monkeysphere 0.37-2 / usr / share / monkeysphere / mh / add_revoker

This file is indexed.

/usr/share/monkeysphere/mh/add_revoker is in monkeysphere 0.37-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)

# Monkeysphere host add-revoker subcommand
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# They are Copyright 2008-2010, and are all released under the GPL,
# version 3 or later.

# add a revoker to the host key

add_revoker() {

local revokerKeyID
local keyID
local tmpDir
local fingerprint
local addrevokerCommand

# check that key ID or file is specified
if [ -z "$1" ] ; then
    failure "You must specify the key ID of a revoker key, or specify a file to read the key from."
fi
revokerKeyID="$1"
shift

keyID=$(check_key_input "$@")

# make a temporary directory for storing keys during import, and set
# the trap to delete it on exit
tmpDir=$(msmktempdir)
trap "rm -rf $tmpDir" EXIT

# if file is specified
if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
    # load the key from stdin
    if [ "$revokerKeyID" = '-' ] ; then
	# make a temporary file to hold the key from stdin
	revokerKeyID="$tmpDir"/importkey
	log verbose "reading revoker key from stdin..."
	cat > "$revokerKeyID"

    # load the key from the file
    elif [ -f "$revokerKeyID" ] ; then
	log verbose "reading revoker key from file '$revokerKeyID'..."
    fi

    # check the key is ok as monkeysphere user before loading
    log debug "checking keys in file..."
    fingerprint=$(su_monkeysphere_user \
	"${SYSSHAREDIR}/common" list_primary_fingerprints < "$revokerKeyID")

    if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
	failure "There was not exactly one gpg key in the file."
    fi

    # load the key
    gpg_host --import <"$revokerKeyID" \
	|| failure "could not read revoker key from '$revokerKeyID'"

# else, get the revoker key from the keyserver
else
    # fix permissions and ownership on temporary directory which will
    # be used by monkeysphere user for storing the downloaded key
    chmod 0700 "$tmpDir"
    chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"

    # download the key from the keyserver as the monkeysphere user
    log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..."
    su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \
	|| failure "Could not receive a key with this ID from keyserver '$KEYSERVER'."

    # get the full fingerprint of new revoker key
    log debug "getting fingerprint of revoker key..."
    fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \
	| grep '^fpr:' | cut -d: -f10)

    # test that there is only a single fingerprint
    if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then
	cat <<EOF
More than one fingerprint found:
$fingerprint
Please use a more specific key ID.
EOF
	failure
    fi

    log info "revoker key found:"
    su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!"

    if [ "$PROMPT" = "true" ] ; then
	printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2
	read OK; OK=${OK:-Y}
	if [ "${OK/y/Y}" != 'Y' ] ; then
	    failure "revoker not added."
	fi
    else
	log debug "adding revoker without prompting."
    fi

    # export the new key to the host keyring
    log debug "loading revoker key into host keyring..."
    su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \
	| gpg_host --import
fi

# edit-key script to add revoker
addrevokerCommand="addrevoker
$fingerprint
y
save
"
# end script

# core ltsigns the newly imported revoker key
log debug "executing add revoker script..."
if echo "$addrevokerCommand" | gpg_host_edit "0x${keyID}!" ; then

    update_pgp_pub_file

    log info "Revoker added."
else
    failure "Problem adding revoker."
fi

# remove the temporary directory
trap - EXIT
rm -rf "$tmpDir"

}

APT Browse - Built by Thomas Orozco.