summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Changelog7
-rwxr-xr-xMakefile26
-rw-r--r--man/man1/monkeysphere.12
-rw-r--r--man/man8/monkeysphere-authentication.810
-rw-r--r--man/man8/monkeysphere-host.829
-rwxr-xr-xsrc/monkeysphere2
-rwxr-xr-xsrc/monkeysphere-authentication5
-rwxr-xr-xsrc/monkeysphere-host5
-rw-r--r--src/share/defaultenv4
-rwxr-xr-xsrc/transitions/0.235
-rwxr-xr-xsrc/transitions/0.285
11 files changed, 64 insertions, 36 deletions
diff --git a/Changelog b/Changelog
index d3fdb1b..5b0d01c 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+monkeysphere (0.32~pre) unstable; urgency=low
+
+ * Fix specification of install paths in all scripts and man pages
+ (closes MS #2491)
+
+ -- Jameson Rollins <jrollins@finestructure.net> Tue, 14 Sep 2010 12:24:35 -0400
+
monkeysphere (0.31) unstable; urgency=low
[ Daniel Kahn Gillmor ]
diff --git a/Makefile b/Makefile
index 6644927..201abf4 100755
--- a/Makefile
+++ b/Makefile
@@ -13,6 +13,7 @@ ETCPREFIX ?=
ETCSUFFIX ?=
PREFIX ?= /usr
MANPREFIX ?= $(PREFIX)/share/man
+LOCALSTATEDIR ?= /var/lib
# nothing actually needs to be built now.
all:
@@ -41,15 +42,23 @@ install: all installman
mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
printf "Monkeysphere %s\n" $(MONKEYSPHERE_VERSION) > $(DESTDIR)$(PREFIX)/share/monkeysphere/VERSION
install src/monkeysphere $(DESTDIR)$(PREFIX)/bin
- install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere
+ install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host
+ install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere
- ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
- ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
+ ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
+ ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23
+ sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28
install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m
install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh
@@ -68,6 +77,17 @@ installman:
install man/man7/* $(DESTDIR)$(MANPREFIX)/man7
install man/man8/* $(DESTDIR)$(MANPREFIX)/man8
gzip -d man/*/*
+ gzip -d $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1
+ gzip -n $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1
+ gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8
+ gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8.gz
+ sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
+ sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
+ gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8
releasenote:
./utils/build-releasenote
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 91a9b1c..1f174f1 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -188,7 +188,7 @@ ssh agent with subkey-to-ssh-agent.
~/.monkeysphere/monkeysphere.conf
User monkeysphere config file.
.TP
-/etc/monkeysphere/monkeysphere.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere.conf
System-wide monkeysphere config file.
.TP
~/.monkeysphere/authorized_user_ids
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index e9e24b0..5dfa92a 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -136,7 +136,7 @@ user authentication, the AuthorizedKeysFile parameter must be set in
the sshd_config to point to the monkeysphere\-generated
authorized_keys files:
-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+AuthorizedKeysFile __SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/%u
It is recommended to add "monkeysphere\-authentication update\-users"
to a system crontab, so that user keys are kept up-to-date, and key
@@ -179,18 +179,18 @@ false may expose users to abuse by other users on the system. (true)
.SH FILES
.TP
-/etc/monkeysphere/monkeysphere\-authentication.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication.conf
System monkeysphere-authentication config file.
.TP
-/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
If monkeysphere-authentication is configured to query an hkps
keyserver, it will use X.509 Certificate Authority certificates in
this file to validate any X.509 certificates used by the keyserver.
If the monkeysphere-authentication-x509 file is present, the
monkeysphere-x509 file will be ignored.
.TP
-/var/lib/monkeysphere/authorized_keys/USER
+__SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.TP
~/.monkeysphere/authorized_user_ids
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index f3e0d43..4d96901 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -118,10 +118,10 @@ publication is not done by default. The first step is to import the
host's ssh key into a monkeysphere\-style OpenPGP certificate. This
is done with the import\-key command. For example:
-# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key ssh://host.example.org
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key ssh://host.example.org
On most systems, sshd's RSA secret key is stored at
-/etc/ssh/ssh_host_rsa_key.
+__SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key.
See PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES for
how to make sure your users can verify the ssh service offered by your
@@ -137,18 +137,19 @@ PEM\-encoded). The first step is to import the web server's key into
a monkeysphere\-style OpenPGP certificate. This is done with the
import\-key command. For example:
-# monkeysphere\-host import\-key /etc/ssl/private/host.example.net\-key.pem https://host.example.net
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/host.example.net\-key.pem https://host.example.net
If you don't know where the web server's key is stored on your
machine, consult the configuration files for your web server.
Debian\-based systems using the `ssl\-cert' packages often have a
default self\-signed certificate stored in
-`/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if you're using that key,
-your users are getting browser warnings about it. You can keep using
-the same key, but help them use the OpenPGP WoT to verify that it does
-belong to your web server by using something like:
+`__SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if
+you're using that key, your users are getting browser warnings about
+it. You can keep using the same key, but help them use the OpenPGP
+WoT to verify that it does belong to your web server by using
+something like:
-# monkeysphere\-host import\-key /etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
If you offer multiple HTTPS websites using the same secret key, you
should add the additional website names with the `add\-servicename'
@@ -188,7 +189,7 @@ ssh) or without seeing a nasty "security warning" in their browsers
Note that \fBmonkeysphere\-host\fP currently caches a copy of all
imported secret keys (stored in OpenPGP form for future manipulation)
-in /var/lib/monkeysphere/host/secring.gpg. Cleartext backups of this
+in __SYSDATADIR_PREFIX__/monkeysphere/host/secring.gpg. Cleartext backups of this
file could expose secret key material if not handled sensitively.
.SH ENVIRONMENT
@@ -209,22 +210,22 @@ If set to `false', never prompt the user for confirmation. (true)
.SH FILES
.TP
-/etc/monkeysphere/monkeysphere\-host.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host.conf
System monkeysphere\-host config file.
.TP
-/var/lib/monkeysphere/host_keys.pub.pgp
+__SYSDATADIR_PREFIX__/monkeysphere/host_keys.pub.pgp
A world\-readable copy of the host's OpenPGP certificates in ASCII
armored format. This includes the certificates (including the public
keys, servicename\-based User IDs, and most recent relevant
self\-signatures) corresponding to every key used by
Monkeysphere\-enabled services on the host.
.TP
-/var/lib/monkeysphere/host/
+__SYSDATADIR_PREFIX__/monkeysphere/host/
A locked directory (readable only by the superuser) containing copies
of all imported secret keys (this is the host's GNUPGHOME directory).
.TP
-/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
If monkeysphere-host is configured to query an hkps keyserver for
publish-keys, it will use X.509 Certificate Authority certificates in
this file to validate any X.509 certificates used by the keyserver.
diff --git a/src/monkeysphere b/src/monkeysphere
index 8ce0c22..1cfafb6 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -16,7 +16,7 @@ set -e
PGRM=$(basename $0)
-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index af8c40d..c924034 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -19,14 +19,11 @@ set -o pipefail
PGRM=$(basename $0)
-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
-
# sharedir for authentication functions
MASHAREDIR="${SYSSHAREDIR}/ma"
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 6216dce..33a67cc 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -19,14 +19,11 @@ set -o pipefail
PGRM=$(basename $0)
-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
-
# sharedir for host functions
MHSHAREDIR="${SYSSHAREDIR}/mh"
diff --git a/src/share/defaultenv b/src/share/defaultenv
index 501478f..d72f139 100644
--- a/src/share/defaultenv
+++ b/src/share/defaultenv
@@ -9,8 +9,10 @@
# Copyright 2009, released under the GPL, version 3 or later
# managed directories
-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"__SYSCONFDIR_PREFIX__/etc/monkeysphere"}
export SYSCONFIGDIR
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"__SYSDATADIR_PREFIX__/monkeysphere"}
+export SYSDATADIR
# default log level
LOG_LEVEL="INFO"
diff --git a/src/transitions/0.23 b/src/transitions/0.23
index 3964558..82529f2 100755
--- a/src/transitions/0.23
+++ b/src/transitions/0.23
@@ -20,8 +20,9 @@
# any unexpected errors should cause this script to bail:
set -e
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/defaultenv"
MADATADIR="${SYSDATADIR}/authentication"
MHDATADIR="${SYSDATADIR}/host"
diff --git a/src/transitions/0.28 b/src/transitions/0.28
index 5da6ab1..d21ec4e 100755
--- a/src/transitions/0.28
+++ b/src/transitions/0.28
@@ -16,7 +16,10 @@
# any unexpected errors should cause this script to bail:
set -e
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"__SYSSHAREDIR_PREFIX__/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/defaultenv"
+
OLD_HOST_KEY_FILE="$SYSDATADIR"/ssh_host_rsa_key.pub.gpg
if [ -f "$OLD_HOST_KEY_FILE" ] ; then