[git] GnuPG - branch, master, updated. gnupg-2.1.9-106-gcd2d685
by Neal H. Walfield
cvs at cvs.gnupg.org
Thu Nov 5 13:59:57 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via cd2d685230ecafb7df504ef2b16cf1ec9a014300 (commit)
via 2b27acc3435e73fad7460b551a36b4064cdd58be (commit)
from 6897bbf1aa9bf0a61b186ea1a9bcb463fb1fd10e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cd2d685230ecafb7df504ef2b16cf1ec9a014300
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Nov 5 13:59:33 2015 +0100
tools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg.
* tools/gpgkey2ssh.c (main): Add support for --help. Replace the most
gratuitous asserts with error messages. Invoke gpg2, not gpg.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Debian-bug-id: 380241
diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
index d22c5ac..2054150 100644
--- a/tools/gpgkey2ssh.c
+++ b/tools/gpgkey2ssh.c
@@ -248,7 +248,7 @@ main (int argc, char **argv)
int algorithm_id;
pkdbuf_t *pkdbuf;
size_t pkdbuf_n;
- char *command;
+ char *command = NULL;
FILE *fp;
int ret;
gcry_error_t err;
@@ -263,21 +263,50 @@ main (int argc, char **argv)
algorithm_id = 0; /* (avoid cc warning) */
identifier = NULL; /* (avoid cc warning) */
- assert (argc == 2);
+ if (argc != 2)
+ {
+ fprintf (stderr, "Usage: %s KEYID\n", argv[0]);
+ exit (1);
+ }
+ if (strcmp (argv[1], "--help") == 0)
+ {
+ fprintf (stderr, "Usage: %s KEYID\n", argv[0]);
+ fprintf (stderr, "\n");
+ fprintf (stderr,
+ "Convert a gpg key to a format appropriate for inclusion in an\n"
+ "ssh authorized_keys file.\n");
+ exit (0);
+ }
keyid = argv[1];
- ret = asprintf (&command,
- "gpg --list-keys --with-colons --with-key-data '%s'",
- keyid);
- assert (ret > 0);
+ asprintf (&command,
+ "gpg2 --list-keys --with-colons --with-key-data '%s'",
+ keyid);
+ if (! command)
+ {
+ fprintf (stderr, "Out of memory.\n");
+ exit (1);
+ }
fp = popen (command, "r");
- assert (fp);
+ if (! fp)
+ {
+ fprintf (stderr, "Failed to running: '%s'\n", command);
+ exit (1);
+ }
err = retrieve_key_material (fp, keyid, &algorithm_id, &pkdbuf, &pkdbuf_n);
- assert (! err);
- assert ((algorithm_id == 1) || (algorithm_id == 17));
+ if (err)
+ {
+ fprintf (stderr, "Error looking up key: %s\n", gpg_strerror (err));
+ exit (1);
+ }
+ if (! ((algorithm_id == 1) || (algorithm_id == 17)))
+ {
+ fprintf (stderr, "Unsupported algorithm: %d\n", algorithm_id);
+ exit (1);
+ }
if (algorithm_id == 1)
{
commit 2b27acc3435e73fad7460b551a36b4064cdd58be
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Nov 5 13:57:32 2015 +0100
doc: Add documentation for gpgkey2ssh.
* doc/tools.texi: Add documentation for gpgkey2ssh.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Co-authored-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
GnuPG-bug-id: 1067
Debian-bug-id 380241
diff --git a/doc/tools.texi b/doc/tools.texi
index 425790e..bab0fe8 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -21,6 +21,7 @@ GnuPG comes with a couple of smaller tools:
* gpgparsemail:: Parse a mail message into an annotated format
* symcryptrun:: Call a simple symmetric encryption tool.
* gpg-zip:: Encrypt or sign files into an archive.
+* gpgkey2ssh:: Emit GPG public keys in OpenSSH format.
@end menu
@c
@@ -1893,3 +1894,73 @@ gpg-zip --list-archive test1
@command{tar}(1),
@end ifset
@include see-also-note.texi
+
+
+ at c
+ at c GPGKEY2SSH
+ at c
+ at manpage gpgkey2ssh.1
+ at node gpgkey2ssh
+ at section Emit GPG public keys in OpenSSH format
+ at ifset manverb
+.B gpgkey2ssh \- Emit GPG public keys in OpenSSH format
+ at end ifset
+
+ at mansect synopsis
+ at ifset manverb
+.B gpgkey2ssh
+.I keyid
+ at end ifset
+
+ at mansect description
+ at command{gpgkey2ssh} emits the public key of an OpenPGP RSA or DSA key
+in a format readable by OpenSSH clients and servers.
+
+It takes only a single argument, a key ID, which designates the
+primary key or subkey whose public key should be converted.
+
+The key ID should use upper-case (A-F, not a-f) for all hex digits
+greater than 9, and the key in question must be present in
+ at code{gpg}'s public keyring.
+
+The output of a successful run can be used verbatim as an entry in an
+ at code{authorized_keys} file for @code{sshd}, or can be prefixed with a
+host name and appended to a @code{known_hosts} file for @code{ssh}.
+
+ at mansect return value
+
+The program returns 0 if the key was successfully converted and
+non-zero if there was an error (e.g., if the key ID was malformed, the
+key was not present in the public keyring, or if the key is not an RSA
+or DSA key).
+
+ at mansect environment
+ at subsection Environment
+
+ at table @asis
+
+ at item HOME
+Used to locate the default home directory.
+
+ at item GNUPGHOME
+If set directory used instead of "~/.gnupg".
+
+ at end table
+
+ at mansect files
+ at subsection FILES
+
+ at table @asis
+
+ at item gpg2
+The command used to search the user's keyring.
+
+ at end table
+
+ at mansect see also
+ at ifset isman
+ at command{gpg2}(1),
+ at command{sshd}(8),
+ at command{ssh}(1)
+ at end ifset
+ at include see-also-note.texi
-----------------------------------------------------------------------
Summary of changes:
doc/tools.texi | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/gpgkey2ssh.c | 47 +++++++++++++++++++++++++++++-------
2 files changed, 109 insertions(+), 9 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list