Add lsign-key to the trust_keys function so that the trusted key

[monkeysphere.git] / src / common

diff --git a/src/common b/src/common
index d56028fa6e7b36d1d926b1c9366f50a45e3cc4e8..19b5485a37feb2118edb350ae0e34da67e36613a 100644 (file)
--- a/src/common
+++ b/src/common
@@ -240,6 +240,9 @@ process_user_id() {
     # hash userid for cache file name
     userIDHash=$(echo "$userID" | sha1sum | awk '{ print $1 }')
 
+    # make sure the cache directory exists
+    mkdir -p "$cacheDir"
+
     # touch/clear key cache file
     # (will be left empty if there are noacceptable keys)
     > "$cacheDir"/"$userIDHash"."$pubKeyID"
@@ -285,16 +288,16 @@ update_userid() {
     cacheDir="$2"
 
     log "processing userid: '$userID'"
+
     userIDKeyCache=$(process_user_id "$userID" "$cacheDir")
+
     if [ -z "$userIDKeyCache" ] ; then
        return 1
     fi
     if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
-       echo "the following userid is not in the authorized_user_ids file:"
-       echo "  $userID"
-       read -p "would you like to add it? [Y|n]: " OK; OK=${OK:=Y}
+       read -p "user ID not currently authorized.  authorize? [Y|n]: " OK; OK=${OK:=Y}
        if [ ${OK/y/Y} = 'Y' ] ; then
-           log -n "adding userid to authorized_user_ids file... "
+           log -n "adding user ID to authorized_user_ids file... "
            echo "$userID" >> "$AUTHORIZED_USER_IDS"
            echo "done."
        else
@@ -303,6 +306,24 @@ update_userid() {
     fi
 }
 
+# remove a userid from the authorized_user_ids file
+remove_userid() {
+    local userID
+
+    userID="$1"
+
+    log "processing userid: '$userID'"
+
+    if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
+       log "user ID not currently authorized."
+       return 1
+    fi
+
+    log -n "removing user ID '$userID'... "
+    grep -v "$userID" "$AUTHORIZED_USER_IDS" | sponge "$AUTHORIZED_USER_IDS"
+    echo "done."
+}
+
 # process a host for addition to a known_host file
 process_host() {
     local host
@@ -373,7 +394,8 @@ update_authorized_keys() {
        cat "$userAuthorizedKeys" >> "$msAuthorizedKeys"
        echo "done."
     fi
-    log "monkeysphere authorized_keys file generated: $msAuthorizedKeys"
+    log "monkeysphere authorized_keys file generated:"
+    log "$msAuthorizedKeys"
 }
 
 # process an authorized_*_ids file
@@ -446,6 +468,11 @@ trust_key() {
     # get key fingerprint
     fingerprint=$(get_key_fingerprint "$keyID")
 
+    # attach a "non-exportable" signature to the key
+    # this is required for the key to have any validity at all
+    # the 'y's on stdin indicates "yes, i really want to sign"
+    echo -e 'y\ny' | gpg --lsign-key --command-fd 0 "$fingerprint"
+
     # import "full" trust for fingerprint into gpg
     echo ${fingerprint}:5: | gpg --import-ownertrust
     if [ $? = 0 ] ; then