From 0655d5cbf24a29da4aff7e272e82bfa258b2ceed Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Feb 2009 21:14:22 -0500 Subject: new function to export signatures from core to sphere keyrings. this is so that the sphere does not have to read the core pubring to get the certifier ltsigs, and we can therefore keep tighter permissions on the core keyring files. updated some comments/documentation as well. --- src/share/ma/setup | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/share/ma/setup') diff --git a/src/share/ma/setup b/src/share/ma/setup index 672a960..229166b 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -34,12 +34,10 @@ EOF # Edits will be overwritten. no-greeting primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg -keyring ${GNUPGHOME_CORE}/pubring.gpg - list-options show-uid-validity EOF - # fingerprint of core key. this should be empty on unconfigured systems. + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then @@ -57,7 +55,7 @@ EOF # date. < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" - gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key + # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then failure "Failed to create Monkeysphere authentication trust core!" -- cgit v1.2.3