/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
bugs.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# This file is part of Mandos.

# Mandos is free software: you can redistribute it and/or modify it

# under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# Mandos is distributed in the hope that it will be useful, but

# WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# along with Mandos. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@recompile.se>.

VERSION="1.6.8"

VERSION="1.7.19"

KEYDIR="/etc/keys/mandos"

KEYTYPE=RSA

--name "$0" -- "$@"`

help(){

basename="`basename $0`"

basename="`basename "$0"`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

113

115

esac

114

116

done

115

117

if [ "$#" -gt 0 ]; then

116

echo "Unknown arguments: '$@'" >&2

118

echo "Unknown arguments: '$*'" >&2

117

119

exit 1

118

120

119

121

161

163

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

162

164

esac

163

165

164

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

165

-a "$FORCE" -eq 0 ]; then

166

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

167

&& [ "$FORCE" -eq 0 ]; then

166

168

echo "Refusing to overwrite old key files; use --force" >&2

167

169

exit 1

168

170

218

220

#Handle: <no-spaces>

219

221

#%pubring pubring.gpg

220

222

#%secring secring.gpg

223

%no-protection

221

224

%commit

222

225

EOF

223

226

285

288

esac

286

289

287

290

if [ $SSH -eq 1 ]; then

288

set +e

289

ssh_fingerprint="`ssh-keyscan localhost 2>/dev/null`"

290

if [ $? -ne 0 ]; then

291

ssh_fingerprint=""

292

293

set -e

294

ssh_fingerprint="${ssh_fingerprint#localhost }"

291

for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do

292

set +e

293

ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"

294

err=$?

295

set -e

296

if [ $err -ne 0 ]; then

297

ssh_fingerprint=""

298

continue

299

300

if [ -n "$ssh_fingerprint" ]; then

301

ssh_fingerprint="${ssh_fingerprint#localhost }"

302

break

303

304

done

295

305

296

306

297

307

# Import key into temporary key rings

304

314

305

315

# Get fingerprint of key

306

316

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

307

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

317

--enable-dsa2 --homedir "$RINGDIR" --trust-model always \

308

318

--fingerprint --with-colons \

309

319

| sed --quiet \

310

320

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

318

328

cat "$PASSFILE"

319

329

else

320

330

tty --quiet && stty -echo

321

echo -n "Enter passphrase: " >&2

322

read first

331

echo -n "Enter passphrase: " >/dev/tty

332

read -r first

323

333

tty --quiet && echo >&2

324

echo -n "Repeat passphrase: " >&2

325

read second

334

echo -n "Repeat passphrase: " >/dev/tty

335

read -r second

326

336

if tty --quiet; then

327

337

echo >&2

328

338

stty echo

363

373

}

364

374

}' < "$SECFILE"

365

375

if [ -n "$ssh_fingerprint" ]; then

366

echo 'checker = ssh-keyscan %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'

376

echo 'checker = ssh-keyscan -t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'

367

377

echo "ssh_fingerprint = ${ssh_fingerprint}"

368

378

369

379

Older »