# deliberately replace the config files via truncation
# FIXME: should we be dumping to tmp files and then moving atomically?
# deliberately replace the config files via truncation
# FIXME: should we be dumping to tmp files and then moving atomically?
cat >"${GNUPGHOME_CORE}"/gpg.conf <<EOF
# Monkeysphere trust core GnuPG configuration
# This file is maintained by the Monkeysphere software.
cat >"${GNUPGHOME_CORE}"/gpg.conf <<EOF
# Monkeysphere trust core GnuPG configuration
# This file is maintained by the Monkeysphere software.
cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
# Monkeysphere trust sphere GnuPG configuration
# This file is maintained by the Monkeysphere software.
cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
# Monkeysphere trust sphere GnuPG configuration
# This file is maintained by the Monkeysphere software.
chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
gpg_core --export | gpg_sphere --import
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
gpg_core --export | gpg_sphere --import
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
gpg_sphere --export-ownertrust | log debug
# check the owner trust
printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
gpg_sphere --export-ownertrust | log debug
# check the owner trust
local ORIG_TRUST
if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
local ORIG_TRUST
if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then