summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Rollins <jrollins@finestructure.net>2010-09-14 13:35:28 -0400
committerJameson Rollins <jrollins@finestructure.net>2010-09-14 13:35:28 -0400
commit5f0bc4c22cb351e6b51906a5febfd664130a2197 (patch)
tree5e0a0a0900f9bac4e0f5a5dce1d654840d4370f8
parent2cbeae585d91f8d7571b33f7f47670267963a4e2 (diff)
fix *all* install paths, including in man pages and transition scripts
-rw-r--r--Changelog4
-rwxr-xr-xMakefile17
-rw-r--r--man/man1/monkeysphere.12
-rw-r--r--man/man8/monkeysphere-authentication.810
-rw-r--r--man/man8/monkeysphere-host.829
-rwxr-xr-xsrc/monkeysphere-authentication3
-rwxr-xr-xsrc/monkeysphere-host3
-rw-r--r--src/share/defaultenv4
-rwxr-xr-xsrc/transitions/0.235
-rwxr-xr-xsrc/transitions/0.285
10 files changed, 48 insertions, 34 deletions
diff --git a/Changelog b/Changelog
index 3850428..5b0d01c 100644
--- a/Changelog
+++ b/Changelog
@@ -1,7 +1,7 @@
monkeysphere (0.32~pre) unstable; urgency=low
- * Fix specification of install paths in top level scripts (closes MS
- #2491)
+ * Fix specification of install paths in all scripts and man pages
+ (closes MS #2491)
-- Jameson Rollins <jrollins@finestructure.net> Tue, 14 Sep 2010 12:24:35 -0400
diff --git a/Makefile b/Makefile
index 7d87111..a3bf9e5 100755
--- a/Makefile
+++ b/Makefile
@@ -45,18 +45,20 @@ install: all installman
sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere
install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin
sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host
- sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host
install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
- sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28
install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m
install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh
@@ -75,6 +77,17 @@ installman:
install man/man7/* $(DESTDIR)$(MANPREFIX)/man7
install man/man8/* $(DESTDIR)$(MANPREFIX)/man8
gzip -d man/*/*
+ gzip -d $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1
+ gzip -n $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1
+ gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
+ gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
releasenote:
./utils/build-releasenote
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 91a9b1c..1f174f1 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -188,7 +188,7 @@ ssh agent with subkey-to-ssh-agent.
~/.monkeysphere/monkeysphere.conf
User monkeysphere config file.
.TP
-/etc/monkeysphere/monkeysphere.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere.conf
System-wide monkeysphere config file.
.TP
~/.monkeysphere/authorized_user_ids
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index e9e24b0..5dfa92a 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -136,7 +136,7 @@ user authentication, the AuthorizedKeysFile parameter must be set in
the sshd_config to point to the monkeysphere\-generated
authorized_keys files:
-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+AuthorizedKeysFile __SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/%u
It is recommended to add "monkeysphere\-authentication update\-users"
to a system crontab, so that user keys are kept up-to-date, and key
@@ -179,18 +179,18 @@ false may expose users to abuse by other users on the system. (true)
.SH FILES
.TP
-/etc/monkeysphere/monkeysphere\-authentication.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication.conf
System monkeysphere-authentication config file.
.TP
-/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
If monkeysphere-authentication is configured to query an hkps
keyserver, it will use X.509 Certificate Authority certificates in
this file to validate any X.509 certificates used by the keyserver.
If the monkeysphere-authentication-x509 file is present, the
monkeysphere-x509 file will be ignored.
.TP
-/var/lib/monkeysphere/authorized_keys/USER
+__SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.TP
~/.monkeysphere/authorized_user_ids
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index f3e0d43..4d96901 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -118,10 +118,10 @@ publication is not done by default. The first step is to import the
host's ssh key into a monkeysphere\-style OpenPGP certificate. This
is done with the import\-key command. For example:
-# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key ssh://host.example.org
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key ssh://host.example.org
On most systems, sshd's RSA secret key is stored at
-/etc/ssh/ssh_host_rsa_key.
+__SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key.
See PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES for
how to make sure your users can verify the ssh service offered by your
@@ -137,18 +137,19 @@ PEM\-encoded). The first step is to import the web server's key into
a monkeysphere\-style OpenPGP certificate. This is done with the
import\-key command. For example:
-# monkeysphere\-host import\-key /etc/ssl/private/host.example.net\-key.pem https://host.example.net
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/host.example.net\-key.pem https://host.example.net
If you don't know where the web server's key is stored on your
machine, consult the configuration files for your web server.
Debian\-based systems using the `ssl\-cert' packages often have a
default self\-signed certificate stored in
-`/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if you're using that key,
-your users are getting browser warnings about it. You can keep using
-the same key, but help them use the OpenPGP WoT to verify that it does
-belong to your web server by using something like:
+`__SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if
+you're using that key, your users are getting browser warnings about
+it. You can keep using the same key, but help them use the OpenPGP
+WoT to verify that it does belong to your web server by using
+something like:
-# monkeysphere\-host import\-key /etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
If you offer multiple HTTPS websites using the same secret key, you
should add the additional website names with the `add\-servicename'
@@ -188,7 +189,7 @@ ssh) or without seeing a nasty "security warning" in their browsers
Note that \fBmonkeysphere\-host\fP currently caches a copy of all
imported secret keys (stored in OpenPGP form for future manipulation)
-in /var/lib/monkeysphere/host/secring.gpg. Cleartext backups of this
+in __SYSDATADIR_PREFIX__/monkeysphere/host/secring.gpg. Cleartext backups of this
file could expose secret key material if not handled sensitively.
.SH ENVIRONMENT
@@ -209,22 +210,22 @@ If set to `false', never prompt the user for confirmation. (true)
.SH FILES
.TP
-/etc/monkeysphere/monkeysphere\-host.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host.conf
System monkeysphere\-host config file.
.TP
-/var/lib/monkeysphere/host_keys.pub.pgp
+__SYSDATADIR_PREFIX__/monkeysphere/host_keys.pub.pgp
A world\-readable copy of the host's OpenPGP certificates in ASCII
armored format. This includes the certificates (including the public
keys, servicename\-based User IDs, and most recent relevant
self\-signatures) corresponding to every key used by
Monkeysphere\-enabled services on the host.
.TP
-/var/lib/monkeysphere/host/
+__SYSDATADIR_PREFIX__/monkeysphere/host/
A locked directory (readable only by the superuser) containing copies
of all imported secret keys (this is the host's GNUPGHOME directory).
.TP
-/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
If monkeysphere-host is configured to query an hkps keyserver for
publish-keys, it will use X.509 Certificate Authority certificates in
this file to validate any X.509 certificates used by the keyserver.
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 4e447c7..c924034 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -24,9 +24,6 @@ export SYSSHAREDIR
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"}
-export SYSDATADIR
-
# sharedir for authentication functions
MASHAREDIR="${SYSSHAREDIR}/ma"
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 1eb5849..33a67cc 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -24,9 +24,6 @@ export SYSSHAREDIR
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"}
-export SYSDATADIR
-
# sharedir for host functions
MHSHAREDIR="${SYSSHAREDIR}/mh"
diff --git a/src/share/defaultenv b/src/share/defaultenv
index 501478f..d72f139 100644
--- a/src/share/defaultenv
+++ b/src/share/defaultenv
@@ -9,8 +9,10 @@
# Copyright 2009, released under the GPL, version 3 or later
# managed directories
-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"__SYSCONFDIR_PREFIX__/etc/monkeysphere"}
export SYSCONFIGDIR
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"}
+export SYSDATADIR
# default log level
LOG_LEVEL="INFO"
diff --git a/src/transitions/0.23 b/src/transitions/0.23
index 3964558..82529f2 100755
--- a/src/transitions/0.23
+++ b/src/transitions/0.23
@@ -20,8 +20,9 @@
# any unexpected errors should cause this script to bail:
set -e
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/defaultenv"
MADATADIR="${SYSDATADIR}/authentication"
MHDATADIR="${SYSDATADIR}/host"
diff --git a/src/transitions/0.28 b/src/transitions/0.28
index 5da6ab1..d21ec4e 100755
--- a/src/transitions/0.28
+++ b/src/transitions/0.28
@@ -16,7 +16,10 @@
# any unexpected errors should cause this script to bail:
set -e
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/defaultenv"
+
OLD_HOST_KEY_FILE="$SYSDATADIR"/ssh_host_rsa_key.pub.gpg
if [ -f "$OLD_HOST_KEY_FILE" ] ; then