From: Jameson Graef Rollins Date: Mon, 2 Feb 2009 03:48:36 +0000 (-0500) Subject: Fix a bug in setup where gpg was called instead of gpg_core. This X-Git-Tag: monkeysphere_0.23~138 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29;p=monkeysphere.git Fix a bug in setup where gpg was called instead of gpg_core. This could have caused serious data loss for the running user. Should note to be carefull with this in the future. Also fix ownership on sphere gnupghome. --- diff --git a/src/share/ma/setup b/src/share/ma/setup index 229166b..263e5ca 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -15,8 +15,11 @@ setup() { # make all needed directories mkdir -p "${MADATADIR}" mkdir -p "${MATMPDIR}" - mkdir -p "${GNUPGHOME_SPHERE}" mkdir -p "${GNUPGHOME_CORE}" + chmod 700 "${GNUPGHOME_CORE}" + mkdir -p "${GNUPGHOME_SPHERE}" + chmod 700 "${GNUPGHOME_SPHERE}" + mkdir -p "${MADATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? @@ -37,6 +40,11 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF + # make sure the monkeysphere user owns everything in th sphere + # gnupghome + chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) @@ -53,7 +61,7 @@ EOF # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) diff --git a/tests/basic b/tests/basic index 99a881b..4d2266e 100755 --- a/tests/basic +++ b/tests/basic @@ -220,7 +220,6 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # set up monkeysphere authentication echo "##################################################" echo "### setup monkeysphere authentication..." -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp} cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ cat <> "$TEMPDIR"/monkeysphere-authentication.conf AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids"