From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 11 Oct 2010 20:27:20 +0000 (-0400)
Subject: read keyserver from gpg.conf if $MSVA_KEYSERVER is empty or unset
X-Git-Tag: msva-perl_debian/0.5-1~1^2~7
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d2ac6863a84fce308b8f801d2ed1983a97e1163d;p=monkeysphere-validation-agent.git

read keyserver from gpg.conf if $MSVA_KEYSERVER is empty or unset
---

diff --git a/Changelog b/Changelog
index ada68be..cbbebb2 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+msva-perl (0.5~pre) unstable; urgency=low
+
+  * If ${MSVA_KEYSERVER} is unset or blank, default to using keyserver
+    from ${GNUPGHOME}/gpg.conf if that file exists. (addresses MS #2080)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Mon, 11 Oct 2010 16:02:22 -0400
+
 msva-perl (0.4) upstream;
 
   * removed dependency on monkeysphere package -- just invoke GnuPG
diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index a3ccff5..8a02c8d 100755
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -36,6 +36,9 @@
   use IO::Socket;
   use IO::File;
   use Socket;
+  use File::Spec;
+  use File::HomeDir;
+  use Config::General;
 
   use JSON;
   use POSIX qw(strftime);
@@ -367,7 +370,7 @@
   }
 
   sub get_keyserver_policy {
-    if (exists $ENV{MSVA_KEYSERVER_POLICY}) {
+    if (exists $ENV{MSVA_KEYSERVER_POLICY} and $ENV{MSVA_KEYSERVER_POLICY} ne '') {
       if ($ENV{MSVA_KEYSERVER_POLICY} =~ /^(always|never|unlessvalid)$/) {
         return $1;
       }
@@ -379,15 +382,38 @@
   sub get_keyserver {
     # We should read from (first hit wins):
     # the environment
-    if (exists $ENV{MSVA_KEYSERVER}) {
-      if ($ENV{MSVA_KEYSERVER} =~ /^((hkps?|finger|ldap):\/\/)?$RE{net}{domain}$/) {
+    if (exists $ENV{MSVA_KEYSERVER} and $ENV{MSVA_KEYSERVER} ne '') {
+      if ($ENV{MSVA_KEYSERVER} =~ /^(((hkps?|finger|ldap):\/\/)?$RE{net}{domain})$/) {
         return $1;
       }
       msvalog('error', "Not a valid keyserver (from MSVA_KEYSERVER):\n  %s\n", $ENV{MSVA_KEYSERVER});
     }
 
     # FIXME: some msva.conf file (system and user?)
-    # FIXME: the relevant gnupg.conf instead?
+
+    # or else read from the relevant gnupg.conf:
+    my $gpghome;
+    if (exists $ENV{GNUPGHOME} and $ENV{GNUPGHOME} ne '') {
+      $gpghome = untaint($ENV{GNUPGHOME});
+    } else {
+      $gpghome = File::Spec->catfile(File::HomeDir->my_home, '.gnupg');
+    }
+    my $gpgconf = File::Spec->catfile($gpghome, 'gpg.conf');
+    if (-f $gpgconf) {
+      if (-r $gpgconf) {
+        my %gpgconfig = Config::General::ParseConfig($gpgconf);
+        if ($gpgconfig{keyserver} =~ /^(((hkps?|finger|ldap):\/\/)?$RE{net}{domain})$/) {
+          msvalog('debug', "Using keyserver %s from the GnuPG configuration file (%s)\n", $1, $gpgconf);
+          return $1;
+        } else {
+          msvalog('error', "Not a valid keyserver (from gpg config %s):\n  %s\n", $gpgconf, $gpgconfig{keyserver});
+        }
+      } else {
+        msvalog('error', "The GnuPG configuration file (%s) is not readable\n", $gpgconf);
+      }
+    } else {
+      msvalog('info', "Did not find GnuPG configuration file while looking for keyserver '%s'\n", $gpgconf);
+    }
 
     # the default_keyserver
     return $default_keyserver;
@@ -400,12 +426,13 @@
     my $out = IO::Handle->new();
     my $nul = IO::File->new("< /dev/null");
 
-    msvalog('debug', "start ks query for UserID: %s", $uid);
+    my $ks = get_keyserver();
+    msvalog('debug', "start ks query to %s for UserID: %s\n", $ks, $uid);
     my $pid = $gnupg->wrap_call
       ( handles => GnuPG::Handles->new( command => $cmd, stdout => $out, stderr => $nul ),
         command_args => [ '='.$uid ],
         commands => [ '--keyserver',
-                      get_keyserver(),
+                      $ks,
                       qw( --no-tty --with-colons --search ) ]
       );
     while (my $line = $out->getline()) {
@@ -413,6 +440,7 @@
       if ($line =~ /^info:(\d+):(\d+)/ ) {
         $cmd->print(join(' ', ($1..$2))."\n");
         msvalog('debug', 'to ks query: '.join(' ', ($1..$2))."\n");
+        last;
       }
     }
     # FIXME: can we do something to avoid hanging forever?
@@ -462,6 +490,9 @@
         } else {
           $ret->{message} = sprintf('Failed to validate "%s" through the OpenPGP Web of Trust.', $uid);
           my $lastloop = 0;
+          msvalog('debug', "keyserver policy: %s\n", get_keyserver_policy);
+          # needed because $gnupg spawns child processes
+          $ENV{PATH} = '/usr/local/bin:/usr/bin:/bin';
           if (get_keyserver_policy() eq 'always') {
             fetch_uid_from_keyserver($uid);
             $lastloop = 1;
@@ -469,8 +500,6 @@
             $lastloop = 1;
           }
           my $foundvalid = 0;
-          # needed because $gnupg spawns child processes
-          $ENV{PATH} = '/usr/local/bin:/usr/bin:/bin';
 
           # fingerprints of keys that are not fully-valid for this User ID, but match
           # the key from the queried certificate:
diff --git a/msva-perl b/msva-perl
index 35bd202..54e233b 100755
--- a/msva-perl
+++ b/msva-perl
@@ -102,8 +102,10 @@ on an arbitrary open port.
 =item MSVA_KEYSERVER
 
 msva-perl will request information from OpenPGP keyservers.  Set
-MSVA_KEYSERVER to declare the keyserver you want it to check with.
-Default is 'hkp://pool.sks-keyservers.net'.
+MSVA_KEYSERVER to declare the keyserver you want it to check with.  If
+this variable is blank or unset, and your gpg.conf contains a
+keyserver declaration, it will use the GnuPG configuration.  Failing
+that, the default is 'hkp://pool.sks-keyservers.net'.
 
 =item MSVA_KEYSERVER_POLICY