X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Ftransitions%2F0.23;h=dead78871926c9462844481303133ce625d99429;hb=ed24f09f17c6f5aa8722af9facce34bbe02e3844;hp=6cbf99522317856677682730517559ea02c8d82c;hpb=810526da4461212bb4ec50afec7237268df1afb7;p=monkeysphere.git

diff --git a/src/transitions/0.23 b/src/transitions/0.23
index 6cbf995..dead788 100755
--- a/src/transitions/0.23
+++ b/src/transitions/0.23
@@ -121,7 +121,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
 
 			    CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX)
 			    log "Adding identity certifier with fingerprint %s\n" "$keyfpr"
-			    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-clean >"$CERTKEY"
+			    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY"
 			    MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY"
 			    rm -f "$CERTKEY"
 			    # clear the fingerprint so that we don't
@@ -143,13 +143,25 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
 	if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
 	    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then
 	    
+	    FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' )
+	    
 	# create host home
 	    mkdir -p "${MHDATADIR}"
 	    chmod 0700 "${MHDATADIR}"
 	    
 	    log "importing host key from old monkeysphere installation\n"
-	    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \
-		GNUPGHOME="$MHDATADIR" gpg --import
+
+# export from the pubring as well as the that new (non-expired)
+# self-sigs are available, otherwise the secret key import may fail
+
+# FIXME: turns out the secret key import fails anyway, stupidly :(
+
+# FIXME: if all self-sigs are expired, then the secret key import may
+# fail anyway. How should we deal with that?
+	    
+	    (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \
+	    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export $FPR) | \
+		GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import
 	    
 	    monkeysphere-host update-gpg-pub-file
 	else
@@ -171,7 +183,7 @@ fi
 # the new authentication keyring.
 if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then
 
-    GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --export | \
+    GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --no-permission-warning --export | \
 	monkeysphere-authentication gpg-cmd --import
 
     mkdir -p "$STASHDIR"