X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=caff%2Fcaff;h=a5d4f4a7023355609b800ebe6a92e516b6e14329;hb=029e2686ed6c986965dff8432b0b138b9306b746;hp=362ff95ff17fdc63ed1b7a15af2b07f621db4c00;hpb=b8faf2bc7b76f47e6cc494c81c0225ff1c4e8527;p=pgp-tools.git diff --git a/caff/caff b/caff/caff index 362ff95..a5d4f4a 100755 --- a/caff/caff +++ b/caff/caff @@ -90,6 +90,10 @@ configuration file. Import keys from file. Can be supplied more than once. +=item B<--keys-from-gnupg> I + +Try to import keys from your standard GnuPG keyrings. + =back =head1 FILES @@ -305,7 +309,7 @@ http://pgp-tools.alioth.debian.org/ =head1 SEE ALSO -gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/caffrc.sample. +gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/ =cut @@ -325,8 +329,12 @@ use GnuPG::Interface; my %CONFIG; my $REVISION = '$Rev$'; my ($REVISION_NUMER) = $REVISION =~ /(\d+)/; +$REVISION_NUMER = 'unknown' unless defined $REVISION_NUMER; my $VERSION = "0.0.0.$REVISION_NUMER"; +# Global variables +my @KEYIDS; +my $params; ## # Display an error message on STDERR and then exit. @@ -843,6 +851,7 @@ sub send_mail($$$@) { $message_entity->head->add("Subject", "Your signed PGP key 0x$key_id"); $message_entity->head->add("To", $address); $message_entity->head->add("From", '"'.Encode::encode('MIME-Q', $CONFIG{'owner'}).'" <'.$CONFIG{'email'}.'>'); + $message_entity->head->add("Sender", '"'.Encode::encode('MIME-Q', $CONFIG{'owner'}).'" <'.$CONFIG{'email'}.'>'); $message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined $CONFIG{'reply-to'}; $message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined $CONFIG{'bcc'}; $message_entity->head->add("User-Agent", $USER_AGENT); @@ -906,15 +915,13 @@ sub delete_signatures($$$$$$) { # Check the local user keys. # # This function checks if the keyids defined through the --local-user -# command line option or set in .caffrc are valid and known to be one of the -# keyids listed in ./caffrc. The last check ensure we have those keyids -# available in the caff's gnupghome directory. +# command line option or set in ~/.caffrc are valid and known to be one of the +# keyids listed in ~/.caffrc. # # @return an array containing the local user keys\n -# (undef) if no key has been specified +# (undef) if no valid key has been found # -sub get_local_user_keys() -{ +sub get_local_user_keys() { my @local_user = (); my @key_list; @@ -944,7 +951,7 @@ sub get_local_user_keys() } unless (grep (/$user_key$/, @{$CONFIG{'keyid'}})) { - mywarn "Local-user $user_key is not defined as one of your keyid in ./caffrc (it will not be used)."; + mywarn "Local-user $user_key is not defined as one of your keyid in ~/.caffrc (it will not be used)."; next; } @@ -953,40 +960,130 @@ sub get_local_user_keys() # If no local-user key are valid, there is no need to go further unless (defined $local_user[0]) { - myerror (1, "None of the local-user keys seem to be known as a keyid listed in ./caffrc."); + myerror (1, "None of the local-user keys seem to be known as a keyid listed in ~/.caffrc."); } return @local_user; } +## +# Import a key from the user gnupghome into a specified gnupghome. +# +# @param asciikey ascii format of the gpg key to import +# @param dst_gnupghome gnupghome directory where to import the key +# +# @return 0 if successful\n +# 1 if the key could not be exported.\n +# 2 if the key could not be imported. +# +sub import_key_from_user_gnupghome($$) { + my $err; + my ($asciikey, $dst_gpghome) = @_; + + trace("Exporting key $asciikey from your normal GnuPGHOME."); + my $key = export_key(undef, $asciikey); + if (defined $key && $key ne '') { + trace("Importing key $asciikey into $GNUPGHOME."); + if (import_key($GNUPGHOME, $key)) { + $err = 0; + } else { + warn("Could not import $asciikey into caff's gnupghome."); + $err = 2; + } + } else { + $err = 1; + } + + return $err; +} + +## +# Import a key file into a specified gnupghome. +# +# @param keyfile file containing the keys to import +# @param dst_gnupghome gnupghome directory where to import the key +# +# @return 0 if successful\n +# 1 if an error occured. +# +sub import_key_files($$) { + my $err; + my ($keyfile, $dst_gpghome) = @_; + + my $gpg = GnuPG::Interface->new(); + $gpg->call( $CONFIG{'gpg'} ); + $gpg->options->hash_init( + 'homedir' => $dst_gpghome, + 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always } ] ); + $gpg->options->meta_interactive( 0 ); + my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); + my $pid = $gpg->import_keys(handles => $handles, command_args => $keyfile); + my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); + info("Importing keys from file $keyfile"); + waitpid $pid, 0; + + if ($status !~ /^\[GNUPG:\] IMPORT_OK/m) { + warn $stderr; + $err = 1; + } else { + $err = 0; + } + + return $err; +} + +## +# Import keys to be signed into caff gnupghome directory. +# +# This function imports the keys the user wants to sign into the caff gnupghome +# directory. We looks for the keys in the the user gnupghome directory first, +# and in the key files specified by the user if not all of the keys have been +# found. +# +sub import_keys_to_sign() { + # Check if we can find the gpg key from our normal gnupghome, and then + # try to import it into our working gnupghome directory + if ($CONFIG{'keys-from-gnupg'}) { + foreach my $keyid (@KEYIDS) { + if (!import_key_from_user_gnupghome($keyid, $GNUPGHOME)) { + info("Key $keyid imported from your normal GnuPGHOME."); + } + } + }; + + # Import user specified key files + foreach my $keyfile (@{$CONFIG{'key-files'}}) { + import_key_files($keyfile, $GNUPGHOME); + } + + return 0; +} ################### # argument handling ################### -my @KEYIDS; -my $params; - Getopt::Long::config('bundling'); if (!GetOptions ( - '-h' => \$params->{'help'}, - '--help' => \$params->{'help'}, - '--version' => \$params->{'version'}, - '-V' => \$params->{'version'}, - '-u=s' => \$params->{'local-user'}, - '--local-user=s' => \$params->{'local-user'}, - '-e' => \$params->{'export-old'}, - '--export-old' => \$params->{'export-old'}, - '-E' => \$params->{'no-export-old'}, - '--no-export-old' => \$params->{'no-export-old'}, + '-h' => \$params->{'help'}, + '--help' => \$params->{'help'}, + '--version' => \$params->{'version'}, + '-V' => \$params->{'version'}, + '-u=s' => \$params->{'local-user'}, + '--local-user=s' => \$params->{'local-user'}, + '-e' => \$params->{'export-old'}, + '--export-old' => \$params->{'export-old'}, + '-E' => \$params->{'no-export-old'}, + '--no-export-old' => \$params->{'no-export-old'}, '-m:s' => \$params->{'mail'}, '--mail:s' => \$params->{'mail'}, - '-M' => \$params->{'no-mail'}, - '--no-mail' => \$params->{'no-mail'}, - '-R' => \$params->{'no-download'}, - '--no-download' => \$params->{'no-download'}, - '-S' => \$params->{'no-sign'}, - '--no-sign' => \$params->{'no-sign'}, - '--key-file=s@' => \$params->{'key-files'}, + '-M' => \$params->{'no-mail'}, + '--no-mail' => \$params->{'no-mail'}, + '-R' => \$params->{'no-download'}, + '--no-download' => \$params->{'no-download'}, + '-S' => \$params->{'no-sign'}, + '--no-sign' => \$params->{'no-sign'}, + '--key-file=s@' => \$params->{'key-files'}, + '--keys-from-gnupg' => \$params->{'keys-from-gnupg'}, )) { usage(\*STDERR, 1); }; @@ -1006,6 +1103,8 @@ $CONFIG{'no-sign'} = $params->{'no-sign'} if defined $params->{'no-sign' $CONFIG{'no-mail'} = $params->{'no-mail'} if defined $params->{'no-mail'}; $CONFIG{'mail'} = $params->{'mail'} if defined $params->{'mail'}; +$CONFIG{'keys-from-gnupg'} = $params->{'keys-from-gnupg'} if defined $params->{'keys-from-gnupg'}; + # If old 'no-mail' parameter, or if the 'mail' parameter is set to 'no' if ( defined $CONFIG{'no-mail'} || ( defined $CONFIG{'mail'} && $CONFIG{'mail'} eq 'no' ) ) { @@ -1035,36 +1134,13 @@ for my $keyid (map { split /\n/ } @ARGV) { # caff "`cat txt`" is a single argume # import own keys ################# for my $keyid (@{$CONFIG{'keyid'}}) { - info("Importing key $keyid from your normal GnuPGHome."); - my $key = export_key(undef, $keyid); - if (!defined $key || $key eq '') { - warn ("Did not get key $keyid from your normal GnuPGHome\n"); - next; - }; - my $result = import_key($GNUPGHOME, $key); - unless ($result) { - warn ("Could not import $keyid into caff's gnupghome.\n"); - next; - }; + info("Importing key $keyid from your normal GnuPGHome."); + if (import_key_from_user_gnupghome($keyid, $GNUPGHOME)) { + mywarn("Key $keyid not found."); + } } -######################## -# import keys from files -######################## -foreach my $keyfile (@{$CONFIG{'key-files'}}) { - my $gpg = GnuPG::Interface->new(); - $gpg->call( $CONFIG{'gpg'} ); - $gpg->options->hash_init('homedir' => $GNUPGHOME); - $gpg->options->meta_interactive( 0 ); - my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); - my $pid = $gpg->import_keys(handles => $handles, command_args => $keyfile); - my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); - info ("Importing keys from $keyfile"); - waitpid $pid, 0; - if ($status !~ /^\[GNUPG:\] IMPORT_OK/m) { - warn $stderr; - } -} +&import_keys_to_sign(); ############################# # receive keys from keyserver @@ -1142,9 +1218,8 @@ if ($CONFIG{'ask-sign'} && ! $CONFIG{'no-sign'}) { $CONFIG{'no-sign'} = ! ask("Continue with signing?", 1); } -unless ($CONFIG{'no-sign'}) -{ - my @local_user = &get_local_user_keys(); +unless ($CONFIG{'no-sign'}) { + my @local_user = get_local_user_keys(); info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key"); for my $keyid (@keyids_ok) {