From 10888c602170f6157ff43a81bad920babdd6a59e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Feb 2009 12:27:01 -0500 Subject: monkeysphere-host revoke-key should now be capable of publishing the revocation certificate to the keyservers directly, should the admin want that. It can also run without prompting, if MONKEYSPHERE_PROMPT=false. In the no-prompts case, it never publishes to the keyserver, it indicates that the key was compromised, and it writes a boilerplate description to make it easy to identify this kind of certificate. --- src/monkeysphere-host | 11 +++++---- src/share/mh/revoke_key | 66 +++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 65 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 4c7df88..efa48cd 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -56,12 +56,13 @@ Monkeysphere host admin tool. subcommands: import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg show-key (s) output all host key information + publish-key (p) publish host key to keyserver set-expire (e) [EXPIRE] set host key expiration add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID - add-revoker (o) [KEYID|FILE] add a revoker to the host key - revoke-key (r) revoke host key - publish-key (p) publish host key to keyserver + add-revoker (r+) [KEYID|FILE] add a revoker to the host key + revoke-key generate and/or publish revocation + certificate for host key version (v) show version number help (h,?) this help @@ -268,14 +269,14 @@ case $COMMAND in revoke_hostname "$@" ;; - 'add-revoker'|'o') + 'add-revoker'|'r+') check_host_no_key load_fingerprint source "${MHSHAREDIR}/add_revoker" add_revoker "$@" ;; - 'revoke-key'|'r') + 'revoke-key') check_host_no_key load_fingerprint source "${MHSHAREDIR}/revoke_key" diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index 380236b..271432b 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -18,6 +18,28 @@ revoke_key() { # Coming in here, we expect $HOST_FINGERPRINT to be set, and we # believe that there is in fact a key. + if [ "$PROMPT" = "false" ] ; then + publish=N + else + cat <&2 +This will generate a revocation certificate for your host key +(fingerprint: $HOST_FINGERPRINT) and +dump the certificate to standard output. + +It can also directly publish the new revocation certificate +to the public keyservers via $KEYSERVER if you want it to. + +Publishing this certificate will IMMEDIATELY and PERMANENTLY revoke +your host key! + +EOF + read -p "Publish the certificate after generation? (y/n/Q) " publish + + if ! [ "${publish/y/Y}" = 'Y' -o "${publish/n/N}" = 'N' ] ; then + failure "aborting at user request" + fi + fi + # our current implementation is very simple: we just want to # generate the revocation certificate on stdout. This provides # for the two most likely (but hopefully not common) scenarios: @@ -28,18 +50,48 @@ revoke_key() { # transcribe from the terminal. # Alternately, an admin might want to publish the revocation - # certificate immediately. here's a quick way to do this: + # certificate immediately, which we can help them do as well. + if [ "$PROMPT" = 'false' ] ; then + local revoke_commands="y +1 +Monkeysphere host key revocation (no prompting) $(date '+%F_%T') - # tmp=$(mktemp -d) - # export GNUPGHOME="$tmp" - # gpg --import < /var/lib/monkeysphere/ssh_host_rsa_key.pub.gpg - # monkeysphere-host revoke-key | gpg --import - # gpg --keyserver pool.sks-keyservers.net --send $(hostname -f) +y +" + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \ + || failure "Failed to generate revocation certificate!" + + else # note: we're not using the gpg_host function because we actually # want to use gpg's UI in this case, so we want to omit --no-tty + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \ + || failure "Failed to generate revocation certificate!" + fi + + # if you run gpg --gen-revoke but cancel it or quit in the middle, + # it returns success, but emits no revocation certificate: + if ! [ "$revcert" ] ; then + failure "Revocation canceled." + fi + + ## ok, now we have the revocation certificate. Print it, and + ## offer to publish if originally requested: + printf "%s\n" "$revcert" - GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!" + if [ "${publish/y/Y}" = 'Y' ] ; then + printf "\n" >&2 + read -p "Really publish this cert to $KEYSERVER ? (Y/n) " really + if [ "${really/n/N}" = 'N' ] ; then + printf "Not publishing.\n" >&2 + else + local newhome=$(mkmstempdir) + GNUPGHOME="$newhome" gpg --no-tty --quiet --import < "$HOST_KEY_FILE" + GNUPGHOME="$newhome" gpg --no-tty --quiet --import <<< "$revcert" + GNUPGHOME="$newhome" gpg --keyserver "$KEYSERVER" --send "0x${HOST_FINGERPRINT}!" + rm -rf "$newhome" + fi + fi } -- cgit v1.2.3 From d7141bd2a46b59e7637aa3c7a750fa4b6a925b64 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Feb 2009 12:33:14 -0500 Subject: tune automated revocation certificate description; add FIXME to allow it to be set explicitly. --- src/share/mh/revoke_key | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index 271432b..ad68d5f 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -53,9 +53,13 @@ EOF # certificate immediately, which we can help them do as well. if [ "$PROMPT" = 'false' ] ; then + # FIXME: allow the end user to choose something other than + # "key was compromised" (1) and to supply their own revocation + # string. + local revoke_commands="y 1 -Monkeysphere host key revocation (no prompting) $(date '+%F_%T') +Monkeysphere host key revocation (automated) $(date '+%F_%T%z') y -- cgit v1.2.3 From 348d18f9d16478fd3a11cd59caa152cc367c08c5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Feb 2009 13:19:46 -0500 Subject: tuning some diagnostic text. --- src/share/ma/diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index ce463b2..8fc4b31 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -105,7 +105,7 @@ echo echo "Checking for Identity Certifiers..." if ! monkeysphere-authentication list-identity-certifiers | egrep -q '^[A-F0-9]{40}:' then echo "! No Identity Certifiers found!" - echo " - Recommendation: once you know who should be able to certify identities for + echo " - Recommendation: once you know who should be able to certify the identities of connecting users, you should add their key, with: monkeysphere-authentication add-identity-certifier" problemsfound=$(($problemsfound+1)) -- cgit v1.2.3 From cd4c36070c85283086ed914d8fd6ac77884173bb Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 20 Feb 2009 14:26:15 -0500 Subject: tweak/cleanup some of the prompts. --- src/share/ma/add_certifier | 4 ++-- src/share/ma/remove_certifier | 2 +- src/share/mh/add_hostname | 6 ++++-- src/share/mh/add_revoker | 4 ++-- src/share/mh/import_key | 15 +++++++++++++++ src/share/mh/revoke_hostname | 8 +++++--- 6 files changed, 29 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index f2cadf2..a48db64 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -126,8 +126,8 @@ else gpg_sphere "--fingerprint 0x${fingerprint}!" if [ "$PROMPT" = "true" ] ; then - echo "Are you sure you want to add the above key as a" - read -p "certifier of users on this system? (Y/n) " OK; OK=${OK:-Y} + echo "Are you sure you want to add the above key as a certifier" + read -p "of users on this system? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not added." fi diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index a9a1451..6c90358 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -27,7 +27,7 @@ fi gpg_core --list-key --fingerprint "0x${keyID}!" || failure if [ "$PROMPT" = "true" ] ; then - read -p "Really remove the identity certifier above? (Y/n) " OK; OK=${OK:-Y} + read -p "Really remove the above listed identity certifier? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." fi diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 0da6a06..ec741ee 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -32,8 +32,10 @@ find_host_userid > /dev/null && \ failure "Host userID '$userID' already exists." if [ "$PROMPT" = "true" ] ; then - echo "The following user ID will be added to the host key:" - echo " $userID" + cat < Date: Sat, 21 Feb 2009 14:45:14 -0500 Subject: fix failure message in import_key --- src/share/mh/import_key | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 7c11890..c545388 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -52,7 +52,7 @@ will be generated with the following user ID: EOF read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then - failure "revoker not added." + failure "ssh key not imported." fi else log debug "importing key without prompting." -- cgit v1.2.3 From ff8383ce9092335de6c00447bb45a2a7fbbf8685 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 21 Feb 2009 14:57:41 -0500 Subject: make sure we're explicitly capturing return codes in places where they are tested, in case things are being run set -e --- src/monkeysphere | 14 +++++--------- src/share/common | 17 ++++++++++------- src/share/m/ssh_proxycommand | 10 ++++++---- src/share/m/subkey_to_ssh_agent | 10 ++++------ src/share/ma/update_users | 5 +++-- 5 files changed, 28 insertions(+), 28 deletions(-) (limited to 'src') diff --git a/src/monkeysphere b/src/monkeysphere index a65cef6..b30453c 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -27,9 +27,6 @@ DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up unset GREP_OPTIONS -# default return code -RETURN=0 - # set the file creation mask to be only owner rw umask 077 @@ -87,9 +84,11 @@ check_gpg_sec_key_id() { echo "$gpgSecOut" | cut -d: -f5 ;; *) - echo "Multiple primary secret keys found:" | log error - echo "$gpgSecOut" | cut -d: -f5 | log error - echo "Please specify which primary key to use." | log error + echo "Multiple primary secret keys found:" + for key in $(echo "$gpgSecOut" | cut -d: -f5) ; do + echo " $key" + done + echo "Please specify which primary key to use." failure ;; esac @@ -203,13 +202,11 @@ case $COMMAND in # those hosts if [ "$1" ] ; then update_known_hosts "$@" - RETURN="$?" # otherwise, if no hosts are specified, process every host # in the user's known_hosts file else process_known_hosts - RETURN="$?" fi ;; @@ -219,7 +216,6 @@ case $COMMAND in # process authorized_user_ids file process_authorized_user_ids "$AUTHORIZED_USER_IDS" - RETURN="$?" ;; 'import-subkey'|'i') diff --git a/src/share/common b/src/share/common index 653d58b..5e0cb6a 100644 --- a/src/share/common +++ b/src/share/common @@ -586,8 +586,8 @@ gpg2authorized_keys() { # FIXME: need to figure out how to retrieve all matching keys # (not just first N (5 in this case)) gpg_fetch_userid() { + local returnCode=0 local userID - local returnCode if [ "$CHECK_KEYSERVER" != 'true' ] ; then return 0 @@ -626,6 +626,7 @@ gpg_fetch_userid() { # # expects global variable: "MODE" process_user_id() { + local returnCode=0 local userID local requiredCapability local requiredPubCapability @@ -657,10 +658,10 @@ process_user_id() { # output gpg info for (exact) userid and store gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ - ="$userID" 2>/dev/null) + ="$userID" 2>/dev/null) || returnCode="$?" # if the gpg query return code is not 0, return 1 - if [ "$?" -ne 0 ] ; then + if [ "$returnCode" -ne 0 ] ; then log verbose " no primary keys found." return 1 fi @@ -890,6 +891,7 @@ process_host_known_hosts() { # update the known_hosts file for a set of hosts listed on command # line update_known_hosts() { + local returnCode=0 local nHosts local nHostsOK local nHostsBAD @@ -919,9 +921,9 @@ update_known_hosts() { for host ; do # process the host - process_host_known_hosts "$host" + process_host_known_hosts "$host" || returnCode="$?" # note the result - case "$?" in + case "$returnCode" in 0) nHostsOK=$((nHostsOK+1)) ;; @@ -1043,6 +1045,7 @@ process_uid_authorized_keys() { # update the authorized_keys files from a list of user IDs on command # line update_authorized_keys() { + local returnCode=0 local userID local nIDs local nIDsOK @@ -1072,10 +1075,10 @@ update_authorized_keys() { for userID ; do # process the user ID, change return code if key not found for # user ID - process_uid_authorized_keys "$userID" + process_uid_authorized_keys "$userID" || returnCode="$?" # note the result - case "$?" in + case "$returnCode" in 0) nIDsOK=$((nIDsOK+1)) ;; diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index bd09588..abe068d 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -18,6 +18,7 @@ # "marginal case" ouput in the case that there is not a full # validation path to the host output_no_valid_key() { + local returnCode=0 local sshKeyOffered local userID local type @@ -112,11 +113,11 @@ EOF fi ;; esac - done + done || returnCode="$?" # if no key match was made (and the "while read" subshell returned # 1) output how many keys were found - if (($? != 1)) ; then + if (( returnCode != 1 )) ; then cat </dev/null - sshaddresponse="$?" + ssh-add -l >/dev/null || sshaddresponse="$?" if [ "$sshaddresponse" = "2" ]; then failure "Could not connect to ssh-agent" fi @@ -100,8 +99,7 @@ You might want to 'monkeysphere gen-subkey'" passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase" wait %2 - fi - keysuccess="$?" + fi || keysuccess="$?" rm -f "$workingdir/$kname" done diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 092d108..bfefc31 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -93,8 +93,8 @@ for uname in $unames ; do # process authorized_user_ids file, as monkeysphere user su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" - RETURN="$?" + ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \ + || RETURN="$?" else log debug "not processing authorized_user_ids." fi @@ -154,4 +154,5 @@ for uname in $unames ; do rm -rf "$TMPLOC" done +return $RETURN } -- cgit v1.2.3 From dbb8acd9a45eb2b9f3f412b98d6a777d39b368ac Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 21 Feb 2009 15:10:57 -0500 Subject: remove 'return' line from monkeysphere that was errantly not removed in the previous commit. --- src/monkeysphere | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/monkeysphere b/src/monkeysphere index b30453c..0d8f4ff 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -12,6 +12,8 @@ # or later. ######################################################################## +set -e + PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} @@ -251,5 +253,3 @@ case $COMMAND in Type '$PGRM help' for usage." ;; esac - -exit "$RETURN" -- cgit v1.2.3 From bb8f498db80efcfffdf60ef317254d7355ea54ef Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 21 Feb 2009 15:37:30 -0500 Subject: import-key now requires a hostname be specified, and no longer does any hostname guessing. this is so that we don't have to worry about prompting the user when guessing the hostname. also updated documentation. --- man/man8/monkeysphere-host.8 | 11 +++++------ src/monkeysphere-host | 2 +- src/share/mh/import_key | 30 ++---------------------------- website/getting-started-admin.mdwn | 14 ++++---------- 4 files changed, 12 insertions(+), 45 deletions(-) (limited to 'src') diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 0a9fc1b..7909b62 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -23,14 +23,13 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP -.B import-key FILE [NAME[:PORT]] +.B import-key FILE NAME[:PORT] Import a pem-encoded ssh secret host key from file FILE. If FILE is '-', then the key will be imported from stdin. NAME[:PORT] is used -to specify the hostname (and port) used in the user ID of the new -OpenPGP key. If NAME is not specified, then the system -fully-qualified domain name will be used (ie. `hostname -f'). If PORT -is not specified, the no port is added to the user ID, which means -port 22 is assumed. `i' may be used in place of `import-key'. +to specify the fully-qualified hostname (and port) used in the user ID +of the new OpenPGP key. If PORT is not specified, the no port is +added to the user ID, which means port 22 is assumed. `i' may be used +in place of `import-key'. .TP .B show-key Output information about host's OpenPGP and SSH keys. `s' may be used diff --git a/src/monkeysphere-host b/src/monkeysphere-host index efa48cd..540a8ab 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -54,7 +54,7 @@ usage: $PGRM [options] [args] Monkeysphere host admin tool. subcommands: - import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg + import-key (i) FILE NAME[:PORT] import existing ssh key to gpg show-key (s) output all host key information publish-key (p) publish host key to keyserver set-expire (e) [EXPIRE] set host key expiration diff --git a/src/share/mh/import_key b/src/share/mh/import_key index c545388..f7c69c3 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -26,39 +26,13 @@ if [ -z "$sshKeyFile" ] ; then failure "Must specify ssh key file to import, or specify '-' for stdin." fi -# use the default hostname if not specified +# fail if hostname not specified if [ -z "$hostName" ] ; then - hostName=$(hostname -f) || failure "Could not determine hostname." - # test that the domain is not obviously illegitimate - domain=${foo##*.} - case $domain in - 'local'|'localdomain') - failure "Host domain '$domain' is not legitimate. Aborting key import." - ;; - esac - # test that there are at least two parts - if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then - failure "Host name '$hostName' is not legitimate. Aborting key import." - fi + failure "You must specify a fully-qualified domain name for use in the host certificate user ID." fi userID="ssh://${hostName}" -if [ "$PROMPT" = "true" ] ; then - cat < Date: Sat, 21 Feb 2009 15:39:44 -0500 Subject: fix return in subkey_to_ssh_agent, so that it returns, instead of exits --- src/share/m/subkey_to_ssh_agent | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index a2cf9a0..7fb2fdb 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -110,5 +110,5 @@ You might want to 'monkeysphere gen-subkey'" # FIXME: sort out the return values: we're just returning the # success or failure of the final authentication subkey in this # case. What if earlier ones failed? - exit "$keysuccess" + return "$keysuccess" } -- cgit v1.2.3 From 0c052b77d171c1723cb371f7c414ff28bad1a7d3 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 21 Feb 2009 16:11:07 -0500 Subject: fixing typo in ssh_proxycommand. --- src/share/m/ssh_proxycommand | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index abe068d..ca87c08 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -117,7 +117,7 @@ EOF # if no key match was made (and the "while read" subshell returned # 1) output how many keys were found - if (( returnCode != 1 )) ; then + if (( "$returnCode" != 1 )) ; then cat < Date: Sat, 21 Feb 2009 16:14:38 -0500 Subject: un-fix non-typo in ssh_proxycommand. (my mistake!) --- src/share/m/ssh_proxycommand | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index ca87c08..abe068d 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -117,7 +117,7 @@ EOF # if no key match was made (and the "while read" subshell returned # 1) output how many keys were found - if (( "$returnCode" != 1 )) ; then + if (( returnCode != 1 )) ; then cat < Date: Sat, 21 Feb 2009 16:16:58 -0500 Subject: add tests to add_revoker and add_certifier that more than one key was not found when adding by using key ID. --- src/share/ma/add_certifier | 12 +++++++++++- src/share/mh/add_revoker | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index a48db64..eba6893 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -120,7 +120,17 @@ else # get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ - | grep '^fpr:' | grep "$keyID" | cut -d: -f10) + | grep '^fpr:' | cut -d: -f10) + + # test that there is only a single fingerprint + if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then + cat < Date: Sat, 21 Feb 2009 16:29:35 -0500 Subject: fix output formatting for cases where multiple fingerprints are found, in functions that are doing that sort of thing --- src/monkeysphere | 4 +--- src/share/ma/add_certifier | 2 +- src/share/mh/add_revoker | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/monkeysphere b/src/monkeysphere index 0d8f4ff..fd96f45 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -87,9 +87,7 @@ check_gpg_sec_key_id() { ;; *) echo "Multiple primary secret keys found:" - for key in $(echo "$gpgSecOut" | cut -d: -f5) ; do - echo " $key" - done + echo "$gpgSecOut" | cut -d: -f5 echo "Please specify which primary key to use." failure ;; diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index eba6893..6f85ecf 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -126,7 +126,7 @@ else if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then cat < Date: Sat, 21 Feb 2009 16:48:30 -0500 Subject: make sure all prompt messages are going to stderr --- src/monkeysphere | 2 +- src/share/mh/add_hostname | 6 ++---- src/share/mh/add_revoker | 4 ++-- src/share/mh/revoke_hostname | 6 ++---- 4 files changed, 7 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/monkeysphere b/src/monkeysphere index fd96f45..371983f 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -122,7 +122,7 @@ check_gpg_authentication_subkey() { fi # if authentication key is valid, prompt to continue if [ "$validity" = 'u' ] ; then - echo "A valid authentication key already exists for primary key '$keyID'." + echo "A valid authentication key already exists for primary key '$keyID'." 1>&2 if [ "$PROMPT" = "true" ] ; then read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} if [ "${OK/y/Y}" != 'Y' ] ; then diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index ec741ee..b08d688 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -32,11 +32,9 @@ find_host_userid > /dev/null && \ failure "Host userID '$userID' already exists." if [ "$PROMPT" = "true" ] ; then - cat <