/usr/share/monkeysphere/mh/add_revoker is in monkeysphere 0.37-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | # -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
# Monkeysphere host add-revoker subcommand
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# They are Copyright 2008-2010, and are all released under the GPL,
# version 3 or later.
# add a revoker to the host key
add_revoker() {
local revokerKeyID
local keyID
local tmpDir
local fingerprint
local addrevokerCommand
# check that key ID or file is specified
if [ -z "$1" ] ; then
failure "You must specify the key ID of a revoker key, or specify a file to read the key from."
fi
revokerKeyID="$1"
shift
keyID=$(check_key_input "$@")
# make a temporary directory for storing keys during import, and set
# the trap to delete it on exit
tmpDir=$(msmktempdir)
trap "rm -rf $tmpDir" EXIT
# if file is specified
if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
# load the key from stdin
if [ "$revokerKeyID" = '-' ] ; then
# make a temporary file to hold the key from stdin
revokerKeyID="$tmpDir"/importkey
log verbose "reading revoker key from stdin..."
cat > "$revokerKeyID"
# load the key from the file
elif [ -f "$revokerKeyID" ] ; then
log verbose "reading revoker key from file '$revokerKeyID'..."
fi
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
"${SYSSHAREDIR}/common" list_primary_fingerprints < "$revokerKeyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
fi
# load the key
gpg_host --import <"$revokerKeyID" \
|| failure "could not read revoker key from '$revokerKeyID'"
# else, get the revoker key from the keyserver
else
# fix permissions and ownership on temporary directory which will
# be used by monkeysphere user for storing the downloaded key
chmod 0700 "$tmpDir"
chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"
# download the key from the keyserver as the monkeysphere user
log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..."
su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \
|| failure "Could not receive a key with this ID from keyserver '$KEYSERVER'."
# get the full fingerprint of new revoker key
log debug "getting fingerprint of revoker key..."
fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \
| grep '^fpr:' | cut -d: -f10)
# test that there is only a single fingerprint
if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then
cat <<EOF
More than one fingerprint found:
$fingerprint
Please use a more specific key ID.
EOF
failure
fi
log info "revoker key found:"
su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!"
if [ "$PROMPT" = "true" ] ; then
printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2
read OK; OK=${OK:-Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "revoker not added."
fi
else
log debug "adding revoker without prompting."
fi
# export the new key to the host keyring
log debug "loading revoker key into host keyring..."
su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \
| gpg_host --import
fi
# edit-key script to add revoker
addrevokerCommand="addrevoker
$fingerprint
y
save
"
# end script
# core ltsigns the newly imported revoker key
log debug "executing add revoker script..."
if echo "$addrevokerCommand" | gpg_host_edit "0x${keyID}!" ; then
update_pgp_pub_file
log info "Revoker added."
else
failure "Problem adding revoker."
fi
# remove the temporary directory
trap - EXIT
rm -rf "$tmpDir"
}
|