## Match the literal string "<SEQ>".
rx_seq = RX.compile(r'\<SEQ\>')
+## Match a shell metacharacter.
+rx_shmeta = RX.compile('[\\s`!"#$&*()\\[\\];\'|<>?\\\\]')
+
+## Match a character which needs escaping in a shell double-quoted string.
+rx_shquote = RX.compile(r'["`$\\]')
+
###--------------------------------------------------------------------------
### Utility functions.
out.write(s[i:])
return out.getvalue()
+def shell_quotify(arg):
+ """
+ Quotify ARG to keep the shell happy.
+
+ This isn't actually used for invoking commands, just for presentation
+ purposes; but correctness is still nice.
+ """
+ if not rx_shmeta.search(arg):
+ return arg
+ elif arg.find("'") == -1:
+ return "'%s'" % arg
+ else:
+ return '"%s"' % rx_shquote.sub(lambda m: '\\' + m.group(0), arg)
+
def rmtree(path):
"""Delete the directory tree given by PATH."""
try:
else:
nargs += a[1:].split()
args = nargs
- print '+ %s' % ' '.join(args)
+ print '+ %s' % ' '.join([shell_quotify(arg) for arg in args])
SYS.stdout.flush()
rc = OS.spawnvp(OS.P_WAIT, args[0], args)
if rc != 0:
('conf-file', '${base-dir}tripe-keys.conf'),
('upload-hook', ': run upload hook'),
('kx', 'dh'),
- ('kx-param', lambda: {'dh': '-LS -b2048 -B256',
+ ('kx-param', lambda: {'dh': '-LS -b3072 -B256',
'ec': '-Cnist-p256'}[conf['kx']]),
('kx-expire', 'now + 1 year'),
- ('cipher', 'blowfish-cbc'),
+ ('cipher', 'rijndael-cbc'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
('mgf', '${hash}-mgf'),
'rsapss': 'rsa',
'ecdsa': 'ec',
'eckcdsa': 'ec'}[conf['sig']]),
- ('sig-param', lambda: {'dh': '-LS -b2048 -B256',
- 'dsa': '-b2048 -B256',
+ ('sig-param', lambda: {'dh': '-LS -b3072 -B256',
+ 'dsa': '-b3072 -B256',
'ec': '-Cnist-p256',
- 'rsa': '-b2048'}[conf['sig-genalg']]),
+ 'rsa': '-b3072'}[conf['sig-genalg']]),
('sig-hash', '${hash}'),
('sig-expire', 'forever'),
('fingerprint-hash', '${hash}')]:
~mdw / tripe / blobdiff