From: Daniel Kahn Gillmor Date: Fri, 15 Aug 2008 20:51:35 +0000 (-0400) Subject: fixing gen-subkey when no agent is present. X-Git-Tag: monkeysphere_0.8-1~12^2~1 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=78fe687a40613136c72bf3fcf16939d4415d4a1c;p=monkeysphere.git fixing gen-subkey when no agent is present. --- diff --git a/debian/changelog b/debian/changelog index 59aea1e..e6dfccd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low * More monkeysphere-server diagnostics * monkeysphere --gen-subkey now guesses what KeyID you meant. * set up host-key revocation + * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey works [ Jameson Graef Rollins ] * fix another bug for when ssh key files are missing. @@ -15,7 +16,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low * enabled host key publication. * added checking of gpg.conf for keyserver - -- Jameson Graef Rollins Fri, 15 Aug 2008 10:46:23 -0700 + -- Daniel Kahn Gillmor Fri, 15 Aug 2008 16:06:31 -0400 monkeysphere (0.7-1) experimental; urgency=low diff --git a/debian/control b/debian/control index 0b3d871..7fbcbc7 100644 --- a/debian/control +++ b/debian/control @@ -13,7 +13,7 @@ Format: 3.0 (git) Package: monkeysphere Architecture: any Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, adduser, ${shlibs:Depends} -Recommends: netcat | socat +Recommends: netcat | socat, ssh-askpass Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections SSH key-based authentication is tried-and-true, but it lacks a true diff --git a/src/monkeysphere b/src/monkeysphere index 6d9e6c3..57597e2 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -48,7 +48,6 @@ EOF } # generate a subkey with the 'a' usage flags set -# FIXME: this needs some tweaking to clean it up gen_subkey(){ local keyLength local keyExpire @@ -163,7 +162,18 @@ EOF ) log "generating subkey..." - echo "$editCommands" | gpg --expert --command-fd 0 --edit-key "$keyID" + fifoDir=$(mktemp -d) + (umask 077 && mkfifo "$fifoDir/pass") + echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + + if [ "$DISPLAY" ] && which ssh-askpass >/dev/null; then + ssh-askpass "Please enter your passphrase for $keyID: " > "$fifoDir/pass" + else + read -s -p "Please enter your passphrase for $keyID: " PASS + echo "$PASS" > "$fifoDir/pass" + fi + rm -rf "$fifoDir" + wait log "done." } diff --git a/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn b/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn index 51cf57e..e97b49c 100644 --- a/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn +++ b/website/bugs/monkeysphere-gen-subkey-fails-without-agent.mdwn @@ -135,3 +135,10 @@ it. Alternately, we could use `--passwd-fd` and `ssh-agent`, along the lines i proposed [for handling passphrase-locked secret keys](/bugs/handle-passphrase-locked-secret-keys). + +--- + +[[bugs/done]] as of 2008-08-15 16:48:26-0400 (to be released in 0.8-1) + +I opted to go with the `ssh-askpass` route, and fall back to echoing +stuff to a fifo directly if `ssh-askpass` is not available.