diff options
| -rwxr-xr-x | src/monkeysphere-authentication | 2 | ||||
| -rw-r--r-- | src/share/ma/add_certifier | 2 | ||||
| -rw-r--r-- | src/share/ma/setup | 4 | ||||
| -rw-r--r-- | src/share/ma/update_users | 2 | ||||
| -rw-r--r-- | src/share/mh/add_revoker | 10 | ||||
| -rw-r--r-- | src/share/mh/publish_key | 10 |
6 files changed, 15 insertions, 15 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 46f349a..edc7995 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -81,7 +81,7 @@ gpg_sphere() { GNUPGHOME="$GNUPGHOME_SPHERE" export GNUPGHOME - su_monkeysphere_user "gpg --fixed-list-mode --no-greeting --quiet --no-tty $@" + su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@" } # output to stdout the core fingerprint from the gpg core secret diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 86c2fd4..1d450e7 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then # check the key is ok as monkeysphere user before loading log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ - "${SYSSHAREDIR}/common list_primary_fingerprints" < "$keyID") + "${SYSSHAREDIR}/common" list_primary_fingerprints < "$keyID") if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." diff --git a/src/share/ma/setup b/src/share/ma/setup index e65f875..6745da7 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -99,7 +99,7 @@ EOF # check the owner trust log debug "checking gpg_sphere owner trust set properly..." local ORIG_TRUST - if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then + if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings." fi @@ -112,7 +112,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_MODEL=$(gpg_sphere "--with-colons --list-keys" 2>/dev/null \ + local TRUST_MODEL=$(gpg_sphere --with-colons --list-keys 2>/dev/null \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 85813cd..d23c125 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -79,7 +79,7 @@ for uname in $unames ; do # process authorized_user_ids file, as monkeysphere user su_monkeysphere_user \ - "/usr/bin/env STRICT_MODES='$STRICT_MODES' ${SYSSHAREDIR}/common process_authorized_user_ids -" \ + /usr/bin/env "STRICT_MODES=$STRICT_MODES" "${SYSSHAREDIR}/common" process_authorized_user_ids - \ < "$authorizedUserIDs" \ > "$tmpAuthorizedKeys" diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 5a2032c..28b11ac 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then # check the key is ok as monkeysphere user before loading log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ - "${SYSSHAREDIR}/common list_primary_fingerprints" < "$revokerKeyID") + "${SYSSHAREDIR}/common" list_primary_fingerprints < "$revokerKeyID") if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." @@ -71,12 +71,12 @@ else # download the key from the keyserver as the monkeysphere user log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..." - su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${revokerKeyID}!" \ + su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \ || failure "Could not receive a key with this ID from keyserver '$KEYSERVER'." # get the full fingerprint of new revoker key log debug "getting fingerprint of revoker key..." - fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint ${revokerKeyID}" \ + fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \ | grep '^fpr:' | cut -d: -f10) # test that there is only a single fingerprint @@ -90,7 +90,7 @@ EOF fi log info "revoker key found:" - su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!" + su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!" if [ "$PROMPT" = "true" ] ; then printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2 @@ -104,7 +104,7 @@ EOF # export the new key to the host keyring log debug "loading revoker key into host keyring..." - su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --export 0x${fingerprint}!" \ + su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \ | gpg_host --import fi diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index c8da847..9c41bc2 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -40,20 +40,20 @@ trap "rm -rf $GNUPGHOME" EXIT # import the key into the tmp dir su_monkeysphere_user \ - "gpg --quiet --import" <"$HOST_KEY_FILE" + gpg --quiet --import <"$HOST_KEY_FILE" -KEYSERVER_OPTIONS="" +ANCHORFILE="" for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do - if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile" ] ; then + if [ -z "$ANCHORFILE" ] && [ -r "$anchorfile" ] ; then log debug "using trust anchor file: $anchorfile" - KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'" + ANCHORFILE="$anchorfile" fi done # publish key log debug "publishing key with the following gpg command line and options:" su_monkeysphere_user \ - "gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'" + gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!" # remove the tmp file trap - EXIT |