From dd1914ec0225cca711508dfd1351502040b6ec87 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 01:17:11 -0500 Subject: [PATCH] made gpg_sphere use --quiet again, and now doing more explicit extraction of key fingerprint during add-certifier from file. --- src/monkeysphere-authentication | 4 ++-- src/share/common | 11 +++++++++++ src/share/ma/add_certifier | 29 +++++++++-------------------- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index e8b11a4..e7a0580 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -84,8 +84,8 @@ gpg_core() { gpg_sphere() { GNUPGHOME="$GNUPGHOME_SPHERE" export GNUPGHOME - - su_monkeysphere_user "gpg --no-greeting --no-tty $@" + + su_monkeysphere_user "gpg --no-greeting --quiet --no-tty $@" } # output to stdout the core fingerprint from the gpg core secret diff --git a/src/share/common b/src/share/common index 6b7d51b..b78f64a 100644 --- a/src/share/common +++ b/src/share/common @@ -1100,3 +1100,14 @@ process_authorized_user_ids() { update_authorized_keys "${userIDs[@]}" } + +# takes a gpg key or keys on stdin, and outputs a list of +# fingerprints, one per line: +list_primary_fingerprints() { + local file="$1" + local fake=$(msmktempdir) + GNUPGHOME="$fake" gpg --no-tty --quiet --import + GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ + awk -F: '/^fpr:/{ print $10 }' + rm -rf "$fake" +} diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index b917a74..e543d94 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -67,28 +67,17 @@ if [ -z "$keyID" ] ; then fi if [ -f "$keyID" ] ; then log info "Reading key from file '$keyID':" - importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) || \ - failure "There were no gpg keys in the file $keyID." - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + + fingerprints=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprints" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi + + gpg_sphere "--import" < "$keyID" || failure "could not read key from '$keyID'" + + keyID="$fingerprints" else # get the key from the key server log debug "retrieving key from keyserver..." -- 2.26.2