- # attach a "non-exportable" signature to the key
- # this is required for the key to have any validity at all
- # the 'y's on stdin indicates "yes, i really want to sign"
- echo -e 'y\ny' | gpg --quiet --lsign-key --command-fd 0 "$fingerprint"
-
- # index trustLevel by one to difference between level in ui and level
- # internally
- trustLevel=$((trustLevel+1))
-
- # import new owner trust level for key
- echo "${fingerprint}:${trustLevel}:" | gpg --import-ownertrust
- if [ $? = 0 ] ; then
- log "Owner trust updated."
- else
- failure "There was a problem changing owner trust."
- fi
-}
-
-# publish server key to keyserver
-publish_server_key() {
- read -p "really publish key to $KEYSERVER? [y|N]: " OK; OK=${OK:=N}
- if [ ${OK/y/Y} != 'Y' ] ; then
- failure "aborting."
- fi
-
- # publish host key
- # FIXME: need to figure out better way to identify host key
- # dummy command so as not to publish fakes keys during testing
- # eventually:
- #gpg --keyserver "$KEYSERVER" --send-keys $(hostname -f)
- failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development).
-To publish manually, do: gpg --keyserver $KEYSERVER --send-keys $(hostname -f)"