From d32faa9d6cddbc714de708ecc052b43b49d7faa8 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 18 Sep 2010 13:50:04 -0300 Subject: Fixing tmpfile handling --- lib/keyringer/functions | 13 ++++++++++--- share/keyringer/edit | 11 +++++------ share/keyringer/genpair | 47 ++++++++++++++++++----------------------------- 3 files changed, 33 insertions(+), 38 deletions(-) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index a2a35be..13502f7 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -122,14 +122,18 @@ function keyringer_set_tmpfile { mkdir -p $BASEDIR/tmp keyringer_git_ignore 'tmp/*' - tmpfile="`mktemp $template`" + if [ "$2" == "-d" ]; then + TMPWORK="`mktemp -d $template`" + else + TMPWORK="`mktemp $template`" + fi if [ "$?" != "0" ]; then - echo "Error: can't set tmpfile $tmpfile" + echo "Error: can't set TMPWORK $TMPWORK" exit 1 fi - echo $tmpfile + trap "keyringer_unset_tmpfile $TMPWORK; exit" INT TERM EXIT } # Remove a temporary file @@ -191,6 +195,9 @@ function keyringer_set_env { echo "No option config was found" exit 1 fi + + # Ensure that keydir exists + mkdir -p $KEYDIR && chmod 700 $KEYDIR } # Get a file argument diff --git a/share/keyringer/edit b/share/keyringer/edit index edeb693..4a5be14 100755 --- a/share/keyringer/edit +++ b/share/keyringer/edit @@ -15,19 +15,18 @@ keyringer_get_file $2 echo "Make sure that $BASEDIR is atop of an encrypted volume." # Set a tmp file -TMPFILE="`keyringer_set_tmpfile edit`" -trap "keyringer_unset_tmpfile $TMPFILE ; exit" INT TERM EXIT +keyringer_set_tmpfile edit # Decrypt the information to the file -gpg --yes -o $TMPFILE --use-agent -d $KEYDIR/$FILE +gpg --yes -o $TMPWORK --use-agent -d $KEYDIR/$FILE # Prompt echo "Press any key to open the decrypted data into $EDITOR, Ctrl-C to abort" read key -$EDITOR $TMPFILE +$EDITOR $TMPWORK # Encrypt again -gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPFILE +gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPWORK # Remove temp file -keyringer_unset_tmpfile $TMPFILE +keyringer_unset_tmpfile $TMPWORK diff --git a/share/keyringer/genpair b/share/keyringer/genpair index cc54ba8..9177ba3 100755 --- a/share/keyringer/genpair +++ b/share/keyringer/genpair @@ -12,20 +12,20 @@ function genpair_ssh { read -p "Hit ENTER to continue." prompt # TODO: programatically enter blank passphrase twice - ssh-keygen -t dsa -f $WORK/id_dsa -C "root@$NODE" + ssh-keygen -t dsa -f $TMPWORK/id_dsa -C "root@$NODE" # Encrypt the result echo "Encrypting secret key into keyringer..." - cat $WORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE + cat $TMPWORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE echo "Encrypting public key into keyringer..." - cat $WORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub + cat $TMPWORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub # TODO: add outfiles into version control if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` echo Saving copies at $OUTFILE and $OUTFILE.pub - cat $WORK/id_dsa > $OUTFILE - cat $WORK/id_dsa.pub > $OUTFILE.pub + cat $TMPWORK/id_dsa > $OUTFILE + cat $TMPWORK/id_dsa.pub > $OUTFILE.pub fi echo "Done" @@ -39,7 +39,7 @@ function genpair_gpg { # TODO: insert 279 random bytes # TODO: custom Name-Comment and Name-Email # TODO: allow for empty passphrases - gpg --homedir $WORK --gen-key --batch < $OUTFILE - gpg --armor --homedir $WORK --export > $OUTFILE.pub + gpg --armor --homedir $TMPWORK --export-secret-keys > $OUTFILE + gpg --armor --homedir $TMPWORK --export > $OUTFILE.pub fi echo "Done" @@ -77,7 +77,7 @@ function genpair_ssl { read -p "Hit ENTER to continue." prompt # Setup - cd $WORK + cd $TMPWORK # Generate certificate $LIB/csr.sh $NODE @@ -99,13 +99,13 @@ function genpair_ssl { if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` echo Saving copies at $OUTFILE.pem, $OUTFILE.csr and $OUTFILE.crt - cat $WORK/$NODE"_privatekey.pem" > $OUTFILE.pem - cat $WORK/$NODE"_csr.pem" > $OUTFILE.csr - cat $WORK/$NODE.crt > $OUTFILE.crt + cat $TMPWORK/$NODE"_privatekey.pem" > $OUTFILE.pem + cat $TMPWORK/$NODE"_csr.pem" > $OUTFILE.csr + cat $TMPWORK/$NODE.crt > $OUTFILE.crt fi # Show cert fingerprint - openssl x509 -noout -in $WORK/$NODE.crt -fingerprint + openssl x509 -noout -in $TMPWORK/$NODE.crt -fingerprint echo "Done" } @@ -136,19 +136,8 @@ elif [ ! -e "$KEYDIR" ]; then exit 1 fi -# Prepare -mkdir -p $KEYDIR && chmod 700 $KEYDIR - -WORK="`keyringer_set_tmpfile genpair`" -trap "keyringer_unset_tmpfile $WORK; exit" INT TERM EXIT - -WORK="`mktemp -d $KEYDIR/genpair.XXXXXX`" -if [ "$?" != "0" ]; then - echo "Error setting up $WORK" - exit 1 -else - trap "rm -rf $WORK" EXIT -fi +# Set a tmp file +keyringer_set_tmpfile genpair -d # Dispatch echo "Generating $KEYTYPE for $NODE..." @@ -156,5 +145,5 @@ genpair_$KEYTYPE # Cleanup cd $CWD -rm -rf $WORK +rm -rf $TMPWORK trap - EXIT -- cgit v1.2.3