new function to export signatures from core to sphere keyrings. this

is so that the sphere does not have to read the core pubring to get
the certifier ltsigs, and we can therefore keep tighter permissions on
the core keyring files.  updated some comments/documentation as well.

1 files changed, 7 insertions, 11 deletions

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 7c43aa8..2316183 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -85,8 +85,6 @@ su_monkeysphere_user() {
 
 # function to interact with the gpg core keyring
 gpg_core() {
-    local returnCode
-
     GNUPGHOME="$GNUPGHOME_CORE"
     export GNUPGHOME
 
@@ -94,15 +92,7 @@ gpg_core() {
     # user to be able to read the host pubring.  we realize this might
     # be problematic, but it's the simplest solution, without too much
     # loss of security.
-    gpg --no-permission-warning "$@"
-    returnCode="$?"
-
-    # always reset the permissions on the host pubring so that the
-    # monkeysphere user can read the trust signatures
-    chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg"
-    chmod g+r "${GNUPGHOME_CORE}/pubring.gpg"
-    
-    return "$returnCode"
+    gpg "$@"
 }
 
 # function to interact with the gpg sphere keyring
@@ -116,6 +106,12 @@ gpg_sphere() {
     su_monkeysphere_user "gpg $@"
 }
 
+# export signatures from core to sphere
+gpg_core_sphere_sig_transfer() {
+    gpg_core --export-options export-local-sigs --export | \
+	gpg_sphere --import-options import-local-sigs --import
+}
+
 ########################################################################
 # MAIN
 ########################################################################