counting problems in monkeysphere-server diagnostics
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sat, 13 Sep 2008 19:34:44 +0000 (15:34 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sat, 13 Sep 2008 19:34:44 +0000 (15:34 -0400)
debian/changelog
src/monkeysphere-server

index 13872bfc037aa432b47f8df31971f8b77e97e7d8..32d5a1938287a72530d2d84b6cf1cb6ff52a6398 100644 (file)
@@ -5,10 +5,13 @@ monkeysphere (0.16~pre-1) UNRELEASED; urgency=low
     portability.
   * fixed busted lockfile arrangement, where empty file was being locked
   * portability fixes in the way we use date, mktemp, hostname, su
-  * stop using stat, since the syntax appears to be totally unportable
+  * stop using /usr/bin/stat, since the syntax appears to be totally
+    unportable
   * require GNU getopt, and test for getopt failures (look for getopt in
     /usr/local/bin first, since that's where FreeBSD's GNU-compatible
     getopt lives.
+  * monkeysphere-server diagnostics now counts problems and suggests a
+    re-run after they have been resolved.
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 11 Sep 2008 23:16:31 -0400
 
index 6798fab185da534060695843f09efbe12a676c3e..a0dc33f2925fd2b94a47cedc6c6c06d36f59e6a4 100755 (executable)
@@ -559,6 +559,7 @@ diagnostics() {
     local fingerprint
     local badhostkeys
     local sshd_config
+    local problemsfound=0
 
     # FIXME: what's the correct, cross-platform answer?
     sshd_config=/etc/ssh/sshd_config
@@ -571,19 +572,23 @@ diagnostics() {
 
     if ! id monkeysphere >/dev/null ; then
        echo "! No monkeysphere user found!  Please create a monkeysphere system user."
+       problemsfound=$(($problemsfound+1))
     fi
 
     if ! [ -d "$VARLIB" ] ; then
        echo "! no $VARLIB directory found.  Please create it."
+       problemsfound=$(($problemsfound+1))
     fi
 
     echo "Checking host GPG key..."
     if (( "$keysfound" < 1 )); then
        echo "! No host key found."
        echo " - Recommendation: run 'monkeysphere-server gen-key'"
+       problemsfound=$(($problemsfound+1))
     elif (( "$keysfound" > 1 )); then
        echo "! More than one host key found?"
        # FIXME: recommend a way to resolve this
+       problemsfound=$(($problemsfound+1))
     else
        create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
        expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
@@ -593,9 +598,11 @@ diagnostics() {
            if (( "$expire"  < "$curdate" )); then
                echo "! Host key is expired."
                echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+               problemsfound=$(($problemsfound+1))
            elif (( "$expire" < "$warndate" )); then
                echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
                echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+               problemsfound=$(($problemsfound+1))
            fi
        fi
 
@@ -603,6 +610,7 @@ diagnostics() {
        if [ "$create" ] && (( "$create" > "$curdate" )); then
            echo "! Host key was created in the future(?!). Is your clock correct?"
            echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+           problemsfound=$(($problemsfound+1))
        fi
 
         # check for UserID expiration:
@@ -614,14 +622,17 @@ diagnostics() {
            if [ "$create" ] && (( "$create" > "$curdate" )); then
                echo "! User ID '$uid' was created in the future(?!).  Is your clock correct?"
                echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+               problemsfound=$(($problemsfound+1))
            fi
            if [ "$expire" ] ; then
                if (( "$expire" < "$curdate" )); then
                    echo "! User ID '$uid' is expired."
-                       # FIXME: recommend a way to resolve this
+                   # FIXME: recommend a way to resolve this
+                   problemsfound=$(($problemsfound+1))
                elif (( "$expire" < "$warndate" )); then
                    echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)             
                    # FIXME: recommend a way to resolve this
+                   problemsfound=$(($problemsfound+1))
                fi
            fi
        done
@@ -641,20 +652,24 @@ diagnostics() {
        echo "Checking host SSH key..."
        if [ ! -s "${VARLIB}/ssh_host_rsa_key" ] ; then
            echo "! The host key as prepared for SSH (${VARLIB}/ssh_host_rsa_key) is missing or empty."
+           problemsfound=$(($problemsfound+1))
        else
            if [ $(ls -l "${VARLIB}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
                echo "! Permissions seem wrong for ${VARLIB}/ssh_host_rsa_key -- should be 0600."
+               problemsfound=$(($problemsfound+1))
            fi
 
            # propose changes needed for sshd_config (if any)
            if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
                echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
                echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+               problemsfound=$(($problemsfound+1))
            fi
            if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
                echo "! $sshd_config refers to some non-monkeysphere host keys:"
                echo "$badhostkeys"
                echo " - Recommendation: remove the above HostKey lines from $sshd_config"
+               problemsfound=$(($problemsfound+1))
            fi
        fi
     fi
@@ -679,6 +694,12 @@ diagnostics() {
        echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
        echo "$badauthorizedkeys"
        echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
+       problemsfound=$(($problemsfound+1))
+    fi
+
+    if [ "$problemsfound" -gt 0 ]; then
+       echo "When the above $problemsfound problem"$([ "$problemsfound" -eq 1 ] || echo "s")" are resolved, please re-run:"
+       echo "  monkeysphere-server diagnostics"
     fi
 }