From b91c4d0c37daa741d45271fa7e961220bacbe91a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 17 Apr 2010 17:30:18 -0400 Subject: degrade gracefully in the absence of ssh --- Changelog | 5 ++++- src/share/m/ssh_proxycommand | 27 ++++++++++++++++++--------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/Changelog b/Changelog index f383eb5..dd88236 100644 --- a/Changelog +++ b/Changelog @@ -1,8 +1,11 @@ monkeysphere (0.30~pre) UNRELEASED; urgency=low * changing tarball creation and packaging strategies + * make non-ssh parts of monkeysphere work well when openssh is not + installed; degrade ssh-specific parts gracefully when openssh is not + installed. - -- Daniel Kahn Gillmor Tue, 23 Mar 2010 13:57:31 -0400 + -- Daniel Kahn Gillmor Sat, 17 Apr 2010 16:46:52 -0400 monkeysphere (0.29) unstable; urgency=low diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 96326da..5f7a63b 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -24,11 +24,7 @@ show_key_info() { local otherUids # get the ssh key of the gpg key - sshKeyGPGFile=$(msmktempfile) - gpg2ssh "$keyid" >"$sshKeyGPGFile" - sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \ - awk '{ print $2 }') - rm -f "$sshKeyGPGFile" + sshFingerprint=$(gpg2ssh "$keyid" | "$SYSSHAREDIR/keytrans" sshfpr) # get the sigs for the matching key gpgSigOut=$(gpg_user --check-sigs \ @@ -83,9 +79,12 @@ output_no_valid_key() { LOG_PREFIX= + # if we don't have ssh-keyscan, we just don't scan: + if ( type ssh-keyscan &>/dev/null ) ; then # retrieve the ssh key being offered by the host - sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \ - | awk '{ print $2, $3 }') + sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \ + | awk '{ print $2, $3 }') + fi # get the gpg info for userid gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \ @@ -190,6 +189,7 @@ EOF # the ssh proxycommand function itself ssh_proxycommand() { +local hostKey if [ "$1" = '--no-connect' ] ; then NO_CONNECT='true' @@ -230,8 +230,17 @@ if gpg_user --list-key ="${URI}" &>/dev/null ; then # if the host is NOT in the keyring... else - # if the host key is found in the known_hosts file... - hostKey=$( [ ! -r "$KNOWN_HOSTS" ] || ssh-keygen -F "$HOST" -f "$KNOWN_HOSTS" 2>/dev/null) + # FIXME: what about system-wide known_hosts file (/etc/ssh/known_hosts)? + + if [ -r "$KNOWN_HOSTS" ]; then + # look up the host key is found in the known_hosts file... + if (type ssh-keygen &>/dev/null) ; then + hostKey=$(ssh-keygen -F "$HOST" -f "$KNOWN_HOSTS" 2>/dev/null) + else + # FIXME: we're not dealing with digested known_hosts if we don't + hostKey=$(cut -f1 -d\ < .ssh/known_hosts | tr ',' '\n' | grep -Fx -e "$HOST" || :) + fi + fi if [ "$hostKey" ] ; then # do not check the keyserver -- cgit v1.2.3