summaryrefslogtreecommitdiff
path: root/src/share/ma/list_certifiers
blob: 5a0388e5a998db81b47492a6938f382c10266385 (plain) 
    

  1. # -*-shell-script-*-
    2. 

  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
    3. 

  3. 

  4. # Monkeysphere authentication list-certifiers subcommand
    5. 

  5. #
    6. 

  6. # The monkeysphere scripts are written by:
    7. 

  7. # Jameson Rollins <jrollins@fifthhorseman.net>
    8. 

  8. # Jamie McClelland <jm@mayfirst.org>
    9. 

  9. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    10. 

  10. #
    11. 

  11. # They are Copyright 2008-2009, and are all released under the GPL,
    12. 

  12. # version 3 or later.
    13. 

  13. 

  14. # list the host certifiers
    15. 

  15. 

  16. list_certifiers() {
    17. 

  17. 

  18. local keys
    19. 

  19. local key
    20. 

  20. local authfpr
    21. 

  21. 

  22. # find trusted keys in sphere keychain
    23. 

  23. log debug "finding trusted keys..."
    24. 

  24. 

  25. # FIXME: this assumes that the keygrip (16 hex chars) is unique; we're
    26. 

  26. # only searching by keygrip at the moment.
    27. 

  27. 

  28. authgrip=$(core_fingerprint | cut -b 25-40)
    29. 

  29. 

  30. # We're walking the list of known signatures, and extracting all trust
    31. 

  31. # signatures made by the core fingerprint and known to the sphere
    32. 

  32. # keyring.
    33. 

  33. 

  34. # for each one of these, we're printing (colon-delimited): the
    35. 

  35. # fingerprint, the trust depth, the trust level (60 == marginal, 120
    36. 

  36. # == full), and the domain regex (if any):
    37. 

  37. 

  38. gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \
    39. 

  39.     cut -f 1,2,5,8,9,10 -d: | \
    40. 

  40.     egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
    41. 

  41.     while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
    42. 

  42.     case $type in
    43. 

  43.     'fpr') # this is a new key
    44. 

  44.         keyfpr=$fpr
    45. 

  45.         ;;
    46. 

  46.     'sig') # print all trust signatures, including regexes if present
    47. 

  47.         trustdepth=${trustparams%% *}
    48. 

  48.         trustlevel=${trustparams##* }
    49. 

  49. 

  50.         # FIXME: this is clumsy and not human-friendly.  we should
    51. 

  51.         # print out more human-readable information, if possible.
    52. 

  52.         printf "%s:%d:%d:%s\n" "$keyfpr" "$trustdepth" "$trustlevel" "$trustdomain"
    53. 

  53.         ;;
    54. 

  54.     esac
    55. 

  55. done
    56. 

  56. 

  57. 

  58. }
    59.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 19:08:35 +0000