summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog3
-rw-r--r--debian/control2
-rwxr-xr-xsrc/monkeysphere14
-rw-r--r--website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn7
4 files changed, 22 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog
index 59aea1e..e6dfccd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low
* More monkeysphere-server diagnostics
* monkeysphere --gen-subkey now guesses what KeyID you meant.
* set up host-key revocation
+ * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey works
[ Jameson Graef Rollins ]
* fix another bug for when ssh key files are missing.
@@ -15,7 +16,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low
* enabled host key publication.
* added checking of gpg.conf for keyserver
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Fri, 15 Aug 2008 10:46:23 -0700
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Fri, 15 Aug 2008 16:06:31 -0400
monkeysphere (0.7-1) experimental; urgency=low
diff --git a/debian/control b/debian/control
index 0b3d871..7fbcbc7 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,7 @@ Format: 3.0 (git)
Package: monkeysphere
Architecture: any
Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, adduser, ${shlibs:Depends}
-Recommends: netcat | socat
+Recommends: netcat | socat, ssh-askpass
Enhances: openssh-client, openssh-server
Description: use the OpenPGP web of trust to verify ssh connections
SSH key-based authentication is tried-and-true, but it lacks a true
diff --git a/src/monkeysphere b/src/monkeysphere
index 6d9e6c3..57597e2 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -48,7 +48,6 @@ EOF
}
# generate a subkey with the 'a' usage flags set
-# FIXME: this needs some tweaking to clean it up
gen_subkey(){
local keyLength
local keyExpire
@@ -163,7 +162,18 @@ EOF
)
log "generating subkey..."
- echo "$editCommands" | gpg --expert --command-fd 0 --edit-key "$keyID"
+ fifoDir=$(mktemp -d)
+ (umask 077 && mkfifo "$fifoDir/pass")
+ echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+
+ if [ "$DISPLAY" ] && which ssh-askpass >/dev/null; then
+ ssh-askpass "Please enter your passphrase for $keyID: " > "$fifoDir/pass"
+ else
+ read -s -p "Please enter your passphrase for $keyID: " PASS
+ echo "$PASS" > "$fifoDir/pass"
+ fi
+ rm -rf "$fifoDir"
+ wait
log "done."
}
diff --git a/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn b/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn
index 51cf57e..e97b49c 100644
--- a/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn
+++ b/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn
@@ -135,3 +135,10 @@ it.
Alternately, we could use `--passwd-fd` and `ssh-agent`, along the
lines i proposed [for handling passphrase-locked secret
keys](/bugs/handle-passphrase-locked-secret-keys).
+
+---
+
+[[bugs/done]] as of 2008-08-15 16:48:26-0400 (to be released in 0.8-1)
+
+I opted to go with the `ssh-askpass` route, and fall back to echoing
+stuff to a fifo directly if `ssh-askpass` is not available.