summaryrefslogtreecommitdiff
path: root/src/share/mh/import_key
blob: c545388f9aaedd0300d899acc5ded47d029e7533 (plain) 
    

  1. # -*-shell-script-*-
    2. 

  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
    3. 

  3. 

  4. # Monkeysphere host import-key subcommand
    5. 

  5. #
    6. 

  6. # The monkeysphere scripts are written by:
    7. 

  7. # Jameson Rollins <jrollins@finestructure.net>
    8. 

  8. # Jamie McClelland <jm@mayfirst.org>
    9. 

  9. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    10. 

  10. #
    11. 

  11. # They are Copyright 2008-2009 and are all released under the GPL,
    12. 

  12. # version 3 or later.
    13. 

  13. 

  14. import_key() {
    15. 

  15. 

  16. local sshKeyFile
    17. 

  17. local hostName
    18. 

  18. local domain
    19. 

  19. local userID
    20. 

  20. 

  21. sshKeyFile="$1"
    22. 

  22. hostName="$2"
    23. 

  23. 

  24. # check that key file specified
    25. 

  25. if [ -z "$sshKeyFile" ] ; then
    26. 

  26.     failure "Must specify ssh key file to import, or specify '-' for stdin."
    27. 

  27. fi
    28. 

  28. 

  29. # use the default hostname if not specified
    30. 

  30. if [ -z "$hostName" ] ; then
    31. 

  31.     hostName=$(hostname -f) || failure "Could not determine hostname."
    32. 

  32.     # test that the domain is not obviously illegitimate
    33. 

  33.     domain=${foo##*.}
    34. 

  34.     case $domain in
    35. 

  35.     'local'|'localdomain')
    36. 

  36.         failure "Host domain '$domain' is not legitimate.  Aborting key import."
    37. 

  37.         ;;
    38. 

  38.     esac
    39. 

  39.     # test that there are at least two parts
    40. 

  40.     if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
    41. 

  41.     failure "Host name '$hostName' is not legitimate.  Aborting key import."
    42. 

  42.     fi
    43. 

  43. fi
    44. 

  44. 

  45. userID="ssh://${hostName}"
    46. 

  46. 

  47. if [ "$PROMPT" = "true" ] ; then
    48. 

  48.     cat <<EOF
    49. 

  49. The ssh key will be imported and an OpenPGP certificate for this host
    50. 

  50. will be generated with the following user ID:
    51. 

  51.   $userID
    52. 

  52. EOF
    53. 

  53.     read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
    54. 

  54.     if [ "${OK/y/Y}" != 'Y' ] ; then
    55. 

  55.     failure "ssh key not imported."
    56. 

  56.     fi
    57. 

  57. else
    58. 

  58.     log debug "importing key without prompting."
    59. 

  59. fi
    60. 

  60. 

  61. 

  62. # create host home
    63. 

  63. mkdir -p "${MHDATADIR}"
    64. 

  64. mkdir -p "${GNUPGHOME_HOST}"
    65. 

  65. chmod 700 "${GNUPGHOME_HOST}"
    66. 

  66. 

  67. # import ssh key to a private key
    68. 

  68. if [ "$sshKeyFile" = '-' ] ; then
    69. 

  69.     log verbose "importing ssh key from stdin..."
    70. 

  70.     PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
    71. 

  71.     | gpg_host --import
    72. 

  72. else
    73. 

  73.     log verbose "importing ssh key from file '$sshKeyFile'..."
    74. 

  74.     PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
    75. 

  75.     <"$sshKeyFile" \
    76. 

  76.     | gpg_host --import
    77. 

  77. fi
    78. 

  78. 

  79. # load the new host fpr into the fpr variable.  this is so we can
    80. 

  80. # create the gpg pub key file.  we have to do this from the secret key
    81. 

  81. # ring since we obviously don't have the gpg pub key file yet, since
    82. 

  82. # that's what we're trying to produce (see below).
    83. 

  83. load_fingerprint_secret
    84. 

  84. 

  85. # export to gpg public key to file
    86. 

  86. update_gpg_pub_file
    87. 

  87. 

  88. log info "host key imported:"
    89. 

  89. 

  90. # show info about new key
    91. 

  91. show_key
    92. 

  92. 

  93. }
    94.
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-04 21:04:58 +0000