summaryrefslogtreecommitdiff
path: root/src/share/ma/list_certifiers
blob: a02487dd033000eb2762e069a296730a85786d89 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere authentication list-certifiers subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@fifthhorseman.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2008-2009, and are all released under the GPL,
  11. # version 3 or later.
  12. # list the host certifiers
  13. list_certifiers() {
  14. local keys
  15. local key
  16. local authfpr
  17. local keyfpr
  18. local uid
  19. local printedfpr
  20. # find trusted keys in sphere keychain
  21. log debug "finding trusted keys..."
  22. # FIXME: this assumes that the keygrip (16 hex chars) is unique; we're
  23. # only searching by keygrip at the moment.
  24. authgrip=$(core_fingerprint | cut -b 25-40)
  25. # We're walking the list of known signatures, and extracting all trust
  26. # signatures made by the core fingerprint and known to the sphere
  27. # keyring.
  28. # for each one of these, we're printing (colon-delimited): the
  29. # fingerprint, the trust depth, the trust level (60 == marginal, 120
  30. # == full), and the domain regex (if any):
  31. gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \
  32. cut -f 1,2,5,8,9,10 -d: | \
  33. egrep '^(fpr:::::|uat:|uid:|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
  34. while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
  35. case $type in
  36. 'fpr') # this is a new key
  37. keyfpr=$fpr
  38. uid=
  39. printedfpr=no
  40. ;;
  41. 'uid') # here comes a user id (if we don't have a key, or the
  42. # uid has no calculated validity, we will not bother
  43. # with it):
  44. if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
  45. uid="$fpr"
  46. else
  47. uid=
  48. fi
  49. ;;
  50. 'uat') # this is a user attribute. DETAILS.gz states that the
  51. # 10th field is the number of user attribute
  52. # subpackets, followed by the total number of bytes of
  53. # the subpackets:
  54. if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
  55. uid=$(printf "%d JPEG(?) image(s), total %d bytes" \
  56. "${fpr%% *}" "${fpr##* }")
  57. else
  58. uid=
  59. fi
  60. ;;
  61. 'sig') # print all trust signatures, including regexes if
  62. # present, assuming that
  63. if [ "$keyfpr" ] && [ "$uid" ] ; then
  64. trustdepth=${trustparams%% *}
  65. trustlevel=${trustparams##* }
  66. if [ "$printedfpr" = no ] ; then
  67. printf "%s:\n" "$keyfpr"
  68. printedfpr=yes
  69. fi
  70. # FIXME: this is clumsy and not human-friendly. we should
  71. # print out more human-readable information, if possible.
  72. printf " :%s:%d:%d:%s\n" "$uid" "$trustdepth" "$trustlevel" "$trustdomain"
  73. fi
  74. ;;
  75. esac
  76. done
  77. }