new function to export signatures from core to sphere keyrings. this

is so that the sphere does not have to read the core pubring to get
the certifier ltsigs, and we can therefore keep tighter permissions on
the core keyring files.  updated some comments/documentation as well.

1 files changed, 2 insertions, 4 deletions

diff --git a/src/share/ma/setup b/src/share/ma/setup
index 672a960..229166b 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -34,12 +34,10 @@ EOF
 # Edits will be overwritten.
 no-greeting
 primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg
-keyring ${GNUPGHOME_CORE}/pubring.gpg
-
 list-options show-uid-validity
 EOF
 
-    # fingerprint of core key.  this should be empty on unconfigured systems.
+    # get fingerprint of core key.  this should be empty on unconfigured systems.
     local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
 
     if [ -z "$CORE_FPR" ] ; then
@@ -57,7 +55,7 @@ EOF
 	# date.
 	< "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core"
 
-	gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key
+	# get fingerprint of core key.  should definitely not be empty at this point
 	CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
 	if [ -z "$CORE_FPR" ] ; then
 	    failure "Failed to create Monkeysphere authentication trust core!"