@#$T%GQt89v4h~! v3 keys

[pgp-tools.git] / caff / caff

diff --git a/caff/caff b/caff/caff
index 02569f5d6e8ec01d6bfc119f0950c9f2bc4a7512..73152a434ddee2a53863551e7435acd3f9b5570e 100755 (executable)
--- a/caff/caff
+++ b/caff/caff
@@ -97,11 +97,20 @@ Import keys from file. Can be supplied more than once.
 
 =item $HOME/.caffrc  -  configuration file
 
+=item $HOME/.caff/keys/yyyy-mm-dd/  -  processed keys
+
+=item $HOME/.caff/gnupghome/  -  caff's working dir for gpg
+
+=item $HOME/.caff/gnupghome/gpg.conf  -  gpg configuration
+
+useful options include use-agent, default-cert-level, etc.
+
 =back
 
 =head1 CONFIGURATION FILE OPTIONS
 
 The configuration file is a perl script that sets values in the hash B<%CONFIG>.
+The file is generated when it does not exist.
 
 Example:
 
@@ -226,6 +235,10 @@ The UIDs for which signatures are included in the mail.
 
 =back
 
+=item B<reply-to> [string]
+
+Add a Reply-To: header to messages sent. Default: none.
+
 =item B<bcc> [string]
 
 Address to send blind carbon copies to when sending mail.
@@ -247,6 +260,10 @@ Default: none.
 
 http://pgp-tools.alioth.debian.org/
 
+=head1 SEE ALSO
+
+gpg(1), pgp-clean(1), /usr/share/doc/signing-party/examples/caffrc.sample.
+
 =cut
 
 use strict;
@@ -266,9 +283,62 @@ my $REVISION = '$Rev$';
 my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
 my $VERSION = "0.0.0.$REVISION_NUMER";
 
+sub generate_config() {
+       die "Error: \$LOGNAME is not set.\n" unless $ENV{LOGNAME};
+       my $gecos = (getpwnam($ENV{LOGNAME}))[6];
+       $gecos =~ s/,.*//;
+
+       my $gpg = GnuPG::Interface->new();
+       $gpg->call( 'gpg' );
+       $gpg->options->hash_init(
+               'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
+       $gpg->options->meta_interactive( 0 );
+       my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+       my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]);
+       my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+       waitpid $pid, 0;
+
+       if ($stdout eq '') {
+               warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
+       };
+
+       my @keys;
+       unless (@keys = ($stdout =~ /^pub:[^r:]*:(?:[^:]*:){2,2}([^:]+):/mg)) {
+               die "Error: No keys were found using \"gpg --list-public-keys '$gecos'\".\n";
+       }
+       unless ($stdout =~ /^uid:.*<(.+@.+)>.*:/m) {
+               die "Error: No email address was found using \"gpg --list-public-keys '$gecos'\".\n";
+       }
+       my $email = $1;
+
+       return <<EOT;
+# .caffrc -- vim:syntax=perl:
+# This file is in perl(1) format - see caff(1) for details.
+
+\$CONFIG{'owner'}       = '$gecos';
+\$CONFIG{'email'}       = '$email';
+
+# you can get your long keyid from
+#   gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
+#
+# if you have a v4 key, it will simply be the last 16 digits of
+# your fingerprint.
+
+\$CONFIG{'keyid'}       = [ qw{@keys} ];
+EOT
+};
+
 sub load_config() {
        my $config = $ENV{'HOME'} . '/.caffrc';
-       -f $config or die "No file $config present.  See caff(1).\n";
+       unless (-f $config) {
+               print "No configfile $config present, I will use this template:\n";
+               my $template = generate_config();
+               print "$template\nPress enter to continue.";
+               <STDIN>;
+               open F, ">$config" or die "$config: $!";
+               print F $template;
+               close F;
+       }
        unless (scalar eval `cat $config`) {
                die "Couldn't parse $config: $EVAL_ERROR\n" if $EVAL_ERROR;
        };
@@ -652,6 +722,7 @@ sub send_mail($$$@) {
        $message_entity->head->add("Subject", "Your signed PGP key 0x$key_id");
        $message_entity->head->add("To", $address);
        $message_entity->head->add("From", '"'.$CONFIG{'owner'}.'" <'.$CONFIG{'email'}.'>');
+       $message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined $CONFIG{'reply-to'};
        $message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined $CONFIG{'bcc'};
        $message_entity->head->add("User-Agent", $USER_AGENT);
        $message_entity->send();
@@ -856,6 +927,7 @@ if ($CONFIG{'no-download'}) {
 # [GNUPG:] NODATA 1
 # [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039
        my %local_keyids = map { $_ => 1 } @KEYIDS;
+       my $had_v3_keys = 0;
        for my $line (split /\n/, $status) {
                if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{40})/) {
                        my $imported_key = $1;
@@ -874,12 +946,16 @@ if ($CONFIG{'no-download'}) {
                        delete $local_keyids{$speced_key};
                        unshift @keyids_ok, $imported_key;
                } elsif ($line =~ /^\[GNUPG:\] (NODATA|IMPORT_RES|IMPORTED) /) {
+               } elsif ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{32})/) {
+                       my $imported_key = $1;
+                       notice ("Imported key $1 is a version 3 key.  Version 3 keys are obsolete, should not be used, and are not and will not be properly supported.");
+                       $had_v3_keys = 1;
                } else {
                        notice ("got unknown reply from gpg: $line");
                }
        };
        if (scalar %local_keyids) {
-               notice ("Import failed for: ". (join ' ', keys %local_keyids).".");
+               notice ("Import failed for: ". (join ' ', keys %local_keyids)."." . ($had_v3_keys ? " (Or maybe it's one of those ugly v3 keys?)" :  ""));
                exit 1 unless ask ("Some keys could not be imported - continue anyway?", 0);
        }
 };