diff options
-rwxr-xr-x | src/monkeysphere-host | 10 | ||||
-rw-r--r-- | src/share/mh/add_revoker | 1 | ||||
-rw-r--r-- | src/share/mh/import_key | 6 | ||||
-rw-r--r-- | src/share/mh/revoke_hostname | 2 |
4 files changed, 15 insertions, 4 deletions
diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 8562ec6..9d3ccb1 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -89,6 +89,8 @@ gpg_host_list() { } # command for edit key scripts, takes scripts on stdin +# FIXME: should we supress all the edit script spew? or pipe it +# through log debug? gpg_host_edit() { gpg_host --quiet --command-fd 0 --edit-key \ "0x${HOST_FINGERPRINT}!" "$@" @@ -106,7 +108,7 @@ create_gpg_pub_file() { # export gpg pub key file # FIXME: this seems much less than ideal, with all this temp keyring # stuff. is there a way we can do this without having to create temp -# files? +# files? what if we stored the fingerprint in MHDATADIR/fingerprint? load_fingerprint() { if [ -f "$HOST_KEY_FILE" ] ; then HOST_FINGERPRINT=$( \ @@ -181,8 +183,12 @@ show_key() { | grep '^fpr:' | cut -d: -f10 ) # list the host key info + # FIXME: make no-show-keyring work so we don't have to do the grep'ing + # FIXME: why is this not showing key expiration? gpg --list-keys --fingerprint \ - --list-options show-unusable-uids 2>/dev/null + --list-options show-unusable-uids 2>/dev/null \ + | grep -v "^${GNUPGHOME}/pubring.gpg$" \ + | egrep -v '^-+$' # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 5b637a5..b6affbb 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -84,7 +84,6 @@ if [ "${OK/y/Y}" != 'Y' ] ; then fi # edit-key script to add revoker -# NOTE: *all* user IDs will be ltsigned addrevokerCommand=$(cat <<EOF addrevoker diff --git a/src/share/mh/import_key b/src/share/mh/import_key index ac31133..ed6ee4f 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -54,6 +54,12 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ # that's what we're trying to produce (see below). load_fingerprint_secret +# set ultimate owner trust on the newly imported key +printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust + +# update trustdb +gpg_host --check-trustdb + # export to gpg public key to file create_gpg_pub_file diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 940b5f4..3addf90 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -30,7 +30,7 @@ fi echo "WARNING: There is a known bug in this function." echo "This function has been known to occasionally revoke the wrong user ID." echo "Please see the following bug report for more information:" -echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/" +echo "https://labs.riseup.net/code/issues/show/422" read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." |