summaryrefslogtreecommitdiff
path: root/src/share/mh
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-07-14 02:59:57 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-07-14 02:59:57 -0400
commit2c1e2de4a96090bdc606911d95bbc7191b92ddf9 (patch)
tree77ba232b226f52b7744d2dca28a37cea59af73dd /src/share/mh
parent811990b737bca2bd6ed26f9d002e55a9aa0b0cc2 (diff)
make sure that revokehostname sees the pieces it needs to see in order to create a useful revocation certificate.
Diffstat (limited to 'src/share/mh')
-rw-r--r--src/share/mh/revoke_hostname9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname
index b3b8d7a..6b80802 100644
--- a/src/share/mh/revoke_hostname
+++ b/src/share/mh/revoke_hostname
@@ -43,7 +43,14 @@ else
fi
# actually revoke:
-if <"$GNUPGHOME_HOST/secring.gpg" "$SYSSHAREDIR/keytrans" revokeuserid \
+
+# the gpg secring might not contain the host key we are trying to
+# revoke (let alone any selfsig over that host key), but the plain
+# --export won't contain the secret key. "keytrans revokeuserid"
+# needs access to both pieces, so we feed it both of them.
+
+if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \
+ "$SYSSHAREDIR/keytrans" revokeuserid \
"$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then
gpg_host --check-trustdb