From 7ab6793000d069c327e8d4923b9c89b13f60d3bd Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 02:13:11 -0500 Subject: adopting new transition script strategy --- src/transitions/0.23 | 180 +++++++++++++++++++++++++++++++++++++++++++++ src/transitions/README.txt | 16 ++++ 2 files changed, 196 insertions(+) create mode 100755 src/transitions/0.23 create mode 100644 src/transitions/README.txt (limited to 'src/transitions') diff --git a/src/transitions/0.23 b/src/transitions/0.23 new file mode 100755 index 0000000..e1c9e9e --- /dev/null +++ b/src/transitions/0.23 @@ -0,0 +1,180 @@ +#!/bin/bash + +# This is a post-install script for monkeysphere, to transition an old +# (<0.23) setup to the new (>=0.23) setup. + +# You should be able to run this script after any version >= 0.23 is +# installed. This script should be well-behaved, even if it is run +# repeatedly. + +# Written by +# Jameson Rollins +# Daniel Kahn Gillmor +# +# Copyright 2009, released under the GPL, version 3 or later + +# NOTE: the reverse operation (downgrading) is not directly supported, +# and MAY LOCK YOU OUT OF YOUR SYSTEM, depending on how you have +# configured the monkeysphere! + +# any unexpected errors should cause this script to bail: +set -e + +SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} + +MADATADIR="${SYSDATADIR}/authentication" +MHDATADIR="${SYSDATADIR}/host" + +STASHDIR="${SYSDATADIR}/backup-from-0.23-transition" + + +log() { + printf "$@" >&2 +} + +# FIXME: implement this function better. here, we only care about +# dots, *and* about reversing the regexification of them. +gpg_unescape_and_unregex() { + sed 's/\\x5c\././g' +} + + +is_domain_name() { + printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$' +} + +# run the authentication setup (this is also the first chance to bail +# if 0.23 is not fully-installed, because m-a did not exist before +# 0.23) +monkeysphere-authentication setup + +# before 0.23, the old gnupg-host data directory used to contain the +# trust core and the system's ssh host key. + +if [ -d "$SYSDATADIR"/gnupg-host ] ; then + +### transfer identity certifiers, if they don't already exist in the +### current setup: + + if [ monkeysphere-authentication list-identity-certifiers | \ + grep -q '^[A-F0-9]{40}:$' ] ; then + log 'There are already certifiers in the new system!\nNot transferring any certifiers.\n' + else + # get the old host keygrip (don't know why there would be more + # than one, but we'll transfer all tsigs made by any key that + # had been given ultimate ownertrust): + for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-ownertrust | \ + grep ':6:$' + sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do + + # we're assuming that old id certifiers were only added by old + # versions of m-s c+, which added certifiers by ltsigning + # entire keys. + + # so we'll walk the list of tsigs from the old host key, and + # add those keys as certifiers to the new system. + + # FIXME: if an admin has run "m-s add-id-certifier $foo" + # multiple times for the same $foo, we'll only transfer + # one of those certifications (even if later + # certifications had different parameters). + + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --fingerprint --with-colons --fixed-list-mode --check-sigs | \ + cut -f 1,2,5,8,9,10 -d: | \ + egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ + while IFS=: read -r type validity grip trustparams trustdomain fpr ; do + case $type in + 'fpr') # this is a new key + keyfpr=$fpr + ;; + 'sig') # deal with all trust signatures, including + # regexes if present. + if [ "$keyfpr" ] ; then + trustdepth=${trustparams%% *} + trustlevel=${trustparams##* } + if [ "$trustlevel" -ge 120 ] ; then + truststring=full + elif [ "$trustlevel" -ge 60 ] ; then + truststring=marginal + else + # trust levels below marginal are ignored. + continue + fi + + finaldomain= + if [ "$trustdomain" ] ; then + # FIXME: deal with translating + # $trustdomain back to a domain. + if [ printf "%s" "$trustdomain" | egrep -q '^<\[\^>\]\+\[@\.\][^>]+>\$$' ] ; then + dpart=$(printf "%s" "$trustdomain" | sed -r 's/^<\[\^>\]\+\[@\.\]([^>]+)>\$$/\1/' | gpg_unescape_and_unregex) + if [ is_domain_name "$dpart" ]; then + finaldomain="--domain $dpart" + else + log "Does not seem to be a domain name (%s), not adding certifier\n" "$dpart" + continue + fi + else + log "Does not seem to be a standard gpg domain-based tsig (%s), not adding certifier\n" "$trustdomain" + continue + fi + fi + + CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX) + log "Adding identity certifier with fingerprint %s\n" "$keyfpr" + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export "0x$keyfpr" --export-clean >"$CERTKEY" + MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY" + rm -f "$CERTKEY" + # clear the fingerprint so that we don't + # make additional tsigs on it if more uids + # are present: + $keyfpr= + fi + ;; + esac + done + done + fi + +### transfer host key information (if present) into the new spot + + if [ -d "${MHDATADIR}" ] ; then + log "Not transferring host key info because host directory already exists.\n" + else + if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \ + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --with-colons --list-secret-keys | grep -q '^sec:' ; then + + # create host home + mkdir -p "${MHDATADIR}" + chmod 0700 "${MHDATADIR}" + + log "importing host key from old monkeysphere installation\n" + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-secret-keys \ + GNUPGHOME="$MHDATADIR" gpg --import + + monkeysphere-host update-gpg-pub-file + else + log "No host key found in old monkeysphere install; not importing any host key.\n" + fi + fi + + +### get rid of this old stuff, since we've transferred it all: + + mkdir -p "$STASHDIR" + chmod 0700 "$STASHDIR" + mv "${SYSDATADIR}/gnupg-host" "$STASHDIR" +fi + + +# There is nothing in the old authentication directory that we should +# need to keep around, but it is not unreasonable to transfer keys to +# the new authentication keyring. +if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then + + GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --export | \ + monkeysphere-authentication gpg-cmd --import + + mkdir -p "$STASHDIR" + chmod 0700 "$STASHDIR" + mv "${SYSDATADIR}/gnupg-authentication" "$STASHDIR" +fi diff --git a/src/transitions/README.txt b/src/transitions/README.txt new file mode 100644 index 0000000..7488c74 --- /dev/null +++ b/src/transitions/README.txt @@ -0,0 +1,16 @@ +This directory contains transition scripts for major changes to +monkeysphere infrastructure. + +They are expected to be run immediately after upgrading to the named +version or later. + +For example: you upgrade to from version 0.8 to version 0.15, and the +directory contains 0.6, 0.12 and 0.15, you should run 0.12 followed by +0.15. + +The scripts are supposed to be cleverly-written enough that you can +run them repeatedly, and they should only make their intended changes +once. If they do not behave that way, this is a bug. Please report +it! + + https://labs.riseup.net/code/projects/monkeysphere/ -- cgit v1.2.3 From 4a97e06ea70447334f5dfeecb389fe7bdc27e627 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 03:13:50 -0500 Subject: fix think-o in 0.23 transition. --- src/transitions/0.23 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/transitions') diff --git a/src/transitions/0.23 b/src/transitions/0.23 index e1c9e9e..cd01662 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -56,8 +56,8 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then ### transfer identity certifiers, if they don't already exist in the ### current setup: - if [ monkeysphere-authentication list-identity-certifiers | \ - grep -q '^[A-F0-9]{40}:$' ] ; then + if monkeysphere-authentication list-identity-certifiers | \ + grep -q '^[A-F0-9]{40}:$' ; then log 'There are already certifiers in the new system!\nNot transferring any certifiers.\n' else # get the old host keygrip (don't know why there would be more -- cgit v1.2.3 From a66c00cfa6443c1ed027e796b47132df64a91b7d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 03:32:18 -0500 Subject: more think-os in the 0.23 transition script. --- src/transitions/0.23 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/transitions') diff --git a/src/transitions/0.23 b/src/transitions/0.23 index cd01662..b1247cf 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -64,7 +64,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then # than one, but we'll transfer all tsigs made by any key that # had been given ultimate ownertrust): for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-ownertrust | \ - grep ':6:$' + grep ':6:$' | \ sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do # we're assuming that old id certifiers were only added by old -- cgit v1.2.3 From 537762895f4b1ed1dcad453b7df858e3c03a9d73 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 03:34:31 -0500 Subject: remove a permission warning from the old gpg config during 0.23 transition. --- src/transitions/0.23 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/transitions') diff --git a/src/transitions/0.23 b/src/transitions/0.23 index b1247cf..3d6ab97 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -63,7 +63,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then # get the old host keygrip (don't know why there would be more # than one, but we'll transfer all tsigs made by any key that # had been given ultimate ownertrust): - for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-ownertrust | \ + for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-ownertrust | \ grep ':6:$' | \ sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do -- cgit v1.2.3 From 64f469fda70f42699f0f2ccb786d23e09b513d6e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 03:44:17 -0500 Subject: more cleanup on 0.23 transition script --- src/transitions/0.23 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/transitions') diff --git a/src/transitions/0.23 b/src/transitions/0.23 index 3d6ab97..6128d93 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -79,7 +79,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then # one of those certifications (even if later # certifications had different parameters). - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --fingerprint --with-colons --fixed-list-mode --check-sigs | \ + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \ cut -f 1,2,5,8,9,10 -d: | \ egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ while IFS=: read -r type validity grip trustparams trustdomain fpr ; do @@ -127,7 +127,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then # clear the fingerprint so that we don't # make additional tsigs on it if more uids # are present: - $keyfpr= + keyfpr= fi ;; esac @@ -141,14 +141,14 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then log "Not transferring host key info because host directory already exists.\n" else if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \ - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --with-colons --list-secret-keys | grep -q '^sec:' ; then + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then # create host home mkdir -p "${MHDATADIR}" chmod 0700 "${MHDATADIR}" log "importing host key from old monkeysphere installation\n" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-secret-keys \ + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \ GNUPGHOME="$MHDATADIR" gpg --import monkeysphere-host update-gpg-pub-file -- cgit v1.2.3 From b5555eed1dbd5cfd8ea713cfee33ce8ddcf9238f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 03:53:41 -0500 Subject: still more cleanup in transitions/0.23 --- src/transitions/0.23 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/transitions') diff --git a/src/transitions/0.23 b/src/transitions/0.23 index 6128d93..6cbf995 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -121,7 +121,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX) log "Adding identity certifier with fingerprint %s\n" "$keyfpr" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export "0x$keyfpr" --export-clean >"$CERTKEY" + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-clean >"$CERTKEY" MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY" rm -f "$CERTKEY" # clear the fingerprint so that we don't @@ -148,7 +148,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then chmod 0700 "${MHDATADIR}" log "importing host key from old monkeysphere installation\n" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \ + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \ GNUPGHOME="$MHDATADIR" gpg --import monkeysphere-host update-gpg-pub-file -- cgit v1.2.3 From b73147ef2259d6596554db071e3f934bb5e7cbe5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 04:11:27 -0500 Subject: clean up more gpg warnings during 0.23 transition --- src/transitions/0.23 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/transitions') diff --git a/src/transitions/0.23 b/src/transitions/0.23 index 6cbf995..f09dfff 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -121,7 +121,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX) log "Adding identity certifier with fingerprint %s\n" "$keyfpr" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-clean >"$CERTKEY" + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY" MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY" rm -f "$CERTKEY" # clear the fingerprint so that we don't @@ -149,7 +149,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then log "importing host key from old monkeysphere installation\n" GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \ - GNUPGHOME="$MHDATADIR" gpg --import + GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import monkeysphere-host update-gpg-pub-file else @@ -171,7 +171,7 @@ fi # the new authentication keyring. if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then - GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --export | \ + GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --no-permission-warning --export | \ monkeysphere-authentication gpg-cmd --import mkdir -p "$STASHDIR" -- cgit v1.2.3