From: Daniel Kahn Gillmor Date: Fri, 5 Sep 2008 15:21:29 +0000 (-0400) Subject: abstract lockfile functions to be able to Depend: lockfile-progs | lockfile X-Git-Tag: monkeysphere_0.15-1~5 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=fa2aeb658c22784edbb5a890e5de648b41069252;p=monkeysphere.git abstract lockfile functions to be able to Depend: lockfile-progs | lockfile --- diff --git a/debian/control b/debian/control index ef62798..8f5aeef 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), lockfile-progs, adduser, ${shlibs:Depends} +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} Recommends: netcat | socat, ssh-askpass Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections diff --git a/src/common b/src/common index 2b05c3c..4fec452 100644 --- a/src/common +++ b/src/common @@ -91,6 +91,48 @@ cutline() { head --line="$1" "$2" | tail -1 } +# this is a wrapper for doing lock functions. +# +# it lets us depend on either lockfile-progs (preferred) or procmail's +# lockfile, and should +lock() { + local use_lockfileprogs=true + local action="$1" + local file="$file" + + if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then + if ! ( which lockfile >/dev/null ); then + failure "Neither lockfile-create nor lockfile are in the path!" + use_lockfileprogs= + fi + + case "$action" in + create) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-create "$file" || failure "unable to lock '$file'" + else + lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" + fi + ;; + touch) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-touch "$file" + else + # Nothing to do here + fi + ;; + remove) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-remove "$file" + else + rm -f "${file}.lock" + fi + ;; + *) + failure "bad argument for lock subfunction '$action'" + esac +} + # check that characters are in a string (in an AND fashion). # used for checking key capability # check_capability capability a [b...] @@ -724,11 +766,10 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $KNOWN_HOSTS" EXIT - - # create a lockfile on known_hosts - lockfile-create "$KNOWN_HOSTS" + # create a lockfile on known_hosts: + lock create "$KNOWN_HOSTS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT # note pre update file checksum fileCheck="$(file_hash "$KNOWN_HOSTS")" @@ -747,11 +788,12 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$KNOWN_HOSTS" + lock touch --oneshot "$KNOWN_HOSTS" done - # remove the lockfile - lockfile-remove "$KNOWN_HOSTS" + # remove the lockfile and the trap + lock remove "$KNOWN_HOSTS" + trap - EXIT # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then @@ -862,11 +904,10 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $AUTHORIZED_KEYS" EXIT - # create a lockfile on authorized_keys - lockfile-create "$AUTHORIZED_KEYS" + lock create "$AUTHORIZED_KEYS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $AUTHORIZED_KEYS" EXIT # note pre update file checksum fileCheck="$(file_hash "$AUTHORIZED_KEYS")" @@ -890,11 +931,12 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$AUTHORIZED_KEYS" + lock touch --oneshot "$AUTHORIZED_KEYS" done - # remove the lockfile - lockfile-remove "$AUTHORIZED_KEYS" + # remove the lockfile and the trap + lock remove "$AUTHORIZED_KEYS" + trap - EXIT # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then