tweak add/revoke-hostname functions to properly update the correct

trustdb, and improve ouput of show-key.

diff --git a/debian/changelog b/debian/changelog
index 372855dd6e93e915a6f85c9df0a3e385343d2fe2..2cb713b68cf61bac74677d18474db67a442489f8 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+monkeysphere (0.11-1) UNRELEASED; urgency=low
+
+  * fix bug in trustdb update on add/revoke-hostname.
+
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Tue, 19 Aug 2008 17:01:02 -0700
+
 monkeysphere (0.10-2) experimental; urgency=low
 
   [ Daniel Kahn Gillmor ]

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 99e5f8007c5b3cba871c76eb685c2648e788002d..3c4eed406774db0e9bcdb7795c91e43989520cf4 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -44,7 +44,7 @@ subcommands:
    --length (-l) BITS                  key length in bits (2048)
    --expire (-e) EXPIRE                date to expire
    --revoker (-r) FINGERPRINT          add a revoker
- extend-key (e) EXPIRE                   extend expiration to EXPIRE
+ extend-key (e) EXPIRE               extend expiration to EXPIRE
  add-hostname (n+) NAME[:PORT]       add hostname user ID to server key
  revoke-hostname (n-) NAME[:PORT]    revoke hostname user ID
  show-key (s)                        output all server host key information
@@ -115,14 +115,14 @@ show_server_key() {
     local tmpkey
 
     fingerprint=$(fingerprint_server_key)
-    gpg_authentication "--fingerprint --list-key $fingerprint"
+    gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
 
     # dumping to a file named ' ' so that the ssh-keygen output
     # doesn't claim any potentially bogus hostname(s):
     tmpkey=$(mktemp -d)
     gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
     echo -n "ssh fingerprint: "
-    (cd "$tmpkey" && ssh-keygen -l -f ' ')
+    (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
     rm -rf "$tmpkey"
     echo -n "OpenPGP fingerprint: "
     echo "$fingerprint"
@@ -394,6 +394,8 @@ expire
 $extendTo
 save
 EOF
+
+    echo
     echo "NOTE: Host key expiration date adjusted, but not yet published."
     echo "Run '$PGRM publish-key' to publish the new expiration date."
 }
@@ -445,11 +447,13 @@ EOF
     # execute edit-key script
     if echo "$adduidCommand" | \
        gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
-        # update trust db
-       gpg_host --check-trustdb
+
+        # update the trustdb for the authentication keyring
+       gpg_authentication "--check-trustdb"
 
        show_server_key
 
+       echo
        echo "NOTE: User ID added to key, but key not published."
        echo "Run '$PGRM publish-key' to publish the new user ID."
     else
@@ -522,11 +526,13 @@ EOF
     # execute edit-key script
     if echo "$revuidCommand" | \
        gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
-        # update trust db
-       gpg_host --check-trustdb
+
+        # update the trustdb for the authentication keyring
+       gpg_authentication "--check-trustdb"
 
        show_server_key
 
+       echo
        echo "NOTE: User ID revoked, but revocation not published."
        echo "Run '$PGRM publish-key' to publish the revocation."
     else
@@ -813,6 +819,7 @@ remove_certifier() {
     if gpg_authentication "--delete-key --batch --yes 0x${keyID}!" ; then
        # delete key from host keyring as well
        gpg_host --delete-key --batch --yes "0x${keyID}!"
+
         # update the trustdb for the authentication keyring
        gpg_authentication "--check-trustdb"