fix a bunch of directory references to the new data/share dirs
authorJameson Graef Rollins <jrollins@finestructure.net>
Sun, 1 Feb 2009 17:52:10 +0000 (12:52 -0500)
committerJameson Graef Rollins <jrollins@finestructure.net>
Sun, 1 Feb 2009 17:52:10 +0000 (12:52 -0500)
src/monkeysphere-authentication
src/monkeysphere-host
src/share/ma/setup
src/share/ma/update_users
src/share/mh/gen_key
src/share/mh/import_key
tests/basic

index 4aaf02d41d18b19dfe28445689cc604d9b245aa5..7c43aa8790ddde36fba98f4ebc0e6404c95ba22f 100755 (executable)
 # version 3 or later.
 
 ########################################################################
+set -e
+
 PGRM=$(basename $0)
 
 SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
 export SYSSHAREDIR
 . "${SYSSHAREDIR}/common" || exit 1
 
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+export SYSDATADIR
+
 # sharedir for authentication functions
 MASHAREDIR="${SYSSHAREDIR}/ma"
 
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
+# datadir for authentication functions
+MADATADIR="${SYSDATADIR}/authentication"
 
 # temp directory to enable atomic moves of authorized_keys files
-MATMPDIR="${SYSDATADIR}/tmp"
+MATMPDIR="${MADATADIR}/tmp"
 export MSTMPDIR
 
 # UTC date in ISO 8601 format if needed
@@ -135,8 +140,8 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
 REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${SYSDATADIR}/authentication/core"}
-GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${SYSDATADIR}/authentication/sphere"}
+GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"}
+GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"}
 
 # export variables needed in su invocation
 export DATE
index 0b37ba98e7ca3dcc6581bdf72e7a72ae87ed76fa..3f4a43467086e33621b17c30104f37edcb09b46b 100755 (executable)
@@ -18,11 +18,14 @@ SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
 export SYSSHAREDIR
 . "${SYSSHAREDIR}/common" || exit 1
 
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+export SYSDATADIR
+
 # sharedir for host functions
 MHSHAREDIR="${SYSSHAREDIR}/mh"
 
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
+# datadir for host functions
+MHDATADIR="${SYSDATADIR}/host"
 
 # UTC date in ISO 8601 format if needed
 DATE=$(date -u '+%FT%T')
@@ -114,8 +117,8 @@ show_key() {
     gpg_host "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
     echo "OpenPGP fingerprint: $fingerprintPGP"
 
-    if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
-       fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+    if [ -f "${MHDATADIR}/ssh_host_rsa_key.pub" ] ; then
+       fingerprintSSH=$(ssh-keygen -l -f "${MHDATADIR}/ssh_host_rsa_key.pub" | \
            awk '{ print $1, $2, $4 }')
        echo "ssh fingerprint: $fingerprintSSH"
     else
@@ -144,7 +147,7 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
 
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
-GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/host"}
+GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
 
 # export variables needed in su invocation
 export DATE
index abce3af4e45dd0f5b819ed763be6b6bf9d9206d9..672a960f58758cee6fc649e35096056bff92db73 100644 (file)
@@ -12,8 +12,9 @@
 # version 3 or later.
 
 setup() {
-    # make the core and the sphere:
-    mkdir -p "${SYSDATADIR}"/authentication
+    # make all needed directories
+    mkdir -p "${MADATADIR}"
+    mkdir -p "${MATMPDIR}"
     mkdir -p "${GNUPGHOME_SPHERE}"
     mkdir -p "${GNUPGHOME_CORE}"
 
@@ -46,14 +47,17 @@ EOF
 
        local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64))
     
-       local TMPLOC=$(mktemp -d ${MATMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
-       ssh-keygen -q -b 2048 -t rsa -N'' "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
+       local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
 
+       # generate the key with ssh-keygen...
+       ssh-keygen -q -b 1024 -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
+       # and then translate to openpgp encoding and import
        # FIXME: pem2openpgp currently sets the A flag and a short
        # expiration date.  We should set the C flag and no expiration
        # date.
        < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core"
 
+       gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key
        CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
        if [ -z "$CORE_FPR" ] ; then
            failure "Failed to create Monkeysphere authentication trust core!"
index 73685f6ddce6d532cd168065fadf5ef50145e55d..e9e3cc60387f899469c1361ae12d56c4bde3d0cc 100644 (file)
@@ -35,7 +35,7 @@ MODE="authorized_keys"
 GNUPGHOME="$GNUPGHOME_SPHERE"
 
 # the authorized_keys directory
-authorizedKeysDir="${SYSDATADIR}/authentication/authorized_keys"
+authorizedKeysDir="${MADATADIR}/authorized_keys"
 
 # check to see if the gpg trust database has been initialized
 if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then
index 162a64e17795ff4a4bfcf6a5c2ddba9cf667200b..c0445db6e6bc38208ca4bb91e2474958c382a05f 100644 (file)
@@ -90,12 +90,12 @@ fingerprint=$(fingerprint_server_key)
 # NOTE: assumes that the primary key is the proper key to use
 (umask 077 && \
        gpg_host --export-secret-key "$fingerprint" | \
-       openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
-ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
-log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
-gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+       openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key")
+log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key"
+ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub"
+log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub"
+gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
+log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
 
 # show info about new key
 show_key
index c0d595620010e486587d68c377e290fbe828aaee..0f16d2791cf66359a13d4ab43c8af729904077e8 100644 (file)
@@ -79,8 +79,8 @@ log verbose "setting ultimate owner trust for host key..."
 echo "${fingerprint}:6:" | gpg_host "--import-ownertrust"
 
 # export public key to file
-gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
+log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
 
 # show info about new key
 show_key
index e30f31b7f758dfe757bcfa3a8c9ce42dec16bf19..b5afb230d3ffecc06597766f1e889ed26a349913 100755 (executable)
@@ -209,16 +209,12 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
 
 # set up monkeysphere authentication
 echo "##################################################"
-echo "### configuring monkeysphere authentication..."
+echo "### setup monkeysphere authentication..."
 mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp}
 cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/
 cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf
 AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids"
 EOF
-
-# setup server authentication
-echo "##################################################"
-echo "### setting up server authentication..."
 monkeysphere-authentication setup
 get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf