1 [[!meta title="revoke-hostname function revokes wrong hostname user ID"]]
3 It appears that the monkeysphere-server revoke-hostname function will
4 occasionaly revoke the wrong hostname. I say occasionally, but it
5 seems to be doing it pretty consistently for me at the moment:
7 servo:~ 0$ sudo monkeysphere-server n- servo.finestructure.net
8 The following host key user ID will be revoked:
9 ssh://servo.finestructure.net
10 Are you sure you would like to revoke this user ID? (y/N) y
11 gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
12 This is free software: you are free to change and redistribute it.
13 There is NO WARRANTY, to the extent permitted by law.
15 Secret key is available.
17 pub 1024R/9EEAC276 created: 2008-07-10 expires: never usage: CA
18 trust: ultimate validity: ultimate
19 [ultimate] (1) ssh://localhost.localdomain
20 [ultimate] (2). ssh://servo.finestructure.net
21 [ revoked] (3) ssh://jamie.rollins
22 [ revoked] (4) asdfsdflkjsdf
23 [ revoked] (5) ssh://asdfsdlf.safsdf
24 [ revoked] (6) ssh://bar.baz
25 [ revoked] (7) ssh://foo.bar
29 pub 1024R/9EEAC276 created: 2008-07-10 expires: never usage: CA
30 trust: ultimate validity: ultimate
31 [ultimate] (1)* ssh://localhost.localdomain
32 [ultimate] (2). ssh://servo.finestructure.net
33 [ revoked] (3) ssh://jamie.rollins
34 [ revoked] (4) asdfsdflkjsdf
35 [ revoked] (5) ssh://asdfsdlf.safsdf
36 [ revoked] (6) ssh://bar.baz
37 [ revoked] (7) ssh://foo.bar
40 Please select the reason for the revocation:
41 0 = No reason specified
42 4 = User ID is no longer valid
44 (Probably you want to select 4 here)
45 Enter an optional description; end it with an empty line:
46 Reason for revocation: User ID is no longer valid
47 Hostname removed by monkeysphere-server 2008-08-16T17:34:02
49 pub 1024R/9EEAC276 created: 2008-07-10 expires: never usage: CA
50 trust: ultimate validity: ultimate
51 [ revoked] (1) ssh://localhost.localdomain
52 [ultimate] (2). ssh://servo.finestructure.net
53 [ revoked] (3) ssh://jamie.rollins
54 [ revoked] (4) asdfsdflkjsdf
55 [ revoked] (5) ssh://asdfsdlf.safsdf
56 [ revoked] (6) ssh://bar.baz
57 [ revoked] (7) ssh://foo.bar
60 gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
61 gpg: depth: 0 valid: 1 signed: 2 trust: 0-, 0q, 0n, 0m, 0f, 1u
62 gpg: depth: 1 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 2f, 0u
63 gpg: next trustdb check due at 2012-01-07
64 sec 1024R/9EEAC276 2008-07-10
65 Key fingerprint = C094 43E0 6882 8BE2 E9AD 516C 45CF 974D 9EEA C276
66 uid ssh://servo.finestructure.net
67 uid [ revoked] ssh://localhost.localdomain
68 uid [ revoked] ssh://jamie.rollins
69 uid [ revoked] asdfsdflkjsdf
70 uid [ revoked] ssh://asdfsdlf.safsdf
71 uid [ revoked] ssh://bar.baz
72 uid [ revoked] ssh://foo.bar
75 NOTE: User ID revoked, but revokation not published.
76 Run 'monkeysphere-server publish-key' to publish the revocation.
79 Clearly this is unacceptable. gpg does not let you can't specify a
80 uid to revoke from the command line. The uid revokation can only be
81 done through edit-key. We do edit-key scripting in other contexts,
82 but to revoke a user id you have to specify the uid by "number". We
83 currently try to guess the number from the ordering of the output of
84 list-key. However, this output does not appear to coincide with the
85 ordering in edit-key. I don't have a good solution or fix at the
86 moment. Suggestions are most welcome. It may just require some trial
87 and error with edit-key to come up with something workable.
89 This underlines the problem that gpg is currently not very well suited
90 for manipulating gpg keyrings non-interactively. It's possible that I
91 just haven't figured out how to do it yet, but it's not very clear if
92 it is possible. It would be nice to have some alternate tools to use.
projects / monkeysphere.git / blob