diff options
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | debian/changelog | 5 | ||||
-rwxr-xr-x | debian/monkeysphere.postinst | 2 | ||||
-rw-r--r-- | man/man8/monkeysphere-server.8 | 61 | ||||
-rw-r--r-- | packaging/freebsd/distinfo | 6 | ||||
-rwxr-xr-x | packaging/freebsd/pkg-install | 15 | ||||
-rwxr-xr-x | src/monkeysphere-server | 83 | ||||
-rw-r--r-- | tests/basic | 78 | ||||
-rw-r--r-- | website/bugs/genericize-filesystem-locations-for-testsuite.mdwn | 28 | ||||
-rw-r--r-- | website/bugs/make-tarball-is-not-idempotent.mdwn | 12 | ||||
-rw-r--r-- | website/bugs/postinst-clobbers-gpg.conf-settings.mdwn | 2 | ||||
-rw-r--r-- | website/bugs/problems-with-root-owned-gpg-keyrings.mdwn | 24 | ||||
-rw-r--r-- | website/bugs/setup-subcommand-for-monkeysphere-server.mdwn | 2 |
13 files changed, 267 insertions, 55 deletions
@@ -26,7 +26,9 @@ debian-package: tarball (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) -freebsd-distinfo: tarball +# don't explicitly depend on the tarball, since our tarball +# (re)generation is not idempotent even when no source changes. +freebsd-distinfo: ./utils/build-freebsd-distinfo clean: diff --git a/debian/changelog b/debian/changelog index 13872bf..32d5a19 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,10 +5,13 @@ monkeysphere (0.16~pre-1) UNRELEASED; urgency=low portability. * fixed busted lockfile arrangement, where empty file was being locked * portability fixes in the way we use date, mktemp, hostname, su - * stop using stat, since the syntax appears to be totally unportable + * stop using /usr/bin/stat, since the syntax appears to be totally + unportable * require GNU getopt, and test for getopt failures (look for getopt in /usr/local/bin first, since that's where FreeBSD's GNU-compatible getopt lives. + * monkeysphere-server diagnostics now counts problems and suggests a + re-run after they have been resolved. -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 11 Sep 2008 23:16:31 -0400 diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst index d3c3b96..981c9df 100755 --- a/debian/monkeysphere.postinst +++ b/debian/monkeysphere.postinst @@ -11,7 +11,7 @@ if ! getent passwd monkeysphere >/dev/null ; then echo "adding monkeysphere user..." adduser --quiet --system --no-create-home --group \ --home "$VARLIB" \ - --shell '/bin/sh' \ + --shell '/bin/bash' \ --gecos 'monkeysphere authentication user,,,' \ monkeysphere fi diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index f207e2c..c905f2f 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -130,51 +130,54 @@ is located: HostKey /var/lib/monkeysphere/ssh_host_rsa_key -In order for users logging into the system to be able to verify the +In order for users logging into the system to be able to identify the host via the monkeysphere, at least one person (e.g. a server admin) -will need to sign the host's key. This is done using standard key -signing techniquies, usually by pulling the key from the keyserver, -signing the key, and re-publishing the signature. Once that is done, -users logging into the host will be able to certify the host's key via -the signature of the host admin. +will need to sign the host's key. This is done using standard OpenPGP +keysigning techniques, usually: pul the key from the keyserver, verify +and sign the key, and then re-publish the signature. Once an admin's +signature is published, users logging into the host can use it to +validate the host's key. If the server will also handle user authentication through monkeysphere-generated authorized_keys files, the server must be told -which keys will act as user certifiers. This is done with the -\fBadd-certifier\fP command: - -$ monkeysphere-server add-certifier KEYID - -where KEYID is the key ID of the server admin, or whoever's signature -will be certifying users to the system. Certifiers can be removed -with the \fBremove-certifier\fP command, and listed with the -\fBlist-certifiers\fP command. - -Remote user's will then be granted access to a local user account -based on the appropriately signed and valid keys associated with user -IDs listed in the authorized_user_ids file of the local user. By -default, the authorized_user_ids file for local users is found in +which keys will act as identity certifiers. This is done with the +\fBadd-identity-certifier\fP command: + +$ monkeysphere-server add-identity-certifier KEYID + +where KEYID is the key ID of the server admin, or whoever's +certifications should be acceptable to the system for the purposes of +authenticating remote users. You can run this command multiple times +to indicate that multiple certifiers are trusted. You may also +specify a filename instead of a key ID, as long as the file contains a +single OpenPGP public key. Certifiers can be removed with the +\fBremove-identity-certifier\fP command, and listed with the +\fBlist-identity-certifiers\fP command. + +Remote users will then be granted access to a local account based on +the appropriately-signed and valid keys associated with user IDs +listed in that account's authorized_user_ids file. By default, the +authorized_user_ids file for an account is ~/.monkeysphere/authorized_user_ids. This can be changed in the monkeysphere-server.conf file. The \fBupdate-users\fP command can then be used to generate -authorized_keys file for local users based on the authorized user IDs -listed in the various local user's authorized_user_ids file: +authorized_keys file for local accounts based on the authorized user +IDs listed in the account's authorized_user_ids file: $ monkeysphere-server update-users USER -Not specifying a specific user will cause all users on the system to -updated. sshd can then use these monkeysphere generated -authorized_keys files to grant access to user accounts for remote -users. You must also tell sshd to look at the monkeysphere-generated -authorized_keys file for user authentication by setting the following -in the sshd_config: +Not specifying USER will cause all accounts on the system to updated. +sshd can then use these monkeysphere generated authorized_keys files +to grant access to user accounts for remote users. You must also tell +sshd to look at the monkeysphere-generated authorized_keys file for +user authentication by setting the following in the sshd_config: AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u It is recommended to add "monkeysphere-server update-users" to a system crontab, so that user keys are kept up-to-date, and key -revocations and expirations can be processed in a timely manor. +revocations and expirations can be processed in a timely manner. .SH ENVIRONMENT diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo index 1a3b6c5..b8ad49b 100644 --- a/packaging/freebsd/distinfo +++ b/packaging/freebsd/distinfo @@ -1,3 +1,3 @@ -MD5 (monkeysphere_0.16~pre.orig.tar.gz) = 7ec79824cf814c618b39e9bf33ff65b1 -SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = bce97a2b2f90bc85b81af374cc0d32dfb23c6b2c1f1b2145f8a4d4a5bb00645b -SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 58595 +MD5 (monkeysphere_0.16~pre.orig.tar.gz) = c5c5211440e31d04df1f7904ec859fb9 +SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = 77faf81cc51dff754ecb7122de26818b908e06ab4e0bdbd0320346dde53612cd +SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59253 diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install index b832190..940b796 100755 --- a/packaging/freebsd/pkg-install +++ b/packaging/freebsd/pkg-install @@ -22,6 +22,7 @@ POST-INSTALL) GROUP=${USER} UID=641 GID=${UID} + SHELL=/usr/local/bin/bash if pw group show "${GROUP}" 2>/dev/null; then echo "You already have a group \"${GROUP}\", so I will use it." @@ -34,11 +35,18 @@ POST-INSTALL) fi fi - if pw user show "${USER}" 2>/dev/null; then - echo "You already have a user \"${USER}\", so I will use it." + if oldshell=`pw user show "${USER}" 2>/dev/null`; then + if [ x"$oldshell" != x"$SHELL" ]; then + echo "You already have a \"${USER}\" user, but its shell is '$oldshell'." + echo "This package requires that \"${USER}\"'s shell be '$SHELL'." + echo "You should fix this by hand and then re-install the package." + echo " hint: pw usermod '$USER' -s '$SHELL'" + exit 1 + fi + echo "You already have a user \"${USER}\" with the proper shell, so I will use it." else if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ - -d "$VARLIB" -s /bin/sh -c "monkeysphere authentication user,,," + -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,," then echo "Added user \"${USER}\"." else @@ -63,5 +71,6 @@ keyring $VARLIB/gnupg-host/pubring.gpg EOF chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf + monkeysphere-server diagnostics ;; esac diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 6798fab..db3687b 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -67,7 +67,7 @@ EOF } su_monkeysphere_user() { - su -m "$MONKEYSPHERE_USER" -c "$@" + su "$MONKEYSPHERE_USER" -c "$@" } # function to interact with the host gnupg keyring @@ -188,25 +188,25 @@ update_users() { fi # make temporary directory - TMPDIR=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + TMPLOC=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) # trap to delete temporary directory on exit - trap "rm -rf $TMPDIR" EXIT + trap "rm -rf $TMPLOC" EXIT # create temporary authorized_user_ids file - TMP_AUTHORIZED_USER_IDS="${TMPDIR}/authorized_user_ids" + TMP_AUTHORIZED_USER_IDS="${TMPLOC}/authorized_user_ids" touch "$TMP_AUTHORIZED_USER_IDS" # create temporary authorized_keys file - AUTHORIZED_KEYS="${TMPDIR}/authorized_keys" + AUTHORIZED_KEYS="${TMPLOC}/authorized_keys" touch "$AUTHORIZED_KEYS" # set restrictive permissions on the temporary files # FIXME: is there a better way to do this? - chmod 0700 "$TMPDIR" + chmod 0700 "$TMPLOC" chmod 0600 "$AUTHORIZED_KEYS" chmod 0600 "$TMP_AUTHORIZED_USER_IDS" - chown -R "$MONKEYSPHERE_USER" "$TMPDIR" + chown -R "$MONKEYSPHERE_USER" "$TMPLOC" # if the authorized_user_ids file exists... if [ -s "$authorizedUserIDs" ] ; then @@ -243,7 +243,7 @@ update_users() { mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}" # destroy temporary directory - rm -rf "$TMPDIR" + rm -rf "$TMPLOC" done } @@ -559,6 +559,7 @@ diagnostics() { local fingerprint local badhostkeys local sshd_config + local problemsfound=0 # FIXME: what's the correct, cross-platform answer? sshd_config=/etc/ssh/sshd_config @@ -570,20 +571,24 @@ diagnostics() { warndate=$(advance_date $warnwindow +%s) if ! id monkeysphere >/dev/null ; then - echo "! No monkeysphere user found! Please create a monkeysphere system user." + echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." + problemsfound=$(($problemsfound+1)) fi if ! [ -d "$VARLIB" ] ; then echo "! no $VARLIB directory found. Please create it." + problemsfound=$(($problemsfound+1)) fi echo "Checking host GPG key..." if (( "$keysfound" < 1 )); then echo "! No host key found." echo " - Recommendation: run 'monkeysphere-server gen-key'" + problemsfound=$(($problemsfound+1)) elif (( "$keysfound" > 1 )); then echo "! More than one host key found?" # FIXME: recommend a way to resolve this + problemsfound=$(($problemsfound+1)) else create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:) expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:) @@ -593,9 +598,11 @@ diagnostics() { if (( "$expire" < "$curdate" )); then echo "! Host key is expired." echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + problemsfound=$(($problemsfound+1)) elif (( "$expire" < "$warndate" )); then echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + problemsfound=$(($problemsfound+1)) fi fi @@ -603,6 +610,7 @@ diagnostics() { if [ "$create" ] && (( "$create" > "$curdate" )); then echo "! Host key was created in the future(?!). Is your clock correct?" echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" + problemsfound=$(($problemsfound+1)) fi # check for UserID expiration: @@ -614,14 +622,17 @@ diagnostics() { if [ "$create" ] && (( "$create" > "$curdate" )); then echo "! User ID '$uid' was created in the future(?!). Is your clock correct?" echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" + problemsfound=$(($problemsfound+1)) fi if [ "$expire" ] ; then if (( "$expire" < "$curdate" )); then echo "! User ID '$uid' is expired." - # FIXME: recommend a way to resolve this + # FIXME: recommend a way to resolve this + problemsfound=$(($problemsfound+1)) elif (( "$expire" < "$warndate" )); then echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) # FIXME: recommend a way to resolve this + problemsfound=$(($problemsfound+1)) fi fi done @@ -641,20 +652,24 @@ diagnostics() { echo "Checking host SSH key..." if [ ! -s "${VARLIB}/ssh_host_rsa_key" ] ; then echo "! The host key as prepared for SSH (${VARLIB}/ssh_host_rsa_key) is missing or empty." + problemsfound=$(($problemsfound+1)) else if [ $(ls -l "${VARLIB}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then echo "! Permissions seem wrong for ${VARLIB}/ssh_host_rsa_key -- should be 0600." + problemsfound=$(($problemsfound+1)) fi # propose changes needed for sshd_config (if any) if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" + problemsfound=$(($problemsfound+1)) fi - if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then + if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then echo "! $sshd_config refers to some non-monkeysphere host keys:" echo "$badhostkeys" echo " - Recommendation: remove the above HostKey lines from $sshd_config" + problemsfound=$(($problemsfound+1)) fi fi fi @@ -668,17 +683,29 @@ diagnostics() { # FIXME: make sure that at least one identity certifier exists +# FIXME: look at the timestamps on the monkeysphere-generated +# authorized_keys files -- warn if they seem out-of-date. + echo echo "Checking for MonkeySphere-enabled public-key authentication for users ..." # Ensure that User ID authentication is enabled: if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then echo "! $sshd_config does not point to monkeysphere authorized keys." echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'" + problemsfound=$(($problemsfound+1)) fi - if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then + if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then echo "! $sshd_config refers to non-monkeysphere authorized_keys files:" echo "$badauthorizedkeys" echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config" + problemsfound=$(($problemsfound+1)) + fi + + if [ "$problemsfound" -gt 0 ]; then + echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" + echo " monkeysphere-server diagnostics" + else + echo "Everything seems to be in order!" fi } @@ -733,12 +760,38 @@ add_certifier() { keyID="$1" if [ -z "$keyID" ] ; then - failure "You must specify the key ID of a key to add." + failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi + if [ -f "$keyID" ] ; then + echo "Reading key from file '$keyID':" + importinfo=$(gpg_authentication "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'" + # FIXME: if this is tried when the key database is not + # up-to-date, i got these errors (using set -x): + +# ++ su -m monkeysphere -c '\''gpg --import'\'' +# Warning: using insecure memory! +# gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported +# gpg: Total number processed: 1 +# gpg: imported: 1 (RSA: 1) +# gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied +# gpg: failed to rebuild keyring cache: Permission denied +# gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model +# gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u +# gpg: next trustdb check due at 2009-01-10' +# + failure 'could not read key from '\''/root/dkg.gpg'\''' +# + echo 'could not read key from '\''/root/dkg.gpg'\''' + + keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) + if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + failure "Expected there to be a single gpg key in the file." + fi + else + # get the key from the key server + gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + fi + export keyID - # get the key from the key server - gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" # get the full fingerprint of a key ID fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \ diff --git a/tests/basic b/tests/basic new file mode 100644 index 0000000..7d354f9 --- /dev/null +++ b/tests/basic @@ -0,0 +1,78 @@ +#!/usr/bin/env bash + +# Tests to ensure that the monkeysphere is working + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Date: 2008-09-13 13:40:15-0400 + +# these tests might be best run under fakeroot, particularly the +# "server-side" tests. Using fakeroot, they should be able to be run +# as a non-privileged user. + +# NOTE: these tests have *not* themselves been tested yet +# (2008-09-13). Please exercise with caution! + +# these tests assume a commonly-trusted "Admin's key", a fake key +# permanently stored in ./admin: + +gpgadmin() { + GNUPGHOME=./admin gpg "$@" +} + + +# cleanup: + +cleanup() { + rm -f ./ssh-socket + + # FIXME: how should we clear out the temporary $VARLIB? + + # FIXME: clear out ssh client config file and known hosts. +} + +## set up some variables to ensure that we're operating strictly in +## the tests, not system-wide: + +# FIXME: can we override $VARLIB ? +# FIXME: can we override $ETC ? + +# Use the local copy of executables first, instead of system ones. +# This should help us test without installing. +export PATH=$(pwd)/../src:$(pwd)/../src/keytrans:$PATH +export MONKEYSPHERE_SHARE=$(pwd)/../src + +# create a new host key, certify it with the "Admin's Key". + +echo | monkeysphere-server gen-key --expire 2d + +HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) + +monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import + +gpgadmin --sign-key "$HOSTKEYID" + +# FIXME: how can we test publish-key without flooding junk into the +# keyservers? + +# indicate that the "Admin's" key is an identity certifier for the +# host + +monkeysphere-server add-identity-certifier ./admin/pubkey.gpg + +# launch sshd with the new host key. + +mkfifo ./ssh-socket + +sshd -f ./sshd_config -i <>./ssh-socket + +# connect to sample sshd host key, using monkeysphere to verify the +# identity before connection. + +## FIXME: implement! + +# create a new client side key, certify it with the "CA", use it to +# log in. + +## FIXME: implement! + + diff --git a/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn new file mode 100644 index 0000000..1d70313 --- /dev/null +++ b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn @@ -0,0 +1,28 @@ +[[meta title="genericize all filesystem locations to enable test suite:" ]] + +I'm in the process of writing a testsuite for the monkeysphere so that +we can verify that it actually performs all the basic expected duties +properly. + +It occurs to me that lines like these: + + ETC="/etc/monkeysphere" + VARLIB="/var/lib/monkeysphere" + +Actually make it very difficult to generically test the tool without +it being installed system-wide. + +Is there any reason that we should not allow these directories to be +overridden with environment variables in the same way that +`/usr/share/monkeysphere/share` is handled? + + SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"} + +I guess i'm proposing something like: + + SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} + SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} + +Thoughts? + +--dkg diff --git a/website/bugs/make-tarball-is-not-idempotent.mdwn b/website/bugs/make-tarball-is-not-idempotent.mdwn new file mode 100644 index 0000000..03779c5 --- /dev/null +++ b/website/bugs/make-tarball-is-not-idempotent.mdwn @@ -0,0 +1,12 @@ +[[meta title="make tarball is not idempotent" ]] + +The current monkeysphere Makefile has a "tarball" target, which +produces the "upstream tarball". Unfortunately, it is not idempotent. +That is, if you run it twice in a row (without changing any other +source), the second .orig.tar.gz file is bytewise different from the +first. + +We should fix this so that the tarball generated is the same at least +as long as no local file has been touched. + +--dkg diff --git a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn index 8f518c1..e58b9c7 100644 --- a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn +++ b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn @@ -1,4 +1,4 @@ -[[ meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]] +[[meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]] Do we want to allow the system administrator to make adjustments to the `gpg.conf` config files found in `/var/lib/monkeysphere`? At the diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn new file mode 100644 index 0000000..65268c5 --- /dev/null +++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn @@ -0,0 +1,24 @@ +[[meta title="Problems with root-owned gpg keyrings"]] + +`/var/lib/monkeysphere/gnupg-host/` is root-owned, and the public +keyring in that directory is controlled by the superuser. + +We currently expect the `monkeysphere` user to read from (but not +write to) that keyring. But using a keyring in a directory that you +don't control appears to trigger [a subtle bug in +gpg](http://bugs.debian.org/361539) that has been unresolved for quite +a long time. + +With some of the new error checking i'm doing in +`monkeysphere-server`, typical operations that involve both keyrings +as the non-privileged user can fail with an error message like: + + gpg: failed to rebuild keyring cache: file open error + +Running the relevant operation a second time as the same user usually +lets things go through without a failure, but this seems like it would +be hiding a bug, rather than getting it fixed correctly. + +Are there other ways we can deal with this problem? + +--dkg diff --git a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn index 614e471..c491f8b 100644 --- a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn +++ b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn @@ -1,4 +1,4 @@ -[[ meta title="proposed new monkeysphere-server subcommand: setup" ]] +[[meta title="proposed new monkeysphere-server subcommand: setup" ]] What if everything that's done in the package post-installation scripts (aside from maybe the creation of the monkeysphere user |