summaryrefslogtreecommitdiff
path: root/src/share/mh/publish_key
blob: c8da8471ffc747f17d996705f6b5e66d81c6496b (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere host publish-key subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2008-2010, and are all released under the GPL,
  11. # version 3 or later.
  12. # publish keys to keyserver
  13. publish_key() {
  14. local keyID="$1"
  15. local GNUPGHOME
  16. if [ "$PROMPT" != "false" ] ; then
  17. log debug "Because \$MONKEYSPHERE_PROMPT is set to $PROMPT, interactively confirm publishing key"
  18. printf "Really publish key '$keyID' to $KEYSERVER? (Y/n) " >&2
  19. read OK; OK=${OK:=Y}
  20. if [ "${OK/y/Y}" != 'Y' ] ; then
  21. log error "key not published."
  22. return
  23. fi
  24. else
  25. log debug "publishing key '$keyID' without prompting."
  26. fi
  27. # create a temporary gnupg directory from which to publish the key
  28. export GNUPGHOME=$(msmktempdir)
  29. chmod 0700 "$GNUPGHOME"
  30. chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME"
  31. # trap to remove tmp dir if break
  32. trap "rm -rf $GNUPGHOME" EXIT
  33. # import the key into the tmp dir
  34. su_monkeysphere_user \
  35. "gpg --quiet --import" <"$HOST_KEY_FILE"
  36. KEYSERVER_OPTIONS=""
  37. for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
  38. if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile" ] ; then
  39. log debug "using trust anchor file: $anchorfile"
  40. KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'"
  41. fi
  42. done
  43. # publish key
  44. log debug "publishing key with the following gpg command line and options:"
  45. su_monkeysphere_user \
  46. "gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'"
  47. # remove the tmp file
  48. trap - EXIT
  49. rm -rf "$GNUPGHOME"
  50. }