diff options
author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-01 22:48:36 -0500 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-01 22:48:36 -0500 |
commit | 44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29 (patch) | |
tree | 39d4967e13e5473ec3b9ca760ac5ff8893bee407 /src | |
parent | 0655d5cbf24a29da4aff7e272e82bfa258b2ceed (diff) |
Fix a bug in setup where gpg was called instead of gpg_core. This
could have caused serious data loss for the running user. Should note
to be carefull with this in the future.
Also fix ownership on sphere gnupghome.
Diffstat (limited to 'src')
-rw-r--r-- | src/share/ma/setup | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/share/ma/setup b/src/share/ma/setup index 229166b..263e5ca 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -15,8 +15,11 @@ setup() { # make all needed directories mkdir -p "${MADATADIR}" mkdir -p "${MATMPDIR}" - mkdir -p "${GNUPGHOME_SPHERE}" mkdir -p "${GNUPGHOME_CORE}" + chmod 700 "${GNUPGHOME_CORE}" + mkdir -p "${GNUPGHOME_SPHERE}" + chmod 700 "${GNUPGHOME_SPHERE}" + mkdir -p "${MADATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? @@ -37,6 +40,11 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF + # make sure the monkeysphere user owns everything in th sphere + # gnupghome + chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) @@ -53,7 +61,7 @@ EOF # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) |