ -112,7 +112,7 @@ EOF
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
- local TRUST_MODEL=$(gpg_sphere "--with-colons --list-keys" 2>/dev/null \
+ local TRUST_MODEL=$(gpg_sphere --with-colons --list-keys 2>/dev/null \
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 85813cd..d23c125 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -79,7 +79,7 @@ for uname in $unames ; do
# process authorized_user_ids file, as monkeysphere user
su_monkeysphere_user \
- "/usr/bin/env STRICT_MODES='$STRICT_MODES' ${SYSSHAREDIR}/common process_authorized_user_ids -" \
+ /usr/bin/env "STRICT_MODES=$STRICT_MODES" "${SYSSHAREDIR}/common" process_authorized_user_ids - \
< "$authorizedUserIDs" \
> "$tmpAuthorizedKeys"
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 5a2032c..28b11ac 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- "${SYSSHAREDIR}/common list_primary_fingerprints" < "$revokerKeyID")
+ "${SYSSHAREDIR}/common" list_primary_fingerprints < "$revokerKeyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
@@ -71,12 +71,12 @@ else
# download the key from the keyserver as the monkeysphere user
log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..."
- su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${revokerKeyID}!" \
+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \
|| failure "Could not receive a key with this ID from keyserver '$KEYSERVER'."
# get the full fingerprint of new revoker key
log debug "getting fingerprint of revoker key..."
- fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint ${revokerKeyID}" \
+ fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \
| grep '^fpr:' | cut -d: -f10)
# test that there is only a single fingerprint
@@ -90,7 +90,7 @@ EOF
fi
log info "revoker key found:"
- su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!"
+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!"
if [ "$PROMPT" = "true" ] ; then
printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2
@@ -104,7 +104,7 @@ EOF
# export the new key to the host keyring
log debug "loading revoker key into host keyring..."
- su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --export 0x${fingerprint}!" \
+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \
| gpg_host --import
fi
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index c8da847..9c41bc2 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -40,20 +40,20 @@ trap "rm -rf $GNUPGHOME" EXIT
# import the key into the tmp dir
su_monkeysphere_user \
- "gpg --quiet --import" <"$HOST_KEY_FILE"
+ gpg --quiet --import <"$HOST_KEY_FILE"
-KEYSERVER_OPTIONS=""
+ANCHORFILE=""
for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
- if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile" ] ; then
+ if [ -z "$ANCHORFILE" ] && [ -r "$anchorfile" ] ; then
log debug "using trust anchor file: $anchorfile"
- KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'"
+ ANCHORFILE="$anchorfile"
fi
done
# publish key
log debug "publishing key with the following gpg command line and options:"
su_monkeysphere_user \
- "gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'"
+ gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!"
# remove the tmp file
trap - EXIT