From 0655d5cbf24a29da4aff7e272e82bfa258b2ceed Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Feb 2009 21:14:22 -0500 Subject: new function to export signatures from core to sphere keyrings. this is so that the sphere does not have to read the core pubring to get the certifier ltsigs, and we can therefore keep tighter permissions on the core keyring files. updated some comments/documentation as well. --- src/monkeysphere-authentication | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'src/monkeysphere-authentication') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 7c43aa8..2316183 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -85,8 +85,6 @@ su_monkeysphere_user() { # function to interact with the gpg core keyring gpg_core() { - local returnCode - GNUPGHOME="$GNUPGHOME_CORE" export GNUPGHOME @@ -94,15 +92,7 @@ gpg_core() { # user to be able to read the host pubring. we realize this might # be problematic, but it's the simplest solution, without too much # loss of security. - gpg --no-permission-warning "$@" - returnCode="$?" - - # always reset the permissions on the host pubring so that the - # monkeysphere user can read the trust signatures - chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg" - chmod g+r "${GNUPGHOME_CORE}/pubring.gpg" - - return "$returnCode" + gpg "$@" } # function to interact with the gpg sphere keyring @@ -116,6 +106,12 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } +# export signatures from core to sphere +gpg_core_sphere_sig_transfer() { + gpg_core --export-options export-local-sigs --export | \ + gpg_sphere --import-options import-local-sigs --import +} + ######################################################################## # MAIN ######################################################################## -- cgit v1.2.3