fi
# load the key
- gpg_sphere "--import" <"$keyID" \
+ gpg_sphere "--import" <"$keyID" 2>/dev/null \
|| failure "could not read key from '$keyID'"
# else, get the key from the keyserver
# get the full fingerprint of new certifier key
log debug "getting fingerprint of certifier key..."
fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \
- | grep '^fpr:' | grep "$keyID" | cut -d: -f10)
+ | grep '^fpr:' | cut -d: -f10)
+
+ # test that there is only a single fingerprint
+ if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then
+ cat <<EOF
+More than one fingerprint found:
+$fingerprint
+Please use a more specific key ID.
+EOF
+ failure
+ fi
log info "key found:"
gpg_sphere "--fingerprint 0x${fingerprint}!"
if [ "$PROMPT" = "true" ] ; then
- echo "Are you sure you want to add the above key as a"
- read -p "certifier of users on this system? (Y/n) " OK; OK=${OK:-Y}
+ printf "Are you sure you want to add the above key as a certifier\nof users on this system? (Y/n) " >&2
+ read OK; OK=${OK:-Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "Identity certifier not added."
fi
# edit-key script to ltsign key
# NOTE: *all* user IDs will be ltsigned
-ltsignCommand=$(cat <<EOF
-ltsign
+ltsignCommand="ltsign
y
$trustval
$depth
$domain
y
-save
-EOF
- )
+save"
+# end script
# core ltsigns the newly imported certifier key
log debug "executing core ltsign script..."