# takes a gpg key or keys on stdin, and outputs a list of
# fingerprints, one per line:
list_primary_fingerprints() {
- local file="$1"
local fake=$(msmktempdir)
GNUPGHOME="$fake" gpg --no-tty --quiet --import
GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \
awk -F: '/^fpr:/{ print $10 }'
rm -rf "$fake"
}
+
+
+check_cruft_file() {
+ local loc="$1"
+ local version="$2"
+
+ if [ -e "$loc" ] ; then
+ printf "! The file '%s' is no longer used by\n monkeysphere (as of version %s), and can be removed.\n\n" "$loc" "$version" | log info
+ fi
+}
+
+check_upgrade_dir() {
+ local loc="$1"
+ local version="$2"
+
+ if [ -d "$loc" ] ; then
+ printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n %s/transitions/%s\n\n" "$loc" "$SYSSHAREDIR" "$version" | log info
+ fi
+}
+
+## look for cruft from old versions of the monkeysphere, and notice if
+## upgrades have not been run:
+report_cruft() {
+ check_upgrade_dir "${SYSCONFIGDIR}/gnupg-host" 0.23
+ check_upgrade_dir "${SYSCONFIGDIR}/gnupg-authentication" 0.23
+
+ check_cruft_file "${SYSCONFIGDIR}/gnupg-authentication.conf" 0.23
+ check_cruft_file "${SYSCONFIGDIR}/gnupg-host.conf" 0.23
+
+ local found=
+ for foo in "${SYSDATADIR}/backup-from-"*"-transition" ; do
+ if [ -d "$foo" ] ; then
+ printf "! %s\n" "$foo" | log info
+ found=true
+ fi
+ done
+ if [ "$found" ] ; then
+ printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info
+ fi
+}
# found?
# get the gpg info for userid
- gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+ gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
--with-fingerprint --with-fingerprint \
="$userID" 2>/dev/null)
sshKeyGPGFile=$(msmktempfile)
printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
- sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" \
+ sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
awk '{ print $2 }')
rm -f "$sshKeyGPGFile"
# get the sigs for the matching key
- gpgSigOut=$(gpg --check-sigs \
+ gpgSigOut=$(gpg_user --check-sigs \
--list-options show-uid-validity \
"$keyid")
# CHECK_KEYSERVER variable in the monkeysphere.conf file.
# if the host is in the gpg keyring...
- if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then
+ if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then
# do not check the keyserver
CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"}