diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2010-09-18 13:50:04 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2010-09-18 13:50:04 -0300 |
commit | d32faa9d6cddbc714de708ecc052b43b49d7faa8 (patch) | |
tree | 4572b4fd1509531c0b0ec013d0eccaaff8412c00 | |
parent | 43235df8406f6e8e400de502d36b9fa46de12756 (diff) | |
download | keyringer-d32faa9d6cddbc714de708ecc052b43b49d7faa8.tar.gz keyringer-d32faa9d6cddbc714de708ecc052b43b49d7faa8.tar.bz2 |
Fixing tmpfile handling
-rw-r--r-- | lib/keyringer/functions | 13 | ||||
-rwxr-xr-x | share/keyringer/edit | 11 | ||||
-rwxr-xr-x | share/keyringer/genpair | 47 |
3 files changed, 33 insertions, 38 deletions
diff --git a/lib/keyringer/functions b/lib/keyringer/functions index a2a35be..13502f7 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -122,14 +122,18 @@ function keyringer_set_tmpfile { mkdir -p $BASEDIR/tmp keyringer_git_ignore 'tmp/*' - tmpfile="`mktemp $template`" + if [ "$2" == "-d" ]; then + TMPWORK="`mktemp -d $template`" + else + TMPWORK="`mktemp $template`" + fi if [ "$?" != "0" ]; then - echo "Error: can't set tmpfile $tmpfile" + echo "Error: can't set TMPWORK $TMPWORK" exit 1 fi - echo $tmpfile + trap "keyringer_unset_tmpfile $TMPWORK; exit" INT TERM EXIT } # Remove a temporary file @@ -191,6 +195,9 @@ function keyringer_set_env { echo "No option config was found" exit 1 fi + + # Ensure that keydir exists + mkdir -p $KEYDIR && chmod 700 $KEYDIR } # Get a file argument diff --git a/share/keyringer/edit b/share/keyringer/edit index edeb693..4a5be14 100755 --- a/share/keyringer/edit +++ b/share/keyringer/edit @@ -15,19 +15,18 @@ keyringer_get_file $2 echo "Make sure that $BASEDIR is atop of an encrypted volume." # Set a tmp file -TMPFILE="`keyringer_set_tmpfile edit`" -trap "keyringer_unset_tmpfile $TMPFILE ; exit" INT TERM EXIT +keyringer_set_tmpfile edit # Decrypt the information to the file -gpg --yes -o $TMPFILE --use-agent -d $KEYDIR/$FILE +gpg --yes -o $TMPWORK --use-agent -d $KEYDIR/$FILE # Prompt echo "Press any key to open the decrypted data into $EDITOR, Ctrl-C to abort" read key -$EDITOR $TMPFILE +$EDITOR $TMPWORK # Encrypt again -gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPFILE +gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPWORK # Remove temp file -keyringer_unset_tmpfile $TMPFILE +keyringer_unset_tmpfile $TMPWORK diff --git a/share/keyringer/genpair b/share/keyringer/genpair index cc54ba8..9177ba3 100755 --- a/share/keyringer/genpair +++ b/share/keyringer/genpair @@ -12,20 +12,20 @@ function genpair_ssh { read -p "Hit ENTER to continue." prompt # TODO: programatically enter blank passphrase twice - ssh-keygen -t dsa -f $WORK/id_dsa -C "root@$NODE" + ssh-keygen -t dsa -f $TMPWORK/id_dsa -C "root@$NODE" # Encrypt the result echo "Encrypting secret key into keyringer..." - cat $WORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE + cat $TMPWORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE echo "Encrypting public key into keyringer..." - cat $WORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub + cat $TMPWORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub # TODO: add outfiles into version control if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` echo Saving copies at $OUTFILE and $OUTFILE.pub - cat $WORK/id_dsa > $OUTFILE - cat $WORK/id_dsa.pub > $OUTFILE.pub + cat $TMPWORK/id_dsa > $OUTFILE + cat $TMPWORK/id_dsa.pub > $OUTFILE.pub fi echo "Done" @@ -39,7 +39,7 @@ function genpair_gpg { # TODO: insert 279 random bytes # TODO: custom Name-Comment and Name-Email # TODO: allow for empty passphrases - gpg --homedir $WORK --gen-key --batch <<EOF + gpg --homedir $TMPWORK --gen-key --batch <<EOF Key-Type: RSA Key-Length: 4096 Subkey-Type: ELG-E @@ -54,9 +54,9 @@ EOF # Encrypt the result echo "Encrypting secret key into keyringer..." - gpg --armor --homedir $WORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE + gpg --armor --homedir $TMPWORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE echo "Encrypting public key into keyringer..." - gpg --armor --homedir $WORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub + gpg --armor --homedir $TMPWORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub echo "Encrypting passphrase into keyringer..." echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt $BASEDIR $FILE.passwd @@ -64,8 +64,8 @@ EOF if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` echo Saving copies at $OUTFILE and $OUTFILE.pub - gpg --armor --homedir $WORK --export-secret-keys > $OUTFILE - gpg --armor --homedir $WORK --export > $OUTFILE.pub + gpg --armor --homedir $TMPWORK --export-secret-keys > $OUTFILE + gpg --armor --homedir $TMPWORK --export > $OUTFILE.pub fi echo "Done" @@ -77,7 +77,7 @@ function genpair_ssl { read -p "Hit ENTER to continue." prompt # Setup - cd $WORK + cd $TMPWORK # Generate certificate $LIB/csr.sh $NODE @@ -99,13 +99,13 @@ function genpair_ssl { if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` echo Saving copies at $OUTFILE.pem, $OUTFILE.csr and $OUTFILE.crt - cat $WORK/$NODE"_privatekey.pem" > $OUTFILE.pem - cat $WORK/$NODE"_csr.pem" > $OUTFILE.csr - cat $WORK/$NODE.crt > $OUTFILE.crt + cat $TMPWORK/$NODE"_privatekey.pem" > $OUTFILE.pem + cat $TMPWORK/$NODE"_csr.pem" > $OUTFILE.csr + cat $TMPWORK/$NODE.crt > $OUTFILE.crt fi # Show cert fingerprint - openssl x509 -noout -in $WORK/$NODE.crt -fingerprint + openssl x509 -noout -in $TMPWORK/$NODE.crt -fingerprint echo "Done" } @@ -136,19 +136,8 @@ elif [ ! -e "$KEYDIR" ]; then exit 1 fi -# Prepare -mkdir -p $KEYDIR && chmod 700 $KEYDIR - -WORK="`keyringer_set_tmpfile genpair`" -trap "keyringer_unset_tmpfile $WORK; exit" INT TERM EXIT - -WORK="`mktemp -d $KEYDIR/genpair.XXXXXX`" -if [ "$?" != "0" ]; then - echo "Error setting up $WORK" - exit 1 -else - trap "rm -rf $WORK" EXIT -fi +# Set a tmp file +keyringer_set_tmpfile genpair -d # Dispatch echo "Generating $KEYTYPE for $NODE..." @@ -156,5 +145,5 @@ genpair_$KEYTYPE # Cleanup cd $CWD -rm -rf $WORK +rm -rf $TMPWORK trap - EXIT |