| Age | Commit message (Collapse) | Author |
|---|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
the wrapper demands unusually complex quoting.
su_monkeysphere_user() expands arguments using "$*" which (unlike "$@")
collapses all arguments into a single string, and therefore require
"risky" arguments (e.g. ones containing variables that may contain space
or other unusual characters) to be dual-quoted for them to not wreak
havoc at the inside shell.
This patch improves arguments passed to su_monkeysphere_user() by first
single-quoting and then double-quoting arguments containing variables.
NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe
but effectively is a noop (quoting is lost at wrapper!).
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
This patch improves argument passing like this:
a) Each argument is passed individually (not all as a single string)
b) Arguments containing no variables are not quoted
c) Dynamic arguments are double-quoted ( "$@" )
Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@")
arguments are mostly¹ coollapsed into single strings, and this change is
therefore only cosmetic.
It does improve clarity, however. Also, it eases switching to safer
quoted arguments in the future.
¹As sole excepion ma/update_users line 82 has $STRICT_MODES dual-quoted.
|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
more than a single command is wrapped together.
This patch simplifies convoluted shell calls to contain only one command
each.
|
|
90166e0bb8e4ebc1c1174d9bc2021c604b7a1bd7
There were another calls to gpg_sphere that were packing everything
into a single argument. Since we fixed the need to do that, we fix
all these other calls that were fixed in the first round.
|
|
|
|
|
|
|
|
shown gpg noise.
|
|
functions that are doing that sort of thing
|
|
found when adding by using key ID.
|
|
|
|
add_revoker and add_certifier to many similar procedures, so I'm
trying to keep them in sync as I figure out the right way to handle
things.
|
|
|
|
is more similar, and so that they can read keys from stdin instead of
just from a file. Also fix the permissions on the tempdir in
publish_key.
|
|
|
|
|
|
missing
|
|
key fingerprint during add-certifier from file.
|
|
|
|
|
|
much gpg output as possible. then cleanup gpg invocations.
|
|
it's never needed to be run manually, and can therefore be supressed
in the usage/documentation. Also, add setup to the postinst script so
that it's setup on installation.
Also add pipefail to ma, and try to supress unnecessary gpg output,
and redirect other to log debug.
|
|
for functions that prompt for confirmation. Also fix publish_key
function (NOT TESTED).
|
|
- fix left over bad invocations of gpg_sphere --list-keys
- add some more debug log output
|
|
fix some logging output
|
|
|
|
is so that the sphere does not have to read the core pubring to get
the certifier ltsigs, and we can therefore keep tighter permissions on
the core keyring files. updated some comments/documentation as well.
|
|
Makefile as well)
|
