From bf3e2e6ecafbab7e80124ea4ba2bda61ee4423e9 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 21 Feb 2009 20:33:01 -0500 Subject: added some FIXMEs to transitions/0.23, concerning host keys that were originally created with an expiration date. --- src/transitions/0.23 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/transitions/0.23 b/src/transitions/0.23 index f09dfff..dead788 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -143,12 +143,24 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then + FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' ) + # create host home mkdir -p "${MHDATADIR}" chmod 0700 "${MHDATADIR}" log "importing host key from old monkeysphere installation\n" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \ + +# export from the pubring as well as the that new (non-expired) +# self-sigs are available, otherwise the secret key import may fail + +# FIXME: turns out the secret key import fails anyway, stupidly :( + +# FIXME: if all self-sigs are expired, then the secret key import may +# fail anyway. How should we deal with that? + + (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \ + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export $FPR) | \ GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import monkeysphere-host update-gpg-pub-file -- cgit v1.2.3