diff options
author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-01 21:14:22 -0500 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-01 21:14:22 -0500 |
commit | 0655d5cbf24a29da4aff7e272e82bfa258b2ceed (patch) | |
tree | 6e462df5ff450ddd67ddf3fdf686ddcbcfcd4668 /src/monkeysphere-authentication | |
parent | 7548a859412f10e68f90ee68f330593d85b090fc (diff) |
new function to export signatures from core to sphere keyrings. this
is so that the sphere does not have to read the core pubring to get
the certifier ltsigs, and we can therefore keep tighter permissions on
the core keyring files. updated some comments/documentation as well.
Diffstat (limited to 'src/monkeysphere-authentication')
-rwxr-xr-x | src/monkeysphere-authentication | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 7c43aa8..2316183 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -85,8 +85,6 @@ su_monkeysphere_user() { # function to interact with the gpg core keyring gpg_core() { - local returnCode - GNUPGHOME="$GNUPGHOME_CORE" export GNUPGHOME @@ -94,15 +92,7 @@ gpg_core() { # user to be able to read the host pubring. we realize this might # be problematic, but it's the simplest solution, without too much # loss of security. - gpg --no-permission-warning "$@" - returnCode="$?" - - # always reset the permissions on the host pubring so that the - # monkeysphere user can read the trust signatures - chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg" - chmod g+r "${GNUPGHOME_CORE}/pubring.gpg" - - return "$returnCode" + gpg "$@" } # function to interact with the gpg sphere keyring @@ -116,6 +106,12 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } +# export signatures from core to sphere +gpg_core_sphere_sig_transfer() { + gpg_core --export-options export-local-sigs --export | \ + gpg_sphere --import-options import-local-sigs --import +} + ######################################################################## # MAIN ######################################################################## |