From e6a41995792ee8b7a3dbce1e763e40447e45755f Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 6 May 2010 11:24:55 -0400
Subject: support x509 anchors for monkeysphere-host, allow shared anchors
 between m-a and mh (closes MS #2288)

---
 src/share/mh/publish_key | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/share/mh/publish_key')

diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index f1c1723..72d2693 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -40,9 +40,16 @@ trap "rm -rf $GNUPGHOME" EXIT
 su_monkeysphere_user \
     "gpg --quiet --import" <"$HOST_KEY_FILE"
 
+KEYSERVER_OPTIONS=""
+for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
+    if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile"  ] ; then
+        KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'"
+    fi
+done
+
 # publish key
 su_monkeysphere_user \
-    "gpg --keyserver $KEYSERVER --send-keys '0x${keyID}!'"
+    "gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'"
 
 # remove the tmp file
 trap - EXIT
-- 
cgit v1.2.3