From: Jameson Graef Rollins Date: Sun, 22 Jun 2008 15:43:20 +0000 (-0400) Subject: Improve trust-key function. X-Git-Tag: monkeysphere_0.2-1~8^2~1 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=09a630a57493b1967f031a32602d117be64fdad0;p=monkeysphere.git Improve trust-key function. --- diff --git a/debian/changelog b/debian/changelog index cec0988..41af80c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,8 +12,9 @@ monkeysphere (0.2-1) UNRELEASED; urgency=low * Better handling of unknown users in server update-users * Add file locking when modifying known_hosts or authorized_keys * Better failure/prompting for gen-subkey + * Add ability to set any owner trust level for keys in server keychain. - -- Jameson Graef Rollins Sat, 21 Jun 2008 16:39:26 -0400 + -- Jameson Graef Rollins Sun, 22 Jun 2008 11:42:42 -0400 monkeysphere (0.1-1) experimental; urgency=low diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 2b5af5e..e821e63 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -43,9 +43,11 @@ Show the fingerprint for the host's OpenPGP key. `f' may be used in place of Publish the host's gpg key to the keyserver. `p' may be used in place of `publish-key'. .TP -.B trust-keys KEYID... -Mark key specified with key IDs with full owner trust. `t' may be used -in place of `trust-keys'. +.B trust-key KEYID [LEVEL] +Set owner trust for key. If LEVEL is not specified, then the program +will prompt for an owner trust level to set for KEYID. This function +lsigns the key as well so that it will have a known validity. `t' may +be used in place of `trust-key'. .TP .B help Output a brief usage summary. `h' or `?' may be used in place of diff --git a/src/common b/src/common index b220150..4021263 100644 --- a/src/common +++ b/src/common @@ -532,6 +532,16 @@ process_authorized_keys() { # retrieve key from web of trust, and set owner trust to "full" # if key is found. trust_key() { + local keyID + local trustLevel + + keyID="$1" + trustLevel="$2" + + if [ -z "$keyID" ] ; then + failure "You must specify key to trust." + fi + # get the key from the key server if ! gpg --keyserver "$KEYSERVER" --recv-key "$keyID" ; then failure "Could not retrieve key '$keyID'." @@ -540,13 +550,41 @@ trust_key() { # get key fingerprint fingerprint=$(get_key_fingerprint "$keyID") + echo "key found:" + gpg --fingerprint "$fingerprint" + + while [ -z "$trustLevel" ] ; do + cat <