/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

  • Committer: Teddy Hogeborn
  • Date: 2014-07-25 22:44:20 UTC
  • mto: This revision was merged to the branch mainline in revision 724.
  • Revision ID: teddy@recompile.se-20140725224420-4a5ct2ptt0hsc92z
Require Python 2.7.

This is in preparation for the eventual move to Python 3, which will
happen as soon as all Python modules required by Mandos are available.
The mandos-ctl and mandos-monitor programs are already portable
between Python 2.6 and Python 3 without changes; this change will
bring the requirement up to Python 2.7.

* INSTALL (Prerequisites/Libraries/Mandos Server): Document
                                                   requirement of
                                                   Python 2.7; remove
                                                   Python-argparse
                                                   which is in the
                                                   Python 2.7 standard
                                                   library.
* debian/control (Source: mandos/Build-Depends-Indep): Depend on
                                                       exactly the
                                                       python2.7
                                                       package and all
                                                       the Python 2.7
                                                       versions of the
                                                       python modules.
  (Package: mandos/Depends): - '' - but still depend on python (<=2.7)
                            and the generic versions of the Python
                            modules; this is for mandos-ctl and
                            mandos-monitor, both of which are
                            compatible with Python 3, and use
                            #!/usr/bin/python.
* mandos: Use #!/usr/bin/python2.7 instead of #!/usr/bin/python.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-keygen
21
21
# Contact the authors at <mandos@recompile.se>.
22
22
23
23
 
24
 
VERSION="1.6.5"
 
24
VERSION="1.6.7"
25
25
 
26
26
KEYDIR="/etc/keys/mandos"
27
27
KEYTYPE=RSA
33
33
KEYCOMMENT=""
34
34
KEYEXPIRE=0
35
35
FORCE=no
 
36
SSH=yes
36
37
KEYCOMMENT_ORIG="$KEYCOMMENT"
37
38
mode=keygen
38
39
 
41
42
fi
42
43
 
43
44
# Parse options
44
 
TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \
45
 
    --longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \
 
45
TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:fS \
 
46
    --longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force,no-ssh \
46
47
    --name "$0" -- "$@"`
47
48
 
48
49
help(){
85
86
                        Encrypt a password from FILE using the key in
86
87
                        the key directory.  All options other than
87
88
                        --dir and --name are ignored.
 
89
  -S, --no-ssh          Don't get SSH key or set "checker" option.
88
90
EOF
89
91
}
90
92
 
103
105
        -c|--comment) KEYCOMMENT="$2"; shift 2;;
104
106
        -x|--expire) KEYEXPIRE="$2"; shift 2;;
105
107
        -f|--force) FORCE=yes; shift;;
 
108
        -S|--no-ssh) SSH=no; shift;;
106
109
        -v|--version) echo "$0 $VERSION"; exit;;
107
110
        -h|--help) help; exit;;
108
111
        --) shift; break;;
188
191
trap "
189
192
set +e; \
190
193
test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \
191
 
shred --remove \"$RINGDIR\"/sec*;
 
194
shred --remove \"$RINGDIR\"/sec* 2>/dev/null;
192
195
test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \
193
196
rm --recursive --force \"$RINGDIR\";
194
197
tty --quiet && stty echo; \
274
277
fi
275
278
 
276
279
if [ "$mode" = password ]; then
 
280
    
 
281
    # Make SSH be 0 or 1
 
282
    case "$SSH" in
 
283
        [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) SSH=1;;
 
284
        [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) SSH=0;;
 
285
    esac
 
286
    
 
287
    if [ $SSH -eq 1 ]; then
 
288
        set +e
 
289
        ssh_fingerprint="`ssh-keyscan localhost 2>/dev/null`"
 
290
        if [ $? -ne 0 ]; then
 
291
            ssh_fingerprint=""
 
292
        fi
 
293
        set -e
 
294
        ssh_fingerprint="${ssh_fingerprint#localhost }"
 
295
    fi
 
296
    
277
297
    # Import key into temporary key rings
278
298
    gpg --quiet --batch --no-tty --no-options --enable-dsa2 \
279
299
        --homedir "$RINGDIR" --trust-model always --armor \
342
362
                /^[^-]/s/^/    /p
343
363
            }
344
364
        }' < "$SECFILE"
 
365
    if [ -n "$ssh_fingerprint" ]; then
 
366
        echo 'checker = ssh-keyscan %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp="%%(host)s %(ssh_fingerprint)s"'
 
367
        echo "ssh_fingerprint = ${ssh_fingerprint}"
 
368
    fi
345
369
fi
346
370
 
347
371
trap - EXIT
352
376
    shred --remove "$SECFILE"
353
377
fi
354
378
# Remove the key rings
355
 
shred --remove "$RINGDIR"/sec*
 
379
shred --remove "$RINGDIR"/sec* 2>/dev/null
356
380
rm --recursive --force "$RINGDIR"