<n>y = key expires in n years
EOF
while [ -z "$keyExpire" ] ; do
- read -p "Key is valid for? (0) " keyExpire
+ printf "Key is valid for? (0) " >&2
+ read keyExpire
if ! test_gpg_expire ${keyExpire:=0} ; then
echo "invalid value" >&2
unset keyExpire
eval "echo ~${uname}"
}
+# return the primary group of a user
+get_primary_group() {
+ local uname=${1:-`whoami`}
+ groups "$uname" | sed 's/^..* : //' | awk '{ print $1 }'
+}
+
### CONVERSION UTILITIES
# output the ssh key for a given key ID
# fix permissions and ownership on temporary directory which will
# be used by monkeysphere user for storing the downloaded key
chmod 0700 "$tmpDir"
- chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir"
+ chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"
# download the key from the keyserver as the monkeysphere user
log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!"
if [ "$PROMPT" = "true" ] ; then
- read -p "Are you sure you want to add the above key as a revoker
- of the host key? (Y/n) " OK; OK=${OK:-Y}
+ printf "Are you sure you want to add the above key as a revoker\nof the host key? (Y/n) " >&2
+ read OK; OK=${OK:-Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "revoker not added."
fi
local GNUPGHOME
if [ "$PROMPT" = "true" ] ; then
- read -p "Really publish host key to $KEYSERVER? (Y/n) " OK; OK=${OK:=Y}
+ printf "Really publish host key to $KEYSERVER? (Y/n) " >&2
+ read OK; OK=${OK:=Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "key not published."
fi
# create a temporary gnupg directory from which to publish the key
export GNUPGHOME=$(msmktempdir)
chmod 0700 "$GNUPGHOME"
-chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME"
+chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME"
# trap to remove tmp dir if break
trap "rm -rf $GNUPGHOME" EXIT