From 8f1e7567d62681751931472492f74e8f48d37f3c Mon Sep 17 00:00:00 2001 From: myon-guest Date: Sat, 21 May 2005 21:10:48 +0000 Subject: [PATCH] * Import own public keys automatically in caff * "Fixed" quotes in the caff manpage * Use generic names in the sample caffrc * Wrote pgp-clean manpage * pgp-clean strips 0x prefix from key ids git-svn-id: svn://svn.debian.org/pgp-tools/trunk@41 b513b33f-fedd-0310-b452-c3deb5f4c849 --- caff/README | 13 ------ caff/TODO | 2 +- caff/caff | 37 +++++++++++++++-- caff/caffrc.sample | 4 +- caff/pgp-clean | 98 +++++++--------------------------------------- 5 files changed, 52 insertions(+), 102 deletions(-) diff --git a/caff/README b/caff/README index 8bd828b..95898d0 100644 --- a/caff/README +++ b/caff/README @@ -40,19 +40,6 @@ INSTALLATION NOTES After creating a ~/.caffrc from the template, caff almost works out of the box. -It has a problem, though: your personal public key is not imported in the caff -working keyring. Do fix it, do this: - -Considering you have this: - - $CONFIG{'caffhome'} = $ENV{'HOME'}.'.caff'; - -Do: - - gpg --export | gpg --import --homedir ~/.caff/gnupghome - -This is a workaround for a bug which is already noted in the TODO list. - -- Peter $Id$ diff --git a/caff/TODO b/caff/TODO index e80db86..05d4318 100644 --- a/caff/TODO +++ b/caff/TODO @@ -6,5 +6,5 @@ Legend: D Deferred X Abandoned -- need to import own keys (including public) into our gnupghome +o need to import own keys (including public) into our gnupghome (else it complains about not finding the public key for the used secret key) diff --git a/caff/caff b/caff/caff index 06fc62d..78f7290 100755 --- a/caff/caff +++ b/caff/caff @@ -75,8 +75,9 @@ The configuration file is a perl script that sets values in the hash B<%CONFIG>. Example: - $CONFIG{'owner'} = 'Peter Palfrader'; - $CONFIG{'email'} = 'peter@palfrader.org'; + $CONFIG{owner} = q{Peter Palfrader}; + $CONFIG{email} = q{peter@palfrader.org}; + $CONFIG{keyid} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ]; =head2 Valid keys @@ -147,6 +148,10 @@ If true, then skip the signing step. Default: B<0>. Peter Palfrader +=head1 WEBSITE + +http://pgp-tools.alioth.debian.org/ + =cut use strict; @@ -166,7 +171,7 @@ my $VERSION = "0.0.0.$REVISION_NUMER"; sub load_config() { my $config = $ENV{'HOME'} . '/.caffrc'; - -f $config or die "No file $config present. See caffrc(5).\n"; + -f $config or die "No file $config present. See caff(1).\n"; unless (scalar eval `cat $config`) { die "Couldn't parse $config: $EVAL_ERROR\n" if $EVAL_ERROR; }; @@ -502,6 +507,32 @@ for my $keyid (@ARGV) { +################# +# import own keys +################# + my $gpg = GnuPG::Interface->new(); + $gpg->call( $CONFIG{'gpg'} ); + $gpg->options->hash_init( + 'homedir' => $GNUPGHOME, + 'extra_args' => '--keyserver='.$CONFIG{'keyserver'} ); + $gpg->options->meta_interactive( 0 ); + my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); + $gpg->options->hash_init( 'extra_args' => [ '--with-colons', '--fixed-list-mode' ] ); + my $pid = $gpg->list_public_keys(handles => $handles, command_args => $CONFIG{'keyid'}); + my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); + waitpid $pid, 0; + if ($stdout eq '') { + warn ("No data from gpg for list-key\n"); + next; + }; + print $stdout; + foreach my $keyid (@{$CONFIG{'keyid'}}) { + unless ($stdout =~ /^pub:(?:[^:]*:){3,3}$keyid:/m) { + info("Importing $keyid"); + system "gpg --export $keyid | gpg --import --homedir $GNUPGHOME"; + } + } + ############################# # receive keys from keyserver ############################# diff --git a/caff/caffrc.sample b/caff/caffrc.sample index b16f3a7..4e1b594 100644 --- a/caff/caffrc.sample +++ b/caff/caffrc.sample @@ -2,8 +2,8 @@ # $Id$ -$CONFIG{'owner'} = 'Peter Palfrader'; -$CONFIG{'email'} = 'peter@palfrader.org'; +$CONFIG{'owner'} = 'John Doe'; +$CONFIG{'email'} = 'user@example.com'; # you can get your long keyid from # gpg --with-colons --list-key diff --git a/caff/pgp-clean b/caff/pgp-clean index 799a42a..71022c5 100755 --- a/caff/pgp-clean +++ b/caff/pgp-clean @@ -33,31 +33,30 @@ =head1 NAME -caff -- CA - Fire and Forget +pgp-clean -- remove all non-self signatures from key =head1 SYNOPSIS =over -=item B [-u I] I [I ..] +=item B I [I ...] =back =head1 DESCRIPTION -CA Fire and Forget is a script that helps you in keysigning. It takes a list -of keyids on the command line, fetches them from a keyserver and calls GnuPG so -that you can sign it. It then mails each key to all its email addresses - only -including the one UID that we send to in each mail, pruned from all but self -sigs and sigs done by you. +B takes a list of keyids on the command line and outputs an +ascii-armored keyring on stdout for each key with all signatures except +self-signatures stripped. Its use is to reduce the size of keys sent out after +signing (e.g. with B). =head1 OPTIONS =over -=item B<-u> I +=item I -Select the key that is used for signing, in case you have more than one key. +Use this key. =back @@ -65,88 +64,20 @@ Select the key that is used for signing, in case you have more than one key. =over -=item $HOME/.caffrc - configuration file +=item $HOME/.gnupg/pubring.gpg - default GnuPG keyring =back -=head1 CONFIGURATION FILE OPTIONS +=head1 SEE ALSO -The configuration file is a perl script that sets values in the hash B<%CONFIG>. - -Example: - - $CONFIG{'owner'} = 'Peter Palfrader'; - $CONFIG{'email'} = 'peter@palfrader.org'; - -=head2 Valid keys - -=over - -=item B [string] - -Base directory for the files caff stores. Default: B<$HOME/.caff/>. - -=item B [string] - -Your name. B. - -=item B [string] - -Your email address, used in From: lines. B. - -=item B [list of keyids] - -A list of your keys. This is used to determine which signatures to keep -in the pruning step. If you select a key using B<-u> it has to be in -this list. B. - -=item B [seconds] - -Don't export UIDs by default, on which your latest signature is older -than this age. Default: B<24*60*60> (i.e. one day). - -=item B [string] - -Keyserver to download keys from. Default: B. - -=item B [string] - -Path to the GnuPG binary. Default: B. - -=item B [string] - -Path to the GnuPG binary which is used to sign keys. Default: what -B is set to. - -=item B [string] - -Path to the GnuPG binary which is used to split off signatures. This is -needed while the upstream GnuPG is not fixed (there are 2 bugs in the -Debian Bug Tracking System). Default: what B is set to. - -=item B [string] - -Path to your secret keyring. Default: B<$HOME/.gnupg/secring.gpg>. - -=item B [keyid] - -An additional keyid to encrypt messages to. Default: none. - -=item B [boolean] - -If true, then skip the step of fetching keys from the keyserver. -Default: B<0>. - -=item B [boolean] - -If true, then skip the signing step. Default: B<0>. - -=back +caff(1), gpg(1). =head1 AUTHOR Peter Palfrader +This manpage was written in POD by Christoph Berg . + =cut use strict; @@ -172,7 +103,7 @@ sub info($) { }; sub debug($) { my ($line) = @_; - print STDERR "[DEBUG] $line\n"; + #print STDERR "[DEBUG] $line\n"; }; sub trace($) { my ($line) = @_; @@ -324,6 +255,7 @@ sub usage() { usage() unless scalar @ARGV >= 1; my @KEYIDS; for my $keyid (@ARGV) { + $keyid =~ s/^0x//i; unless ($keyid =~ /^[A-Za-z0-9]{8}([A-Za-z0-9]{8})?$/) { print STDERR "$keyid is not a keyid.\n"; usage(); -- 2.30.2