From 44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Feb 2009 22:48:36 -0500 Subject: Fix a bug in setup where gpg was called instead of gpg_core. This could have caused serious data loss for the running user. Should note to be carefull with this in the future. Also fix ownership on sphere gnupghome. --- src/share/ma/setup | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/setup b/src/share/ma/setup index 229166b..263e5ca 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -15,8 +15,11 @@ setup() { # make all needed directories mkdir -p "${MADATADIR}" mkdir -p "${MATMPDIR}" - mkdir -p "${GNUPGHOME_SPHERE}" mkdir -p "${GNUPGHOME_CORE}" + chmod 700 "${GNUPGHOME_CORE}" + mkdir -p "${GNUPGHOME_SPHERE}" + chmod 700 "${GNUPGHOME_SPHERE}" + mkdir -p "${MADATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? @@ -37,6 +40,11 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF + # make sure the monkeysphere user owns everything in th sphere + # gnupghome + chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) @@ -53,7 +61,7 @@ EOF # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) -- cgit v1.2.3