summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-24 13:53:22 -0400
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-24 17:50:26 -0400
commit1b6df37b94b96042ac460a933b00c6ef29694053 (patch)
tree560c5b65026bfa90170f469d7d0cd435609b34d5 /debian
parente0b50e3859931c7fe2a58bb08af440a4f2455174 (diff)
Priviledge separation: use new monkeysphere user to handle
authentication keychain for server. This required a bunch of changes to all ms-server functions. Seems to be working ok, although it feels kind of hackish.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog6
-rw-r--r--debian/control2
-rwxr-xr-xdebian/monkeysphere.postinst17
-rwxr-xr-xdebian/monkeysphere.postrm21
4 files changed, 44 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 82f274a..c6b5de4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,7 +3,11 @@ monkeysphere (0.4-1) UNRELEASED; urgency=low
[Daniel Kahn Gillmor]
* New version (switch UNRELEASED to experimental when ready)
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 01:25:45 -0400
+ [ Jameson Graef Rollins ]
+ * Privilege separation: use monkeysphere user to handle maintenance of
+ the gnupg authentication keychain for server.
+
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Tue, 24 Jun 2008 13:52:28 -0400
monkeysphere (0.3-1) experimental; urgency=low
diff --git a/debian/control b/debian/control
index 4f0e5f5..f5760d9 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Dm-Upload-Allowed: yes
Package: monkeysphere
Architecture: any
-Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, ${shlibs:Depends}
+Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, adduser, ${shlibs:Depends}
Recommends: netcat
Enhances: openssh-client, openssh-server
Description: use the OpenPGP web of trust to verify ssh connections
diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst
new file mode 100755
index 0000000..50eaefa
--- /dev/null
+++ b/debian/monkeysphere.postinst
@@ -0,0 +1,17 @@
+#!/bin/sh -e
+
+# postinst script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# (c) 2008
+
+if ! getent passwd monkeysphere >/dev/null ; then
+ echo "adding monkeysphere user..."
+ adduser --quiet --system --no-create-home --home '/var/lib/monkeysphere' \
+ --shell '/bin/sh' --gecos 'monkeysphere authentication user,,,' monkeysphere
+fi
+
+# install host gnupg home directories
+install --mode 700 -d /var/lib/monkeysphere/gnupg-host
+# install authentication gnupg home directories
+install --mode 700 --owner monkeysphere -d /var/lib/monkeysphere/gnupg-authentication
diff --git a/debian/monkeysphere.postrm b/debian/monkeysphere.postrm
new file mode 100755
index 0000000..a103fc8
--- /dev/null
+++ b/debian/monkeysphere.postrm
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+
+# postrm script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# (c) 2008
+
+case $1 in
+ purge)
+ rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true
+ echo "removing monkeysphere user..."
+ userdel monkeysphere > /dev/null || true
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0