monkeysphere (0.32~pre) unstable; urgency=low
- * Fix specification of install paths in top level scripts (closes MS
- #2491)
+ * Fix specification of install paths in all scripts and man pages
+ (closes MS #2491)
-- Jameson Rollins <jrollins@finestructure.net> Tue, 14 Sep 2010 12:24:35 -0400
sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere
install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin
sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host
- sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host
install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
- sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28
install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m
install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh
install man/man7/* $(DESTDIR)$(MANPREFIX)/man7
install man/man8/* $(DESTDIR)$(MANPREFIX)/man8
gzip -d man/*/*
+ gzip -d $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1
+ gzip -n $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1
+ gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
+ gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
releasenote:
./utils/build-releasenote
~/.monkeysphere/monkeysphere.conf
User monkeysphere config file.
.TP
-/etc/monkeysphere/monkeysphere.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere.conf
System-wide monkeysphere config file.
.TP
~/.monkeysphere/authorized_user_ids
the sshd_config to point to the monkeysphere\-generated
authorized_keys files:
-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+AuthorizedKeysFile __SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/%u
It is recommended to add "monkeysphere\-authentication update\-users"
to a system crontab, so that user keys are kept up-to-date, and key
.SH FILES
.TP
-/etc/monkeysphere/monkeysphere\-authentication.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication.conf
System monkeysphere-authentication config file.
.TP
-/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
If monkeysphere-authentication is configured to query an hkps
keyserver, it will use X.509 Certificate Authority certificates in
this file to validate any X.509 certificates used by the keyserver.
If the monkeysphere-authentication-x509 file is present, the
monkeysphere-x509 file will be ignored.
.TP
-/var/lib/monkeysphere/authorized_keys/USER
+__SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.TP
~/.monkeysphere/authorized_user_ids
host's ssh key into a monkeysphere\-style OpenPGP certificate. This
is done with the import\-key command. For example:
-# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key ssh://host.example.org
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key ssh://host.example.org
On most systems, sshd's RSA secret key is stored at
-/etc/ssh/ssh_host_rsa_key.
+__SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key.
See PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES for
how to make sure your users can verify the ssh service offered by your
a monkeysphere\-style OpenPGP certificate. This is done with the
import\-key command. For example:
-# monkeysphere\-host import\-key /etc/ssl/private/host.example.net\-key.pem https://host.example.net
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/host.example.net\-key.pem https://host.example.net
If you don't know where the web server's key is stored on your
machine, consult the configuration files for your web server.
Debian\-based systems using the `ssl\-cert' packages often have a
default self\-signed certificate stored in
-`/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if you're using that key,
-your users are getting browser warnings about it. You can keep using
-the same key, but help them use the OpenPGP WoT to verify that it does
-belong to your web server by using something like:
+`__SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if
+you're using that key, your users are getting browser warnings about
+it. You can keep using the same key, but help them use the OpenPGP
+WoT to verify that it does belong to your web server by using
+something like:
-# monkeysphere\-host import\-key /etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
If you offer multiple HTTPS websites using the same secret key, you
should add the additional website names with the `add\-servicename'
Note that \fBmonkeysphere\-host\fP currently caches a copy of all
imported secret keys (stored in OpenPGP form for future manipulation)
-in /var/lib/monkeysphere/host/secring.gpg. Cleartext backups of this
+in __SYSDATADIR_PREFIX__/monkeysphere/host/secring.gpg. Cleartext backups of this
file could expose secret key material if not handled sensitively.
.SH ENVIRONMENT
.SH FILES
.TP
-/etc/monkeysphere/monkeysphere\-host.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host.conf
System monkeysphere\-host config file.
.TP
-/var/lib/monkeysphere/host_keys.pub.pgp
+__SYSDATADIR_PREFIX__/monkeysphere/host_keys.pub.pgp
A world\-readable copy of the host's OpenPGP certificates in ASCII
armored format. This includes the certificates (including the public
keys, servicename\-based User IDs, and most recent relevant
self\-signatures) corresponding to every key used by
Monkeysphere\-enabled services on the host.
.TP
-/var/lib/monkeysphere/host/
+__SYSDATADIR_PREFIX__/monkeysphere/host/
A locked directory (readable only by the superuser) containing copies
of all imported secret keys (this is the host's GNUPGHOME directory).
.TP
-/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
If monkeysphere-host is configured to query an hkps keyserver for
publish-keys, it will use X.509 Certificate Authority certificates in
this file to validate any X.509 certificates used by the keyserver.
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"}
-export SYSDATADIR
-
# sharedir for authentication functions
MASHAREDIR="${SYSSHAREDIR}/ma"
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"}
-export SYSDATADIR
-
# sharedir for host functions
MHSHAREDIR="${SYSSHAREDIR}/mh"
# Copyright 2009, released under the GPL, version 3 or later
# managed directories
-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"__SYSCONFDIR_PREFIX__/etc/monkeysphere"}
export SYSCONFIGDIR
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"}
+export SYSDATADIR
# default log level
LOG_LEVEL="INFO"
# any unexpected errors should cause this script to bail:
set -e
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/defaultenv"
MADATADIR="${SYSDATADIR}/authentication"
MHDATADIR="${SYSDATADIR}/host"
# any unexpected errors should cause this script to bail:
set -e
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/defaultenv"
+
OLD_HOST_KEY_FILE="$SYSDATADIR"/ssh_host_rsa_key.pub.gpg
if [ -f "$OLD_HOST_KEY_FILE" ] ; then