local fingerprint
local tmpuidMatch
local line
-local uidIndex
local message
local revuidCommand
failure "You must specify a hostname to revoke."
fi
-echo "WARNING: There is a known bug in this function.
-This function has been known to occasionally revoke the wrong hostname.
-Please see the following bug report for more information:
-https://labs.riseup.net/code/issues/show/422" >&2
-printf "Are you sure you would like to proceed? (y/N) " >&2
-read OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
- failure "aborting."
-fi
-
userID="ssh://${1}"
# make sure the user ID to revoke
-uidIndex=$(find_host_userid) || \
+find_host_userid "$userID" || \
failure "No non-revoked user ID found matching '$userID'."
if [ "$PROMPT" = "true" ] ; then
log debug "revoking user ID without prompting."
fi
-# edit-key script command to revoke user ID
-revuidCommand="$uidIndex
-revuid
-y
-4
-Hostname removed by monkeysphere-host: $DATE
+# actually revoke:
-y
-save"
-# end script
+# the gpg secring might not contain the host key we are trying to
+# revoke (let alone any selfsig over that host key), but the plain
+# --export won't contain the secret key. "keytrans revokeuserid"
+# needs access to both pieces, so we feed it both of them.
-# execute edit-key script
-if echo "$revuidCommand" | gpg_host_edit ; then
+if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \
+ "$SYSSHAREDIR/keytrans" revokeuserid \
+ "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then
+ gpg_host --check-trustdb
update_gpg_pub_file