X-Git-Url: http://git.sthu.org/?a=blobdiff_plain;f=caff%2Fcaff;h=f3cb06338c22cc70f5e87d4209c26f4e1985b845;hb=1f25fea57b73d2ea874e280014f3298d90eceb41;hp=cb482518f273346dc56a1d606a0f4f53ab6e3045;hpb=4e9bfefa47c7ed2041120169210e644c3df7fd27;p=pgp-tools.git diff --git a/caff/caff b/caff/caff index cb48251..f3cb063 100755 --- a/caff/caff +++ b/caff/caff @@ -118,7 +118,7 @@ Path to the GnuPG binary. Default: B. Path to the GnuPG binary which is used to sign keys. Default: what B is set to. -=item B [string] +=item B [string] Path to the GnuPG binary which is used to split off signatures. This is needed while the upstream GnuPG is not fixed (there are 2 bugs in the @@ -128,6 +128,19 @@ Debian Bug Tracking System). Default: what B is set to. Path to your secret keyring. Default: B<$HOME/.gnupg/secring.gpg>. +=item B [keyid] + +An additional keyid to encrypt messages to. Default: none. + +=item B [boolean] + +If true, then skip the step of fetching keys from the keyserver. +Default: B<0>. + +=item B [boolean] + +If true, then skip the signing step. Default: B<0>. + =back =head1 AUTHOR @@ -173,6 +186,8 @@ sub load_config() { $CONFIG{'gpg-sign'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-sign'}; $CONFIG{'gpg-delsig'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-delsig'}; $CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'}; + $CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'}; + $CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'}; }; sub notice($) { @@ -232,21 +247,31 @@ sub readwrite_gpg($$$$$%) { my ($stdout, $stderr, $status) = ("", "", ""); my $exitwhenstatusmatches = $options{'exitwhenstatusmatches'}; - trace("doign stuff until we find $exitwhenstatusmatches") if defined $exitwhenstatusmatches; + trace("doing stuff until we find $exitwhenstatusmatches") if defined $exitwhenstatusmatches; + my $readwrote_stuff_this_time = 0; + my $do_not_wait_on_select = 0; my ($readyr, $readyw, $written); while ($sout->count() > 0 || (defined($sin) && ($sin->count() > 0))) { if (defined $exitwhenstatusmatches) { if ($status =~ /$exitwhenstatusmatches/m) { trace("readwrite_gpg found match on $exitwhenstatusmatches"); - last; + if ($readwrote_stuff_this_time) { + trace("read/write some more\n"); + $do_not_wait_on_select = 1; + } else { + trace("that's it in our while loop.\n"); + last; + } }; }; + $readwrote_stuff_this_time = 0; trace("select waiting for ".($sout->count())." fds."); - ($readyr, $readyw, undef) = IO::Select::select($sout, $sin, undef, 1); + ($readyr, $readyw, undef) = IO::Select::select($sout, $sin, undef, $do_not_wait_on_select ? 0 : 1); trace("ready: write: ".(defined $readyw ? scalar @$readyw : 0 )."; read: ".(defined $readyr ? scalar @$readyr : 0)); for my $wfd (@$readyw) { + $readwrote_stuff_this_time = 1; if (length($in) != $offset) { trace("writing to $wfd."); $written = $wfd->syswrite($in, length($in) - $offset, $offset); @@ -266,6 +291,7 @@ sub readwrite_gpg($$$$$%) { next unless (defined(@$readyr)); # Wait some more. for my $rfd (@$readyr) { + $readwrote_stuff_this_time = 1; if ($rfd->eof) { trace("reading from $rfd done."); $sout->remove($rfd); @@ -437,7 +463,7 @@ $CONFIG{'owner'} $message_entity->head->add("Subject", "Your signed PGP key 0x$key_id"); $message_entity->head->add("To", $address); - $message_entity->head->add("From", $CONFIG{'owner'}.' <'.$CONFIG{'email'}.'>'); + $message_entity->head->add("From", '"'.$CONFIG{'owner'}.'" <'.$CONFIG{'email'}.'>'); $message_entity->head->add("User-Agent", $USER_AGENT); $message_entity->send(); $message_entity->stringify(); @@ -446,7 +472,8 @@ $CONFIG{'owner'} sub sanitize_uid($) { my ($uid) = @_; - my $good_uid =~ tr#/:\\#_#; + my $good_uid = $uid; + $good_uid =~ tr#/:\\#_#; trace2("[sanitize_uid] changed UID from $uid to $good_uid.\n") if $good_uid ne $uid; return $good_uid; }; @@ -474,49 +501,71 @@ for my $keyid (@ARGV) { }; + ############################# # receive keys from keyserver ############################# -my $gpg = GnuPG::Interface->new(); -$gpg->call( $CONFIG{'gpg'} ); -$gpg->options->hash_init( - 'homedir' => $GNUPGHOME, - 'extra_args' => '--keyserver='.$CONFIG{'keyserver'} ); -$gpg->options->meta_interactive( 0 ); -my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); -my $pid = $gpg->recv_keys(handles => $handles, command_args => [ @KEYIDS ]); -my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); -waitpid $pid, 0; - my @keyids_ok; my @keyids_failed; +if ($CONFIG{'no-download'}) { + @keyids_ok = @KEYIDS; +} else { + my $gpg = GnuPG::Interface->new(); + $gpg->call( $CONFIG{'gpg'} ); + $gpg->options->hash_init( + 'homedir' => $GNUPGHOME, + 'extra_args' => '--keyserver='.$CONFIG{'keyserver'} ); + $gpg->options->meta_interactive( 0 ); + my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); + + my @local_keyids = @KEYIDS; + for my $keyid (@local_keyids) { + info ("fetching $keyid..."); + my $pid = $gpg->recv_keys(handles => $handles, command_args => [ $keyid ]); + my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); + waitpid $pid, 0; + # [GNUPG:] IMPORT_OK 0 5B00C96D5D54AEE1206BAF84DE7AAF6E94C09C7F # [GNUPG:] NODATA 1 # [GNUPG:] NODATA 1 # [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039 -for my $line (split /\n/, $status) { - if ($line =~ /^\[GNUPG:\] IMPORT_OK/) { - push @keyids_ok, shift @KEYIDS; - } elsif ($line =~ /^\[GNUPG:\] NODATA/) { - push @keyids_failed, shift @KEYIDS; + my $handled = 0; + for my $line (split /\n/, $status) { + if ($line =~ /^\[GNUPG:\] IMPORT_OK/) { + push @keyids_ok, shift @KEYIDS; + $handled = 1; + last; + } elsif ($line =~ /^\[GNUPG:\] NODATA/) { + push @keyids_failed, shift @KEYIDS; + $handled = 1; + last; + }; + }; + unless ($handled) { + notice ("Huh, what's up with $keyid?"); + push @keyids_failed, shift @KEYIDS; + }; }; -} -die ("Still keys in \@KEYIDS. This should not happen.") if scalar @KEYIDS; -notice ("Import failed for: ". (join ' ', @keyids_failed).".") if scalar @keyids_failed; + die ("Still keys in \@KEYIDS. This should not happen.") if scalar @KEYIDS; + notice ("Import failed for: ". (join ' ', @keyids_failed).".") if scalar @keyids_failed; +}; ########### # sign keys ########### -info("Sign the following keys according to your policy..."); -for my $keyid (@keyids_ok) { - my @command; - push @command, $CONFIG{'gpg-sign'}; - push @command, '--local-user', $USER if (defined $USER); - push @command, "--homedir=$GNUPGHOME"; - push @command, '--secret-keyring', $CONFIG{'secret-keyring'}; - push @command, '--sign-key', $keyid; - print join(' ', @command),"\n"; - system (@command); +unless ($CONFIG{'no-sign'}) { + info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key"); + for my $keyid (@keyids_ok) { + my @command; + push @command, $CONFIG{'gpg-sign'}; + push @command, '--local-user', $USER if (defined $USER); + push @command, "--homedir=$GNUPGHOME"; + push @command, '--secret-keyring', $CONFIG{'secret-keyring'}; + push @command, '--edit', $keyid; + push @command, 'sign'; + print join(' ', @command),"\n"; + system (@command); + }; }; ################## @@ -526,14 +575,14 @@ KEYS: for my $keyid (@keyids_ok) { # get key listing ################# - $gpg = GnuPG::Interface->new(); + my $gpg = GnuPG::Interface->new(); $gpg->call( $CONFIG{'gpg'} ); $gpg->options->hash_init( 'homedir' => $GNUPGHOME ); $gpg->options->meta_interactive( 0 ); - ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); + my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); $gpg->options->hash_init( 'extra_args' => [ '--with-colons', '--fixed-list-mode' ] ); - $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $keyid ]); - ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); + my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $keyid ]); + my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); waitpid $pid, 0; if ($stdout eq '') { warn ("No data from gpg for list-key $keyid\n"); @@ -561,7 +610,7 @@ for my $keyid (@keyids_ok) { while (1) { my $this_uid_text = ''; $uid_number++; - info("Doing key $keyid, uid $uid_number"); + debug("Doing key $keyid, uid $uid_number"); # import into temporary gpghome ############################### @@ -630,6 +679,7 @@ for my $keyid (@keyids_ok) { next; }; unless ($have_one) { + debug("Uid ".($uid_number-1)." was the last, there is no $uid_number."); info("key $keyid done."); last; }; @@ -659,18 +709,26 @@ for my $keyid (@keyids_ok) { while($status =~ /$KEYEDIT_DELSIG_PROMPT/m) { # sig:?::17:EA2199412477CAF8:1058095214:::::13x: my @sigline = grep { /^sig/ } (split /\n/, $stdout); + $stdout =~ s/\n/\\n/g; + notice("[sigremoval] why are there ".(scalar @sigline)." siglines in that part of the dialog!? got: $stdout") if scalar @sigline >= 2; # XXX my $line = pop @sigline; my $answer = "no"; if (defined $line) { # only if we found a sig here - we never remove revocation packets for instance + debug("[sigremoval] doing line $line."); my ($dummy1, $dummy2, $dummy3, $dummy4, $signer, $created, $dummy7, $dummy8, $dummy9) = split /:/, $line; if ($signer eq $longkeyid) { + debug("[sigremoval] selfsig ($signer)."); $answer = "no"; } elsif (grep { $signer eq $_ } @{$CONFIG{'keyid'}}) { + debug("[sigremoval] signed by us ($signer)."); $answer = "no"; $signed_by_me = $signed_by_me > $created ? $signed_by_me : $created; } else { + debug("[sigremoval] not interested in that sig ($signer)."); $answer = "yes"; }; + } else { + debug("[sigremoval] no sig line here, only got: ".$stdout); }; ($stdout, $stderr, $status) = readwrite_gpg($answer."\n", $inputfd, $stdoutfd, $stderrfd, $statusfd, exitwhenstatusmatches => $KEYEDIT_KEYEDIT_OR_DELSIG_PROMPT, nocloseinput => 1); @@ -713,7 +771,7 @@ for my $keyid (@keyids_ok) { trace("UID: $uid->{'text'}\n"); unless ($uid->{'text'} =~ /@/) { my $attach = ask("UID $uid->{'text'} is no email address, attach it to every email sent?", 1); - push @attached, $uid; + push @attached, $uid if $attach; }; };