adopting new transition script strategy

2 files changed, 196 insertions, 0 deletions

diff --git a/src/transitions/0.23 b/src/transitions/0.23
new file mode 100755
index 0000000..e1c9e9e
--- /dev/null
+++ b/src/transitions/0.23
@@ -0,0 +1,180 @@
+#!/bin/bash
+
+# This is a post-install script for monkeysphere, to transition an old
+# (<0.23) setup to the new (>=0.23) setup.
+
+# You should be able to run this script after any version >= 0.23 is
+# installed.  This script should be well-behaved, even if it is run
+# repeatedly.
+
+# Written by
+# Jameson Rollins <jrollins@finestructure.net>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# Copyright 2009, released under the GPL, version 3 or later
+
+# NOTE: the reverse operation (downgrading) is not directly supported,
+# and MAY LOCK YOU OUT OF YOUR SYSTEM, depending on how you have
+# configured the monkeysphere!
+
+# any unexpected errors should cause this script to bail:
+set -e
+
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+
+MADATADIR="${SYSDATADIR}/authentication"
+MHDATADIR="${SYSDATADIR}/host"
+
+STASHDIR="${SYSDATADIR}/backup-from-0.23-transition"
+
+
+log() {
+    printf "$@" >&2
+}
+
+# FIXME: implement this function better.  here, we only care about
+# dots, *and* about reversing the regexification of them.
+gpg_unescape_and_unregex() {
+    sed  's/\\x5c\././g'
+}
+
+
+is_domain_name() {
+    printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$'
+}
+
+# run the authentication setup (this is also the first chance to bail
+# if 0.23 is not fully-installed, because m-a did not exist before
+# 0.23)
+monkeysphere-authentication setup
+
+# before 0.23, the old gnupg-host data directory used to contain the
+# trust core and the system's ssh host key.  
+
+if [ -d "$SYSDATADIR"/gnupg-host ] ; then
+
+### transfer identity certifiers, if they don't already exist in the
+### current setup:
+
+    if [ monkeysphere-authentication list-identity-certifiers | \
+	grep -q '^[A-F0-9]{40}:$' ] ; then
+	log 'There are already certifiers in the new system!\nNot transferring any certifiers.\n'
+    else
+	# get the old host keygrip (don't know why there would be more
+	# than one, but we'll transfer all tsigs made by any key that
+	# had been given ultimate ownertrust):
+	for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-ownertrust | \
+	    grep ':6:$'
+	    sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do
+	    
+	# we're assuming that old id certifiers were only added by old
+	# versions of m-s c+, which added certifiers by ltsigning
+	# entire keys.
+	    
+	# so we'll walk the list of tsigs from the old host key, and
+	# add those keys as certifiers to the new system.
+
+	    # FIXME: if an admin has run "m-s add-id-certifier $foo"
+	    # multiple times for the same $foo, we'll only transfer
+	    # one of those certifications (even if later
+	    # certifications had different parameters).
+	    
+	    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --fingerprint --with-colons --fixed-list-mode --check-sigs | \
+		cut -f 1,2,5,8,9,10 -d: | \
+		egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
+		while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
+		case $type in
+		    'fpr') # this is a new key
+			keyfpr=$fpr
+			;;
+		    'sig') # deal with all trust signatures, including
+			   # regexes if present.
+			if [ "$keyfpr" ] ; then
+			    trustdepth=${trustparams%% *}
+			    trustlevel=${trustparams##* }
+			    if [ "$trustlevel" -ge 120 ] ; then
+				truststring=full
+			    elif [ "$trustlevel" -ge 60 ] ; then
+				truststring=marginal
+			    else
+				# trust levels below marginal are ignored.
+				continue
+			    fi
+
+			    finaldomain=
+			    if [ "$trustdomain" ] ; then
+			    # FIXME: deal with translating
+			    # $trustdomain back to a domain.
+				if [ printf "%s" "$trustdomain" | egrep -q '^<\[\^>\]\+\[@\.\][^>]+>\$$' ] ; then
+				    dpart=$(printf "%s" "$trustdomain" | sed -r 's/^<\[\^>\]\+\[@\.\]([^>]+)>\$$/\1/' | gpg_unescape_and_unregex)
+				    if [ is_domain_name "$dpart" ]; then
+					finaldomain="--domain $dpart"
+				    else
+					log "Does not seem to be a domain name (%s), not adding certifier\n" "$dpart"
+					continue
+				    fi
+				else
+				    log "Does not seem to be a standard gpg domain-based tsig (%s), not adding certifier\n" "$trustdomain"
+				    continue
+				fi
+			    fi
+
+			    CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX)
+			    log "Adding identity certifier with fingerprint %s\n" "$keyfpr"
+			    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export "0x$keyfpr" --export-clean >"$CERTKEY"
+			    MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY"
+			    rm -f "$CERTKEY"
+			    # clear the fingerprint so that we don't
+			    # make additional tsigs on it if more uids
+			    # are present:
+			    $keyfpr=
+			fi
+			;;
+		esac
+	    done
+	done
+    fi
+
+### transfer host key information (if present) into the new spot
+    
+    if [ -d "${MHDATADIR}" ] ; then
+	log "Not transferring host key info because host directory already exists.\n"
+    else
+	if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
+	    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --with-colons --list-secret-keys | grep -q '^sec:' ; then
+	    
+	# create host home
+	    mkdir -p "${MHDATADIR}"
+	    chmod 0700 "${MHDATADIR}"
+	    
+	    log "importing host key from old monkeysphere installation\n"
+	    GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-secret-keys \
+		GNUPGHOME="$MHDATADIR" gpg --import
+	    
+	    monkeysphere-host update-gpg-pub-file
+	else
+	    log "No host key found in old monkeysphere install; not importing any host key.\n"
+	fi
+    fi
+
+
+### get rid of this old stuff, since we've transferred it all:
+
+    mkdir -p "$STASHDIR"
+    chmod 0700 "$STASHDIR"
+    mv "${SYSDATADIR}/gnupg-host" "$STASHDIR"
+fi
+
+
+# There is nothing in the old authentication directory that we should
+# need to keep around, but it is not unreasonable to transfer keys to
+# the new authentication keyring.
+if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then
+
+    GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --export | \
+	monkeysphere-authentication gpg-cmd --import
+
+    mkdir -p "$STASHDIR"
+    chmod 0700 "$STASHDIR"
+    mv "${SYSDATADIR}/gnupg-authentication" "$STASHDIR"
+fi
diff --git a/src/transitions/README.txt b/src/transitions/README.txt
new file mode 100644
index 0000000..7488c74
--- /dev/null
+++ b/src/transitions/README.txt
@@ -0,0 +1,16 @@
+This directory contains transition scripts for major changes to
+monkeysphere infrastructure.
+
+They are expected to be run immediately after upgrading to the named
+version or later.
+
+For example: you upgrade to from version 0.8 to version 0.15, and the
+directory contains 0.6, 0.12 and 0.15, you should run 0.12 followed by
+0.15.
+
+The scripts are supposed to be cleverly-written enough that you can
+run them repeatedly, and they should only make their intended changes
+once.  If they do not behave that way, this is a bug.  Please report
+it!
+
+  https://labs.riseup.net/code/projects/monkeysphere/