diff options
| author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-19 18:14:13 -0500 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-19 18:14:13 -0500 |
| commit | 6c048ca2dc8ca4ae7708ce8ee5c578ab4ed73c8b (patch) | |
| tree | 9011cae7688dc9c0656cd81b953037b76d257908 /src/share/ma/add_certifier | |
| parent | e2614bf8edffed6f83a646db9514ebb00cfe4faf (diff) | |
Modify/cleanup add_certifier and add_revoker, so that their code base
is more similar, and so that they can read keys from stdin instead of
just from a file. Also fix the permissions on the tempdir in
publish_key.
Diffstat (limited to 'src/share/ma/add_certifier')
| -rw-r--r-- | src/share/ma/add_certifier | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index bd41f23..024255f 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -62,30 +62,47 @@ Type '$PGRM help' for usage." done keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - fingerprints=$(su_monkeysphere_user \ +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + local keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + fingerprint=$(su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") - if [ $(printf "%s" "$fingerprints" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi - gpg_sphere "--import" < "$keyID" || failure "could not read key from '$keyID'" + # load the key + gpg_sphere "--import" <"$keyID" \ + || failure "could not read key from '$keyID'" - keyID="$fingerprints" + keyID="$fingerprint" + +# else, get the key from the keyserver else - # get the key from the key server - log debug "retrieving key from keyserver..." - gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." + gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." fi -export keyID - # get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ |