tweak/cleanup some of the prompts.

[monkeysphere.git] / src / share / mh / import_key

diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index ed6ee4f1805c127f1c5866b43be0ddb3625c5530..7c11890d6c0306bd6a54816c8d55c34e1dabeca1 100644 (file)
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -13,15 +13,22 @@
 
 import_key() {
 
+local sshKeyFile
 local hostName
 local domain
 local userID
 
-hostName="$1"
+sshKeyFile="$1"
+hostName="$2"
+
+# check that key file specified
+if [ -z "$sshKeyFile" ] ; then
+    failure "Must specify ssh key file to import, or specify '-' for stdin."
+fi
 
 # use the default hostname if not specified
 if [ -z "$hostName" ] ; then
-    hostName=$(hostname -f)
+    hostName=$(hostname -f) || failure "Could not determine hostname."
     # test that the domain is not obviously illegitimate
     domain=${foo##*.}
     case $domain in
@@ -37,16 +44,37 @@ fi
 
 userID="ssh://${hostName}"
 
+if [ "$PROMPT" = "true" ] ; then
+    cat <<EOF
+The ssh key will be imported and an OpenPGP certificate for this host
+will be generated with the following user ID:
+  $userID
+EOF
+    read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
+    if [ "${OK/y/Y}" != 'Y' ] ; then
+       failure "revoker not added."
+    fi
+else
+    log debug "importing key without prompting."
+fi
+
+
 # create host home
 mkdir -p "${MHDATADIR}"
-mkdir -p "${MHTMPDIR}"
 mkdir -p "${GNUPGHOME_HOST}"
 chmod 700 "${GNUPGHOME_HOST}"
 
-log verbose "importing ssh key..."
-# translate ssh key to a private key
-PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
-    | gpg_host --import
+# import ssh key to a private key
+if [ "$sshKeyFile" = '-' ] ; then
+    log verbose "importing ssh key from stdin..."
+    PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+       | gpg_host --import
+else
+    log verbose "importing ssh key from file '$sshKeyFile'..."
+    PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+       <"$sshKeyFile" \
+       | gpg_host --import
+fi
 
 # load the new host fpr into the fpr variable.  this is so we can
 # create the gpg pub key file.  we have to do this from the secret key
@@ -54,14 +82,10 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
 # that's what we're trying to produce (see below).
 load_fingerprint_secret
 
-# set ultimate owner trust on the newly imported key
-printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust
-
-# update trustdb
-gpg_host --check-trustdb
-
 # export to gpg public key to file
-create_gpg_pub_file
+update_gpg_pub_file
+
+log info "host key imported:"
 
 # show info about new key
 show_key