diff options
| author | Matt Goins <mjgoins@openflows.com> | 2009-02-09 21:54:58 -0500 |
|---|---|---|
| committer | Matt Goins <mjgoins@openflows.com> | 2009-02-09 21:54:58 -0500 |
| commit | 3b81cd012e8224490a3836cccbd7d082a061658e (patch) | |
| tree | 71fa874a6a98680388ff7a8b1a6e478390bd5b1d /src/share/ma | |
| parent | c9a361eecab5ea18d0b868580a3d0703517ab677 (diff) | |
| parent | d71cf8d24bd9357a016b1ead375a67ccd955c130 (diff) | |
Merge commit 'jrollins/master'
Diffstat (limited to 'src/share/ma')
| -rw-r--r-- | src/share/ma/add_certifier | 17 | ||||
| -rw-r--r-- | src/share/ma/setup | 13 |
2 files changed, 8 insertions, 22 deletions
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 60a4f9d..e9731cc 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -27,19 +27,15 @@ add_certifier() { -local domain -local trust -local depth +local domain= +local trust=full +local depth=1 local keyID +local importinfo local fingerprint local ltsignCommand local trustval -# set default values for trust depth and domain -domain= -trust=full -depth=1 - # get options while true ; do case "$1" in @@ -90,7 +86,7 @@ if [ -f "$keyID" ] ; then keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then - failure "Expected there to be a single gpg key in the file." + failure "There was not exactly one gpg key in the file." fi else # get the key from the key server @@ -132,8 +128,7 @@ case "$trust" in ;; esac -# this is the gpg "script" that gpg --edit-key will execute for the -# core to sign certifier. +# edit-key script to ltsign key # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF ltsign diff --git a/src/share/ma/setup b/src/share/ma/setup index 422cfd3..034f047 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -53,17 +53,8 @@ EOF local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64)) - local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" - - # generate the key with ssh-keygen... - log debug "generating ssh key ($CORE_KEYLENGTH bits)..." - ssh-keygen -q -b "$CORE_KEYLENGTH" -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core" - # and then translate to openpgp encoding and import - # FIXME: pem2openpgp currently sets the A flag and a short - # expiration date. We should set the C flag and no expiration - # date. - log debug "converting ssh key to openpgp key and importing into core..." - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" + log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..." + PEM2OPENPGP_USAGE_FLAGS=certify PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point log debug "get core key fingerprint..." |