diff options
Diffstat (limited to 'src/share')
| -rw-r--r-- | src/share/common | 5 | ||||
| -rw-r--r-- | src/share/m/gen_subkey | 2 | ||||
| -rw-r--r-- | src/share/m/import_subkey | 2 | ||||
| -rw-r--r-- | src/share/m/subkey_to_ssh_agent | 2 | ||||
| -rw-r--r-- | src/share/ma/add_certifier | 5 | ||||
| -rw-r--r-- | src/share/ma/list_certifiers | 1 | ||||
| -rw-r--r-- | src/share/ma/remove_certifier | 2 | ||||
| -rw-r--r-- | src/share/ma/setup | 12 | ||||
| -rw-r--r-- | src/share/mh/add_revoker | 6 | ||||
| -rw-r--r-- | src/share/mh/import_key | 3 | ||||
| -rw-r--r-- | src/share/mh/publish_key | 2 |
11 files changed, 21 insertions, 21 deletions
diff --git a/src/share/common b/src/share/common index 4120259..6b7d51b 100644 --- a/src/share/common +++ b/src/share/common @@ -134,6 +134,11 @@ cutline() { head --line="$1" "$2" | tail -1 } +# make a temporary directly +msmktempdir() { + mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX +} + # this is a wrapper for doing lock functions. # # it lets us depend on either lockfile-progs (preferred) or procmail's diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index cbefaa3..19d384d 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -114,7 +114,7 @@ EOF ) log verbose "generating subkey..." - fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + fifoDir=$(msmktempdir) (umask 077 && mkfifo "$fifoDir/pass") echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index aa89958..8b04456 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -42,7 +42,7 @@ Type '$PGRM help' for usage." done log verbose "importing ssh key..." - fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + fifoDir=$(msmktempdir) (umask 077 && mkfifo "$fifoDir/pass") ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 012c95f..a92718e 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -64,7 +64,7 @@ You might want to run 'gpg --gen-key'." You might want to 'monkeysphere gen-subkey'" fi - workingdir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + workingdir=$(msmktempdir) umask 077 mkfifo "$workingdir/passphrase" keysuccess=1 diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index d34f0de..2f29759 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -151,15 +151,14 @@ EOF # core ltsigns the newly imported certifier key log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ - gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \ - 2>&1 | log debug ; then + gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then # transfer the new sigs back to the sphere keyring gpg_core_sphere_sig_transfer # update the sphere trustdb log debug "updating sphere trustdb..." - gpg_sphere "--check-trustdb" 2>&1 | log debug + gpg_sphere "--check-trustdb" log info "Identity certifier added." else diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index a02487d..38a3222 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -86,5 +86,4 @@ gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \ esac done - } diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 8271ae0..10aa67b 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -36,7 +36,6 @@ else fi # delete the requested key from the sphere keyring -# FIXME: should this be a revokation instead of a removal? if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then # delete key from core keyring as well gpg_core --delete-key --batch --yes "0x${keyID}!" @@ -44,7 +43,6 @@ if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then # update the trustdb for the authentication keyring gpg_sphere "--check-trustdb" - log info "" log info "Identity certifier removed." else failure "Problem removing identity certifier." diff --git a/src/share/ma/setup b/src/share/ma/setup index a17e4f2..6969d71 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -59,7 +59,7 @@ EOF log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..." PEM2OPENPGP_USAGE_FLAGS=certify \ PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \ - | gpg_core --import 2>&1 | log debug \ + | gpg_core --import \ || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point @@ -75,17 +75,17 @@ EOF # export the core key to the sphere keyring log debug "exporting core pub key to sphere keyring..." - gpg_core --quiet --export | gpg_sphere "--quiet --import" + gpg_core --export | gpg_sphere "--import" # ensure that the authentication sphere checker has absolute ownertrust on the expected key. log debug "setting ultimate owner trust on core key in gpg_sphere..." - printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust" - gpg_sphere "--export-ownertrust" 2>&1 | log debug + printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust" + gpg_sphere "--export-ownertrust" # check the owner trust log debug "checking gpg_sphere owner trust set properly..." local ORIG_TRUST - if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then + if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings." fi @@ -98,7 +98,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \ + local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index b4113df..bdcb749 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -53,14 +53,14 @@ if [ -f "$keyID" ] ; then fi else # create a temporary directory for storing the downloaded key - TMPLOC=$(mktemp -d "${MHTMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + TMPLOC=$(msmktempdir) || failure "Could not create temporary directory!" # download the key from the keyserver as the monkeysphere user su_monkeysphere_user \ - "GNUPGHOME=$TMPLOC gpg --keyserver $KEYSERVER --recv-key 0x${keyID}!" + "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" # export the new key to the host keyring - su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --export 0x${keyID}!" \ + su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --quiet --export 0x${keyID}!" \ | gpg_host --import fi diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 557bb7f..cca40fa 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -39,14 +39,13 @@ userID="ssh://${hostName}" # create host home mkdir -p "${MHDATADIR}" -mkdir -p "${MHTMPDIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" log verbose "importing ssh key..." # translate ssh key to a private key PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import 2>&1 | log debug + | gpg_host --import # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index b433ad7..37b8a72 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -27,7 +27,7 @@ else fi # create a temporary gnupg directory from which to publish the key -export GNUPGHOME=$(mktemp -d) +export GNUPGHOME=$(msmktempdir) # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT |