Fix a bug in setup where gpg was called instead of gpg_core. This
authorJameson Graef Rollins <jrollins@finestructure.net>
Mon, 2 Feb 2009 03:48:36 +0000 (22:48 -0500)
committerJameson Graef Rollins <jrollins@finestructure.net>
Mon, 2 Feb 2009 03:48:36 +0000 (22:48 -0500)
could have caused serious data loss for the running user.  Should note
to be carefull with this in the future.
Also fix ownership on sphere gnupghome.

src/share/ma/setup
tests/basic

index 229166bcab6fe486fc01cf91aa54e7fc8559d80d..263e5ca6868c407e9e139c9efe623f2b4487d801 100644 (file)
@@ -15,8 +15,11 @@ setup() {
     # make all needed directories
     mkdir -p "${MADATADIR}"
     mkdir -p "${MATMPDIR}"
-    mkdir -p "${GNUPGHOME_SPHERE}"
     mkdir -p "${GNUPGHOME_CORE}"
+    chmod 700 "${GNUPGHOME_CORE}"
+    mkdir -p "${GNUPGHOME_SPHERE}"
+    chmod 700 "${GNUPGHOME_SPHERE}"
+    mkdir -p "${MADATADIR}"/authorized_keys
 
     # deliberately replace the config files via truncation
     # FIXME: should we be dumping to tmp files and then moving atomically?
@@ -37,6 +40,11 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg
 list-options show-uid-validity
 EOF
 
+    # make sure the monkeysphere user owns everything in th sphere
+    # gnupghome
+    chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}"
+    chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}"
+
     # get fingerprint of core key.  this should be empty on unconfigured systems.
     local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
 
@@ -53,7 +61,7 @@ EOF
        # FIXME: pem2openpgp currently sets the A flag and a short
        # expiration date.  We should set the C flag and no expiration
        # date.
-       < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core"
+       < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core"
 
        # get fingerprint of core key.  should definitely not be empty at this point
        CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
index 99a881b35febba53ec3940606a4a186e9b8865dd..4d2266ebf5a6b22dd40fd2c19030b7f788c94e97 100755 (executable)
@@ -220,7 +220,6 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
 # set up monkeysphere authentication
 echo "##################################################"
 echo "### setup monkeysphere authentication..."
-mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp}
 cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/
 cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf
 AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids"