From 5f0bc4c22cb351e6b51906a5febfd664130a2197 Mon Sep 17 00:00:00 2001 From: Jameson Rollins Date: Tue, 14 Sep 2010 13:35:28 -0400 Subject: [PATCH] fix *all* install paths, including in man pages and transition scripts --- Changelog | 4 ++-- Makefile | 17 +++++++++++++-- man/man1/monkeysphere.1 | 2 +- man/man8/monkeysphere-authentication.8 | 10 ++++----- man/man8/monkeysphere-host.8 | 29 +++++++++++++------------- src/monkeysphere-authentication | 3 --- src/monkeysphere-host | 3 --- src/share/defaultenv | 4 +++- src/transitions/0.23 | 5 +++-- src/transitions/0.28 | 5 ++++- 10 files changed, 48 insertions(+), 34 deletions(-) diff --git a/Changelog b/Changelog index 3850428..5b0d01c 100644 --- a/Changelog +++ b/Changelog @@ -1,7 +1,7 @@ monkeysphere (0.32~pre) unstable; urgency=low - * Fix specification of install paths in top level scripts (closes MS - #2491) + * Fix specification of install paths in all scripts and man pages + (closes MS #2491) -- Jameson Rollins Tue, 14 Sep 2010 12:24:35 -0400 diff --git a/Makefile b/Makefile index 7d87111..a3bf9e5 100755 --- a/Makefile +++ b/Makefile @@ -45,18 +45,20 @@ install: all installman sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host - sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication - sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere + sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv + sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions + sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23 + sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28 install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh @@ -75,6 +77,17 @@ installman: install man/man7/* $(DESTDIR)$(MANPREFIX)/man7 install man/man8/* $(DESTDIR)$(MANPREFIX)/man8 gzip -d man/*/* + gzip -d $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1.gz + sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1 + gzip -n $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1 + gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8.gz + sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8 + sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8 + gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8 + gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8.gz + sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8 + sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8 + gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8 releasenote: ./utils/build-releasenote diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 91a9b1c..1f174f1 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -188,7 +188,7 @@ ssh agent with subkey-to-ssh-agent. ~/.monkeysphere/monkeysphere.conf User monkeysphere config file. .TP -/etc/monkeysphere/monkeysphere.conf +__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere.conf System-wide monkeysphere config file. .TP ~/.monkeysphere/authorized_user_ids diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index e9e24b0..5dfa92a 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -136,7 +136,7 @@ user authentication, the AuthorizedKeysFile parameter must be set in the sshd_config to point to the monkeysphere\-generated authorized_keys files: -AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u +AuthorizedKeysFile __SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/%u It is recommended to add "monkeysphere\-authentication update\-users" to a system crontab, so that user keys are kept up-to-date, and key @@ -179,18 +179,18 @@ false may expose users to abuse by other users on the system. (true) .SH FILES .TP -/etc/monkeysphere/monkeysphere\-authentication.conf +__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication.conf System monkeysphere-authentication config file. .TP -/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \ -/etc/monkeysphere/monkeysphere\-x509\-anchors.crt +__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \ +__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt If monkeysphere-authentication is configured to query an hkps keyserver, it will use X.509 Certificate Authority certificates in this file to validate any X.509 certificates used by the keyserver. If the monkeysphere-authentication-x509 file is present, the monkeysphere-x509 file will be ignored. .TP -/var/lib/monkeysphere/authorized_keys/USER +__SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. .TP ~/.monkeysphere/authorized_user_ids diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index f3e0d43..4d96901 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -118,10 +118,10 @@ publication is not done by default. The first step is to import the host's ssh key into a monkeysphere\-style OpenPGP certificate. This is done with the import\-key command. For example: -# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key ssh://host.example.org +# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key ssh://host.example.org On most systems, sshd's RSA secret key is stored at -/etc/ssh/ssh_host_rsa_key. +__SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key. See PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES for how to make sure your users can verify the ssh service offered by your @@ -137,18 +137,19 @@ PEM\-encoded). The first step is to import the web server's key into a monkeysphere\-style OpenPGP certificate. This is done with the import\-key command. For example: -# monkeysphere\-host import\-key /etc/ssl/private/host.example.net\-key.pem https://host.example.net +# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/host.example.net\-key.pem https://host.example.net If you don't know where the web server's key is stored on your machine, consult the configuration files for your web server. Debian\-based systems using the `ssl\-cert' packages often have a default self\-signed certificate stored in -`/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if you're using that key, -your users are getting browser warnings about it. You can keep using -the same key, but help them use the OpenPGP WoT to verify that it does -belong to your web server by using something like: +`__SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if +you're using that key, your users are getting browser warnings about +it. You can keep using the same key, but help them use the OpenPGP +WoT to verify that it does belong to your web server by using +something like: -# monkeysphere\-host import\-key /etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn) +# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn) If you offer multiple HTTPS websites using the same secret key, you should add the additional website names with the `add\-servicename' @@ -188,7 +189,7 @@ ssh) or without seeing a nasty "security warning" in their browsers Note that \fBmonkeysphere\-host\fP currently caches a copy of all imported secret keys (stored in OpenPGP form for future manipulation) -in /var/lib/monkeysphere/host/secring.gpg. Cleartext backups of this +in __SYSDATADIR_PREFIX__/monkeysphere/host/secring.gpg. Cleartext backups of this file could expose secret key material if not handled sensitively. .SH ENVIRONMENT @@ -209,22 +210,22 @@ If set to `false', never prompt the user for confirmation. (true) .SH FILES .TP -/etc/monkeysphere/monkeysphere\-host.conf +__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host.conf System monkeysphere\-host config file. .TP -/var/lib/monkeysphere/host_keys.pub.pgp +__SYSDATADIR_PREFIX__/monkeysphere/host_keys.pub.pgp A world\-readable copy of the host's OpenPGP certificates in ASCII armored format. This includes the certificates (including the public keys, servicename\-based User IDs, and most recent relevant self\-signatures) corresponding to every key used by Monkeysphere\-enabled services on the host. .TP -/var/lib/monkeysphere/host/ +__SYSDATADIR_PREFIX__/monkeysphere/host/ A locked directory (readable only by the superuser) containing copies of all imported secret keys (this is the host's GNUPGHOME directory). .TP -/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \ -/etc/monkeysphere/monkeysphere\-x509\-anchors.crt +__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \ +__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt If monkeysphere-host is configured to query an hkps keyserver for publish-keys, it will use X.509 Certificate Authority certificates in this file to validate any X.509 certificates used by the keyserver. diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 4e447c7..c924034 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -24,9 +24,6 @@ export SYSSHAREDIR . "${SYSSHAREDIR}/defaultenv" . "${SYSSHAREDIR}/common" -SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"} -export SYSDATADIR - # sharedir for authentication functions MASHAREDIR="${SYSSHAREDIR}/ma" diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 1eb5849..33a67cc 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -24,9 +24,6 @@ export SYSSHAREDIR . "${SYSSHAREDIR}/defaultenv" . "${SYSSHAREDIR}/common" -SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"} -export SYSDATADIR - # sharedir for host functions MHSHAREDIR="${SYSSHAREDIR}/mh" diff --git a/src/share/defaultenv b/src/share/defaultenv index 501478f..d72f139 100644 --- a/src/share/defaultenv +++ b/src/share/defaultenv @@ -9,8 +9,10 @@ # Copyright 2009, released under the GPL, version 3 or later # managed directories -SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} +SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"__SYSCONFDIR_PREFIX__/etc/monkeysphere"} export SYSCONFIGDIR +SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"} +export SYSDATADIR # default log level LOG_LEVEL="INFO" diff --git a/src/transitions/0.23 b/src/transitions/0.23 index 3964558..82529f2 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -20,8 +20,9 @@ # any unexpected errors should cause this script to bail: set -e -SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} -SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} +SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"} +export SYSSHAREDIR +. "${SYSSHAREDIR}/defaultenv" MADATADIR="${SYSDATADIR}/authentication" MHDATADIR="${SYSDATADIR}/host" diff --git a/src/transitions/0.28 b/src/transitions/0.28 index 5da6ab1..d21ec4e 100755 --- a/src/transitions/0.28 +++ b/src/transitions/0.28 @@ -16,7 +16,10 @@ # any unexpected errors should cause this script to bail: set -e -SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} +SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"} +export SYSSHAREDIR +. "${SYSSHAREDIR}/defaultenv" + OLD_HOST_KEY_FILE="$SYSDATADIR"/ssh_host_rsa_key.pub.gpg if [ -f "$OLD_HOST_KEY_FILE" ] ; then -- 2.26.2