support x509 anchors for monkeysphere-host, allow shared anchors between m-a and...

[monkeysphere.git] / src / monkeysphere-host

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 6145c30fb8227395fe4e0ca9bdafac71cea3a0cb..13cc3cacc2b7b4f7e97ef195ba95c95ed2e9d33f 100755 (executable)
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -74,7 +74,7 @@ EOF
 
 # function to interact with the gpg keyring
 gpg_host() {
-    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --no-tty "$@"
+    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-auto-check-trustdb --no-greeting --quiet --no-tty "$@"
 }
 
 # list the info about the a key, in colon format, to stdout
@@ -147,7 +147,7 @@ Service names should use fully-qualified domain names (FQDN), but the
 domain name you chose appears to only have the local part.  For
 example: don't use 'ssh://foo' ; use 'ssh://foo.example.com' instead."
 
-    [[ "$name" =~ ^[a-z]([a-z0-9-]*[a-z0-9])?://[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.|((\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+))(:[1-9][0-9]{0,4})?$ ]] || \
+    [[ "$name" =~ ^[a-z0-9]([a-z0-9-]*[a-z0-9])?://[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.|((\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+))(:[1-9][0-9]{0,4})?$ ]] || \
         failure "Not a valid service name: '$name'
 
 Service names look like <scheme>://full.example.com[:<portnumber>],
@@ -239,7 +239,7 @@ prompt_userid_exists() {
     if gpgOut=$(gpg_host_list_keys "=${userID}" 2>/dev/null) ; then
        fingerprint=$(echo "$gpgOut" | grep '^fpr:' | cut -d: -f10)
        if [ "$PROMPT" != "false" ] ; then
-           printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$fingerprint" "$userID" >&2
+           printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$userID" "$fingerprint" >&2
            read OK; OK=${OK:=N}
            if [ "${OK/y/Y}" != 'Y' ] ; then
                failure "Service name not added."
@@ -268,7 +268,7 @@ multi_key() {
 
     for key in $keys ; do
        if (( i++ > 0 )) ; then
-           echo "##############################"
+           printf "\n"
        fi
        "$cmd" "$key"
     done
@@ -279,7 +279,6 @@ show_key() {
     local id="$1"
     local GNUPGHOME
     local fingerprint
-    local tmpssh
     local revokers
 
     # tmp gpghome dir
@@ -300,17 +299,13 @@ show_key() {
        failure "ID '$id' not found."
     fi
 
-    # create the ssh key
-    tmpssh="$GNUPGHOME"/ssh_host_key_rsa_pub
-    gpg --export "$fingerprint" 2>/dev/null \
-       | openpgp2ssh 2>/dev/null >"$tmpssh"
-
     # list the host key info
     # FIXME: make no-show-keyring work so we don't have to do the grep'ing
     # FIXME: can we show uid validity somehow?
     gpg --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \
-       | grep -v "^${GNUPGHOME}/pubring.gpg$" \
-       | egrep -v '^-+$'
+        | grep -v "^${GNUPGHOME}/pubring.gpg$" \
+        | egrep -v '^-+$' \
+        | grep -v '^$'
 
     # list revokers, if there are any
     revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$fingerprint" \
@@ -320,15 +315,14 @@ show_key() {
        for key in $revokers ; do
            echo "revoker: $key"
        done
-       echo
     fi
 
     # list the pgp fingerprint
     echo "OpenPGP fingerprint: $fingerprint"
 
     # list the ssh fingerprint
-    echo -n "ssh fingerprint: "
-    ssh-keygen -l -f "$tmpssh" | awk '{ print $1, $2, $4 }'
+    printf "ssh fingerprint: %s\n" \
+    "$(gpg --export --no-armor "$fingerprint" 2>/dev/null | "$SYSSHAREDIR/keytrans" openpgp2sshfpr "$fingerprint")"
 
     # remove the tmp file
     trap - EXIT