X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fma%2Fadd_certifier;h=e543d94d986ad84cd04bdd379c94ff047b3823f7;hb=ca854b125a6088b3ee89ddb0927630e5a44911be;hp=28c229aec25de30120beca3b6c4ef0ed50f9f72a;hpb=f3ef901ec68efe813ea5fbe9a55e80f0aaf3ee93;p=monkeysphere.git diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 28c229a..e543d94 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -36,8 +36,6 @@ local fingerprint local ltsignCommand local trustval -PROMPT=true - # get options while true ; do case "$1" in @@ -53,10 +51,6 @@ while true ; do depth="$2" shift 2 ;; - -y) - PROMPT=false - shift 1 - ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -73,27 +67,17 @@ if [ -z "$keyID" ] ; then fi if [ -f "$keyID" ] ; then log info "Reading key from file '$keyID':" - importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + + fingerprints=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprints" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi + + gpg_sphere "--import" < "$keyID" || failure "could not read key from '$keyID'" + + keyID="$fingerprints" else # get the key from the key server log debug "retrieving key from keyserver..." @@ -114,7 +98,7 @@ fi log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" -if [ "$PROMPT" = true ] ; then +if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a" read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then @@ -157,7 +141,7 @@ EOF # core ltsigns the newly imported certifier key log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ - gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then + gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then # transfer the new sigs back to the sphere keyring gpg_core_sphere_sig_transfer