# -*-shell-script-*- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) # Monkeysphere host revoke-hostname subcommand # # The monkeysphere scripts are written by: # Jameson Rollins # Jamie McClelland # Daniel Kahn Gillmor # # They are Copyright 2008-2009, and are all released under the GPL, # version 3 or later. # revoke hostname user ID from host key revoke_hostname() { local userID local fingerprint local tmpuidMatch local line local message local revuidCommand if [ -z "$1" ] ; then failure "You must specify a hostname to revoke." fi userID="ssh://${1}" # make sure the user ID to revoke find_host_userid "$userID" || \ failure "No non-revoked user ID found matching '$userID'." if [ "$PROMPT" = "true" ] ; then printf "The following host key user ID will be revoked:\n %s\nAre you sure you would like to revoke this user ID? (Y/n) " "$userID" >&2 read OK; OK=${OK:=Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "User ID not revoked." fi else log debug "revoking user ID without prompting." fi # actually revoke: # the gpg secring might not contain the host key we are trying to # revoke (let alone any selfsig over that host key), but the plain # --export won't contain the secret key. "keytrans revokeuserid" # needs access to both pieces, so we feed it both of them. if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \ "$SYSSHAREDIR/keytrans" revokeuserid \ "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then gpg_host --check-trustdb update_gpg_pub_file show_key echo echo "NOTE: User ID revoked, but revocation not published." echo "Run '$PGRM publish-key' to publish the revocation." else failure "Problem revoking user ID." fi }