summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-11-16 22:45:58 -0500
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-11-16 22:45:58 -0500
commitd9721fd16ad489d400dd085aa7ba8a4d83baf3d3 (patch)
treebcd76d55c4e08f97dfd1f21f53ebc6c47a8d7a1a /share
parentce0d1ee064f94c1fca8e94e1a36dcc17dde5451d (diff)
downloadkeyringer-d9721fd16ad489d400dd085aa7ba8a4d83baf3d3.tar.gz
keyringer-d9721fd16ad489d400dd085aa7ba8a4d83baf3d3.tar.bz2
first pass at escaping variables in bash -- i probably missed some
Diffstat (limited to 'share')
-rwxr-xr-xshare/keyringer/append17
-rwxr-xr-xshare/keyringer/decrypt6
-rwxr-xr-xshare/keyringer/del6
-rwxr-xr-xshare/keyringer/edit12
-rwxr-xr-xshare/keyringer/encrypt10
-rwxr-xr-xshare/keyringer/genpair60
-rwxr-xr-xshare/keyringer/git6
-rwxr-xr-xshare/keyringer/ls6
-rwxr-xr-xshare/keyringer/options16
-rwxr-xr-xshare/keyringer/recipients10
-rwxr-xr-xshare/keyringer/recrypt6
11 files changed, 78 insertions, 77 deletions
diff --git a/share/keyringer/append b/share/keyringer/append
index 27211a6..045ba86 100755
--- a/share/keyringer/append
+++ b/share/keyringer/append
@@ -5,24 +5,25 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Get file
-keyringer_get_file $2
+keyringer_get_file "$2"
-OLDIFS=$IFS
+OLDIFS="$IFS"
IFS=$'\n'
-CONTENT=($(keyringer_exec decrypt $BASEDIR $FILE))
+CONTENT=($(keyringer_exec decrypt "$BASEDIR" "$FILE"))
if [ "$BASENAME" == "append" ]; then
# only display directions if we're running append, not append-batch
- echo " "
- echo "$FILE currently has ${#CONTENT[@]} lines"
- echo " "
- echo "Now please write the content to be appended on $FILE, finnishing with Ctrl-D:"
+ printf "\n%s currently has %d lines\n\n" "$FILE" "${#CONTENT[@]}"
+ printf "Now please write the content to be appended on %s, finnishing with Ctrl-D:\n" "$FILE"
fi
+# FIXME: dkg doesn't know how to check that this does proper escaping
+# (2010-11-16)
+
APPEND=($(cat -))
NEW=( ${CONTENT[@]} ${APPEND[@]} )
diff --git a/share/keyringer/decrypt b/share/keyringer/decrypt
index a3adca7..c0584f2 100755
--- a/share/keyringer/decrypt
+++ b/share/keyringer/decrypt
@@ -5,10 +5,10 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Get file
-keyringer_get_file $2
+keyringer_get_file "$2"
# Decrypt
-gpg --quiet --use-agent -d $KEYDIR/$FILE
+gpg --quiet --use-agent -d "$KEYDIR/$FILE"
diff --git a/share/keyringer/del b/share/keyringer/del
index befc014..ed09f93 100755
--- a/share/keyringer/del
+++ b/share/keyringer/del
@@ -5,12 +5,12 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Get file
-keyringer_get_file $2
+keyringer_get_file "$2"
# Remove
if [ -d "$KEYDIR/.git" ]; then
- ./git $KEYDIR rm $FILE --force
+ ./git "$KEYDIR" rm "$FILE" --force
fi
diff --git a/share/keyringer/edit b/share/keyringer/edit
index b4e13a0..0c25f64 100755
--- a/share/keyringer/edit
+++ b/share/keyringer/edit
@@ -5,10 +5,10 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Get file
-keyringer_get_file $2
+keyringer_get_file "$2"
# Warn user
echo "Make sure that $BASEDIR is atop of an encrypted volume."
@@ -17,15 +17,15 @@ echo "Make sure that $BASEDIR is atop of an encrypted volume."
keyringer_set_tmpfile edit
# Decrypt the information to the file
-gpg --yes -o $TMPWORK --use-agent -d $KEYDIR/$FILE
+gpg --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE"
# Prompt
echo "Press any key to open the decrypted data into $EDITOR, Ctrl-C to abort"
read key
-$EDITOR $TMPWORK
+"$EDITOR" "$TMPWORK"
# Encrypt again
-gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPWORK
+gpg --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") "$TMPWORK"
# Remove temp file
-keyringer_unset_tmpfile $TMPWORK
+keyringer_unset_tmpfile "$TMPWORK"
diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt
index c073a58..8cbf72a 100755
--- a/share/keyringer/encrypt
+++ b/share/keyringer/encrypt
@@ -5,22 +5,22 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Aditional parameters
-keyringer_get_new_file $2
+keyringer_get_new_file "$2"
# Encrypt
-mkdir -p $KEYDIR/`dirname $FILE`
+mkdir -p "$KEYDIR/`dirname $FILE`"
if [ "$BASENAME" == "encrypt" ]; then
# Only display directions if we're running encrypt, not encrypt-batch
echo "Type your message and finish your input with EOF (Ctrl-D)."
fi
-gpg --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) - > $KEYDIR/$FILE
+gpg --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") - > "$KEYDIR/$FILE"
# Stage
if [ -d "$BASEDIR/.git" ]; then
- keyringer_exec git $BASEDIR add "keys/$FILE"
+ keyringer_exec git "$BASEDIR" add "keys/$FILE"
fi
diff --git a/share/keyringer/genpair b/share/keyringer/genpair
index 89ee828..a71e472 100755
--- a/share/keyringer/genpair
+++ b/share/keyringer/genpair
@@ -12,20 +12,20 @@ function genpair_ssh {
read -p "Hit ENTER to continue." prompt
# TODO: programatically enter blank passphrase twice
- ssh-keygen -t dsa -f $TMPWORK/id_dsa -C "root@$NODE"
+ ssh-keygen -t dsa -f "$TMPWORK/id_dsa" -C "root@$NODE"
# Encrypt the result
echo "Encrypting secret key into keyringer..."
- cat $TMPWORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE
+ cat "$TMPWORK/id_dsa" | keyringer_exec encrypt "$BASEDIR" "$FILE"
echo "Encrypting public key into keyringer..."
- cat $TMPWORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub
+ cat "$TMPWORK/id_dsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
# TODO: add outfiles into version control
if [ ! -z "$OUTFILE" ]; then
mkdir -p `dirname $OUTFILE`
- echo Saving copies at $OUTFILE and $OUTFILE.pub
- cat $TMPWORK/id_dsa > $OUTFILE
- cat $TMPWORK/id_dsa.pub > $OUTFILE.pub
+ printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
+ cat "$TMPWORK/id_dsa" > "$OUTFILE"
+ cat "$TMPWORK/id_dsa.pub" > "$OUTFILE.pub"
fi
echo "Done"
@@ -39,7 +39,7 @@ function genpair_gpg {
# TODO: insert 279 random bytes
# TODO: custom Name-Comment and Name-Email
# TODO: allow for empty passphrases
- gpg --homedir $TMPWORK --gen-key --batch <<EOF
+ gpg --homedir "$TMPWORK" --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 4096
Subkey-Type: ELG-E
@@ -54,18 +54,18 @@ EOF
# Encrypt the result
echo "Encrypting secret key into keyringer..."
- gpg --armor --homedir $TMPWORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE
+ gpg --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE"
echo "Encrypting public key into keyringer..."
- gpg --armor --homedir $TMPWORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub
+ gpg --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
echo "Encrypting passphrase into keyringer..."
- echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt $BASEDIR $FILE.passwd
+ echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
# TODO: add outfiles into version control
if [ ! -z "$OUTFILE" ]; then
mkdir -p `dirname $OUTFILE`
- echo Saving copies at $OUTFILE and $OUTFILE.pub
- gpg --armor --homedir $TMPWORK --export-secret-keys > $OUTFILE
- gpg --armor --homedir $TMPWORK --export > $OUTFILE.pub
+ printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE"
+ gpg --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE"
+ gpg --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub"
fi
echo "Done"
@@ -77,42 +77,42 @@ function genpair_ssl {
read -p "Hit ENTER to continue." prompt
# Setup
- cd $TMPWORK
+ cd "$TMPWORK"
# Generate certificate
- $LIB/csr.sh $NODE
+ "$LIB/csr.sh" "$NODE"
# Self-sign
- openssl x509 -in $NODE"_csr.pem" -out $NODE.crt -req -signkey $NODE"_privatekey.pem" -days 365
- chmod 600 $NODE"_privatekey.pem"
+ openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365
+ chmod 600 "${NODE}_privatekey.pem"
# Encrypt the result
echo "Encrypting private key into keyringer..."
- cat $NODE"_privatekey.pem" | keyringer_exec encrypt $BASEDIR $FILE.pem
+ cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
echo "Encrypting certificate request into keyringer..."
- cat $NODE"_csr.pem" | keyringer_exec encrypt $BASEDIR $FILE.csr
+ cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
echo "Encrypting certificate into keyringer..."
- cat $NODE.crt | keyringer_exec encrypt $BASEDIR $FILE.crt
+ cat "$NODE.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
- cd $CWD
+ cd "$CWD"
if [ ! -z "$OUTFILE" ]; then
mkdir -p `dirname $OUTFILE`
- echo Saving copies at $OUTFILE.pem, $OUTFILE.csr and $OUTFILE.crt
- cat $TMPWORK/$NODE"_privatekey.pem" > $OUTFILE.pem
- cat $TMPWORK/$NODE"_csr.pem" > $OUTFILE.csr
- cat $TMPWORK/$NODE.crt > $OUTFILE.crt
+ printf "Saving copies at %s.pem, %s.csr and %s.crt\n" "$OUTFILE" "$OUTFILE" "$OUTFILE"
+ cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem"
+ cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr"
+ cat "$TMPWORK/$NODE.crt" > "$OUTFILE.crt"
fi
# Show cert fingerprint
- openssl x509 -noout -in $TMPWORK/$NODE.crt -fingerprint
+ openssl x509 -noout -in "$TMPWORK/$NODE.crt" -fingerprint
echo "Done"
}
# Load functions
LIB="`dirname $0`/../../lib/keyringer"
-source $LIB/functions || exit 1
+source "$LIB/functions" || exit 1
# Aditional parameters
KEYTYPE="$2"
@@ -140,9 +140,9 @@ keyringer_set_tmpfile genpair -d
# Dispatch
echo "Generating $KEYTYPE for $NODE..."
-genpair_$KEYTYPE
+"genpair_$KEYTYPE"
# Cleanup
-cd $CWD
-rm -rf $TMPWORK
+cd "$CWD"
+rm -rf "$TMPWORK"
trap - EXIT
diff --git a/share/keyringer/git b/share/keyringer/git
index 439198a..cd2a188 100755
--- a/share/keyringer/git
+++ b/share/keyringer/git
@@ -5,12 +5,12 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Aditional parameters
CWD="`pwd`"
# Run git command
shift
-mkdir -p $BASEDIR && cd $BASEDIR && git $*
-cd $CWD
+mkdir -p "$BASEDIR" && cd "$BASEDIR" && git $*
+cd "$CWD"
diff --git a/share/keyringer/ls b/share/keyringer/ls
index e28637b..31e8805 100755
--- a/share/keyringer/ls
+++ b/share/keyringer/ls
@@ -5,12 +5,12 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Aditional parameters
CWD="`pwd`"
# Run list command
shift
-cd $KEYDIR && ls $*
-cd $CWD
+cd "$KEYDIR" && ls $*
+cd "$CWD"
diff --git a/share/keyringer/options b/share/keyringer/options
index 9eb2a1f..3047380 100755
--- a/share/keyringer/options
+++ b/share/keyringer/options
@@ -5,26 +5,26 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer"
-source $LIB/functions || exit 1
+source "$LIB/functions" || exit 1
# Command parser
-keyringer_get_command $2
+keyringer_get_command "$2"
# Create options file if old repository
if [ ! -e "$OPTIONS" ]; then
echo "Creating options file..."
- touch $OPTIONS
- keyringer_exec git $BASEDIR add config/options
+ touch "$OPTIONS"
+ keyringer_exec git "$BASEDIR" add config/options
fi
if [ "$COMMAND" == "ls" ]; then
- cat $OPTIONS
+ cat "$OPTIONS"
elif [ "$COMMAND" == "edit" ]; then
- $EDITOR $OPTIONS
+ "$EDITOR" "$OPTIONS"
elif [ "$COMMAND" == "add" ]; then
shift 2
- echo $* >> $OPTIONS
+ echo $* >> "$OPTIONS"
else
- echo "$BASENAME: No such command $COMMAND"
+ printf "%s: No such command %s\n" "$BASENAME" "$COMMAND"
exit 1
fi
diff --git a/share/keyringer/recipients b/share/keyringer/recipients
index 593a994..c9dbdbb 100755
--- a/share/keyringer/recipients
+++ b/share/keyringer/recipients
@@ -5,16 +5,16 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer"
-source $LIB/functions || exit 1
+source "$LIB/functions" || exit 1
# Command parser
-keyringer_get_command $2
+keyringer_get_command "$2"
if [ "$COMMAND" == "ls" ]; then
- cat $RECIPIENTS
+ cat "$RECIPIENTS"
elif [ "$COMMAND" == "edit" ]; then
- $EDITOR $RECIPIENTS
+ "$EDITOR" "$RECIPIENTS"
else
- echo "$BASENAME: No such command $COMMAND"
+ printf "%s: No such command %s\n" "$BASENAME" "$COMMAND"
exit 1
fi
diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt
index 48a5f87..a7607e0 100755
--- a/share/keyringer/recrypt
+++ b/share/keyringer/recrypt
@@ -5,10 +5,10 @@
# Load functions
LIB="`dirname $0`/../../lib/keyringer/functions"
-source $LIB || exit 1
+source "$LIB" || exit 1
# Get file
-keyringer_get_file $2
+keyringer_get_file "$2"
# Recrypt
-gpg --use-agent -d $KEYDIR/$FILE | gpg --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) > $KEYDIR/$FILE
+gpg --use-agent -d "$KEYDIR/$FILE" | gpg --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") > "$KEYDIR/$FILE"