fi
requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
- # fetch keys from keyserver, return 1 if none found
- gpg_fetch_userid "$userID" || return 1
+ # if CHECK_KEYSERVER variable set, check the keyserver
+ # for the user ID
+ if [ "$CHECK_KEYSERVER" = "true" ] ; then
+ gpg_fetch_userid "$userID"
+ fi
# output gpg info for (exact) userid and store
- gpgOut=$(gpg --fixed-list-mode --list-key --with-colons \
- ="$userID" 2> /dev/null)
-
- # return 1 if there only "tru" lines are output from gpg
- if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
- log " key not found in keychain."
- return 1
+ gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+ --with-fingerprint --with-fingerprint \
+ ="$userID" 2>/dev/null)
+
+ # if the gpg query return code is not 0, return 1
+ if [ "$?" -ne 0 ] ; then
+ log " key not found."
+ return 1
fi
+ echo "$gpgOut"
+
# loop over all lines in the gpg output and process.
# need to do it this way (as opposed to "while read...") so that
# variables set in loop will be visible outside of loop
failure "known_hosts file '$USER_KNOWN_HOSTS' is empty."
fi
log "processing known_hosts file..."
- process_known_hosts "$USER_KNOWN_HOSTS"
- process_known_hosts "$hostKeysCacheDir"
++ process_known_hosts
fi
;;
# check for the host key in the known_hosts file
hostKey=$(ssh-keygen -F "$HOST")
- # if the host key is not found in the known_hosts file,
- # check the keyserver
- if [ -z "$hostKey" ] ; then
+ # if the host key is found in the known_hosts file,
+ # don't check the keyserver
+ if [ "$hostKey" ] ; then
+ CHECK_KEYSERVER="false"
++else
+ CHECK_KEYSERVER="true"
fi
+ export CHECK_KEYSERVER
# update the known_hosts file for the host
monkeysphere update-known-hosts "$HOST"