keyfork-shard: cleanup eprintln

This commit is contained in:
Ryan Heywood 2023-11-05 16:26:19 -06:00
parent fa61d31f3f
commit 0ec9f9c567
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 8 additions and 17 deletions

View File

@ -212,8 +212,10 @@ pub fn combine(
let mut keyring = Keyring::new(certs)?; let mut keyring = Keyring::new(certs)?;
let mut manager = SmartcardManager::new()?; let mut manager = SmartcardManager::new()?;
let content = if keyring.is_empty() { let content = if keyring.is_empty() {
let card_fp = manager.load_any_card()?; // NOTE: Any card plugged in that can't decrypt, will raise issues.
eprintln!("key discovery is empty, using hardware smartcard: {card_fp}"); // This should not be used on a system where OpenPGP cards are available that shouldn't be
// used, due to the nature of how wildcard decryption works.
manager.load_any_card()?;
metadata.decrypt_with(&policy, &mut manager)? metadata.decrypt_with(&policy, &mut manager)?
} else { } else {
metadata.decrypt_with(&policy, &mut keyring)? metadata.decrypt_with(&policy, &mut keyring)?
@ -252,20 +254,10 @@ pub fn combine(
pkesk.set_recipient(key.keyid()); pkesk.set_recipient(key.keyid());
} }
// we have a pkesk, decrypt via keyring // we have a pkesk, decrypt via keyring
let result = message.decrypt_with(&policy, &mut keyring); decrypted_messages.insert(
match result { valid_cert.keyid(),
Ok(message) => { message.decrypt_with(&policy, &mut keyring)?,
decrypted_messages.insert(valid_cert.keyid(), message); );
}
Err(e) => {
eprintln!(
"Could not decrypt with fingerprint {}: {}",
valid_cert.keyid(),
e
);
// do nothing, key will be retained
}
}
} }
} }
} }
@ -275,7 +267,6 @@ pub fn combine(
let left_from_threshold = threshold as usize - decrypted_messages.len(); let left_from_threshold = threshold as usize - decrypted_messages.len();
if left_from_threshold > 0 { if left_from_threshold > 0 {
eprintln!("remaining keys: {left_from_threshold}, prompting yubikeys");
let mut remaining_usable_certs = certs let mut remaining_usable_certs = certs
.iter() .iter()
.filter(|cert| messages.contains_key(&cert.keyid())) .filter(|cert| messages.contains_key(&cert.keyid()))