summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsrc/monkeysphere-host10
-rw-r--r--src/share/mh/add_revoker1
-rw-r--r--src/share/mh/import_key6
-rw-r--r--src/share/mh/revoke_hostname2
4 files changed, 15 insertions, 4 deletions
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 8562ec6..9d3ccb1 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -89,6 +89,8 @@ gpg_host_list() {
}
# command for edit key scripts, takes scripts on stdin
+# FIXME: should we supress all the edit script spew? or pipe it
+# through log debug?
gpg_host_edit() {
gpg_host --quiet --command-fd 0 --edit-key \
"0x${HOST_FINGERPRINT}!" "$@"
@@ -106,7 +108,7 @@ create_gpg_pub_file() {
# export gpg pub key file
# FIXME: this seems much less than ideal, with all this temp keyring
# stuff. is there a way we can do this without having to create temp
-# files?
+# files? what if we stored the fingerprint in MHDATADIR/fingerprint?
load_fingerprint() {
if [ -f "$HOST_KEY_FILE" ] ; then
HOST_FINGERPRINT=$( \
@@ -181,8 +183,12 @@ show_key() {
| grep '^fpr:' | cut -d: -f10 )
# list the host key info
+ # FIXME: make no-show-keyring work so we don't have to do the grep'ing
+ # FIXME: why is this not showing key expiration?
gpg --list-keys --fingerprint \
- --list-options show-unusable-uids 2>/dev/null
+ --list-options show-unusable-uids 2>/dev/null \
+ | grep -v "^${GNUPGHOME}/pubring.gpg$" \
+ | egrep -v '^-+$'
# list the pgp fingerprint
echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 5b637a5..b6affbb 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -84,7 +84,6 @@ if [ "${OK/y/Y}" != 'Y' ] ; then
fi
# edit-key script to add revoker
-# NOTE: *all* user IDs will be ltsigned
addrevokerCommand=$(cat <<EOF
addrevoker
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index ac31133..ed6ee4f 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -54,6 +54,12 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
# that's what we're trying to produce (see below).
load_fingerprint_secret
+# set ultimate owner trust on the newly imported key
+printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust
+
+# update trustdb
+gpg_host --check-trustdb
+
# export to gpg public key to file
create_gpg_pub_file
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname
index 940b5f4..3addf90 100644
--- a/src/share/mh/revoke_hostname
+++ b/src/share/mh/revoke_hostname
@@ -30,7 +30,7 @@ fi
echo "WARNING: There is a known bug in this function."
echo "This function has been known to occasionally revoke the wrong user ID."
echo "Please see the following bug report for more information:"
-echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
+echo "https://labs.riseup.net/code/issues/show/422"
read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
if [ ${OK/y/Y} != 'Y' ] ; then
failure "aborting."