- # -*-shell-script-*-
- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
- # Monkeysphere authentication list-certifiers subcommand
- #
- # The monkeysphere scripts are written by:
- # Jameson Rollins <jrollins@finestructure.net>
- # Jamie McClelland <jm@mayfirst.org>
- # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- #
- # They are Copyright 2008-2009, and are all released under the GPL,
- # version 3 or later.
- # list the host certifiers
- list_certifiers() {
- local keys
- local key
- local authfpr
- local keyfpr
- local uid
- local printedfpr
- # find trusted keys in sphere keychain
- log debug "finding trusted keys..."
- # FIXME: this assumes that the keygrip (16 hex chars) is unique; we're
- # only searching by keygrip at the moment.
- authgrip=$(core_fingerprint | cut -b 25-40)
- # We're walking the list of known signatures, and extracting all trust
- # signatures made by the core fingerprint and known to the sphere
- # keyring.
- # for each one of these, we're printing (colon-delimited): the
- # fingerprint, the trust depth, the trust level (60 == marginal, 120
- # == full), and the domain regex (if any):
- gpg_sphere --fingerprint --with-colons --check-sigs | \
- cut -f 1,2,5,8,9,10 -d: | \
- egrep '^(fpr:::::|uat:|uid:|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
- while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
- case $type in
- 'fpr') # this is a new key
- keyfpr=$fpr
- uid=
- printedfpr=no
- ;;
- 'uid') # here comes a user id (if we don't have a key, or the
- # uid has no calculated validity, we will not bother
- # with it):
- if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
- uid="$fpr"
- else
- uid=
- fi
- ;;
- 'uat') # this is a user attribute. DETAILS.gz states that the
- # 10th field is the number of user attribute
- # subpackets, followed by the total number of bytes of
- # the subpackets:
- if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
- uid=$(printf "%d JPEG(?) image(s), total %d bytes" \
- "${fpr%% *}" "${fpr##* }")
- else
- uid=
- fi
- ;;
- 'sig') # print all trust signatures, including regexes if
- # present, assuming that
- if [ "$keyfpr" ] && [ "$uid" ] ; then
- trustdepth=${trustparams%% *}
- trustlevel=${trustparams##* }
- if [ "$printedfpr" = no ] ; then
- printf "%s:\n" "$keyfpr"
- printedfpr=yes
- fi
- # FIXME: this is clumsy and not human-friendly. we should
- # print out more human-readable information, if possible.
- printf " :%s:%d:%d:%s\n" "$uid" "$trustdepth" "$trustlevel" "$trustdomain"
- fi
- ;;
- esac
- done
- }
|