From d9721fd16ad489d400dd085aa7ba8a4d83baf3d3 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 16 Nov 2010 22:45:58 -0500 Subject: first pass at escaping variables in bash -- i probably missed some --- share/keyringer/append | 17 ++++++------- share/keyringer/decrypt | 6 ++--- share/keyringer/del | 6 ++--- share/keyringer/edit | 12 +++++----- share/keyringer/encrypt | 10 ++++---- share/keyringer/genpair | 60 +++++++++++++++++++++++----------------------- share/keyringer/git | 6 ++--- share/keyringer/ls | 6 ++--- share/keyringer/options | 16 ++++++------- share/keyringer/recipients | 10 ++++---- share/keyringer/recrypt | 6 ++--- 11 files changed, 78 insertions(+), 77 deletions(-) (limited to 'share') diff --git a/share/keyringer/append b/share/keyringer/append index 27211a6..045ba86 100755 --- a/share/keyringer/append +++ b/share/keyringer/append @@ -5,24 +5,25 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" -OLDIFS=$IFS +OLDIFS="$IFS" IFS=$'\n' -CONTENT=($(keyringer_exec decrypt $BASEDIR $FILE)) +CONTENT=($(keyringer_exec decrypt "$BASEDIR" "$FILE")) if [ "$BASENAME" == "append" ]; then # only display directions if we're running append, not append-batch - echo " " - echo "$FILE currently has ${#CONTENT[@]} lines" - echo " " - echo "Now please write the content to be appended on $FILE, finnishing with Ctrl-D:" + printf "\n%s currently has %d lines\n\n" "$FILE" "${#CONTENT[@]}" + printf "Now please write the content to be appended on %s, finnishing with Ctrl-D:\n" "$FILE" fi +# FIXME: dkg doesn't know how to check that this does proper escaping +# (2010-11-16) + APPEND=($(cat -)) NEW=( ${CONTENT[@]} ${APPEND[@]} ) diff --git a/share/keyringer/decrypt b/share/keyringer/decrypt index a3adca7..c0584f2 100755 --- a/share/keyringer/decrypt +++ b/share/keyringer/decrypt @@ -5,10 +5,10 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Decrypt -gpg --quiet --use-agent -d $KEYDIR/$FILE +gpg --quiet --use-agent -d "$KEYDIR/$FILE" diff --git a/share/keyringer/del b/share/keyringer/del index befc014..ed09f93 100755 --- a/share/keyringer/del +++ b/share/keyringer/del @@ -5,12 +5,12 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Remove if [ -d "$KEYDIR/.git" ]; then - ./git $KEYDIR rm $FILE --force + ./git "$KEYDIR" rm "$FILE" --force fi diff --git a/share/keyringer/edit b/share/keyringer/edit index b4e13a0..0c25f64 100755 --- a/share/keyringer/edit +++ b/share/keyringer/edit @@ -5,10 +5,10 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Warn user echo "Make sure that $BASEDIR is atop of an encrypted volume." @@ -17,15 +17,15 @@ echo "Make sure that $BASEDIR is atop of an encrypted volume." keyringer_set_tmpfile edit # Decrypt the information to the file -gpg --yes -o $TMPWORK --use-agent -d $KEYDIR/$FILE +gpg --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE" # Prompt echo "Press any key to open the decrypted data into $EDITOR, Ctrl-C to abort" read key -$EDITOR $TMPWORK +"$EDITOR" "$TMPWORK" # Encrypt again -gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPWORK +gpg --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") "$TMPWORK" # Remove temp file -keyringer_unset_tmpfile $TMPWORK +keyringer_unset_tmpfile "$TMPWORK" diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt index c073a58..8cbf72a 100755 --- a/share/keyringer/encrypt +++ b/share/keyringer/encrypt @@ -5,22 +5,22 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Aditional parameters -keyringer_get_new_file $2 +keyringer_get_new_file "$2" # Encrypt -mkdir -p $KEYDIR/`dirname $FILE` +mkdir -p "$KEYDIR/`dirname $FILE`" if [ "$BASENAME" == "encrypt" ]; then # Only display directions if we're running encrypt, not encrypt-batch echo "Type your message and finish your input with EOF (Ctrl-D)." fi -gpg --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) - > $KEYDIR/$FILE +gpg --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") - > "$KEYDIR/$FILE" # Stage if [ -d "$BASEDIR/.git" ]; then - keyringer_exec git $BASEDIR add "keys/$FILE" + keyringer_exec git "$BASEDIR" add "keys/$FILE" fi diff --git a/share/keyringer/genpair b/share/keyringer/genpair index 89ee828..a71e472 100755 --- a/share/keyringer/genpair +++ b/share/keyringer/genpair @@ -12,20 +12,20 @@ function genpair_ssh { read -p "Hit ENTER to continue." prompt # TODO: programatically enter blank passphrase twice - ssh-keygen -t dsa -f $TMPWORK/id_dsa -C "root@$NODE" + ssh-keygen -t dsa -f "$TMPWORK/id_dsa" -C "root@$NODE" # Encrypt the result echo "Encrypting secret key into keyringer..." - cat $TMPWORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE + cat "$TMPWORK/id_dsa" | keyringer_exec encrypt "$BASEDIR" "$FILE" echo "Encrypting public key into keyringer..." - cat $TMPWORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub + cat "$TMPWORK/id_dsa.pub" | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" # TODO: add outfiles into version control if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` - echo Saving copies at $OUTFILE and $OUTFILE.pub - cat $TMPWORK/id_dsa > $OUTFILE - cat $TMPWORK/id_dsa.pub > $OUTFILE.pub + printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" + cat "$TMPWORK/id_dsa" > "$OUTFILE" + cat "$TMPWORK/id_dsa.pub" > "$OUTFILE.pub" fi echo "Done" @@ -39,7 +39,7 @@ function genpair_gpg { # TODO: insert 279 random bytes # TODO: custom Name-Comment and Name-Email # TODO: allow for empty passphrases - gpg --homedir $TMPWORK --gen-key --batch < $OUTFILE - gpg --armor --homedir $TMPWORK --export > $OUTFILE.pub + printf "Saving copies at %s and %s.pub\n" "$OUTFILE" "$OUTFILE" + gpg --armor --homedir "$TMPWORK" --export-secret-keys > "$OUTFILE" + gpg --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub" fi echo "Done" @@ -77,42 +77,42 @@ function genpair_ssl { read -p "Hit ENTER to continue." prompt # Setup - cd $TMPWORK + cd "$TMPWORK" # Generate certificate - $LIB/csr.sh $NODE + "$LIB/csr.sh" "$NODE" # Self-sign - openssl x509 -in $NODE"_csr.pem" -out $NODE.crt -req -signkey $NODE"_privatekey.pem" -days 365 - chmod 600 $NODE"_privatekey.pem" + openssl x509 -in "${NODE}_csr.pem" -out "$NODE.crt" -req -signkey "${NODE}_privatekey.pem" -days 365 + chmod 600 "${NODE}_privatekey.pem" # Encrypt the result echo "Encrypting private key into keyringer..." - cat $NODE"_privatekey.pem" | keyringer_exec encrypt $BASEDIR $FILE.pem + cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem" echo "Encrypting certificate request into keyringer..." - cat $NODE"_csr.pem" | keyringer_exec encrypt $BASEDIR $FILE.csr + cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr" echo "Encrypting certificate into keyringer..." - cat $NODE.crt | keyringer_exec encrypt $BASEDIR $FILE.crt + cat "$NODE.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt" - cd $CWD + cd "$CWD" if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` - echo Saving copies at $OUTFILE.pem, $OUTFILE.csr and $OUTFILE.crt - cat $TMPWORK/$NODE"_privatekey.pem" > $OUTFILE.pem - cat $TMPWORK/$NODE"_csr.pem" > $OUTFILE.csr - cat $TMPWORK/$NODE.crt > $OUTFILE.crt + printf "Saving copies at %s.pem, %s.csr and %s.crt\n" "$OUTFILE" "$OUTFILE" "$OUTFILE" + cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem" + cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr" + cat "$TMPWORK/$NODE.crt" > "$OUTFILE.crt" fi # Show cert fingerprint - openssl x509 -noout -in $TMPWORK/$NODE.crt -fingerprint + openssl x509 -noout -in "$TMPWORK/$NODE.crt" -fingerprint echo "Done" } # Load functions LIB="`dirname $0`/../../lib/keyringer" -source $LIB/functions || exit 1 +source "$LIB/functions" || exit 1 # Aditional parameters KEYTYPE="$2" @@ -140,9 +140,9 @@ keyringer_set_tmpfile genpair -d # Dispatch echo "Generating $KEYTYPE for $NODE..." -genpair_$KEYTYPE +"genpair_$KEYTYPE" # Cleanup -cd $CWD -rm -rf $TMPWORK +cd "$CWD" +rm -rf "$TMPWORK" trap - EXIT diff --git a/share/keyringer/git b/share/keyringer/git index 439198a..cd2a188 100755 --- a/share/keyringer/git +++ b/share/keyringer/git @@ -5,12 +5,12 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Aditional parameters CWD="`pwd`" # Run git command shift -mkdir -p $BASEDIR && cd $BASEDIR && git $* -cd $CWD +mkdir -p "$BASEDIR" && cd "$BASEDIR" && git $* +cd "$CWD" diff --git a/share/keyringer/ls b/share/keyringer/ls index e28637b..31e8805 100755 --- a/share/keyringer/ls +++ b/share/keyringer/ls @@ -5,12 +5,12 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Aditional parameters CWD="`pwd`" # Run list command shift -cd $KEYDIR && ls $* -cd $CWD +cd "$KEYDIR" && ls $* +cd "$CWD" diff --git a/share/keyringer/options b/share/keyringer/options index 9eb2a1f..3047380 100755 --- a/share/keyringer/options +++ b/share/keyringer/options @@ -5,26 +5,26 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer" -source $LIB/functions || exit 1 +source "$LIB/functions" || exit 1 # Command parser -keyringer_get_command $2 +keyringer_get_command "$2" # Create options file if old repository if [ ! -e "$OPTIONS" ]; then echo "Creating options file..." - touch $OPTIONS - keyringer_exec git $BASEDIR add config/options + touch "$OPTIONS" + keyringer_exec git "$BASEDIR" add config/options fi if [ "$COMMAND" == "ls" ]; then - cat $OPTIONS + cat "$OPTIONS" elif [ "$COMMAND" == "edit" ]; then - $EDITOR $OPTIONS + "$EDITOR" "$OPTIONS" elif [ "$COMMAND" == "add" ]; then shift 2 - echo $* >> $OPTIONS + echo $* >> "$OPTIONS" else - echo "$BASENAME: No such command $COMMAND" + printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" exit 1 fi diff --git a/share/keyringer/recipients b/share/keyringer/recipients index 593a994..c9dbdbb 100755 --- a/share/keyringer/recipients +++ b/share/keyringer/recipients @@ -5,16 +5,16 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer" -source $LIB/functions || exit 1 +source "$LIB/functions" || exit 1 # Command parser -keyringer_get_command $2 +keyringer_get_command "$2" if [ "$COMMAND" == "ls" ]; then - cat $RECIPIENTS + cat "$RECIPIENTS" elif [ "$COMMAND" == "edit" ]; then - $EDITOR $RECIPIENTS + "$EDITOR" "$RECIPIENTS" else - echo "$BASENAME: No such command $COMMAND" + printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" exit 1 fi diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt index 48a5f87..a7607e0 100755 --- a/share/keyringer/recrypt +++ b/share/keyringer/recrypt @@ -5,10 +5,10 @@ # Load functions LIB="`dirname $0`/../../lib/keyringer/functions" -source $LIB || exit 1 +source "$LIB" || exit 1 # Get file -keyringer_get_file $2 +keyringer_get_file "$2" # Recrypt -gpg --use-agent -d $KEYDIR/$FILE | gpg --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) > $KEYDIR/$FILE +gpg --use-agent -d "$KEYDIR/$FILE" | gpg --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS") > "$KEYDIR/$FILE" -- cgit v1.2.3