[Pkg-privacy-commits] [Git][pkg-privacy-team/monkeysphere][master] 3 commits: drop keytrans listfprs subcommand
Daniel Kahn Gillmor
dkg at debian.org
Fri May 10 23:13:56 BST 2019
Daniel Kahn Gillmor pushed to branch master at Privacy Maintainers / monkeysphere
Commits:
3deb4f95 by Daniel Kahn Gillmor at 2019-05-10T21:53:06Z
drop keytrans listfprs subcommand
This is no longer being used, we can rip it out.
- - - - -
790e53df by Daniel Kahn Gillmor at 2019-05-10T22:03:56Z
drop keytrans openpgp2sshfpr subcommand
- - - - -
54ce0b7f by Daniel Kahn Gillmor at 2019-05-10T22:10:54Z
Remove keytrans sshfpr subcommand
Now that we're depending on ssh-keygen, we can just ask it to do the
fingerprinting directly.
This removes all the unsupported/unmaintained subcommands from
keytrans, and leaves monkeysphere dependent only on the documented
interfaces of keytrans (pem2openpgp, in particular, as well as
openpgp2ssh in examples/make-x509-certreqs).
- - - - -
4 changed files:
- src/monkeysphere
- src/share/keytrans
- src/share/m/ssh_proxycommand
- tests/keytrans
Changes:
=====================================
src/monkeysphere
=====================================
@@ -279,7 +279,7 @@ case $COMMAND in
'sshfprs-for-userid')
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
source "${MSHAREDIR}/keys_for_userid"
- keys_for_userid "$@" | "$SYSSHAREDIR/keytrans" sshfpr
+ keys_for_userid "$@" | ssh-keygen -l -f - | awk '{ print $2 }'
;;
'keys-from-userid')
=====================================
src/share/keytrans
=====================================
@@ -212,24 +212,6 @@ sub simple_checksum {
}
-# calculate/print the fingerprint of an openssh-style keyblob:
-
-sub sshfpr {
- sshfpr_sha256(shift);
-}
-
-sub sshfpr_md5 {
- my $keyblob = shift;
- use Digest::MD5;
- return 'MD5:'.join(':', map({unpack("H*", $_)} split('', Digest::MD5::md5($keyblob))));
-}
-
-sub sshfpr_sha256 {
- my $keyblob = shift;
- use Digest::SHA;
- return 'SHA256:'.Digest::SHA::sha256_base64($keyblob);
-}
-
# calculate the multiplicative inverse of a mod b this is euclid's
# extended algorithm. For more information see:
# https://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the
@@ -854,23 +836,6 @@ sub findkeyfprs {
}
};
-sub getallprimarykeys {
- my $instr = shift;
-
- my $subs = { $packet_types->{pubkey} => \&findkeyfprs,
- $packet_types->{seckey} => \&findkeyfprs,
- };
- my $data = {target => { } };
-
- packetwalk($instr, $subs, $data);
-
- if (defined $data->{keys}) {
- return $data->{keys};
- } else {
- return {};
- }
-}
-
sub packetwalk {
my $instr = shift;
my $subs = shift;
@@ -1029,40 +994,7 @@ for (basename($0)) {
elsif (/^keytrans$/) {
# subcommands when keytrans is invoked directly are UNSUPPORTED,
# UNDOCUMENTED, and WILL NOT BE MAINTAINED.
- my $subcommand = shift;
- for ($subcommand) {
- if (/^listfprs$/) {
- my $instream;
- open($instream,'-');
- binmode($instream, ":bytes");
- my $keys = getallprimarykeys($instream);
- printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys})));
- } elsif (/^sshfpr$/) {
- use MIME::Base64;
- while (<STDIN>) {
- my ($dummy,$b64keyblob) = split(/ /, $_);
- printf("%s\n", sshfpr(decode_base64($b64keyblob)));
- }
- } elsif (/^openpgp2sshfpr$/) {
- my $fpr = shift;
- my $instream;
- open($instream,'-');
- binmode($instream, ":bytes");
- my $key = openpgp2rsa($instream, $fpr);
- if (defined($key)) {
- # openssh uses MD5 for key fingerprints:
- printf("%d %s %s\n",
- $key->size() * 8, # size() is in bytes -- we want bits
- sshfpr(openssh_pubkey_pack($key)),
- '(RSA)', # FIXME when we support other than RSA.
- );
- } else {
- die "No matching key found.\n";
- }
- } else {
- die "Unrecognized subcommand. keytrans subcommands are not a stable interface!\n";
- }
- }
+ die "Unrecognized subcommand. keytrans subcommands are not a stable interface!\n";
}
else {
die "Unrecognized keytrans call.\n";
=====================================
src/share/m/ssh_proxycommand
=====================================
@@ -153,7 +153,7 @@ show_key_info() {
local otherUids
# get the ssh key of the gpg key
- sshFingerprint=$(gpg2ssh "$keyid" | "$SYSSHAREDIR/keytrans" sshfpr)
+ sshFingerprint=$(gpg2ssh "$keyid" | ssh-keygen -l -f - | awk '{ print $2 }')
# get the sigs for the matching key
gpgSigOut=$(gpg_user --check-sigs \
=====================================
tests/keytrans
=====================================
@@ -145,7 +145,7 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \
PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \
< "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg
-NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs)
+NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg gpg --with-colons --import-options import-show --dry-run --import | awk -F: '/^fpr:/{ print $10 }' )
NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40)
< "$TEMPDIR"/newkey.gpg gpg --import
@@ -166,14 +166,6 @@ EOF
echo "test: diff expected gpg list output"
diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | cut -d: -f1-16 | sed 's/:*$//')
-sort >"$TEMPDIR"/expectedout <<EOF
-$KEYFPR
-$NEWKEYFPR
-EOF
-
-echo "test: diff expected keytrans listfpr output"
-diff -u "$TEMPDIR"/expectedout <( gpg --export-secret-keys | keytrans listfprs | sort )
-
## FIXME: addtest: not testing subkeys at the moment.
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/96d97ca1894b838b82e078368ef44a8863eca151...54ce0b7febc075981f86441da68334054d652ac1
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/96d97ca1894b838b82e078368ef44a8863eca151...54ce0b7febc075981f86441da68334054d652ac1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20190510/81c97ebf/attachment-0001.html>
More information about the Pkg-privacy-commits
mailing list