blob: 6394ad734fec1e601f92d1362329ae9ba51f06ad (
plain)
- # -*-shell-script-*-
- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
- # Monkeysphere host import-key subcommand
- #
- # The monkeysphere scripts are written by:
- # Jameson Rollins <jrollins@finestructure.net>
- # Jamie McClelland <jm@mayfirst.org>
- # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- #
- # They are Copyright 2008-2009 and are all released under the GPL,
- # version 3 or later.
- import_key() {
- local sshKeyFile
- local hostName
- local domain
- local userID
- sshKeyFile="$1"
- hostName="$2"
- # use the default hostname if not specified
- if [ -z "$hostName" ] ; then
- hostName=$(hostname -f) || failure "Could not determine hostname."
- # test that the domain is not obviously illegitimate
- domain=${foo##*.}
- case $domain in
- 'local'|'localdomain')
- failure "Host domain '$domain' is not legitimate. Aborting key import."
- ;;
- esac
- # test that there are at least two parts
- if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
- failure "Host name '$hostName' is not legitimate. Aborting key import."
- fi
- fi
- userID="ssh://${hostName}"
- # create host home
- mkdir -p "${MHDATADIR}"
- mkdir -p "${GNUPGHOME_HOST}"
- chmod 700 "${GNUPGHOME_HOST}"
- # import ssh key to a private key
- if [ -z "$sshKeyFile" ] ; then
- failure "Must specify ssh key file to import, or specify '-' for stdin."
- elif [ "$sshKeyFile" = '-' ] ; then
- log verbose "importing ssh key from stdin..."
- PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
- | gpg_host --import
- else
- log verbose "importing ssh key from file '$sshKeyFile'..."
- PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
- <"$sshKeyFile" \
- | gpg_host --import
- fi
- # load the new host fpr into the fpr variable. this is so we can
- # create the gpg pub key file. we have to do this from the secret key
- # ring since we obviously don't have the gpg pub key file yet, since
- # that's what we're trying to produce (see below).
- load_fingerprint_secret
- # export to gpg public key to file
- update_gpg_pub_file
- log info "host key imported:"
- # show info about new key
- show_key
- }
|