summaryrefslogtreecommitdiff
path: root/src/share
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@finestructure.net>2009-02-01 22:48:36 -0500
committerJameson Graef Rollins <jrollins@finestructure.net>2009-02-01 22:48:36 -0500
commit44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29 (patch)
tree39d4967e13e5473ec3b9ca760ac5ff8893bee407 /src/share
parent0655d5cbf24a29da4aff7e272e82bfa258b2ceed (diff)
Fix a bug in setup where gpg was called instead of gpg_core. This
could have caused serious data loss for the running user. Should note to be carefull with this in the future. Also fix ownership on sphere gnupghome.
Diffstat (limited to 'src/share')
-rw-r--r--src/share/ma/setup12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 229166b..263e5ca 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -15,8 +15,11 @@ setup() {
# make all needed directories
mkdir -p "${MADATADIR}"
mkdir -p "${MATMPDIR}"
- mkdir -p "${GNUPGHOME_SPHERE}"
mkdir -p "${GNUPGHOME_CORE}"
+ chmod 700 "${GNUPGHOME_CORE}"
+ mkdir -p "${GNUPGHOME_SPHERE}"
+ chmod 700 "${GNUPGHOME_SPHERE}"
+ mkdir -p "${MADATADIR}"/authorized_keys
# deliberately replace the config files via truncation
# FIXME: should we be dumping to tmp files and then moving atomically?
@@ -37,6 +40,11 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg
list-options show-uid-validity
EOF
+ # make sure the monkeysphere user owns everything in th sphere
+ # gnupghome
+ chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}"
+ chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}"
+
# get fingerprint of core key. this should be empty on unconfigured systems.
local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
@@ -53,7 +61,7 @@ EOF
# FIXME: pem2openpgp currently sets the A flag and a short
# expiration date. We should set the C flag and no expiration
# date.
- < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core"
+ < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core"
# get fingerprint of core key. should definitely not be empty at this point
CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )