diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2010-11-16 22:45:58 -0500 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2010-11-16 22:45:58 -0500 |
commit | d9721fd16ad489d400dd085aa7ba8a4d83baf3d3 (patch) | |
tree | bcd76d55c4e08f97dfd1f21f53ebc6c47a8d7a1a /lib | |
parent | ce0d1ee064f94c1fca8e94e1a36dcc17dde5451d (diff) | |
download | keyringer-d9721fd16ad489d400dd085aa7ba8a4d83baf3d3.tar.gz keyringer-d9721fd16ad489d400dd085aa7ba8a4d83baf3d3.tar.bz2 |
first pass at escaping variables in bash -- i probably missed some
Diffstat (limited to 'lib')
-rwxr-xr-x | lib/keyringer/csr.sh | 28 | ||||
-rw-r--r-- | lib/keyringer/functions | 57 |
2 files changed, 43 insertions, 42 deletions
diff --git a/lib/keyringer/csr.sh b/lib/keyringer/csr.sh index 195b355..881a46f 100755 --- a/lib/keyringer/csr.sh +++ b/lib/keyringer/csr.sh @@ -38,7 +38,7 @@ LASTUMASK=`umask` umask 077 # OpenSSL for HPUX needs a random file -RANDOMFILE=$HOME/.rnd +RANDOMFILE="$HOME/.rnd" # create a config file for openssl CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX` @@ -86,16 +86,16 @@ fi # Config File Generation -cat <<EOF > $CONFIG +cat <<EOF > "$CONFIG" # -------------- BEGIN custom openssl.cnf ----- HOME = $HOME EOF if [ "`uname -s`" = "HP-UX" ]; then - echo " RANDFILE = $RANDOMFILE" >> $CONFIG + echo " RANDFILE = $RANDOMFILE" >> "$CONFIG" fi -cat <<EOF >> $CONFIG +cat <<EOF >> "$CONFIG" oid_section = new_oids [ new_oids ] [ req ] @@ -107,10 +107,10 @@ cat <<EOF >> $CONFIG EOF if [ ! "$SANAMES" = "" ]; then - echo "req_extensions = v3_req # Extensions to add to certificate request" >> $CONFIG + echo "req_extensions = v3_req # Extensions to add to certificate request" >> "$CONFIG" fi -cat <<EOF >> $CONFIG +cat <<EOF >> "$CONFIG" [ req_distinguished_name ] commonName = Common Name (eg, YOUR name) commonName_default = $COMMONNAME @@ -119,27 +119,27 @@ cat <<EOF >> $CONFIG EOF if [ ! "$SANAMES" = "" ]; then - echo "subjectAltName=$SANAMES" >> $CONFIG + echo "subjectAltName=$SANAMES" >> "$CONFIG" fi -echo "# -------------- END custom openssl.cnf -----" >> $CONFIG +echo "# -------------- END custom openssl.cnf -----" >> "$CONFIG" echo "Running OpenSSL..." # The first one doesn't work, the second one does: -#openssl req -batch -config $CONFIG -newkey rsa -out ${HOST}_csr.pem -openssl req -batch -config $CONFIG -newkey rsa:2048 -out ${HOST}_csr.pem +#openssl req -batch -config "$CONFIG" -newkey rsa -out ${HOST}_csr.pem +openssl req -batch -config "$CONFIG" -newkey rsa:2048 -out "${HOST}_csr.pem" echo "Copy the following Certificate Request and paste into CAcert website to obtain a Certificate." echo "When you receive your certificate, you 'should' name it something like ${HOST}_server.pem" echo cat ${HOST}_csr.pem echo -echo The Certificate request is also available in ${HOST}_csr.pem -echo The Private Key is stored in ${HOST}_privatekey.pem +printf "The Certificate request is also available in '%s_csr.pem'\n" "$HOST" +printf "The Private Key is stored in '%s_privatekey.pem'\n" "$HOST" echo -rm $CONFIG +rm "$CONFIG" #restore umask -umask $LASTUMASK +umask "$LASTUMASK" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 9888ed1..9c8dfd7 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -7,18 +7,18 @@ function keyringer_config_load { if [ -f "$HOME/.$NAME" ]; then echo "Converting legacy configuration scheme..." - mv $HOME/.$NAME $HOME/.$NAME.tmp - mkdir $HOME/.$NAME - mv $HOME/.$NAME.tmp $CONFIG + mv "$HOME/.$NAME" "$HOME/.$NAME.tmp" + mkdir "$HOME/.$NAME" + mv "$HOME/.$NAME.tmp" "$CONFIG" fi if [ ! -e "$CONFIG" ]; then echo "Creating $CONFIG..." mkdir -p `dirname $CONFIG` - touch $CONFIG - chmod 600 $CONFIG - echo "# Keyringer config file." > $CONFIG - echo "" >> $CONFIG + touch "$CONFIG" + chmod 600 "$CONFIG" + echo "# Keyringer config file." > "$CONFIG" + echo "" >> "$CONFIG" fi keyringer_config_load_preferences @@ -28,7 +28,7 @@ function keyringer_config_load { function keyringer_config_load_preferences { # Load custom keyring preferences if [ ! -z "$PREFERENCES" ] && [ -f "$PREFERENCES" ]; then - source $PREFERENCES + source "$PREFERENCES" fi } @@ -38,7 +38,7 @@ function keyringer_config { echo "Your have to set CONFIG variable in the code" exit 1 elif [ -e "$CONFIG" ]; then - grep -e "^$1=" $CONFIG | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//' + grep -e "^$1=" "$CONFIG" | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//' else echo "Config file not found: $CONFIG" exit 1 @@ -47,7 +47,7 @@ function keyringer_config { # Return the list of recipients function keyringer_recipients { - grep -v '^#' $1 | grep -v '^$' | awk '{ print "-r " $2 }' | xargs + grep -v '^#' "$1" | grep -v '^$' | awk '{ print "-r " $2 }' | xargs } # Check if keyringer has a given action @@ -72,8 +72,8 @@ function keyringer_exec { shift 2 # Dispatch - if keyringer_has_action $action; then - $ACTIONS/$action $basedir $* + if keyringer_has_action "$action"; then + "$ACTIONS/$action" "$basedir" $* fi } @@ -82,7 +82,7 @@ function keyringer_filename { if [ -z "$1" ]; then return else - echo `dirname $1`/`basename $1 .asc`.asc + printf "%s/%s.asc\n" "$(dirname "$1")" "$(basename "$1" .asc)" fi } @@ -96,7 +96,7 @@ function keyringer_is_git { true else cwd="`pwd`" - cd $1 && git="`git status &> /dev/null`" && cd $cwd + cd "$1" && git="`git status &> /dev/null`" && cd "$cwd" if [ "$git" != "128" ]; then true @@ -119,17 +119,17 @@ function keyringer_set_tmpfile { template="$BASEDIR/tmp/$1.XXXXXXXXXX" fi - mkdir -p $BASEDIR/tmp + mkdir -p "$BASEDIR/tmp" keyringer_git_ignore 'tmp/*' if [ "$2" == "-d" ]; then - TMPWORK="`mktemp -d $template`" + TMPWORK="$(mktemp -d "$template")" else - TMPWORK="`mktemp $template`" + TMPWORK="$(mktemp "$template")" fi if [ "$?" != "0" ]; then - echo "Error: can't set TMPWORK $TMPWORK" + printf "Error: can't set TMPWORK %s\n" "$TMPWORK" exit 1 fi @@ -142,7 +142,7 @@ function keyringer_unset_tmpfile { echo "No tmp file set" fi - rm -f $1 + rm -f "$1" if [ "$?" != "0" ]; then echo "Warning: could not delete file $1. Please delete it manually as it might have sensitive information." @@ -153,11 +153,11 @@ function keyringer_unset_tmpfile { # Add a pattern into gitignore function keyringer_git_ignore { if [ ! -z "$BASEDIR/.gitignore" ]; then - echo $1 > $BASEDIR/.gitignore - keyringer_exec git $BASEDIR add .gitignore + echo "$1" > "$BASEDIR/.gitignore" + keyringer_exec git "$BASEDIR" add .gitignore else - if ! grep -q -e "^$1$" $BASEDIR/.gitignore; then - echo $1 >> $BASEDIR/.gitignore + if ! grep -q -e "^$1$" "$BASEDIR/.gitignore"; then + echo "$1" >> "$BASEDIR/.gitignore" fi fi } @@ -196,18 +196,19 @@ function keyringer_set_env { exit 1 fi fi + if [ ! -f "$OPTIONS" ]; then echo "No option config was found" exit 1 fi # Ensure that keydir exists - mkdir -p $KEYDIR && chmod 700 $KEYDIR + mkdir -p "$KEYDIR" && chmod 700 "$KEYDIR" } # Get a file argument function keyringer_get_file { - FILE="`keyringer_filename $1`" + FILE="$(keyringer_filename "$1")" if [ -z "$FILE" ]; then keyringer_action_usage @@ -220,7 +221,7 @@ function keyringer_get_file { # Get a new file argument function keyringer_get_new_file { - FILE="`keyringer_filename $1`" + FILE="$(keyringer_filename "$1")" if [ -z "$FILE" ]; then keyringer_action_usage @@ -243,7 +244,7 @@ function keyringer_get_command { function keyringer_action_usage { if [ "`type -t "keyringer_usage_$BASENAME"`" == "function" ]; then # Use custom action usage - keyringer_usage_$BASENAME + "keyringer_usage_$BASENAME" else # Default usage if [ "$1" == "command" ]; then @@ -255,6 +256,6 @@ function keyringer_action_usage { } # Setup environment -if [ "`basename $0`" != "keyringer" ]; then +if [ "$(basename "$0")" != "keyringer" ]; then keyringer_set_env $* fi |