Merge commit 'dkg/master'

Conflicts:

	src/monkeysphere-server

Resolved conflicts in revoke-hostname, and finish work on them.

diff --cc debian/changelog
index e80e48ae999ac97a73838f4b3195c44db2f5bffb,59aea1eb0d1373250e3c173c7d088fcf9444f2a2..b39ba444520ec5feb99e85750b88f9deb27841f8
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -13,8 -14,8 +14,9 @@@ monkeysphere (0.8-1) UNRELEASED; urgenc
      be removed from key files.
    * enabled host key publication.
    * added checking of gpg.conf for keyserver
++  * new functions to add/revoke host key user IDs
  
-- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Fri, 15 Aug 2008 10:46:23 -0700
++ -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Fri, 15 Aug 2008 15:02:48 -0700
  
  monkeysphere (0.7-1) experimental; urgency=low
  

diff --cc src/common
index 34c86cb42d9a67f452835d4773db519f78270f6c,24decae5dec4ebc28408934c734b0015c351136d..bb988f785e983ad5bcb90492f3390b618ce2c737
--- 1/src/common
--- 2/src/common
+++ b/src/common
@@@ -69,14 -69,20 +69,20 @@@ file_hash() 
      md5sum "$1" 2> /dev/null
  }
  
 -# convert escaped characters from gpg output back into original
 -# character
 -# FIXME: undo all escape character translation in with-colons gpg output
 -unescape() {
 -    echo "$1" | sed 's/\\x3a/:/g'
 +# convert escaped characters in pipeline from gpg output back into
 +# original character
 +# FIXME: undo all escape character translation in with-colons gpg
 +# output
 +gpg_unescape() {
 +    sed 's/\\x3a/:/g'
  }
  
 -# convert nasty chars into gpg-friendly form
++# convert nasty chars into gpg-friendly form in pipeline
+ # FIXME: escape everything, not just colons!
 -escape() {
 -    echo "$1" | sed 's/:/\\x3a/g'
++gpg_escape() {
++    sed 's/:/\\x3a/g'
+ }
+ 
 -
  # remove all lines with specified string from specified file
  remove_line() {
      local file

diff --cc src/monkeysphere-server
index 31bce7da81ac31de8f333879cd0a5b31e128a83b,2b9b7443c1c4fc44ff4a020fb39ab54dc8b81f64..4fb82653818927915b9aecf5d552968c3c06dcfe
--- 1/src/monkeysphere-server
--- 2/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@@ -373,30 -371,18 +373,39 @@@ EO
  
  # add hostname user ID to server key
  add_hostname() {
 +    local userID
 +    local fingerprint
++    local tmpuidMatch
++    local line
 +    local adduidCommand
 +
      if [ -z "$1" ] ; then
        failure "You must specify a hostname to add."
      fi
  
      userID="ssh://${1}"
  
-     if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then
 -    if [ "$(gpg_host --list-key "=${userID}")" ] ; then
++    fingerprint=$(fingerprint_server_key)
++
++    # match to only ultimately trusted user IDs
++    tmpuidMatch="u:$(echo $userID | gpg_escape)"
++
++    # find the index of the requsted user ID
++    # NOTE: this is based on circumstantial evidence that the order of
++    # this output is the appropriate index
++    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
++      | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
        failure "Host userID '$userID' already exists."
      fi
  
 -    fingerprint=$(fingerprint_server_key)
 +    echo "The following user ID will be added to the host key:"
-     echo "  '$userID'"
++    echo "  $userID"
 +    read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
 +    if [ ${OK/y/Y} != 'Y' ] ; then
 +      failure "user ID not added."
 +    fi
  
-     fingerprint=$(fingerprint_server_key)
- 
 +    # edit-key script command to add user ID
      adduidCommand=$(cat <<EOF
  adduid
  $userID
@@@ -406,71 -393,53 +415,85 @@@ sav
  EOF
        )
  
 -    # add uid
 -    echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
 +    # execute edit-key script
-     echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
++    if echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
++        # update trust db
++      gpg_host --check-trustdb
 +
-     # update trust db
-     gpg_host --check-trustdb
++      show_server_key
  
-     show_server_key
- 
-     # publish the key
-     publish_server_key
 -    echo "NOTE: new host userID has not been published."
 -    echo "Use '$PGRM publish-key' to publish these changes."
++      echo "NOTE: User ID added but key not published."
++      echo "Run '$PGRM publish-key' to publish the key"
++    else
++      failure "Problem adding user ID."
++    fi
  }
  
  # revoke hostname user ID to server key
  revoke_hostname() {
 -    local msg
 -    local uidNum
 +    local userID
++    local fingerprint
+     local tmpuidMatch
 -    local fpr
 -    local linenum
++    local line
 +    local uidIndex
++    local message
++    local revuidCommand
  
      if [ -z "$1" ] ; then
        failure "You must specify a hostname to revoke."
      fi
  
 -    fpr=$(fingerprint_server_key)
 -    tmpuidMatch="u:$(escape "ssh://$1")"
 +    userID="ssh://${1}"
 +
 +    fingerprint=$(fingerprint_server_key)
 +
++    # match to only ultimately trusted user IDs
++    tmpuidMatch="u:$(echo $userID | gpg_escape)"
+ 
 -    if linenum=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x$fpr"\! | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
 -      uidNum=${linenum%%:*}
 +    # find the index of the requsted user ID
 +    # NOTE: this is based on circumstantial evidence that the order of
 +    # this output is the appropriate index
-     uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \
-       egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \
-       grep "$userID" | awk '{ print $1 }')
- 
-     if [ -z "$uidIndex" ] ; then
-       failure "User ID '$userID' not found in host key."
++    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
++      | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
++      uidIndex=${line%%:*}
+     else
 -      failure "no non-revoked hostname '$1' is listed."
++      failure "No non-revoked user ID '$userID' is found."
      fi
  
 -    msg="hostname removed by monkeysphere-server on $(date +%F)"
 -    
 +    echo "The following user ID will be revoked from the host key:"
-     echo "  '$userID'"
++    echo "  $userID"
 +    read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
 +    if [ ${OK/y/Y} != 'Y' ] ; then
 +      failure "user ID not revoked."
 +    fi
  
++    message="Hostname removed by monkeysphere-server $DATE"
++
 +    # edit-key script command to revoke user ID
      revuidCommand=$(cat <<EOF
 -$uidNum
 +$uidIndex
  revuid
  y
  4
 -$msg
++$message
  
  y
  save
  EOF
 -)
 +      )       
  
 -    echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x$fpr"\!
 +    # execute edit-key script
-     echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
- 
-     # update trust db
-     gpg_host --check-trustdb
++    if echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
++        # update trust db
++      gpg_host --check-trustdb
  
-     show_server_key
 -    echo "NOTE: host userID revokation has not been published."
 -    echo "Use '$PGRM publish-key' to publish these changes."
++      show_server_key
 +
-     # publish the key
-     publish_server_key
++      echo "NOTE: User ID revoked but key not published."
++      echo "Run '$PGRM publish-key' to publish the key"
++    else
++      failure "Problem revoking user ID."
++    fi
  }
  
  # publish server key to keyserver