X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=caff%2Fcaff;h=97b0aa25ff7d7645aa98854f569a7f0e7ff77add;hb=4f39d2986ad5bab806830f2aed115fc2acfde33f;hp=5c75332df26fe58e66189c534f362dc08f1620da;hpb=271b3606c951690b5f1bf0c85ac9de8a572fe472;p=pgp-tools.git

diff --git a/caff/caff b/caff/caff
index 5c75332..97b0aa2 100755
--- a/caff/caff
+++ b/caff/caff
@@ -85,6 +85,10 @@ Do not sign the keys.
 
 Select the key that is used for signing, in case you have more than one key.
 
+=item B<--key-file> I<file>
+
+Import keys from file. Can be supplied more than once.
+
 =back
 
 =head1 FILES
@@ -93,11 +97,20 @@ Select the key that is used for signing, in case you have more than one key.
 
 =item $HOME/.caffrc  -  configuration file
 
+=item $HOME/.caff/keys/yyyy-mm-dd/  -  processed keys
+
+=item $HOME/.caff/gnupghome/  -  caff's working dir for gpg
+
+=item $HOME/.caff/gnupghome/gpg.conf  -  gpg configuration
+
+useful options include use-agent, default-cert-level, etc.
+
 =back
 
 =head1 CONFIGURATION FILE OPTIONS
 
 The configuration file is a perl script that sets values in the hash B<%CONFIG>.
+The file is generated when it does not exist.
 
 Example:
 
@@ -169,6 +182,10 @@ Keyserver to download keys from.  Default: B<subkeys.pgp.net>.
 If true, then skip the step of fetching keys from the keyserver.
 Default: B<0>.
 
+=item B<key-files> [list of files]
+
+A list of files containing keys to be imported.
+
 =head2 Signing settings
 
 =item B<no-sign> [boolean]
@@ -218,6 +235,10 @@ The UIDs for which signatures are included in the mail.
 
 =back
 
+=item B<reply-to> [string]
+
+Add a Reply-To: header to messages sent. Default: none.
+
 =item B<bcc> [string]
 
 Address to send blind carbon copies to when sending mail.
@@ -239,6 +260,10 @@ Default: none.
 
 http://pgp-tools.alioth.debian.org/
 
+=head1 SEE ALSO
+
+gpg(1), pgp-clean(1), /usr/share/doc/signing-party/examples/caffrc.sample.
+
 =cut
 
 use strict;
@@ -258,9 +283,62 @@ my $REVISION = '$Rev$';
 my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
 my $VERSION = "0.0.0.$REVISION_NUMER";
 
+sub generate_config() {
+	die "Error: \$LOGNAME is not set.\n" unless $ENV{LOGNAME};
+	my $gecos = (getpwnam($ENV{LOGNAME}))[6];
+	$gecos =~ s/,.*//;
+
+	my $gpg = GnuPG::Interface->new();
+	$gpg->call( 'gpg' );
+	$gpg->options->hash_init(
+		'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
+	$gpg->options->meta_interactive( 0 );
+	my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+	my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]);
+	my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+	waitpid $pid, 0;
+
+	if ($stdout eq '') {
+		warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
+	};
+
+	my @keys;
+	unless (@keys = ($stdout =~ /^pub:[^r:]*:(?:[^:]*:){2,2}([^:]+):/mg)) {
+		die "Error: No keys were found using \"gpg --list-public-keys '$gecos'\".\n";
+	}
+	unless ($stdout =~ /^uid:.*<(.+@.+)>.*:/m) {
+		die "Error: No email address was found using \"gpg --list-public-keys '$gecos'\".\n";
+	}
+	my $email = $1;
+
+	return <<EOT;
+# .caffrc -- vim:syntax=perl:
+# This file is in perl(1) format - see caff(1) for details.
+
+\$CONFIG{'owner'}       = '$gecos';
+\$CONFIG{'email'}       = '$email';
+
+# you can get your long keyid from
+#   gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
+#
+# if you have a v4 key, it will simply be the last 16 digits of
+# your fingerprint.
+
+\$CONFIG{'keyid'}       = [ qw{@keys} ];
+EOT
+};
+
 sub load_config() {
 	my $config = $ENV{'HOME'} . '/.caffrc';
-	-f $config or die "No file $config present.  See caff(1).\n";
+	unless (-f $config) {
+		print "No configfile $config present, I will use this template:\n";
+		my $template = generate_config();
+		print "$template\nPlease edit $config and run caff again.\n";
+		open F, ">$config" or die "$config: $!";
+		print F $template;
+		close F;
+		exit(1);
+	}
 	unless (scalar eval `cat $config`) {
 		die "Couldn't parse $config: $EVAL_ERROR\n" if $EVAL_ERROR;
 	};
@@ -282,6 +360,7 @@ sub load_config() {
 	$CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
 	$CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
 	$CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
+	$CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
 	$CONFIG{'mail-template'} = <<'EOM' unless defined $CONFIG{'mail-template'};
 Hi,
 
@@ -439,8 +518,9 @@ sub readwrite_gpg($$$$$%) {
 sub ask($$;$$) {
 	my ($question, $default, $forceyes, $forceno) = @_;
 	my $answer;
+	my $yn = $default ? '[Y/n]' : '[y/N]';
 	while (1) {
-		print $question,' ',($default ? '[Y/n]' : '[y/N]'), ' ';
+		print $question,' ',$yn, ' ';
 		if ($forceyes && $forceno) {
 			print "$default (from config/command line)\n";
 			return $default;
@@ -455,9 +535,17 @@ sub ask($$;$$) {
 		};
 
 		$answer = <STDIN>;
+		if (!defined $answer) {
+			$OUTPUT_AUTOFLUSH = 1;
+			die "\n\n".
+			    "End of STDIN reached.  Are you using xargs?  Caff wants to read from STDIN,\n".
+			    "so you can't really use it with xargs.  A patch against caff to read from\n".
+			    "the terminal would be appreciated.\n".
+			    "For now instead of   cat keys | xargs caff  do  caff `cat keys`\n";
+		};
 		chomp $answer;
-		last if ((defined $answer) && (length $answer <= 1));
-		print "grrrrrr.\n";
+		last if ((length $answer == 0) || ($answer =~ m/^[yYnN]$/) );
+		print "What about $yn is so hard to understand?\nAnswer with either 'n' or 'y' or just press enter for the default.\n";
 		sleep 1;
 	};
 	my $result = $default;
@@ -634,6 +722,7 @@ sub send_mail($$$@) {
 	$message_entity->head->add("Subject", "Your signed PGP key 0x$key_id");
 	$message_entity->head->add("To", $address);
 	$message_entity->head->add("From", '"'.$CONFIG{'owner'}.'" <'.$CONFIG{'email'}.'>');
+	$message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined $CONFIG{'reply-to'};
 	$message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined $CONFIG{'bcc'};
 	$message_entity->head->add("User-Agent", $USER_AGENT);
 	$message_entity->send();
@@ -717,6 +806,7 @@ if (!GetOptions (
 	'--no-download'   =>  \$params->{'no-download'},
 	'-S'              =>  \$params->{'no-sign'},
 	'--no-sign'       =>  \$params->{'no-sign'},
+	'--key-file=s@'   =>  \$params->{'key-files'},
 	)) {
 	usage(\*STDERR, 1);
 };
@@ -758,6 +848,7 @@ $CONFIG{'no-download'} = $params->{'no-download'} if defined $params->{'no-downl
 $CONFIG{'no-mail'}     = $params->{'no-mail'}     if defined $params->{'no-mail'};
 $CONFIG{'mail'}        = $params->{'mail'}        if defined $params->{'mail'};
 $CONFIG{'no-sign'}     = $params->{'no-sign'}     if defined $params->{'no-sign'};
+push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
 
 
 #################
@@ -793,6 +884,24 @@ for my $keyid (@{$CONFIG{'keyid'}}) {
 	}
 }
 
+########################
+# import keys from files
+########################
+foreach my $keyfile (@{$CONFIG{'key-files'}}) {
+    my $gpg = GnuPG::Interface->new();
+    $gpg->call( $CONFIG{'gpg'} );
+    $gpg->options->hash_init('homedir' => $GNUPGHOME);
+    $gpg->options->meta_interactive( 0 );
+    my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+    my $pid = $gpg->import_keys(handles => $handles, command_args => $keyfile);
+    my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+    info ("Importing keys from $keyfile");
+    waitpid $pid, 0;
+    if ($status !~ /^\[GNUPG:\] IMPORT_OK/m) {
+	warn $stderr;
+    }
+}
+
 #############################
 # receive keys from keyserver
 #############################
@@ -818,6 +927,7 @@ if ($CONFIG{'no-download'}) {
 # [GNUPG:] NODATA 1
 # [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039
 	my %local_keyids = map { $_ => 1 } @KEYIDS;
+	my $had_v3_keys = 0;
 	for my $line (split /\n/, $status) {
 		if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{40})/) {
 			my $imported_key = $1;
@@ -836,12 +946,16 @@ if ($CONFIG{'no-download'}) {
 			delete $local_keyids{$speced_key};
 			unshift @keyids_ok, $imported_key;
 		} elsif ($line =~ /^\[GNUPG:\] (NODATA|IMPORT_RES|IMPORTED) /) {
+		} elsif ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{32})/) {
+			my $imported_key = $1;
+			notice ("Imported key $1 is a version 3 key.  Version 3 keys are obsolete, should not be used, and are not and will not be properly supported.");
+			$had_v3_keys = 1;
 		} else {
 			notice ("got unknown reply from gpg: $line");
 		}
 	};
 	if (scalar %local_keyids) {
-		notice ("Import failed for: ". (join ' ', keys %local_keyids).".");
+		notice ("Import failed for: ". (join ' ', keys %local_keyids)."." . ($had_v3_keys ? " (Or maybe it's one of those ugly v3 keys?)" :  ""));
 		exit 1 unless ask ("Some keys could not be imported - continue anyway?", 0);
 	}
 };