/[pgp-tools]/trunk/caff/caff

Diff of /trunk/caff/caff

Parent Directory | Revision Log | View Patch Patch

-revision 133 by weasel,
Tue Jul 19 16:50:48 2005 UTC
+revision 266 by weasel,
Wed Mar  1 15:01:44 2006 UTC
 Line 50 
 CA Fire and Forget is a script that help
  of keyids on the command line, fetches them from a keyserver and calls GnuPG so
  that you can sign it.  It then mails each key to all its email addresses - only
  including the one UID that we send to in each mail, pruned from all but self
- sigs and sigs done by you.
+ sigs and sigs done by you.  The mailed key is encrypted with itself as a means
+ to verify that key belongs to the recipient.
  =head1 OPTIONS
-Line 85 
 Do not sign the keys.
+Line 86 
 Do not sign the keys.
  Select the key that is used for signing, in case you have more than one key.
+ =item B<--key-file> I<file>
+ Import keys from file. Can be supplied more than once.
  =back
  =head1 FILES
-Line 93 
 Select the key that is used for signing,
+Line 98 
 Select the key that is used for signing,
  =item $HOME/.caffrc  -  configuration file
+ =item $HOME/.caff/keys/yyyy-mm-dd/  -  processed keys
+ =item $HOME/.caff/gnupghome/  -  caff's working dir for gpg
+ =item $HOME/.caff/gnupghome/gpg.conf  -  gpg configuration
+ useful options include use-agent, default-cert-level, etc.
  =back
  =head1 CONFIGURATION FILE OPTIONS
  The configuration file is a perl script that sets values in the hash B<%CONFIG>.
+ The file is generated when it does not exist.
  Example:
-Line 169 
 Keyserver to download keys from.  Defaul
+Line 183 
 Keyserver to download keys from.  Defaul
  If true, then skip the step of fetching keys from the keyserver.
  Default: B<0>.
+ =item B<key-files> [list of files]
+ A list of files containing keys to be imported.
  =head2 Signing settings
  =item B<no-sign> [boolean]
-Line 218 
 The UIDs for which signatures are includ
+Line 236 
 The UIDs for which signatures are includ
  =back
+ =item B<reply-to> [string]
+ Add a Reply-To: header to messages sent. Default: none.
  =item B<bcc> [string]
  Address to send blind carbon copies to when sending mail.
-Line 239 
 Default: none.
+Line 261 
 Default: none.
  http://pgp-tools.alioth.debian.org/
+ =head1 SEE ALSO
+ gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/caffrc.sample.
  =cut
  use strict;
-Line 258 
 my $REVISION = '$Rev$';
+Line 284 
 my $REVISION = '$Rev$';
  my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
  my $VERSION = "0.0.0.$REVISION_NUMER";
+ sub notice($) {
+         my ($line) = @_;
+         print "[NOTICE] $line\n";
+ };
+ sub info($) {
+         my ($line) = @_;
+         print "[INFO] $line\n";
+ };
+ sub debug($) {
+         my ($line) = @_;
+         #print "[DEBUG] $line\n";
+ };
+ sub trace($) {
+         my ($line) = @_;
+         #print "[trace] $line\n";
+ };
+ sub trace2($) {
+         my ($line) = @_;
+         #print "[trace2] $line\n";
+ };
+ sub generate_config() {
+         notice("Error: \$LOGNAME is not set.\n") unless defined $ENV{'LOGNAME'};
+         my $gecos = defined $ENV{'LOGNAME'} ? (getpwnam($ENV{LOGNAME}))[6] : undef;
+         my $email;
+         my @keys;
+         my $hostname = `hostname -f`;
+         chomp $hostname;
+         my ($Cgecos,$Cemail,$Ckeys) = ('','','');
+         if (defined $gecos) {
+                 $gecos =~ s/,.*//;
+                 my $gpg = GnuPG::Interface->new();
+                 $gpg->call( 'gpg' );
+                 $gpg->options->hash_init(
+                         'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
+                 $gpg->options->meta_interactive( 0 );
+                 my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+                 my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]);
+                 my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+                 waitpid $pid, 0;
+                 if ($stdout eq '') {
+                         warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
+                 };
+                 @keys = ($stdout =~ /^pub:[^r:]*:(?:[^:]*:){2,2}([^:]+):/mg);
+                 unless (scalar @keys) {
+                         info("Error: No keys were found using \"gpg --list-public-keys '$gecos'\".");
+                         @keys = qw{0123456789abcdef 89abcdef76543210};
+                         $Ckeys = '#';
+                 }
+                 ($email) =  ($stdout =~ /^uid:.*<(.+?@.+?)>.*:/m);
+                 unless (defined $email) {
+                         info("Error: No email address was found using \"gpg --list-public-keys '$gecos'\".");
+                         $email = $ENV{'LOGNAME'}.'@'.$hostname;
+                         $Cemail = '#';
+                 }
+         } else {
+                 $gecos = 'Unknown Caff User';
+                 $email = $ENV{'LOGNAME'}.'@'.$hostname;
+                 @keys = qw{0123456789abcdef 89abcdef76543210};
+                 ($Cgecos,$Cemail,$Ckeys) = ('#','#','#');
+         };
+         return <<EOT;
+ # .caffrc -- vim:syntax=perl:
+ # This file is in perl(1) format - see caff(1) for details.
+ $Cgecos\$CONFIG{'owner'}       = '$gecos';
+ $Cemail\$CONFIG{'email'}       = '$email';
+ # you can get your long keyid from
+ #   gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
+ #
+ # if you have a v4 key, it will simply be the last 16 digits of
+ # your fingerprint.
+ #
+ # Example:
+ #   \$CONFIG{'keyid'}       = [ qw{FEDCBA9876543210} ];
+ #  or, if you have more than one key:
+ #   \$CONFIG{'keyid'}       = [ qw{0123456789ABCDEF 89ABCDEF76543210} ];
+ $Ckeys\$CONFIG{'keyid'}       = [ qw{@keys} ];
+ EOT
+ };
+ sub check_executable($$) {
+         # (GnuPG::Interface gives lousy errors when the gpg binary isn't found,
+         # so we want to check manually.)
+         my ($purpose, $fn) = @_;
+         # Only check provided fnames with a slash in them.
+         return unless defined $fn;
+         if ($fn =~ m!/!) {
+                 die ("$PROGRAM_NAME: $purpose executable '$fn' not found.\n") unless -x $fn;
+         } else {
+                 for my $p (split(':', $ENV{PATH})) {
+                         return if -x "$p/$fn";
+                 };
+                 die ("$PROGRAM_NAME: $purpose executable '$fn' not found on path.\n") unless -x $fn;
+         };
+ };
  sub load_config() {
          my $config = $ENV{'HOME'} . '/.caffrc';
-         -f $config or die "No file $config present.  See caff(1).\n";
+         unless (-f $config) {
+                 print "No configfile $config present, I will use this template:\n";
+                 my $template = generate_config();
+                 print "$template\nPlease edit $config and run caff again.\n";
+                 open F, ">$config" or die "$config: $!";
+                 print F $template;
+                 close F;
+                 exit(1);
+         }
          unless (scalar eval `cat $config`) {
                  die "Couldn't parse $config: $EVAL_ERROR\n" if $EVAL_ERROR;
          };
          $CONFIG{'caffhome'}=$ENV{'HOME'}.'/.caff' unless defined $CONFIG{'caffhome'};
-         die ("owner is not defined.\n") unless defined $CONFIG{'owner'};
+         die ("$PROGRAM_NAME: owner is not defined in $config.\n") unless defined $CONFIG{'owner'};
-         die ("email is not defined.\n") unless defined $CONFIG{'email'};
+         die ("$PROGRAM_NAME: email is not defined in $config.\n") unless defined $CONFIG{'email'};
-         die ("keyid is not defined.\n") unless defined $CONFIG{'keyid'};
+         die ("$PROGRAM_NAME: keyid is not defined in $config.\n") unless defined $CONFIG{'keyid'};
-         die ("keyid is not an array ref\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
+         die ("$PROGRAM_NAME: keyid is not an array ref in $config.\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
          for my $keyid (@{$CONFIG{'keyid'}}) {
-                 $keyid =~ /^[A-F0-9]{16}$/i or die ("key $keyid is not a long (16 digit) keyid.\n");
+                 $keyid =~ /^[A-F0-9]{16}$/i or die ("$PROGRAM_NAME: key $keyid is not a long (16 digit) keyid in $config.\n");
          };
          @{$CONFIG{'keyid'}} = map { uc } @{$CONFIG{'keyid'}};
          $CONFIG{'export-sig-age'}= 24*60*60 unless defined $CONFIG{'export-sig-age'};
-Line 279 
 sub load_config() {
+Line 419 
 sub load_config() {
          $CONFIG{'gpg'} = 'gpg' unless defined $CONFIG{'gpg'};
          $CONFIG{'gpg-sign'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-sign'};
          $CONFIG{'gpg-delsig'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-delsig'};
+         check_executable("gpg", $CONFIG{'gpg'});
+         check_executable("gpg-sign", $CONFIG{'gpg-sign'});
+         check_executable("gpg-delsig", $CONFIG{'gpg-delsig'});
          $CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
          $CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
          $CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
+         $CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
          $CONFIG{'mail-template'} = <<'EOM' unless defined $CONFIG{'mail-template'};
  Hi,
-Line 306 
 Regards,
+Line 450 
 Regards,
  EOM
  };
- sub notice($) {
-         my ($line) = @_;
-         print "[NOTICE] $line\n";
- };
- sub info($) {
-         my ($line) = @_;
-         print "[INFO] $line\n";
- };
- sub debug($) {
-         my ($line) = @_;
-         #print "[DEBUG] $line\n";
- };
- sub trace($) {
-         my ($line) = @_;
-         #print "[trace] $line\n";
- };
- sub trace2($) {
-         my ($line) = @_;
-         #print "[trace2] $line\n";
- };
  sub make_gpg_fds() {
          my %fds = (
                  stdin => IO::Handle->new(),
-Line 438 
 sub readwrite_gpg($$$$$%) {
+Line 561 
 sub readwrite_gpg($$$$$%) {
  sub ask($$;$$) {
          my ($question, $default, $forceyes, $forceno) = @_;
-         return $default if $forceyes and $forceno;
-         return 1 if $forceyes;
-         return 0 if $forceno;
          my $answer;
+         my $yn = $default ? '[Y/n]' : '[y/N]';
          while (1) {
-                 print $question,' ',($default ? '[Y/n]' : '[y/N]'), ' ';
+                 print $question,' ',$yn, ' ';
+                 if ($forceyes && $forceno) {
+                         print "$default (from config/command line)\n";
+                         return $default;
+                 };
+                 if ($forceyes) {
+                         print "YES (from config/command line)\n";
+                         return 1;
+                 };
+                 if ($forceno) {
+                         print "NO (from config/command line)\n";
+                         return 0;
+                 };
                  $answer = <STDIN>;
+                 if (!defined $answer) {
+                         $OUTPUT_AUTOFLUSH = 1;
+                         die "\n\n".
+                             "End of STDIN reached.  Are you using xargs?  Caff wants to read from STDIN,\n".
+                             "so you can't really use it with xargs.  A patch against caff to read from\n".
+                             "the terminal would be appreciated.\n".
+                             "For now instead of   cat keys | xargs caff  do  caff `cat keys`\n";
+                 };
                  chomp $answer;
-                 last if ((defined $answer) && (length $answer <= 1));
+                 last if ((length $answer == 0) || ($answer =~ m/^[yYnN]$/) );
-                 print "grrrrrr.\n";
+                 print "What about $yn is so hard to understand?\nAnswer with either 'n' or 'y' or just press enter for the default.\n";
                  sleep 1;
          };
          my $result = $default;
-Line 578 
 sub send_mail($$$@) {
+Line 720 
 sub send_mail($$$@) {
                          Type        => "application/pgp-keys",
                          Disposition => 'attachment',
                          Encoding    => "7bit",
-                         Description => "PGP Key 0x$key_id, uid ".($key->{'text'}).' ('.($key->{'serial'}).')',
+                         Description => "PGP Key 0x$key_id, uid ".($key->{'text'}).' ('.($key->{'serial'}).'), signed by 0x'.$CONFIG{'keyid'}[0],
                          Data        => $key->{'key'},
-                         Filename    => "0x$key_id.".$key->{'serial'}.".asc");
+                         Filename    => "0x$key_id.".$key->{'serial'}.".signed-by-0x".$CONFIG{'keyid'}[0].".asc");
          };
          if ($can_encrypt) {
-Line 605 
 sub send_mail($$$@) {
+Line 747 
 sub send_mail($$$@) {
                  $message = $stdout;
                  $message_entity = MIME::Entity->build(
-                         Type        => 'multipart/encrypted; protocol="application/pgp-encrypted"');
+                         Type        => 'multipart/encrypted; protocol="application/pgp-encrypted"',
+                         Encoding    => '7bit');
                  $message_entity->attach(
                          Type        => "application/pgp-encrypted",
-Line 624 
 sub send_mail($$$@) {
+Line 767 
 sub send_mail($$$@) {
          $message_entity->head->add("Subject", "Your signed PGP key 0x$key_id");
          $message_entity->head->add("To", $address);
          $message_entity->head->add("From", '"'.$CONFIG{'owner'}.'" <'.$CONFIG{'email'}.'>');
+         $message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined $CONFIG{'reply-to'};
          $message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined $CONFIG{'bcc'};
          $message_entity->head->add("User-Agent", $USER_AGENT);
          $message_entity->send();
-Line 707 
 if (!GetOptions (
+Line 851 
 if (!GetOptions (
          '--no-download'   =>  \$params->{'no-download'},
          '-S'              =>  \$params->{'no-sign'},
          '--no-sign'       =>  \$params->{'no-sign'},
+         '--key-file=s@'   =>  \$params->{'key-files'},
          )) {
          usage(\*STDERR, 1);
  };
-Line 748 
 $CONFIG{'no-download'} = $params->{'no-d
+Line 893 
 $CONFIG{'no-download'} = $params->{'no-d
  $CONFIG{'no-mail'}     = $params->{'no-mail'}     if defined $params->{'no-mail'};
  $CONFIG{'mail'}        = $params->{'mail'}        if defined $params->{'mail'};
  $CONFIG{'no-sign'}     = $params->{'no-sign'}     if defined $params->{'no-sign'};
+ push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
  #################
-Line 783 
 for my $keyid (@{$CONFIG{'keyid'}}) {
+Line 929 
 for my $keyid (@{$CONFIG{'keyid'}}) {
          }
  }
+ ########################
+ # import keys from files
+ ########################
+ foreach my $keyfile (@{$CONFIG{'key-files'}}) {
+     my $gpg = GnuPG::Interface->new();
+     $gpg->call( $CONFIG{'gpg'} );
+     $gpg->options->hash_init('homedir' => $GNUPGHOME);
+     $gpg->options->meta_interactive( 0 );
+     my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+     my $pid = $gpg->import_keys(handles => $handles, command_args => $keyfile);
+     my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+     info ("Importing keys from $keyfile");
+     waitpid $pid, 0;
+     if ($status !~ /^\[GNUPG:\] IMPORT_OK/m) {
+         warn $stderr;
+     }
+ }
  #############################
  # receive keys from keyserver
  #############################
-Line 808 
 if ($CONFIG{'no-download'}) {
+Line 972 
 if ($CONFIG{'no-download'}) {
  # [GNUPG:] NODATA 1
  # [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039
          my %local_keyids = map { $_ => 1 } @KEYIDS;
+         my $had_v3_keys = 0;
          for my $line (split /\n/, $status) {
                  if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{40})/) {
                          my $imported_key = $1;
-Line 826 
 if ($CONFIG{'no-download'}) {
+Line 991 
 if ($CONFIG{'no-download'}) {
                          delete $local_keyids{$speced_key};
                          unshift @keyids_ok, $imported_key;
                  } elsif ($line =~ /^\[GNUPG:\] (NODATA|IMPORT_RES|IMPORTED) /) {
+                 } elsif ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{32})/) {
+                         my $imported_key = $1;
+                         notice ("Imported key $1 is a version 3 key.  Version 3 keys are obsolete, should not be used, and are not and will not be properly supported.");
+                         $had_v3_keys = 1;
                  } else {
                          notice ("got unknown reply from gpg: $line");
                  }
          };
          if (scalar %local_keyids) {
-                 notice ("Import failed for: ". (join ' ', keys %local_keyids).".");
+                 notice ("Import failed for: ". (join ' ', keys %local_keyids)."." . ($had_v3_keys ? " (Or maybe it's one of those ugly v3 keys?)" :  ""));
                  exit 1 unless ask ("Some keys could not be imported - continue anyway?", 0);
          }
  };
-Line 1083 
 for my $keyid (@keyids_ok) {
+Line 1252 
 for my $keyid (@keyids_ok) {
                          if (!$uid->{'is_uat'} && ($uid->{'text'} =~ /@/)) {
                                  my $address = $uid->{'text'};
                                  $address =~ s/.*<(.*)>.*/$1/;
-                                 if (ask("Send signature for $uid->{'text'} to '$address'?", 1, $CONFIG{'mail'})) {
+                                 if (ask("Mail signature for $uid->{'text'} to '$address'?", 1, $CONFIG{'mail'})) {
                                          my $mail = send_mail($address, $can_encrypt, $longkeyid, $uid, @attached);
                                          my $keydir = "$KEYSBASE/$DATE_STRING";

 Legend:



Removed from v.133
 


changed lines


 
Added in v.266
 Legend:



Removed from v.133
 


changed lines


 
Added in v.266
-Removed from v.133
+Added in v.266

	ViewVC Help
Powered by ViewVC 1.1.5