From e3bb810e188cae2d40a5191500a501c85cb93381 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 18 Feb 2010 12:11:47 -0500 Subject: [PATCH] enforce --no-armor when exporting to openpgp2ssh in case weird gpg.conf options (see bug 1625) --- src/monkeysphere | 2 +- src/monkeysphere-host | 2 +- src/share/common | 2 +- src/share/m/subkey_to_ssh_agent | 4 ++-- tests/basic | 8 ++++++++ 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/monkeysphere b/src/monkeysphere index 648f5e9..e268058 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -74,7 +74,7 @@ gpg_ssh_fingerprint() { trap "rm -f $tmpfile" EXIT # use temporary file, since ssh-keygen won't accept keys on stdin - gpg_user --export "$keyid" | openpgp2ssh "$keyid" >"$tmpfile" + gpg_user --export "$keyid" --no-armor | openpgp2ssh "$keyid" >"$tmpfile" ssh-keygen -l -f "$tmpfile" | awk '{ print $1, $2, $4 }' # remove the tmp file diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 6145c30..d89febb 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -302,7 +302,7 @@ show_key() { # create the ssh key tmpssh="$GNUPGHOME"/ssh_host_key_rsa_pub - gpg --export "$fingerprint" 2>/dev/null \ + gpg --export --no-armor "$fingerprint" 2>/dev/null \ | openpgp2ssh 2>/dev/null >"$tmpssh" # list the host key info diff --git a/src/share/common b/src/share/common index e735319..37f5305 100644 --- a/src/share/common +++ b/src/share/common @@ -478,7 +478,7 @@ gpg2ssh() { keyID="$1" - gpg --export "$keyID" | openpgp2ssh "$keyID" 2>/dev/null + gpg --export --no-armor "$keyID" | openpgp2ssh "$keyID" 2>/dev/null } # output known_hosts line from ssh key diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index edc177b..36eab4f 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -98,14 +98,14 @@ You might want to run 'monkeysphere gen-subkey'." if [ "$1" = '-d' ]; then # we're removing the subkey: - gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" + gpg_user --export --no-armor "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" (cd "$workingdir" && ssh-add -d "$kname") || keysuccess="$?" else # we're adding the subkey: mkfifo "$workingdir/$kname" gpg_user --passphrase-fd 3 3<"$workingdir/passphrase" \ --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \ - --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & + --export-secret-subkeys --no-armor "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" > "$GNUPGHOME"/gpg.conf +ssh_test + # remove the testuser's authorized_user_ids file, update, and make # sure that the ssh authentication FAILS echo -- 2.26.2