summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-02-21 20:33:01 -0500
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-02-21 20:33:01 -0500
commitbf3e2e6ecafbab7e80124ea4ba2bda61ee4423e9 (patch)
treecc22251b69c0bd831fa2c70851f017a89293d79d
parent224f87f09060a10519440dc8660a57b82cb0ba58 (diff)
added some FIXMEs to transitions/0.23, concerning host keys that were originally created with an expiration date.
-rwxr-xr-xsrc/transitions/0.2314
1 files changed, 13 insertions, 1 deletions
diff --git a/src/transitions/0.23 b/src/transitions/0.23
index f09dfff..dead788 100755
--- a/src/transitions/0.23
+++ b/src/transitions/0.23
@@ -143,12 +143,24 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then
+ FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' )
+
# create host home
mkdir -p "${MHDATADIR}"
chmod 0700 "${MHDATADIR}"
log "importing host key from old monkeysphere installation\n"
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \
+
+# export from the pubring as well as the that new (non-expired)
+# self-sigs are available, otherwise the secret key import may fail
+
+# FIXME: turns out the secret key import fails anyway, stupidly :(
+
+# FIXME: if all self-sigs are expired, then the secret key import may
+# fail anyway. How should we deal with that?
+
+ (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export $FPR) | \
GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import
monkeysphere-host update-gpg-pub-file