From 117605f3a266c41593cade3f6344d108a772096d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 17:42:07 -0400 Subject: fix CHECK_KEYSERVER for deprecated keys-from-userid as well --- src/monkeysphere | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/monkeysphere b/src/monkeysphere index a763151..454da01 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -282,6 +282,7 @@ case $COMMAND in 'keys-from-userid') echo "Warning: 'keys-from-userid' is deprecated. Please use 'keys-for-userid' instead." >&2 + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} keys_for_userid "$@" ;; -- cgit v1.2.3 From 01012ce201590e939a82fcc2aeda88fc6a34ad57 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 19:06:15 -0400 Subject: use msmktempfile instead of raw mktemp -- should be more portable --- src/monkeysphere | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/monkeysphere b/src/monkeysphere index 454da01..8e6e81a 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -68,7 +68,7 @@ gpg_user() { # output the ssh fingerprint of a gpg key gpg_ssh_fingerprint() { keyid="$1" - local tmpfile=$(mktemp) + local tmpfile=$(msmktempfile) # trap to remove tmp file if break trap "rm -f $tmpfile" EXIT -- cgit v1.2.3 From c68b687613472b301fe62074e3005b6925a88ea8 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 19:19:28 -0400 Subject: deprecate sshfpr; add sshfprs-for-userid (closes: MS #1436) --- man/man1/monkeysphere.1 | 9 ++++----- src/monkeysphere | 20 +++++++++++++++++--- 2 files changed, 21 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 4d8eab6..25421ce 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -128,14 +128,13 @@ specify the full fingerprints of specific keys to add to the agent (space separated), instead of adding them all. `s' may be used in place of `subkey\-to\-ssh\-agent'. .TP -.B sshfpr KEYID -Output the ssh fingerprint of a key in your gpg keyring. `f' may be -used in place of `fingerprint'. -.TP .B keys\-for\-userid USERID -Output to stdout all acceptable keys for a given user ID literal. +Output to stdout all acceptable keys for a given user ID. `u' may be used in place of `keys\-for\-userid'. .TP +.B sshfprs\-for\-userid USERID +Output the ssh fingerprints of acceptable keys for a given user ID. +.TP .B version Show the monkeysphere version number. `v' may be used in place of `version'. diff --git a/src/monkeysphere b/src/monkeysphere index 8e6e81a..2d5cba8 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -48,9 +48,9 @@ subcommands: ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent - sshfpr (f) KEYID output ssh fingerprint of gpg key - keys-for-userid (u) USERID output valid keys for user id literal + keys-for-userid (u) USERID output valid keys for given user ids + sshfprs-for-userid USERID output ssh fingerprints for given user ids gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) @@ -271,7 +271,8 @@ case $COMMAND in subkey_to_ssh_agent "$@" ;; - 'sshfpr'|'f') + 'sshfpr') + echo "Warning: 'sshfpr' is deprecated. Please use 'sshfprs-for-userid' instead." >&2 gpg_ssh_fingerprint "$@" ;; @@ -280,6 +281,19 @@ case $COMMAND in keys_for_userid "$@" ;; + 'sshfprs-for-userid') + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} + keytmpdir=$(msmktempdir) + keytmpfile="$keytmpdir/ " + cd "$keytmpdir" + keys_for_userid "$@" | while read KEYLINE ; do + printf '%s\n' "$KEYLINE" > "$keytmpdir/ " + ssh-keygen -l -f ' ' + done + rm -f "$keytmpfile" + rmdir "$keytmpdir" + ;; + 'keys-from-userid') echo "Warning: 'keys-from-userid' is deprecated. Please use 'keys-for-userid' instead." >&2 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} -- cgit v1.2.3 From 1bb35e8d63f3c28d29f0c033333aeff7a57bde91 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 23:25:40 -0400 Subject: added comment about why the key file is named with whitespace --- src/monkeysphere | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/monkeysphere b/src/monkeysphere index 2d5cba8..fe92960 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -284,6 +284,8 @@ case $COMMAND in 'sshfprs-for-userid') CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} keytmpdir=$(msmktempdir) + # use a file named " " to avoid arbitrary non-whitespace text + # in the fingerprint output keytmpfile="$keytmpdir/ " cd "$keytmpdir" keys_for_userid "$@" | while read KEYLINE ; do -- cgit v1.2.3