make sure that revokehostname sees the pieces it needs to see in order to create...

author Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Tue, 14 Jul 2009 06:59:57 +0000 (02:59 -0400)

committer Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Tue, 14 Jul 2009 06:59:57 +0000 (02:59 -0400)
author Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Tue, 14 Jul 2009 06:59:57 +0000 (02:59 -0400)
committer Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Tue, 14 Jul 2009 06:59:57 +0000 (02:59 -0400)
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname

index b3b8d7a330481e70acfa17d7bc88f0670221d51d..6b80802408ef0b2eb0a55f9cb422667d1bab813e 100644 (file)
--- a/src/share/mh/revoke_hostname
+++ b/src/share/mh/revoke_hostname
@@ -43,7 +43,14 @@ else
  fi
  
  # actually revoke:
-if <"$GNUPGHOME_HOST/secring.gpg" "$SYSSHAREDIR/keytrans" revokeuserid \
+
+# the gpg secring might not contain the host key we are trying to
+# revoke (let alone any selfsig over that host key), but the plain
+# --export won't contain the secret key.  "keytrans revokeuserid"
+# needs access to both pieces, so we feed it both of them.
+
+if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \
+    "$SYSSHAREDIR/keytrans" revokeuserid \
      "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then
      gpg_host --check-trustdb
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Tue, 14 Jul 2009 06:59:57 +0000 (02:59 -0400)
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Tue, 14 Jul 2009 06:59:57 +0000 (02:59 -0400)