rename create_gpg_pub_file to be update_gpg_pub_file, and add it to

[monkeysphere.git] / src / share / mh / import_key

diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index 74dc0b3816d7584b2483498238efb6599299896b..6f12b7fd1381c6b2a1a9e1a6ee769981fd0b4038 100644 (file)
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -14,9 +14,27 @@
 import_key() {
 
 local hostName
+local domain
 local userID
 
-hostName=${1:-$(hostname -f)}
+hostName="$1"
+
+# use the default hostname if not specified
+if [ -z "$hostName" ] ; then
+    hostName=$(hostname -f)
+    # test that the domain is not obviously illegitimate
+    domain=${foo##*.}
+    case $domain in
+       'local'|'localdomain')
+           failure "Host domain '$domain' is not legitimate.  Aborting key import."
+           ;;
+    esac
+    # test that there are at least two parts
+    if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
+       failure "Host name '$hostName' is not legitimate.  Aborting key import."
+    fi
+fi
+
 userID="ssh://${hostName}"
 
 # create host home
@@ -36,8 +54,14 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
 # that's what we're trying to produce (see below).
 load_fingerprint_secret
 
+# set ultimate owner trust on the newly imported key
+printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust
+
+# update trustdb
+gpg_host --check-trustdb
+
 # export to gpg public key to file
-create_gpg_pub_file
+update_gpg_pub_file
 
 # show info about new key
 show_key