diff options
author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-01 22:48:36 -0500 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-01 22:48:36 -0500 |
commit | 44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29 (patch) | |
tree | 39d4967e13e5473ec3b9ca760ac5ff8893bee407 | |
parent | 0655d5cbf24a29da4aff7e272e82bfa258b2ceed (diff) |
Fix a bug in setup where gpg was called instead of gpg_core. This
could have caused serious data loss for the running user. Should note
to be carefull with this in the future.
Also fix ownership on sphere gnupghome.
-rw-r--r-- | src/share/ma/setup | 12 | ||||
-rwxr-xr-x | tests/basic | 1 |
2 files changed, 10 insertions, 3 deletions
diff --git a/src/share/ma/setup b/src/share/ma/setup index 229166b..263e5ca 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -15,8 +15,11 @@ setup() { # make all needed directories mkdir -p "${MADATADIR}" mkdir -p "${MATMPDIR}" - mkdir -p "${GNUPGHOME_SPHERE}" mkdir -p "${GNUPGHOME_CORE}" + chmod 700 "${GNUPGHOME_CORE}" + mkdir -p "${GNUPGHOME_SPHERE}" + chmod 700 "${GNUPGHOME_SPHERE}" + mkdir -p "${MADATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? @@ -37,6 +40,11 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF + # make sure the monkeysphere user owns everything in th sphere + # gnupghome + chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) @@ -53,7 +61,7 @@ EOF # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) diff --git a/tests/basic b/tests/basic index 99a881b..4d2266e 100755 --- a/tests/basic +++ b/tests/basic @@ -220,7 +220,6 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # set up monkeysphere authentication echo "##################################################" echo "### setup monkeysphere authentication..." -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp} cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" |