Line 0
Link Here
|
|
|
1 |
--- examples/make-x509-certreqs.orig 2016-12-03 04:25:41 UTC |
2 |
+++ examples/make-x509-certreqs |
3 |
@@ -69,12 +69,12 @@ EOF |
4 |
gencertreq() { |
5 |
keyid="$1" |
6 |
|
7 |
- timestamp=$(gpg --fixed-list-mode --with-colons --list-keys "0x$keyid!" | grep ^pub: | cut -f6 -d:) |
8 |
+ timestamp=$(gpg2 --fixed-list-mode --with-colons --list-keys "0x$keyid!" | grep ^pub: | cut -f6 -d:) |
9 |
|
10 |
san='' |
11 |
primary='' |
12 |
# find all the $proto-using User IDs: |
13 |
- uids=$(gpg --fixed-list-mode --with-colons --list-keys "0x$keyid!" | \ |
14 |
+ uids=$(gpg2 --fixed-list-mode --with-colons --list-keys "0x$keyid!" | \ |
15 |
grep '^uid:' | cut -f10 -d: | \ |
16 |
grep '^'"${proto}"'\\x3a//' | \ |
17 |
sed -r -e 's!^'"${proto}"'\\x3a//!!' -e 's!:[0-9]+$!!') |
18 |
@@ -83,7 +83,7 @@ gencertreq() { |
19 |
printf "Certificate Request for TLS WWW server %s\n[OpenPGP key %s]\n" "$primary" "$keyid" |
20 |
openssl req -text -new \ |
21 |
-config <(get_openssl_config "$timestamp" "$uids") \ |
22 |
- -key <(gpg --export-secret-key "$keyid" | openpgp2ssh "$keyid") \ |
23 |
+ -key <(gpg2 --export-secret-key "$keyid" | openpgp2ssh "$keyid") \ |
24 |
-subj "/CN=${primary}/" |
25 |
} |
26 |
|
27 |
@@ -92,6 +92,6 @@ export GNUPGHOME=/var/lib/monkeysphere/h |
28 |
# default to looking for https keys. |
29 |
proto="${1:-https}" |
30 |
|
31 |
-for fpr in $(gpg --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }'); do |
32 |
+for fpr in $(gpg2 --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }'); do |
33 |
gencertreq "$fpr" |
34 |
done |
35 |
--- examples/monkeysphere-monitor-keys.orig 2016-12-03 04:25:41 UTC |
36 |
+++ examples/monkeysphere-monitor-keys |
37 |
@@ -31,7 +31,7 @@ |
38 |
|
39 |
# FIXME: does this handle revocations and re-keying? if a sysadmin |
40 |
# switches over to this arrangement, how will the system check for |
41 |
-# revocations? Scheduling a simple gpg --refresh should handle |
42 |
+# revocations? Scheduling a simple gpg2 --refresh should handle |
43 |
# revocations. I'm not sure how to best handle re-keyings. |
44 |
|
45 |
use strict; |
46 |
monkeysphere is currently written to use gnupg 2.1 or later and the |
47 |
freebsd security/gnupg port installs the program named gpg2. |
48 |
|
49 |
--- src/monkeysphere.orig 2016-12-03 04:25:41 UTC |
50 |
+++ src/monkeysphere |
51 |
@@ -62,7 +62,7 @@ EOF |
52 |
|
53 |
# user gpg command to define common options |
54 |
gpg_user() { |
55 |
- LC_ALL=C "${GPG:-gpg}" --fixed-list-mode --no-greeting --quiet --no-tty "$@" |
56 |
+ LC_ALL=C "${GPG:-gpg2}" --fixed-list-mode --no-greeting --quiet --no-tty "$@" |
57 |
} |
58 |
|
59 |
# output the ssh fingerprint of a gpg key |
60 |
@@ -92,7 +92,7 @@ check_gpg_sec_key_id() { |
61 |
case $(echo "$gpgSecOut" | grep -c '^sec:') in |
62 |
0) |
63 |
failure "No secret keys found. Create an OpenPGP key with the following command: |
64 |
- gpg --gen-key" |
65 |
+ gpg2 --gen-key" |
66 |
;; |
67 |
1) |
68 |
echo "$gpgSecOut" | cut -d: -f5 |
69 |
--- src/monkeysphere-authentication.orig 2016-12-03 04:25:41 UTC |
70 |
+++ src/monkeysphere-authentication |
71 |
@@ -73,7 +73,7 @@ gpg_core() { |
72 |
GNUPGHOME="$GNUPGHOME_CORE" |
73 |
export GNUPGHOME |
74 |
|
75 |
- gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@" |
76 |
+ gpg2 --fixed-list-mode --no-greeting --quiet --no-tty "$@" |
77 |
} |
78 |
|
79 |
# function to interact with the gpg sphere keyring |
80 |
@@ -81,7 +81,7 @@ gpg_sphere() { |
81 |
GNUPGHOME="$GNUPGHOME_SPHERE" |
82 |
export GNUPGHOME |
83 |
|
84 |
- su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@" |
85 |
+ su_monkeysphere_user gpg2 --fixed-list-mode --no-greeting --quiet --no-tty "$@" |
86 |
} |
87 |
|
88 |
check_openpgp2ssh_sanity() { |
89 |
--- src/monkeysphere-host.orig 2016-12-03 04:25:41 UTC |
90 |
+++ src/monkeysphere-host |
91 |
@@ -71,7 +71,7 @@ EOF |
92 |
|
93 |
# function to interact with the gpg keyring |
94 |
gpg_host() { |
95 |
- GNUPGHOME="$GNUPGHOME_HOST" LC_ALL=C gpg --no-auto-check-trustdb --trust-model=always --no-greeting --quiet --no-tty --fixed-list-mode "$@" |
96 |
+ GNUPGHOME="$GNUPGHOME_HOST" LC_ALL=C gpg2 --no-auto-check-trustdb --trust-model=always --no-greeting --quiet --no-tty --fixed-list-mode "$@" |
97 |
} |
98 |
|
99 |
# list the info about the a key, in colon format, to stdout |
100 |
@@ -297,10 +297,10 @@ show_key() { |
101 |
trap cleanup EXIT |
102 |
|
103 |
# import the host key into the tmp dir |
104 |
- gpg --quiet --import <"$HOST_KEY_FILE" |
105 |
+ gpg2 --quiet --import <"$HOST_KEY_FILE" |
106 |
|
107 |
# get the gpg fingerprint |
108 |
- if gpg --quiet --list-keys \ |
109 |
+ if gpg2 --quiet --list-keys \ |
110 |
--with-colons --with-fingerprint "$id" \ |
111 |
| awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }' > "$GNUPGHOME"/fingerprint ; then |
112 |
fingerprint=$(cat "$GNUPGHOME"/fingerprint) |
113 |
@@ -311,13 +311,13 @@ show_key() { |
114 |
# list the host key info |
115 |
# FIXME: make no-show-keyring work so we don't have to do the grep'ing |
116 |
# FIXME: can we show uid validity somehow? |
117 |
- gpg --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \ |
118 |
+ gpg2 --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \ |
119 |
| egrep -v "^${GNUPGHOME}/pubring.(gpg|kbx)$" \ |
120 |
| egrep -v '^-+$' \ |
121 |
| grep -v '^$' |
122 |
|
123 |
# list revokers, if there are any |
124 |
- revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$fingerprint" \ |
125 |
+ revokers=$(gpg2 --list-keys --with-colons --fixed-list-mode "$fingerprint" \ |
126 |
| awk -F: '/^rvk:/{ print $10 }' ) |
127 |
if [ "$revokers" ] ; then |
128 |
echo "The following keys are allowed to revoke this host key:" |
129 |
@@ -331,7 +331,7 @@ show_key() { |
130 |
|
131 |
# list the ssh fingerprint |
132 |
printf "ssh fingerprint: %s\n" \ |
133 |
- "$(gpg --export --no-armor "$fingerprint" 2>/dev/null | "$SYSSHAREDIR/keytrans" openpgp2sshfpr "$fingerprint")" |
134 |
+ "$(gpg2 --export --no-armor "$fingerprint" 2>/dev/null | "$SYSSHAREDIR/keytrans" openpgp2sshfpr "$fingerprint")" |
135 |
|
136 |
# remove the tmp file |
137 |
trap - EXIT |
138 |
--- src/share/common.orig 2016-12-03 04:25:41 UTC |
139 |
+++ src/share/common |
140 |
@@ -490,7 +490,7 @@ gpg2ssh() { |
141 |
|
142 |
keyID="$1" |
143 |
|
144 |
- gpg --export --no-armor "$keyID" | openpgp2ssh "$keyID" 2>/dev/null |
145 |
+ gpg2 --export --no-armor "$keyID" | openpgp2ssh "$keyID" 2>/dev/null |
146 |
} |
147 |
|
148 |
# output known_hosts line from ssh key |
149 |
@@ -596,7 +596,7 @@ gpg2authorized_keys() { |
150 |
|
151 |
# script to determine if gpg version is equal to or greater than specified version |
152 |
is_gpg_version_greater_equal() { |
153 |
- local gpgVersion=$(gpg --version | head -1 | awk '{ print $3 }') |
154 |
+ local gpgVersion=$(gpg2 --version | head -1 | awk '{ print $3 }') |
155 |
local latest=$(printf '%s\n%s\n' "$1" "$gpgVersion" \ |
156 |
| tr '.' ' ' | sort -g -k1 -k2 -k3 \ |
157 |
| tail -1 | tr ' ' '.') |
158 |
@@ -617,7 +617,7 @@ gpg_fetch_userid() { |
159 |
|
160 |
log verbose " checking keyserver $KEYSERVER... " |
161 |
foundkeyids="$(echo | \ |
162 |
- gpg --quiet --batch --with-colons \ |
163 |
+ gpg2 --quiet --batch --with-colons \ |
164 |
--command-fd 0 --keyserver "$KEYSERVER" \ |
165 |
--search ="$userID" 2>/dev/null)" |
166 |
returnCode="$?" |
167 |
@@ -632,7 +632,7 @@ $foundkeyids |
168 |
foundkeyids="$(printf "%s" "$foundkeyids" | grep '^pub:' | cut -f2 -d: | sed 's/^/0x/')" |
169 |
log verbose " Found keyids on keyserver: $(printf "%s" "$foundkeyids" | tr '\n' ' ')" |
170 |
if [ -n "$foundkeyids" ]; then |
171 |
- echo | gpg --quiet --batch --with-colons \ |
172 |
+ echo | gpg2 --quiet --batch --with-colons \ |
173 |
--command-fd 0 --keyserver "$KEYSERVER" \ |
174 |
--recv-keys $foundkeyids &>/dev/null |
175 |
returnCode="$?" |
176 |
@@ -688,7 +688,7 @@ process_user_id() { |
177 |
gpg_fetch_userid "$userID" |
178 |
|
179 |
# output gpg info for (exact) userid and store |
180 |
- gpgOut=$(gpg --list-key --fixed-list-mode --with-colons \ |
181 |
+ gpgOut=$(gpg2 --list-key --fixed-list-mode --with-colons \ |
182 |
--with-fingerprint --with-fingerprint \ |
183 |
="$userID" 2>/dev/null) || returnCode="$?" |
184 |
|
185 |
@@ -957,8 +957,8 @@ list_primary_fingerprints() { |
186 |
rm -rf "$fake" |
187 |
} |
188 |
trap cleanup EXIT |
189 |
- GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null |
190 |
- GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ |
191 |
+ GNUPGHOME="$fake" gpg2 --no-tty --quiet --import --ignore-time-conflict 2>/dev/null |
192 |
+ GNUPGHOME="$fake" gpg2 --with-colons --fingerprint --list-keys | \ |
193 |
awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }' |
194 |
trap - EXIT |
195 |
cleanup |
196 |
@@ -976,8 +976,8 @@ get_cert_info() { |
197 |
fi |
198 |
rm -rf "$fake" |
199 |
} |
200 |
- GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null |
201 |
- GNUPGHOME="$fake" gpg --with-colons --fingerprint --fixed-list-mode --list-keys "$1" |
202 |
+ GNUPGHOME="$fake" gpg2 --no-tty --quiet --import --ignore-time-conflict 2>/dev/null |
203 |
+ GNUPGHOME="$fake" gpg2 --with-colons --fingerprint --fixed-list-mode --list-keys "$1" |
204 |
trap - EXIT |
205 |
cleanup |
206 |
} |
207 |
--- src/share/keytrans.orig 2016-12-21 22:24:44 UTC |
208 |
+++ src/share/keytrans |
209 |
@@ -20,7 +20,7 @@ |
210 |
|
211 |
# Usage: |
212 |
|
213 |
-# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import |
214 |
+# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg2 --import |
215 |
|
216 |
|
217 |
|
218 |
@@ -35,7 +35,7 @@ |
219 |
|
220 |
# Example usage: |
221 |
|
222 |
-# gpg --export-secret-subkeys --export-options export-reset-subkey-passwd $KEYID | \ |
223 |
+# gpg2 --export-secret-subkeys --export-options export-reset-subkey-passwd $KEYID | \ |
224 |
# openpgp2ssh $KEYID | ssh-add /dev/stdin |
225 |
|
226 |
|
227 |
--- src/share/m/gen_subkey.orig 2016-12-03 04:25:41 UTC |
228 |
+++ src/share/m/gen_subkey |
229 |
@@ -46,7 +46,7 @@ Type '$PGRM help' for usage." |
230 |
|
231 |
# determine which keyType to use from gpg version |
232 |
keyType=7 |
233 |
- case $(gpg --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in |
234 |
+ case $(gpg2 --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in |
235 |
1) |
236 |
if is_gpg_version_greater_equal 1.4.10 ; then |
237 |
keyType=8 |
238 |
--- src/share/m/ssh_proxycommand.orig 2016-12-03 04:25:41 UTC |
239 |
+++ src/share/m/ssh_proxycommand |
240 |
@@ -301,7 +301,7 @@ EOF |
241 |
|
242 |
log info <<EOF |
243 |
Run the following command for more info about the found keys: |
244 |
-gpg --check-sigs --list-options show-uid-validity =${userID} |
245 |
+gpg2 --check-sigs --list-options show-uid-validity =${userID} |
246 |
EOF |
247 |
|
248 |
# FIXME: should we do anything extra here if the retrieved |
249 |
--- src/share/m/subkey_to_ssh_agent.orig 2016-12-03 04:25:41 UTC |
250 |
+++ src/share/m/subkey_to_ssh_agent |
251 |
@@ -54,7 +54,7 @@ subkey_to_ssh_agent() { |
252 |
|
253 |
if [ -z "$secretkeys" ]; then |
254 |
failure "You have no secret keys in your keyring! |
255 |
-You might want to run 'gpg --gen-key'." |
256 |
+You might want to run 'gpg2 --gen-key'." |
257 |
fi |
258 |
|
259 |
# $2 regex means "is some kind of valid, or at least not invalid" |
260 |
--- src/share/mh/add_revoker.orig 2016-12-03 04:25:41 UTC |
261 |
+++ src/share/mh/add_revoker |
262 |
@@ -71,12 +71,12 @@ else |
263 |
|
264 |
# download the key from the keyserver as the monkeysphere user |
265 |
log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..." |
266 |
- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \ |
267 |
+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \ |
268 |
|| failure "Could not receive a key with this ID from keyserver '$KEYSERVER'." |
269 |
|
270 |
# get the full fingerprint of new revoker key |
271 |
log debug "getting fingerprint of revoker key..." |
272 |
- fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \ |
273 |
+ fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --list-key --with-colons --with-fingerprint "${revokerKeyID}" \ |
274 |
| awk -F: '/^fpr:/{ if (ok) { print $10 }; ok=0 } /^pub:/{ ok=1 }') |
275 |
|
276 |
# test that there is only a single fingerprint |
277 |
@@ -90,7 +90,7 @@ EOF |
278 |
fi |
279 |
|
280 |
log info "revoker key found:" |
281 |
- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!" |
282 |
+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --fingerprint "0x${fingerprint}!" |
283 |
|
284 |
if [ "$PROMPT" = "true" ] ; then |
285 |
printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2 |
286 |
@@ -104,7 +104,7 @@ EOF |
287 |
|
288 |
# export the new key to the host keyring |
289 |
log debug "loading revoker key into host keyring..." |
290 |
- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \ |
291 |
+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --quiet --export "0x${fingerprint}!" \ |
292 |
| gpg_host --import |
293 |
fi |
294 |
|
295 |
--- src/share/mh/publish_key.orig 2016-12-03 04:25:41 UTC |
296 |
+++ src/share/mh/publish_key |
297 |
@@ -46,7 +46,7 @@ trap cleanup EXIT |
298 |
|
299 |
# import the key into the tmp dir |
300 |
su_monkeysphere_user \ |
301 |
- gpg --quiet --import <"$HOST_KEY_FILE" |
302 |
+ gpg2 --quiet --import <"$HOST_KEY_FILE" |
303 |
|
304 |
ANCHORFILE="" |
305 |
for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do |
306 |
@@ -59,7 +59,7 @@ done |
307 |
# publish key |
308 |
log debug "publishing key with the following gpg command line and options:" |
309 |
su_monkeysphere_user \ |
310 |
- gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!" |
311 |
+ gpg2 --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!" |
312 |
|
313 |
# remove the tmp file |
314 |
trap - EXIT |
315 |
--- src/share/mh/revoke_key.orig 2016-12-03 04:25:41 UTC |
316 |
+++ src/share/mh/revoke_key |
317 |
@@ -72,11 +72,11 @@ y |
318 |
else |
319 |
# note: we're not using the gpg_host function because we actually |
320 |
# want to use gpg's UI in this case, so we want to omit --no-tty |
321 |
- revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \ |
322 |
+ revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg2 --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \ |
323 |
|| failure "Failed to generate revocation certificate!" |
324 |
fi |
325 |
|
326 |
- # if you run gpg --gen-revoke but cancel it or quit in the middle, |
327 |
+ # if you run gpg2 --gen-revoke but cancel it or quit in the middle, |
328 |
# it returns success, but emits no revocation certificate: |
329 |
if ! [ "$revcert" ] ; then |
330 |
failure "Revocation canceled." |
331 |
@@ -94,9 +94,9 @@ y |
332 |
printf "Not publishing.\n" >&2 |
333 |
else |
334 |
local newhome=$(msmktempdir) |
335 |
- GNUPGHOME="$newhome" gpg --no-tty --quiet --import < "$HOST_KEY_FILE" |
336 |
- GNUPGHOME="$newhome" gpg --no-tty --quiet --import <<< "$revcert" |
337 |
- GNUPGHOME="$newhome" gpg --keyserver "$KEYSERVER" --send "0x${keyID}!" |
338 |
+ GNUPGHOME="$newhome" gpg2 --no-tty --quiet --import < "$HOST_KEY_FILE" |
339 |
+ GNUPGHOME="$newhome" gpg2 --no-tty --quiet --import <<< "$revcert" |
340 |
+ GNUPGHOME="$newhome" gpg2 --keyserver "$KEYSERVER" --send "0x${keyID}!" |
341 |
rm -rf "$newhome" |
342 |
fi |
343 |
fi |
344 |
--- src/transitions/0.23.orig 2016-12-21 22:24:44 UTC |
345 |
+++ src/transitions/0.23 |
346 |
@@ -72,7 +72,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; the |
347 |
# get the old host keygrip (don't know why there would be more |
348 |
# than one, but we'll transfer all tsigs made by any key that |
349 |
# had been given ultimate ownertrust): |
350 |
- for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export-ownertrust | \ |
351 |
+ for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export-ownertrust | \ |
352 |
grep ':6:$' | \ |
353 |
sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do |
354 |
|
355 |
@@ -88,7 +88,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; the |
356 |
# one of those certifications (even if later |
357 |
# certifications had different parameters). |
358 |
|
359 |
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \ |
360 |
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \ |
361 |
cut -f 1,2,5,8,9,10 -d: | \ |
362 |
egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ |
363 |
while IFS=: read -r type validity grip trustparams trustdomain fpr ; do |
364 |
@@ -130,7 +130,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; the |
365 |
|
366 |
CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX) |
367 |
log "Adding identity certifier with fingerprint %s\n" "$keyfpr" |
368 |
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY" |
369 |
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY" |
370 |
MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY" |
371 |
rm -f "$CERTKEY" |
372 |
# clear the fingerprint so that we don't |
373 |
@@ -150,9 +150,9 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; the |
374 |
log "Not transferring host key info because host directory already exists.\n" |
375 |
else |
376 |
if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \ |
377 |
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then |
378 |
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then |
379 |
|
380 |
- FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' ) |
381 |
+ FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' ) |
382 |
|
383 |
# create host home |
384 |
mkdir -p $(dirname "$MHDATADIR") |
385 |
@@ -169,12 +169,12 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; the |
386 |
# FIXME: if all self-sigs are expired, then the secret key import may |
387 |
# fail anyway. How should we deal with that? |
388 |
|
389 |
- if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export-secret-keys && \ |
390 |
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export "$FPR") | \ |
391 |
- GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --import ; then |
392 |
+ if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export-secret-keys && \ |
393 |
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export "$FPR") | \ |
394 |
+ GNUPGHOME="$NEWDATADIR" gpg2 --quiet --no-tty --import ; then |
395 |
: we are in good shape! |
396 |
else |
397 |
- if ! GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --list-secret-key >/dev/null ; then |
398 |
+ if ! GNUPGHOME="$NEWDATADIR" gpg2 --quiet --no-tty --list-secret-key >/dev/null ; then |
399 |
log "The old host key (%s) was not imported properly.\n" "$FPR" |
400 |
exit 1 |
401 |
fi |
402 |
@@ -204,7 +204,7 @@ fi |
403 |
if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then |
404 |
|
405 |
GNUPGHOME="${SYSDATADIR}/gnupg-authentication" \ |
406 |
- gpg --quiet --no-tty --no-permission-warning --export 2>/dev/null | \ |
407 |
+ gpg2 --quiet --no-tty --no-permission-warning --export 2>/dev/null | \ |
408 |
monkeysphere-authentication gpg-cmd --import 2>/dev/null || \ |
409 |
log "No OpenPGP certificates imported into monkeysphere-authentication trust sphere.\n" |
410 |
|