~mdw
/
distorted-keys
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
keys.new-recov, keys.reveal, keyfunc.sh.in: Don't put @bindir@ on the PATH.
[distorted-keys]
/
keyfunc.sh.in
diff --git
a/keyfunc.sh.in
b/keyfunc.sh.in
index
ca14782
..
44117e9
100644
(file)
--- a/
keyfunc.sh.in
+++ b/
keyfunc.sh.in
@@
-31,8
+31,6
@@
quis=${0##*/}
PACKAGE="@PACKAGE@" VERSION="@VERSION@"
bindir="@bindir@"
PACKAGE="@PACKAGE@" VERSION="@VERSION@"
bindir="@bindir@"
-case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
-
if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi
case "${KEYS_DEBUG+t}" in t) set -x ;; esac
if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi
case "${KEYS_DEBUG+t}" in t) set -x ;; esac
@@
-163,7
+161,7
@@
getsysprofile () {
profile=$1
## Write the named system PROFILE to standard output.
profile=$1
## Write the named system PROFILE to standard output.
- $bindir/extract-profile
$ETC/profile.d/ "$profile"
+ $bindir/extract-profile
"$profile" $ETC/profile.d/
}
setprops () {
}
setprops () {
@@
-227,9
+225,9
@@
defprops g_props <<EOF
type nil $R_IDENT
recovery t $R_WORDSEQ
random t $R_WORD
type nil $R_IDENT
recovery t $R_WORDSEQ
random t $R_WORD
-nub
hash
t $R_WORD
-nubid
hash
t $R_WORD
-nub
sz
t $R_NUMERIC
+nub
_hash
t $R_WORD
+nubid
_hash
t $R_WORD
+nub
_random_bytes
t $R_NUMERIC
EOF
readprops () {
EOF
readprops () {
@@
-265,20
+263,21
@@
readmeta () {
makenub () {
## Generate a key nub in the default way, and write it to standard output.
makenub () {
## Generate a key nub in the default way, and write it to standard output.
- ## The properties `random', `nubsz' and `nubhash' are referred to.
+ ## The properties `random', `nub_random_bytes' and `nub_hash' are referred
+ ## to.
dd 2>/dev/null \
dd 2>/dev/null \
- if=/dev/${kprop_random-random} bs=1 count=${kprop_nub
sz-512
} |
- openssl dgst -${kprop_nub
hash-sha384
} -binary |
+ if=/dev/${kprop_random-random} bs=1 count=${kprop_nub
_random_bytes-64
} |
+ openssl dgst -${kprop_nub
_hash-sha256
} -binary |
openssl base64
}
nubid () {
## Compute a hash of the key nub in stdin, and write it to stdout in hex.
openssl base64
}
nubid () {
## Compute a hash of the key nub in stdin, and write it to stdout in hex.
- ## The property `nubidhash' is used.
+ ## The property `nubid
_
hash' is used.
{ echo "distorted-keys nubid"; cat -; } |
{ echo "distorted-keys nubid"; cat -; } |
- openssl dgst -${kprop_nubidhash-sha256}
+ openssl dgst -${kprop_nubid
_
hash-sha256}
}
subst () {
}
subst () {
@@
-353,7
+352,7
@@
read_profile () {
userv "$user" cryptop-profile "$label" >$tmp/profile
;;
nil)
userv "$user" cryptop-profile "$label" >$tmp/profile
;;
nil)
- $bindir/extract-profile
$ETC/profile.d/ "$label"
>$tmp/profile
+ $bindir/extract-profile
"$label" $ETC/profile.d/
>$tmp/profile
;;
esac
;;
esac
@@
-474,7
+473,7
@@
prepare () {
done
case $verdict in
done
case $verdict in
- forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit ;;
+ forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit
1
;;
esac
}
esac
}