summaryrefslogtreecommitdiff
path: root/src/share/mh/revoke_key
diff options
context:
space:
mode:
authorJameson Rollins <jrollins@finestructure.net>2010-01-15 19:19:15 -0500
committerJameson Rollins <jrollins@finestructure.net>2010-01-15 19:19:15 -0500
commitce45ef5702e072e869fa9d1b703f99dc740eb000 (patch)
treec0aca35789dd24b73b8220fac2d83f73c18fb818 /src/share/mh/revoke_key
parent1e207b9914d4b19450c94a3de4dbf41305638035 (diff)
Major rework of monkeysphere-host to handle multiple host keys.
This rework removes any assumption that monkeysphere-host is just managing a single host key, or that the keys are used specifically for ssh. The UI is exactly backwards compatible except that hostnames ('example.com') must be replaced by full service names ('ssh://example.com'). This incarnation passes the old tests with those changes only. There are a couple of things that still need to be done: - need to see if a transition script is needed (some local file names have changed) - need to fill in check_service_name function to verify that a specified service name fits the expected format. - update diagnostics appropriately
Diffstat (limited to 'src/share/mh/revoke_key')
-rw-r--r--src/share/mh/revoke_key18
1 files changed, 9 insertions, 9 deletions
diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key
index 5460e51..5a013e0 100644
--- a/src/share/mh/revoke_key
+++ b/src/share/mh/revoke_key
@@ -8,23 +8,24 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009, and are all released under the GPL,
+# They are Copyright 2008-2010, and are all released under the GPL,
# version 3 or later.
# revoke host key
revoke_key() {
-# Coming in here, we expect $HOST_FINGERPRINT to be set, and we
-# believe that there is in fact a key.
+ local keyID
+ local publish
+
+ keyID=$(check_key_input "$@")
if [ "$PROMPT" = "false" ] ; then
publish=N
else
cat <<EOF >&2
-This will generate a revocation certificate for your host key
-(fingerprint: $HOST_FINGERPRINT) and
-dump the certificate to standard output.
+This will generate a revocation certificate for key $keyID
+and dump the certificate to standard output.
It can also directly publish the new revocation certificate
to the public keyservers via $KEYSERVER if you want it to.
@@ -65,14 +66,13 @@ Monkeysphere host key revocation (automated) $(date '+%F_%T%z')
y
"
- revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \
+ revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${keyID}!" <<<"$revoke_commands" ) \
|| failure "Failed to generate revocation certificate!"
-
else
# note: we're not using the gpg_host function because we actually
# want to use gpg's UI in this case, so we want to omit --no-tty
- revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \
+ revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \
|| failure "Failed to generate revocation certificate!"
fi