* Update my maintainer address.

[pgp-tools.git] / caff / caff

diff --git a/caff/caff b/caff/caff
index 2fc095df8e093460da63584fc4a7bbccdd6179f1..8415af93cd7f2b9c083c666412278538c2172c0c 100755 (executable)
--- a/caff/caff
+++ b/caff/caff
@@ -85,6 +85,7 @@ Do not sign the keys.
 =item B<-u> I<yourkeyid>, B<--local-user> I<yourkeyid>
 
 Select the key that is used for signing, in case you have more than one key.
 =item B<-u> I<yourkeyid>, B<--local-user> I<yourkeyid>
 
 Select the key that is used for signing, in case you have more than one key.

+To sign with multiple keys at once, separate multiple keyids by comma.

 
 =item B<--key-file> I<file>
 
 
 =item B<--key-file> I<file>
 


@@ -164,9 +165,9 @@ is set to.
 
 Path to your secret keyring.  Default: B<$HOME/.gnupg/secring.gpg>.
 
 
 Path to your secret keyring.  Default: B<$HOME/.gnupg/secring.gpg>.
 

-=item B<also-encrypt-to> [keyid]
+=item B<also-encrypt-to> [keyid, or list of keyids]

 
 

-An additional keyid to encrypt messages to. Default: none.
+Additional keyids to encrypt messages to. Default: none.

 
 =item B<gpg-sign-args> [string]
 
 
 =item B<gpg-sign-args> [string]
 


@@ -203,9 +204,10 @@ This is useful for offline signing. Default: B<0>.
 Don't export UIDs by default, on which your latest signature is older
 than this age.  Default: B<24*60*60> (i.e. one day).
 
 Don't export UIDs by default, on which your latest signature is older
 than this age.  Default: B<24*60*60> (i.e. one day).
 

-=item B<local-user> [string]
+=item B<local-user> [keyid, or list of keyids]

 
 Select the key that is used for signing, in case you have more than one key.
 
 Select the key that is used for signing, in case you have more than one key.

+With multiple keyids, sign with each key in turn.

 
 =head2 Mail settings
 
 
 =head2 Mail settings
 


@@ -380,26 +382,39 @@ sub generate_config() {
                ($Cgecos,$Cemail,$Ckeys) = ('#','#','#');
        };
 
                ($Cgecos,$Cemail,$Ckeys) = ('#','#','#');
        };
 

-       return <<EOT;
-# .caffrc -- vim:syntax=perl:
+       my $template = <<EOT;
+# .caffrc -- vim:ft=perl:

 # This file is in perl(1) format - see caff(1) for details.
 
 # This file is in perl(1) format - see caff(1) for details.
 

-$Cgecos\$CONFIG{'owner'}       = '$gecos';
-$Cemail\$CONFIG{'email'}       = '$email';
+$Cgecos\$CONFIG{'owner'} = '$gecos';
+$Cemail\$CONFIG{'email'} = '$email';
+#\$CONFIG{'reply-to'} = 'foo\@bla.org';

 
 

-# you can get your long keyid from
+# You can get your long keyid from

 #   gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
 #
 #   gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
 #

-# if you have a v4 key, it will simply be the last 16 digits of
+# If you have a v4 key, it will simply be the last 16 digits of

 # your fingerprint.
 #
 # Example:
 # your fingerprint.
 #
 # Example:

-#   \$CONFIG{'keyid'}       = [ qw{FEDCBA9876543210} ];
+#   \$CONFIG{'keyid'} = [ qw{FEDCBA9876543210} ];

 #  or, if you have more than one key:
 #  or, if you have more than one key:

-#   \$CONFIG{'keyid'}       = [ qw{0123456789ABCDEF 89ABCDEF76543210} ];
+#   \$CONFIG{'keyid'} = [ qw{0123456789ABCDEF 89ABCDEF76543210} ];
+$Ckeys\$CONFIG{'keyid'} = [ qw{@keys} ];

 
 

-$Ckeys\$CONFIG{'keyid'}       = [ qw{@keys} ];
+# Select this/these keys to sign with
+#\$CONFIG{'local-user'} = [ qw{@keys} ];
+
+# Additionally encrypt messages for these keyids
+#\$CONFIG{'also-encrypt-to'} = [ qw{@keys} ];
+
+# Mail template to use for the encrypted part
+#\$CONFIG{'mail-template'} = << 'EOM';

 EOT
 EOT

+
+       $template .= "#$_" foreach <DATA>;
+       $template .= "#EOM\n";
+       return $template;

 };
 
 sub check_executable($$) {
 };
 
 sub check_executable($$) {


@@ -456,28 +471,9 @@ sub load_config() {
        $CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
        $CONFIG{'mailer-send'} = [] unless defined $CONFIG{'mailer-send'};
        die ("$PROGRAM_NAME: mailer-send is not an array ref in $config.\n") unless (ref $CONFIG{'mailer-send'} eq 'ARRAY');
        $CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
        $CONFIG{'mailer-send'} = [] unless defined $CONFIG{'mailer-send'};
        die ("$PROGRAM_NAME: mailer-send is not an array ref in $config.\n") unless (ref $CONFIG{'mailer-send'} eq 'ARRAY');

-       $CONFIG{'mail-template'} = <<'EOM' unless defined $CONFIG{'mail-template'};
-Hi,
-
-please find attached the user id{(scalar @uids >= 2 ? 's' : '')}.
-{foreach $uid (@uids) {
-    $OUT .= "\t".$uid."\n";
-};} of your key {$key} signed by me.
-
-Note that I did not upload your key to any keyservers.
-If you have multiple user ids, I sent the signature for each user id
-separately to that user id's associated email address. You can import
-the signatures by running each through `gpg --import`.
-
-If you want this new signature to be available to others, please upload
-it yourself. With GnuPG this can be done using
-       gpg --keyserver subkeys.pgp.net --send-key {$key}
-
-If you have any questions, don't hesitate to ask.
-
-Regards,
-{$owner}
-EOM
+       unless (defined $CONFIG{'mail-template'}) {
+               $CONFIG{'mail-template'} .= $_ foreach <DATA>;
+       }

 };
 
 sub make_gpg_fds() {
 };
 
 sub make_gpg_fds() {


@@ -766,7 +762,14 @@ sub send_mail($$$@) {
                $gpg->options->meta_interactive( 0 );
                my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
                $gpg->options->push_recipients( $key_id );
                $gpg->options->meta_interactive( 0 );
                my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
                $gpg->options->push_recipients( $key_id );

-               $gpg->options->push_recipients( $CONFIG{'also-encrypt-to'} ) if defined $CONFIG{'also-encrypt-to'};
+               if (defined $CONFIG{'also-encrypt-to'}) {
+                       if (ref($CONFIG{'also-encrypt-to'})) {
+                               $gpg->options->push_recipients($_)
+                                       foreach @{$CONFIG{'also-encrypt-to'}};
+                       } else {
+                               $gpg->options->push_recipients($CONFIG{'also-encrypt-to'});
+                       }
+               }

                my $pid = $gpg->encrypt(handles => $handles);
                my ($stdout, $stderr, $status) = readwrite_gpg($message, $inputfd, $stdoutfd, $stderrfd, $statusfd);
                waitpid $pid, 0;
                my $pid = $gpg->encrypt(handles => $handles);
                my ($stdout, $stderr, $status) = readwrite_gpg($message, $inputfd, $stdoutfd, $stderrfd, $statusfd);
                waitpid $pid, 0;


@@ -857,8 +860,9 @@ sub delete_signatures($$$$$$) {
 };
 
 
 };
 
 

-
-my $USER;
+###################
+# argument handling
+###################

 my @KEYIDS;
 my $params;
 
 my @KEYIDS;
 my $params;
 


@@ -902,16 +906,6 @@ $CONFIG{'mail'}        = $params->{'mail'}        if defined $params->{'mail'};
 $CONFIG{'no-sign'}     = $params->{'no-sign'}     if defined $params->{'no-sign'};
 push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
 
 $CONFIG{'no-sign'}     = $params->{'no-sign'}     if defined $params->{'no-sign'};
 push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
 

-if ($CONFIG{'local-user'}) {
-       $USER = $CONFIG{'local-user'};
-       $USER =~ s/^0x//i;
-       unless ($USER =~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
-               print STDERR "Local-user $USER is not a keyid.\n";
-               usage(\*STDERR, 1);
-       };
-       $USER = uc($USER);
-};
-

 for my $keyid (@ARGV) {
        $keyid =~ s/^0x//i;
        unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {
 for my $keyid (@ARGV) {
        $keyid =~ s/^0x//i;
        unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {


@@ -1053,20 +1047,41 @@ if ($CONFIG{'ask-sign'} && ! $CONFIG{'no-sign'}) {
 }
        
 unless ($CONFIG{'no-sign'}) {
 }
        
 unless ($CONFIG{'no-sign'}) {

+       my @local_user;
+       if ($CONFIG{'local-user'}) {
+               if (ref($CONFIG{'local-user'})) {
+                       @local_user = @{$CONFIG{'local-user'}};
+               } else {
+                       @local_user = split /\s*,\s*/, $CONFIG{'local-user'};
+               };
+               foreach (@local_user) {
+                       s/^0x//i;
+                       unless (/^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
+                               print STDERR "Local-user $_ is not a keyid.\n";
+                               usage(\*STDERR, 1);
+                       };
+                       $_ = uc($_);
+               };
+       } else {
+               @local_user = (undef);
+       };
+

        info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key");
        for my $keyid (@keyids_ok) {
        info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key");
        for my $keyid (@keyids_ok) {

-               my @command;
-               push @command, $CONFIG{'gpg-sign'};
-               push @command, '--local-user', $USER if (defined $USER);
-               push @command, "--homedir=$GNUPGHOME";
-               push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
-               push @command, '--no-auto-check-trustdb';
-               push @command, '--trust-model=always';
-               push @command, '--edit', $keyid;
-               push @command, 'sign';
-               push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
-               print join(' ', @command),"\n";
-               system (@command);
+               foreach my $local_user (@local_user) {
+                       my @command;
+                       push @command, $CONFIG{'gpg-sign'};
+                       push @command, '--local-user', $local_user if (defined $local_user);
+                       push @command, "--homedir=$GNUPGHOME";
+                       push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
+                       push @command, '--no-auto-check-trustdb';
+                       push @command, '--trust-model=always';
+                       push @command, '--edit', $keyid;
+                       push @command, 'sign';
+                       push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
+                       print join(' ', @command),"\n";
+                       system (@command);
+               };

        };
 };
 
        };
 };
 


@@ -1301,3 +1316,29 @@ for my $keyid (@keyids_ok) {
        };
 
 };
        };
 
 };

+
+###########################
+# the default mail template
+###########################
+
+__DATA__
+Hi,
+
+please find attached the user id{(scalar @uids >= 2 ? 's' : '')}
+{foreach $uid (@uids) {
+    $OUT .= "\t".$uid."\n";
+};}of your key {$key} signed by me.
+
+If you have multiple user ids, I sent the signature for each user id
+separately to that user id's associated email address. You can import
+the signatures by running each through `gpg --import`.
+
+Note that I did not upload your key to any keyservers. If you want this
+new signature to be available to others, please upload it yourself.
+With GnuPG this can be done using
+       gpg --keyserver subkeys.pgp.net --send-key {$key}
+
+If you have any questions, don't hesitate to ask.
+
+Regards,
+{$owner}