+# publish server key to keyserver
+publish_server_key() {
+ read -p "really publish key to $KEYSERVER? [y|N]: " OK; OK=${OK:=N}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "aborting."
+ fi
+
+ # publish host key
+ # FIXME: need to figure out better way to identify host key
+ # dummy command so as not to publish fakes keys during testing
+ # eventually:
+ #gpg --keyserver "$KEYSERVER" --send-keys $(hostname -f)
+ failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development).
+To publish manually, do: gpg --keyserver $KEYSERVER --send-keys $(hostname -f)"
+}
+
+
+# retrieve key from web of trust, and set owner trust to "full"
+# if key is found.
+trust_key() {
+ local keyID
+ local trustLevel
+
+ keyID="$1"
+ trustLevel="$2"
+
+ if [ -z "$keyID" ] ; then
+ failure "You must specify key to trust."
+ fi
+
+ export keyID
+
+ # get the key from the key server
+ GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
+ su --preserve-environment "$MONKEYSPHERE_USER" -c -- \
+ "gpg --keyserver $KEYSERVER --recv-key $keyID"
+ if [ "$?" != 0 ] ; then
+ failure "Could not retrieve key '$keyID'."
+ fi
+
+ # move the key from the authentication keyring to the host keyring
+ GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
+ su --preserve-environment "$MONKEYSPHERE_USER" -c -- \
+ "gpg --export $keyID" | \
+ GNUPGHOME="$GNUPGHOME_HOST" gpg --import
+
+ # get key fingerprint
+ GNUPGHOME="$GNUPGHOME_HOST"
+ fingerprint=$(get_key_fingerprint "$keyID")
+
+ echo "key found:"
+ GNUPGHOME="$GNUPGHOME_HOST"
+ gpg --fingerprint "$fingerprint"
+
+ while [ -z "$trustLevel" ] ; do
+ cat <<EOF
+Please decide how far you trust this user to correctly verify other users' keys
+(by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I don't know or won't say
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ 5 = I trust ultimately
+
+EOF
+ read -p "Your decision? " trustLevel
+ if echo "$trustLevel" | grep -v "[1-5]" ; then
+ echo "Unknown trust level '$trustLevel'."
+ unset trustLevel
+ elif [ "$trustLevel" = 'q' ] ; then
+ failure "Aborting."
+ fi
+ done
+
+ # attach a "non-exportable" signature to the key
+ # this is required for the key to have any validity at all
+ # the 'y's on stdin indicates "yes, i really want to sign"
+ GNUPGHOME="$GNUPGHOME_HOST"
+ echo -e 'y\ny' | \
+ gpg --quiet --lsign-key --command-fd 0 "$fingerprint"
+
+ # copy the host keyring into the authentication keyring
+ mv "$GNUPGHOME_AUTHENTICATION"/pubring.gpg{,.old}
+ cp "$GNUPGHOME_HOST"/pubring.gpg "$GNUPGHOME_AUTHENTICATION"/pubring.gpg
+ chown "$MONKEYSPHERE_USER" "$GNUPGHOME_AUTHENTICATION"/pubring.gpg
+ GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
+ su --preserve-environment "$MONKEYSPHERE_USER" -c -- \
+ "gpg --import ${GNUPGHOME_AUTHENTICATION}/pubring.gpg.old"
+
+ # index trustLevel by one to difference between level in ui and level
+ # internally
+ trustLevel=$((trustLevel+1))
+
+ # import new owner trust level for key
+ GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
+ echo "${fingerprint}:${trustLevel}:" | \
+ su --preserve-environment "$MONKEYSPHERE_USER" -c -- \
+ "GNUPGHOME=$GNUPGHOME_AUTHENTICATION gpg --import-ownertrust"
+
+ if [ $? = 0 ] ; then
+ log "Owner trust updated."
+ else
+ failure "There was a problem changing owner trust."
+ fi
+}
+