From: Daniel Kahn Gillmor Date: Tue, 14 Jul 2009 06:59:57 +0000 (-0400) Subject: make sure that revokehostname sees the pieces it needs to see in order to create... X-Git-Tag: monkeysphere_0.25~5 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=2c1e2de4a96090bdc606911d95bbc7191b92ddf9;p=monkeysphere.git make sure that revokehostname sees the pieces it needs to see in order to create a useful revocation certificate. --- diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index b3b8d7a..6b80802 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -43,7 +43,14 @@ else fi # actually revoke: -if <"$GNUPGHOME_HOST/secring.gpg" "$SYSSHAREDIR/keytrans" revokeuserid \ + +# the gpg secring might not contain the host key we are trying to +# revoke (let alone any selfsig over that host key), but the plain +# --export won't contain the secret key. "keytrans revokeuserid" +# needs access to both pieces, so we feed it both of them. + +if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \ + "$SYSSHAREDIR/keytrans" revokeuserid \ "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then gpg_host --check-trustdb