X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=caff%2Fcaff;h=b7d19d71aff159d9fad76ec710a4f683ef0e3dff;hb=de54917e506a6b5ce6dd4748890a19ccb0f29d0e;hp=a4ed5983cca2360814dbd4994cca88d5aa168d60;hpb=3b1316734ed5afd5e0b9350c19ded252a732a467;p=pgp-tools.git

diff --git a/caff/caff b/caff/caff
index a4ed598..b7d19d7 100755
--- a/caff/caff
+++ b/caff/caff
@@ -118,7 +118,7 @@ Path to the GnuPG binary.  Default: B<gpg>.
 Path to the GnuPG binary which is used to sign keys.  Default: what
 B<gpg> is set to.
 
-=item B<gpg-sdelsig> [string]
+=item B<gpg-delsig> [string]
 
 Path to the GnuPG binary which is used to split off signatures.  This is
 needed while the upstream GnuPG is not fixed  (there are 2 bugs in the
@@ -128,6 +128,19 @@ Debian Bug Tracking System).  Default: what B<gpg> is set to.
 
 Path to your secret keyring.  Default: B<$HOME/.gnupg/secring.gpg>.
 
+=item B<also-encrypt-to> [keyid]
+
+An additional keyid to encrypt messages to. Default: none.
+
+=item B<no-download> [boolean]
+
+If true, then skip the step of fetching keys from the keyserver.
+Default: B<0>.
+
+=item B<no-sign> [boolean]
+
+If true, then skip the signing step. Default: B<0>.
+
 =back
 
 =head1 AUTHOR
@@ -173,6 +186,8 @@ sub load_config() {
 	$CONFIG{'gpg-sign'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-sign'};
 	$CONFIG{'gpg-delsig'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-delsig'};
 	$CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
+	$CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
+	$CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
 };
 
 sub notice($) {
@@ -232,21 +247,31 @@ sub readwrite_gpg($$$$$%) {
 
 	my ($stdout, $stderr, $status) = ("", "", "");
 	my $exitwhenstatusmatches = $options{'exitwhenstatusmatches'};
-	trace("doign stuff until we find $exitwhenstatusmatches") if defined $exitwhenstatusmatches;
+	trace("doing stuff until we find $exitwhenstatusmatches") if defined $exitwhenstatusmatches;
 
+	my $readwrote_stuff_this_time = 0;
+	my $do_not_wait_on_select = 0;
 	my ($readyr, $readyw, $written);
 	while ($sout->count() > 0 || (defined($sin) && ($sin->count() > 0))) {
 		if (defined $exitwhenstatusmatches) {
 			if ($status =~ /$exitwhenstatusmatches/m) {
 				trace("readwrite_gpg found match on $exitwhenstatusmatches");
-				last;
+				if ($readwrote_stuff_this_time) {
+					trace("read/write some more\n");
+					$do_not_wait_on_select = 1;
+				} else {
+					trace("that's it in our while loop.\n");
+					last;
+				}
 			};
 		};
 
+		$readwrote_stuff_this_time = 0;
 		trace("select waiting for ".($sout->count())." fds.");
-		($readyr, $readyw, undef) = IO::Select::select($sout, $sin, undef, 1);
+		($readyr, $readyw, undef) = IO::Select::select($sout, $sin, undef, $do_not_wait_on_select ? 0 : 1);
 		trace("ready: write: ".(defined $readyw ? scalar @$readyw : 0 )."; read: ".(defined $readyr ? scalar @$readyr : 0));
 		for my $wfd (@$readyw) {
+			$readwrote_stuff_this_time = 1;
 			if (length($in) != $offset) {
 				trace("writing to $wfd.");
 				$written = $wfd->syswrite($in, length($in) - $offset, $offset);
@@ -266,6 +291,7 @@ sub readwrite_gpg($$$$$%) {
 		next unless (defined(@$readyr)); # Wait some more.
 
 		for my $rfd (@$readyr) {
+			$readwrote_stuff_this_time = 1;
 			if ($rfd->eof) {
 				trace("reading from $rfd done.");
 				$sout->remove($rfd);
@@ -475,49 +501,57 @@ for my $keyid (@ARGV) {
 };
 
 
+
 #############################
 # receive keys from keyserver
 #############################
-my $gpg = GnuPG::Interface->new();
-$gpg->call( $CONFIG{'gpg'} );
-$gpg->options->hash_init(
-	'homedir' => $GNUPGHOME,
-	'extra_args' => '--keyserver='.$CONFIG{'keyserver'} );
-$gpg->options->meta_interactive( 0 );
-my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
-my $pid = $gpg->recv_keys(handles => $handles, command_args => [ @KEYIDS ]);
-my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
-waitpid $pid, 0;
-
 my @keyids_ok;
 my @keyids_failed;
+if ($CONFIG{'no-download'}) {
+	@keyids_ok = @KEYIDS;
+} else {
+	my $gpg = GnuPG::Interface->new();
+	$gpg->call( $CONFIG{'gpg'} );
+	$gpg->options->hash_init(
+		'homedir' => $GNUPGHOME,
+		'extra_args' => '--keyserver='.$CONFIG{'keyserver'} );
+	$gpg->options->meta_interactive( 0 );
+	my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+	
+	my $pid = $gpg->recv_keys(handles => $handles, command_args => [ @KEYIDS ]);
+	my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+	waitpid $pid, 0;
+
 # [GNUPG:] IMPORT_OK 0 5B00C96D5D54AEE1206BAF84DE7AAF6E94C09C7F
 # [GNUPG:] NODATA 1
 # [GNUPG:] NODATA 1
 # [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039
-for my $line (split /\n/, $status) {
-	if ($line =~ /^\[GNUPG:\] IMPORT_OK/) {
-		push @keyids_ok, shift @KEYIDS;
-	} elsif ($line =~ /^\[GNUPG:\] NODATA/) {
-		push @keyids_failed, shift @KEYIDS;
-	};
-}
-die ("Still keys in \@KEYIDS.  This should not happen.") if scalar @KEYIDS;
-notice ("Import failed for: ". (join ' ', @keyids_failed).".") if scalar @keyids_failed;
+	for my $line (split /\n/, $status) {
+		if ($line =~ /^\[GNUPG:\] IMPORT_OK/) {
+			push @keyids_ok, shift @KEYIDS;
+		} elsif ($line =~ /^\[GNUPG:\] NODATA/) {
+			push @keyids_failed, shift @KEYIDS;
+		};
+	}
+	die ("Still keys in \@KEYIDS.  This should not happen.") if scalar @KEYIDS;
+	notice ("Import failed for: ". (join ' ', @keyids_failed).".") if scalar @keyids_failed;
+};
 
 ###########
 # sign keys
 ###########
-info("Sign the following keys according to your policy...");
-for my $keyid (@keyids_ok) {
-	my @command;
-	push @command, $CONFIG{'gpg-sign'};
-	push @command, '--local-user', $USER if (defined $USER);
-	push @command, "--homedir=$GNUPGHOME";
-	push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
-	push @command, '--sign-key', $keyid;
-	print join(' ', @command),"\n";
-	system (@command);
+unless ($CONFIG{'no-sign'}) {
+	info("Sign the following keys according to your policy...");
+	for my $keyid (@keyids_ok) {
+		my @command;
+		push @command, $CONFIG{'gpg-sign'};
+		push @command, '--local-user', $USER if (defined $USER);
+		push @command, "--homedir=$GNUPGHOME";
+		push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
+		push @command, '--sign-key', $keyid;
+		print join(' ', @command),"\n";
+		system (@command);
+	};
 };
 
 ##################
@@ -527,14 +561,14 @@ KEYS:
 for my $keyid (@keyids_ok) {
 	# get key listing
 	#################
-	$gpg = GnuPG::Interface->new();
+	my $gpg = GnuPG::Interface->new();
 	$gpg->call( $CONFIG{'gpg'} );
 	$gpg->options->hash_init( 'homedir' => $GNUPGHOME );
 	$gpg->options->meta_interactive( 0 );
-	($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+	my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
 	$gpg->options->hash_init( 'extra_args' => [ '--with-colons', '--fixed-list-mode' ] );
-	$pid = $gpg->list_public_keys(handles => $handles, command_args => [ $keyid ]);
-	($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+	my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $keyid ]);
+	my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
 	waitpid $pid, 0;
 	if ($stdout eq '') {
 		warn ("No data from gpg for list-key $keyid\n");
@@ -562,7 +596,7 @@ for my $keyid (@keyids_ok) {
 	while (1) {
 		my $this_uid_text = '';
 		$uid_number++;
-		info("Doing key $keyid, uid $uid_number");
+		debug("Doing key $keyid, uid $uid_number");
 
 		# import into temporary gpghome
 		###############################
@@ -631,6 +665,7 @@ for my $keyid (@keyids_ok) {
 			next;
 		};
 		unless ($have_one) {
+			debug("Uid ".($uid_number-1)." was the last, there is no $uid_number.");
 			info("key $keyid done.");
 			last;
 		};
@@ -660,18 +695,26 @@ for my $keyid (@keyids_ok) {
 		while($status =~ /$KEYEDIT_DELSIG_PROMPT/m) {
 			# sig:?::17:EA2199412477CAF8:1058095214:::::13x:
 			my @sigline = grep { /^sig/ } (split /\n/, $stdout);
+			$stdout =~ s/\n/\\n/g;
+			notice("[sigremoval] why are there ".(scalar @sigline)." siglines in that part of the dialog!? got: $stdout") if scalar @sigline >= 2; # XXX
 			my $line = pop @sigline;
 			my $answer = "no";
 			if (defined $line) { # only if we found a sig here - we never remove revocation packets for instance
+				debug("[sigremoval] doing line $line.");
 				my ($dummy1, $dummy2, $dummy3, $dummy4, $signer, $created, $dummy7, $dummy8, $dummy9) = split /:/, $line;
 				if ($signer eq $longkeyid) {
+					debug("[sigremoval] selfsig ($signer).");
 					$answer = "no";
 				} elsif (grep { $signer eq $_ } @{$CONFIG{'keyid'}}) {
+					debug("[sigremoval] signed by us ($signer).");
 					$answer = "no";
 					$signed_by_me = $signed_by_me > $created ? $signed_by_me : $created;
 				} else {
+					debug("[sigremoval] not interested in that sig ($signer).");
 					$answer = "yes";
 				};
+			} else {
+				debug("[sigremoval] no sig line here, only got: ".$stdout);
 			};
 			($stdout, $stderr, $status) =
 				readwrite_gpg($answer."\n", $inputfd, $stdoutfd, $stderrfd, $statusfd, exitwhenstatusmatches => $KEYEDIT_KEYEDIT_OR_DELSIG_PROMPT, nocloseinput => 1);