export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share
export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami)
+HOST_KEY_FILE="$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.pgp
+
export MONKEYSPHERE_CHECK_KEYSERVER=false
# example.org does not respond to the HKP port, so this should cause
# any keyserver connection attempts that do happen (they shouldn't!)
echo
echo "##################################################"
echo "### getting host key fingerprint..."
-SSHHOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ )
+SSHHOSTKEYID=$( monkeysphere-host show-keys | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ )
echo "$SSHHOSTKEYID"
# change host key expiration
echo
echo "##################################################"
echo "### certifying server host key..."
-< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import
+< "$HOST_KEY_FILE" gpgadmin --import
echo y | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID"
# FIXME: add revoker?
echo "##################################################"
echo "### add servicename, certify by admin, import by user..."
monkeysphere-host add-servicename ssh://testhost2
-< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import
+<"$HOST_KEY_FILE" gpgadmin --import
printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID"
echo
echo
echo "##################################################"
echo "### ssh connection test directly to 'testhost2' ..."
-gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg
+gpg --import <"$HOST_KEY_FILE"
gpg --check-trustdb
target_hostname=testhost2 ssh_test
echo "##################################################"
echo "### ssh connection test for failure with 'testhost2' revoked..."
monkeysphere-host revoke-servicename ssh://testhost2
-gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg
+gpg --import <"$HOST_KEY_FILE"
gpg --check-trustdb
target_hostname=testhost2 ssh_test 255
echo "### revoking ssh host key..."
# generate the revocation certificate and feed it directly to the test
# user's keyring (we're not publishing to the keyservers)
-monkeysphere-host revoke-key | gpg --import
+monkeysphere-host revoke-key "$SSHHOSTKEYID" | gpg --import
echo
echo "##################################################"
echo "### ssh connection test for failure..."