summaryrefslogtreecommitdiff
path: root/src/share/mh/revoke_name
blob: 532cb3001898ba4b9fd94b42088c81ad03207bf8 (plain) 
    

  1. # -*-shell-script-*-
    2. 

  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
    3. 

  3. 

  4. # Monkeysphere host revoke-hostname subcommand
    5. 

  5. #
    6. 

  6. # The monkeysphere scripts are written by:
    7. 

  7. # Jameson Rollins <jrollins@finestructure.net>
    8. 

  8. # Jamie McClelland <jm@mayfirst.org>
    9. 

  9. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    10. 

  10. #
    11. 

  11. # They are Copyright 2008-2010, and are all released under the GPL,
    12. 

  12. # version 3 or later.
    13. 

  13. 

  14. # revoke service name user ID from host key
    15. 

  15. 

  16. revoke_name() {
    17. 

  17. 

  18. local serviceName
    19. 

  19. local keyID
    20. 

  20. local fingerprint
    21. 

  21. local tmpuidMatch
    22. 

  22. local line
    23. 

  23. local message
    24. 

  24. local revuidCommand
    25. 

  25. 

  26. if [ -z "$1" ] ; then
    27. 

  27.     failure "You must specify a service name to revoke."
    28. 

  28. fi
    29. 

  29. serviceName="$1"
    30. 

  30. shift
    31. 

  31. 

  32. keyID=$(check_key_input "$@")
    33. 

  33. 

  34. # make sure the user ID to revoke exists
    35. 

  35. check_key_userid "$keyID" "$serviceName" || \
    36. 

  36.     failure "No non-revoked service name found matching '$serviceName'."
    37. 

  37. 

  38. if [ "$PROMPT" != "false" ] ; then
    39. 

  39.     printf "The following service name on key '$keyID' will be revoked:\n  %s\nAre you sure you would like to revoke this service name? (Y/n) " "$serviceName" >&2
    40. 

  40.     read OK; OK=${OK:=Y}
    41. 

  41.     if [ "${OK/y/Y}" != 'Y' ] ; then
    42. 

  42.     failure "User ID not revoked."
    43. 

  43.     fi
    44. 

  44. else
    45. 

  45.     log debug "revoking service name without prompting."
    46. 

  46. fi
    47. 

  47. 

  48. # actually revoke:
    49. 

  49. 

  50. # the gpg secring might not contain the host key we are trying to
    51. 

  51. # revoke (let alone any selfsig over that host key), but the plain
    52. 

  52. # --export won't contain the secret key.  "keytrans revokeuserid"
    53. 

  53. # needs access to both pieces, so we feed it both of them.
    54. 

  54. 

  55. if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$keyID") \
    56. 

  56.     | "$SYSSHAREDIR/keytrans" revokeuserid "$keyID" "$serviceName" \
    57. 

  57.     | gpg_host --import ; then
    58. 

  58. 

  59.     gpg_host --check-trustdb
    60. 

  60. 

  61.     update_pgp_pub_file
    62. 

  62. 

  63.     show_key "$keyID"
    64. 

  64. 

  65.     echo
    66. 

  66.     echo "NOTE: Service name revoked, but revocation not published."
    67. 

  67.     echo "Run '$PGRM publish-key' to publish the revocation."
    68. 

  68. else
    69. 

  69.     failure "Problem revoking service name."
    70. 

  70. fi
    71. 

  71. 

  72. }
    73.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-20 09:50:59 +0000