check_no_keys
+ log debug "listing primary fingerprints from $HOST_KEY_FILE"
local fprs=($(list_primary_fingerprints <"$HOST_KEY_FILE"))
+ log debug "obtained the following fingerprints: $fprs"
if [[ -z "$1" || "$1" == '--all' ]] ; then
+ log debug "publishing all keys"
keys="${fprs[@]}"
fi
+ log debug "using keys: $keys"
+
for key in $keys ; do
if (( i++ > 0 )) ; then
printf "\n"
fi
+ log debug "invoking $cmd $key"
"$cmd" "$key"
done
}
# defaults
LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
+log debug "using keyserver: $KEYSERVER"
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
MONKEYSPHERE_GROUP=$(get_primary_group "$MONKEYSPHERE_USER")
local GNUPGHOME
if [ "$PROMPT" != "false" ] ; then
+ log debug "Because \$MONKEYSPHERE_PROMPT is set to $PROMPT, interactively confirm publishing key"
printf "Really publish key '$keyID' to $KEYSERVER? (Y/n) " >&2
read OK; OK=${OK:=Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
KEYSERVER_OPTIONS=""
for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile" ] ; then
+ log debug "using trust anchor file: $anchorfile"
KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'"
fi
done
# publish key
+log debug "publishing key with the following gpg command line and options:"
su_monkeysphere_user \
"gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'"