app-crypt/monkeysphere: add sanity check that openpgp2ssh is working

[portage-overlay.git] / app-crypt / monkeysphere / files / monkeysphere-0.36_openpgp2ssh_sanity_check.patch

From c6498dd5d5703887c8b45619879e1ec33fb771d4 Mon Sep 17 00:00:00 2001
From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
Date: Wed, 18 Dec 2013 21:28:41 +0100
Subject: [PATCH] Add a sanity check that openpgp2ssh is working before
 allowing update-users or keys-for-user to run. Failure of this can result in
 a scenario where no keys are added even though they are otherwise valid.

---
 src/monkeysphere-authentication | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index edc7995..d9f3f03 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -84,6 +84,15 @@ gpg_sphere() {
     su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@"
 }
 
+check_openpgp2ssh_sanity()
+{
+    su_monkeysphere_user openpgp2ssh ABC &> /dev/null
+    if [ "$?" != "255" ]; then 
+        echo "openpgp2ssh command gives unexpected return code. This can lead to a scenario where no authorized keys are populated, even though they are otherwise valid";
+        exit 
+    fi;
+}
+
 # output to stdout the core fingerprint from the gpg core secret
 # keyring
 core_fingerprint() {
@@ -163,6 +172,7 @@ case $COMMAND in
     'update-users'|'update-user'|'update'|'u')
        source "${MASHAREDIR}/setup"
        setup
+       check_openpgp2ssh_sanity
        source "${MASHAREDIR}/update_users"
        OUTPUT_STDOUT= update_users "$@"
        ;;
@@ -171,6 +181,7 @@ case $COMMAND in
        (( $# > 0 )) || failure "Must specify user."
        source "${MASHAREDIR}/setup"
        setup
+       check_openpgp2ssh_sanity
        source "${MASHAREDIR}/update_users"
        OUTPUT_STDOUT=true update_users "$1"
        ;;
-- 
1.8.3.2