Major rework of monkeysphere-host to handle multiple host keys.

[monkeysphere.git] / src / share / mh / revoke_key

diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key
index 271432b279f4dadbb8c9b20fea741265d757ab3b..5a013e0db67518842b3000578bf364d5f3ee06e1 100644 (file)
--- a/src/share/mh/revoke_key
+++ b/src/share/mh/revoke_key
@@ -8,23 +8,24 @@
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 #
-# They are Copyright 2008-2009, and are all released under the GPL,
+# They are Copyright 2008-2010, and are all released under the GPL,
 # version 3 or later.
 
 # revoke host key
 
 revoke_key() {
 
-# Coming in here, we expect $HOST_FINGERPRINT to be set, and we
-# believe that there is in fact a key.
+    local keyID
+    local publish
+
+    keyID=$(check_key_input "$@")
 
     if [ "$PROMPT" = "false" ] ; then
        publish=N
     else
        cat <<EOF >&2
-This will generate a revocation certificate for your host key
-(fingerprint: $HOST_FINGERPRINT) and
-dump the certificate to standard output.
+This will generate a revocation certificate for key $keyID
+and dump the certificate to standard output.
 
 It can also directly publish the new revocation certificate
 to the public keyservers via $KEYSERVER if you want it to.
@@ -33,7 +34,8 @@ Publishing this certificate will IMMEDIATELY and PERMANENTLY revoke
 your host key!
 
 EOF
-       read -p "Publish the certificate after generation? (y/n/Q) " publish
+       printf "Publish the certificate after generation? (y/n/Q) " >&2
+       read publish
        
        if ! [ "${publish/y/Y}" = 'Y' -o "${publish/n/N}" = 'N' ] ; then
            failure "aborting at user request"
@@ -53,21 +55,24 @@ EOF
     # certificate immediately, which we can help them do as well.
 
     if [ "$PROMPT" = 'false' ] ; then
+       # FIXME: allow the end user to choose something other than
+       # "key was compromised" (1) and to supply their own revocation
+       # string.
+
        local revoke_commands="y
 1
-Monkeysphere host key revocation (no prompting) $(date '+%F_%T')
+Monkeysphere host key revocation (automated) $(date '+%F_%T%z')
 
 y
 
 "
-       revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \
+       revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${keyID}!" <<<"$revoke_commands" ) \
            || failure "Failed to generate revocation certificate!"
 
-
     else
     # note: we're not using the gpg_host function because we actually
     # want to use gpg's UI in this case, so we want to omit --no-tty
-       revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \
+       revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \
            || failure "Failed to generate revocation certificate!"
     fi
 
@@ -83,7 +88,8 @@ y
 
     if [ "${publish/y/Y}" = 'Y' ] ; then
        printf "\n" >&2
-       read -p "Really publish this cert to $KEYSERVER ? (Y/n) " really
+       printf "Really publish this cert to $KEYSERVER ? (Y/n) " >&2
+       read really
        if [ "${really/n/N}" = 'N' ] ; then
            printf "Not publishing.\n" >&2
        else