function subkey_to_ssh_agent() {
# try to add all authentication subkeys to the agent:
- local authsubkeys
+ local sshaddresponse
local secretkeys
- local subkey
+ local authsubkeys
local workingdir
- local kname
- local sshaddresponse
local keysuccess
+ local subkey
+ local publine
+ local kname
if ! test_gnu_dummy_s2k_extension ; then
failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys.
fi
# get list of secret keys (to work around https://bugs.g10code.com/gnupg/issue945):
- secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }')
+ secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \
+ grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }')
if [ -z "$secretkeys" ]; then
failure "You have no secret keys in your keyring!
You might want to run 'gpg --gen-key'."
fi
- authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint --fingerprint $secretkeys | cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | grep '^fpr::' | cut -f3 -d: | sort -u)
+ authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \
+ --fingerprint --fingerprint $secretkeys | \
+ cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \
+ grep '^fpr::' | cut -f3 -d: | sort -u)
if [ -z "$authsubkeys" ]; then
failure "no authentication-capable subkeys available.
primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /)
#kname="[monkeysphere] $primaryuid"
- kname="'$primaryuid'"
+ kname="$primaryuid"
if [ "$1" = '-d' ]; then
# we're removing the subkey:
--export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" &
(cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )&
- passphrase_prompt "Enter passphrase for key for $primaryuid: " "$workingdir/passphrase"
+ passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
wait %2
fi
keysuccess="$?"
------
-Hey, your Royal Highness, push your branch where you did this work to
-your public repo so that I can pull it and check out the changes you
-made. I think it's good that I look over these changes, because there
-is definitely some stuff (ie. key processing) that requires that
-things go to standard error and definitely not to standard out. I can
-see that if that were changed, it's possible that things could go
-wrong (ie. cause a `known_hosts` file to get truncated maybe).
+Hey, your Royal Highness. I do think it's good that I look over these
+changes, because there are definitely some stuff (ie. key processing)
+that requires that things go to stderr and definitely not to stdout.
+I can see that if that were changed, it's possible that things could
+go wrong (ie. cause a `known_hosts` file to get truncated maybe).
I have to say that I'm still not sure I totally see why it's necessary
to implement such nuanced output switches. All of the stuff you were