From e6a41995792ee8b7a3dbce1e763e40447e45755f Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 6 May 2010 11:24:55 -0400
Subject: support x509 anchors for monkeysphere-host, allow shared anchors
 between m-a and mh (closes MS #2288)

---
 src/share/ma/setup | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/share/ma/setup')

diff --git a/src/share/ma/setup b/src/share/ma/setup
index f965487..3c82c45 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -36,6 +36,14 @@ setup() {
 no-greeting
 EOF
 
+    KEYSERVER_OPTIONS=""
+    for anchorfile in "${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
+        if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile" ] ; then
+            KEYSERVER_OPTIONS="keyserver-options ca-cert-file=$anchorfile"
+            log debug "using $anchorfile for keyserver X.509 anchor"
+        fi
+    done
+
     log debug "writing sphere gpg.conf..."
     cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
 # Monkeysphere trust sphere GnuPG configuration
@@ -43,7 +51,7 @@ EOF
 # Edits will be overwritten.
 no-greeting
 list-options show-uid-validity
-keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt
+${KEYSERVER_OPTIONS}
 EOF
 
     # make sure the monkeysphere user owns everything in the sphere
-- 
cgit v1.2.3