From 44ca5172d76fb84802c85057a3c0eaf0e6d8956d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:36:39 -0500 Subject: some clean up to tests/basic --- tests/basic | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) (limited to 'tests') diff --git a/tests/basic b/tests/basic index d9399f0..bcade42 100755 --- a/tests/basic +++ b/tests/basic @@ -91,8 +91,12 @@ trap failed_cleanup EXIT ## the tests, not system-wide: # make temp dir -mkdir -p "$TESTDIR"/tmp -TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") +# FIXME: I believe that /tmp can not be used as the temp dir here, +# since the permissions on /tmp are usually such that they will not +# pass the monkeysphere/ssh path permission checking. at least this +# is my experience. +#TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") +TEMPDIR=$(mktemp -d "${TESTDIR}/tmp/monkeyspheretest.XXXXXXX") # Use the local copy of executables first, instead of system ones. # This should help us test without installing. @@ -121,10 +125,8 @@ export DISPLAY=monkeys # copy in admin and testuser home to tmp echo "##################################################" -echo "### copying admin and testuser homes..." -cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ +echo "### configuring testuser home..." cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ - # set up environment for testuser export TESTHOME="$TEMPDIR"/testuser export GNUPGHOME="$TESTHOME"/.gnupg @@ -141,6 +143,10 @@ KNOWN_HOSTS=$TESTHOME/.ssh/known_hosts EOF get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf +echo "##################################################" +echo "### configuring admin home..." +cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ + # set up sshd echo "##################################################" echo "### configuring sshd..." @@ -155,17 +161,6 @@ EOF ###################################################################### ### SERVER HOST SETUP -# create a new host key -echo "##################################################" -echo "### testing host key generation..." -mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/host -# add gpg.conf with quick-random -get_gpg_prng_arg >> "$MONKEYSPHERE_SYSCONFIGDIR"/host/gpg.conf -echo | monkeysphere-host expert gen-key --length 1024 testhost - -# remove the host home for the next test -rm -rf "$MONKEYSPHERE_SYSCONFIGDIR"/host - # import host key echo "##################################################" echo "### testing host key importing..." @@ -182,6 +177,7 @@ monkeysphere-host show-key echo "##################################################" echo "### getting host key fingerprint..." HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) +echo "$HOSTKEYID" # certify host key with the "Admin's Key". # (this would normally be done via keyservers) @@ -214,7 +210,7 @@ get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf # add admin as identity certifier for testhost echo "##################################################" echo "### adding admin as certifier..." -echo y | monkeysphere-authentication add-id-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg +monkeysphere-authentication add-id-certifier -y "$TEMPDIR"/admin/.gnupg/pubkey.gpg # FIXME: should we run "diagnostics" here to test setup? @@ -241,6 +237,8 @@ gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import echo "##################################################" echo "### update server authorized_keys file for this testuser..." monkeysphere-authentication update-users $(whoami) +# FIXME: NOT FAILING PROPERLY FOR: +# ms: improper group or other writability on path '/tmp'. ###################################################################### -- cgit v1.2.3 From 9c193c4dc749403030aeda0acc794a65d7593540 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 15:19:16 -0500 Subject: tests/basic: respect $TMPDIR variable for temporary directories set up during testing. --- tests/basic | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'tests') diff --git a/tests/basic b/tests/basic index bcade42..af8b5f1 100755 --- a/tests/basic +++ b/tests/basic @@ -90,13 +90,16 @@ trap failed_cleanup EXIT ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: -# make temp dir -# FIXME: I believe that /tmp can not be used as the temp dir here, -# since the permissions on /tmp are usually such that they will not -# pass the monkeysphere/ssh path permission checking. at least this -# is my experience. -#TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") -TEMPDIR=$(mktemp -d "${TESTDIR}/tmp/monkeyspheretest.XXXXXXX") +# set up temp dir + +# NOTE: /tmp can not be used as the temp dir here, since the +# permissions on /tmp are usually such that they will not pass the +# monkeysphere/ssh path permission checking. If you need to use a +# different location than the current source, please set $TMPDIR +# somewhere with tighter permissions. + +mkdir -p "$TESTDIR"/tmp +TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") # Use the local copy of executables first, instead of system ones. # This should help us test without installing. -- cgit v1.2.3 From 9a92104113158b39de7c8b42bf883b3fd46ed006 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:24:34 -0500 Subject: add list-certifiers to the basic test --- tests/basic | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/basic b/tests/basic index af8b5f1..6ee4eea 100755 --- a/tests/basic +++ b/tests/basic @@ -215,8 +215,11 @@ echo "##################################################" echo "### adding admin as certifier..." monkeysphere-authentication add-id-certifier -y "$TEMPDIR"/admin/.gnupg/pubkey.gpg -# FIXME: should we run "diagnostics" here to test setup? +echo "##################################################" +echo "### list certifiers..." +monkeysphere-authentication list-certifiers +# FIXME: should we run "diagnostics" here to test setup? ###################################################################### ### TESTUSER SETUP -- cgit v1.2.3 From 0dc13ca3b54ecd5ce311f88fed736aca1774b525 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 18:34:08 -0500 Subject: tests/common: enable a single subshell in the test environment before cleanup on failure; makes it easier to have $PATH, etc set up --- tests/common | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/common b/tests/common index adc96a2..0f90500 100644 --- a/tests/common +++ b/tests/common @@ -3,7 +3,10 @@ failed_cleanup() { # FIXME: can we be more verbose here? echo 'FAILED!' - read -p "press enter to cleanup and remove tmp:" + read -p "press enter to cleanup and remove tmp (or type bash for a subshell to examine): " XX + if [ "$XX" = bash ] ; then + bash + fi cleanup } -- cgit v1.2.3 From 65e8a49c924eac3c46c93cb4bb9be9c739a58983 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:39:38 -0500 Subject: tweak some of the log output inconsequentially --- src/share/ma/setup | 12 ++++++------ src/share/mh/set_expire | 3 +++ tests/basic | 1 - 3 files changed, 9 insertions(+), 7 deletions(-) (limited to 'tests') diff --git a/src/share/ma/setup b/src/share/ma/setup index 5960ab4..e5109fd 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -23,7 +23,7 @@ setup() { # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? - log debug "write core gpg.conf..." + log debug "writing core gpg.conf..." cat >"${GNUPGHOME_CORE}"/gpg.conf <"${GNUPGHOME_SPHERE}"/gpg.conf < Date: Mon, 16 Feb 2009 21:39:17 -0500 Subject: fix reference to HOST_FINGERPRINT in show-key, and fix some references to "expert" in test. --- src/monkeysphere-host | 4 ++-- tests/basic | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'tests') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 2e69d41..bd956e0 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -175,8 +175,8 @@ show_key() { echo -n "ssh fingerprint: " ssh-keygen -l -f /dev/stdin \ - <<<$( gpg_host --export FEE16FA3 2>/dev/null \ - | openpgp2ssh 8445B5203A8443B4B04F637DD4DE66B2FEE16FA3 2>/dev/null) \ + <<<$( gpg_host --export "$HOST_FINGERPRINT" 2>/dev/null \ + | openpgp2ssh "$HOST_FINGERPRINT" 2>/dev/null) \ | awk '{ print $1, $2, $4 }' # FIXME: other relevant key parameters? diff --git a/tests/basic b/tests/basic index 9844454..4c19a85 100755 --- a/tests/basic +++ b/tests/basic @@ -166,9 +166,9 @@ EOF # import host key echo "##################################################" -echo "### testing host key importing..." +echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key -monkeysphere-host expert import-key testhost < "$TEMPDIR"/ssh_host_rsa_key +monkeysphere-host import-key testhost < "$TEMPDIR"/ssh_host_rsa_key # change host key expiration echo "##################################################" -- cgit v1.2.3 From 54e5dd2bd3d63238142c748c64fdf66135a47136 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 00:36:07 -0500 Subject: fix a couple of left over references to expert --- src/monkeysphere-authentication | 4 ++-- src/monkeysphere-host | 3 ++- src/share/ma/diagnostics | 2 +- src/share/mh/diagnostics | 2 +- tests/basic | 12 ++++++------ 5 files changed, 12 insertions(+), 11 deletions(-) (limited to 'tests') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 4a09527..465777d 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -86,8 +86,8 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } -# load the core fingerprint into the fingerprint variable, using the -# gpg host secret key +# output to stdout the core fingerprint from the gpg core secret +# keyring core_fingerprint() { log debug "determining core key fingerprint..." gpg_core --quiet --list-secret-key \ diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 6220760..8562ec6 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -181,7 +181,8 @@ show_key() { | grep '^fpr:' | cut -d: -f10 ) # list the host key info - gpg --list-key --fingerprint --list-options show-unusable-uids 2>/dev/null + gpg --list-keys --fingerprint \ + --list-options show-unusable-uids 2>/dev/null # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index 45a8ce2..0411080 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -120,7 +120,7 @@ fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-authentication expert diagnostics" + echo " monkeysphere-authentication diagnostics" else echo "Everything seems to be in order!" fi diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index 96065e6..d774723 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -152,7 +152,7 @@ fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-host expert diagnostics" + echo " monkeysphere-host diagnostics" else echo "Everything seems to be in order!" fi diff --git a/tests/basic b/tests/basic index 4c19a85..d78a594 100755 --- a/tests/basic +++ b/tests/basic @@ -170,17 +170,17 @@ echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key monkeysphere-host import-key testhost < "$TEMPDIR"/ssh_host_rsa_key +echo "##################################################" +echo "### getting host key fingerprint..." +HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) +echo "$HOSTKEYID" + # change host key expiration echo "##################################################" echo "### setting host key expiration..." monkeysphere-host set-expire 1 # FIXME: how do we check that the expiration has really been set? -echo "##################################################" -echo "### getting host key fingerprint..." -HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) -echo "$HOSTKEYID" - # certify host key with the "Admin's Key". # (this would normally be done via keyservers) echo "##################################################" @@ -236,7 +236,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo "##################################################" echo "### export testuser key to server..." -gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import +gpg --export testuser | monkeysphere-authentication gpg-cmd --import # update authorized_keys for user echo "##################################################" -- cgit v1.2.3 From d2874b94fedbe6d043d44ca3562879251e6ea10f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 19:09:44 -0500 Subject: add ability to bypass prompting with a MONKEYSPHERE_PROMPT variable, for functions that prompt for confirmation. Also fix publish_key function (NOT TESTED). --- src/monkeysphere-authentication | 9 +++++++-- src/monkeysphere-host | 13 +++++++++---- src/share/ma/add_certifier | 8 +------- src/share/ma/remove_certifier | 7 +++++-- src/share/mh/add_hostname | 14 +++++++++----- src/share/mh/add_revoker | 12 ++++++++---- src/share/mh/publish_key | 29 +++++++++++++++++++++++++---- src/share/mh/revoke_hostname | 14 +++++++++----- src/share/mh/set_expire | 9 +++++++++ tests/basic | 2 +- 10 files changed, 83 insertions(+), 34 deletions(-) (limited to 'tests') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 60cb5f2..c349e6f 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -114,11 +114,14 @@ gpg_core_sphere_sig_transfer() { # MAIN ######################################################################## -# unset variables that should be defined only in config file +# unset variables that should be defined only in config file of in +# MONKEYSPHERE_ variables +unset LOG_LEVEL unset KEYSERVER unset AUTHORIZED_USER_IDS unset RAW_AUTHORIZED_KEYS unset MONKEYSPHERE_USER +unset PROMPT # load configuration file [ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG" @@ -130,6 +133,7 @@ KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} +PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} @@ -142,8 +146,9 @@ CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"} export DATE export MODE export LOG_LEVEL -export MONKEYSPHERE_USER export KEYSERVER +export MONKEYSPHERE_USER +export PROMPT export CHECK_KEYSERVER export REQUIRED_USER_KEY_CAPABILITY export GNUPGHOME_CORE diff --git a/src/monkeysphere-host b/src/monkeysphere-host index a7b9697..2dc6003 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -177,6 +177,7 @@ show_key() { # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT + # import the host key into the tmp dir gpg --quiet --import <"$HOST_KEY_FILE" HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \ @@ -208,9 +209,12 @@ show_key() { # MAIN ######################################################################## -# unset variables that should be defined only in config file +# unset variables that should be defined only in config file of in +# MONKEYSPHERE_ variables +unset LOG_LEVEL unset KEYSERVER unset MONKEYSPHERE_USER +unset PROMPT # load configuration file [ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG" @@ -219,9 +223,8 @@ unset MONKEYSPHERE_USER # defaults LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} -AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} -RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} +PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} @@ -231,8 +234,10 @@ GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} export DATE export MODE export LOG_LEVEL -export MONKEYSPHERE_USER export KEYSERVER +export MONKEYSPHERE_USER +export PROMPT +export CHECK_KEYSERVER export GNUPGHOME_HOST export GNUPGHOME export HOST_FINGERPRINT= diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 28c229a..54ea673 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -36,8 +36,6 @@ local fingerprint local ltsignCommand local trustval -PROMPT=true - # get options while true ; do case "$1" in @@ -53,10 +51,6 @@ while true ; do depth="$2" shift 2 ;; - -y) - PROMPT=false - shift 1 - ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -114,7 +108,7 @@ fi log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" -if [ "$PROMPT" = true ] ; then +if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a" read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 4e56264..8271ae0 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -23,13 +23,16 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to remove." fi -if gpg_sphere "--list-key --fingerprint 0x${keyID}!" ; then +# FIXME: should we be doing a fancier list_certifier output here? +gpg_core --list-key --fingerprint "0x${keyID}!" || failure + +if [ "$PROMPT" = "true" ] ; then read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." fi else - failure + log debug "certifier removed without prompting." fi # delete the requested key from the sphere keyring diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 910faf6..70bbec3 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -31,11 +31,15 @@ userID="ssh://${1}" find_host_userid > /dev/null && \ failure "Host userID '$userID' already exists." -echo "The following user ID will be added to the host key:" -echo " $userID" -read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not added." +if [ "$PROMPT" = "true" ] ; then + echo "The following user ID will be added to the host key:" + echo " $userID" + read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not added." + fi +else + log debug "adding user ID without prompting." fi # edit-key script command to add user ID diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 1464ae8..b4113df 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -77,10 +77,14 @@ fi log info "key found:" gpg_host --fingerprint "0x${fingerprint}!" -echo "Are you sure you want to add the above key as a" -read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} -if [ "${OK/y/Y}" != 'Y' ] ; then - failure "Revoker not added." +if [ "$PROMPT" = "true" ] ; then + echo "Are you sure you want to add the above key as a" + read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "revoker not added." + fi +else + log debug "adding revoker without prompting." fi # edit-key script to add revoker diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 600dfcf..b433ad7 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -15,12 +15,33 @@ publish_key() { -read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "key not published." +local GNUPGHOME + +if [ "$PROMPT" = "true" ] ; then + read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "key not published." + fi +else + log debug "publishing key without prompting." fi +# create a temporary gnupg directory from which to publish the key +export GNUPGHOME=$(mktemp -d) + +# trap to remove tmp dir if break +trap "rm -rf $GNUPGHOME" EXIT + +# import the host key into the tmp dir +su_monkeysphere_user \ + "gpg --quiet --import" <"$HOST_KEY_FILE" + # publish host key -gpg_sphere "--keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" +su_monkeysphere_user \ + "gpg --keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" + +# remove the tmp file +trap - EXIT +rm -rf "$GNUPGHOME" } diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 99ba603..77f1f0d 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -42,11 +42,15 @@ userID="ssh://${1}" uidIndex=$(find_host_userid) || \ failure "No non-revoked user ID found matching '$userID'." -echo "The following host key user ID will be revoked:" -echo " $userID" -read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not revoked." +if [ "$PROMPT" = "true" ] ; then + echo "The following host key user ID will be revoked:" + echo " $userID" + read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not revoked." + fi +else + log debug "revoking user ID without prompting." fi # edit-key script command to revoke user ID diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index 0b581d9..14d2501 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -21,6 +21,15 @@ local extendTo # get the new expiration date extendTo=$(get_gpg_expiration "$1") +if [ "$PROMPT" = "true" ] ; then + read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "expiration not set." + fi +else + log debug "extending without prompting." +fi + log info "setting host key expiration to ${extendTo}:" log debug "executing host expire script..." diff --git a/tests/basic b/tests/basic index d78a594..9114f32 100755 --- a/tests/basic +++ b/tests/basic @@ -242,7 +242,7 @@ gpg --export testuser | monkeysphere-authentication gpg-cmd --import echo "##################################################" echo "### update server authorized_keys file for this testuser..." monkeysphere-authentication update-users $(whoami) -# FIXME: NOT FAILING PROPERLY FOR: +# FIXME: this is maybe not failing properly for: # ms: improper group or other writability on path '/tmp'. -- cgit v1.2.3 From 72f145629c3c626a30aa08e6100f298cd31a30c2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 19:16:58 -0500 Subject: add README to tests/ directory --- tests/README | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 tests/README (limited to 'tests') diff --git a/tests/README b/tests/README new file mode 100644 index 0000000..2bc981c --- /dev/null +++ b/tests/README @@ -0,0 +1,31 @@ +Monkeysphere test infrastructure +================================ + +These are scripts to test various aspects of the Monkeysphere system. + +Some notes about getting started working on the monkeysphere test +infrastructure: + +- the tests can and should be run as a non-privileged user. since the + tests do potentially destructive things (like wiping out and + recreating gpg keyrings) they should definitely *not* be run as + root. it may even be advisable to run them as a different, + dedicated user, so that any goofs you make while updating the test + infrastructure don't compromise your main account. + +- you do not need the monkeysphere package installed locally, though + you will need the monkeysphere dependencies installed locally. + +- the idea with this script is to do the following: + + - set up test server infrastructure + - test the server setup + - set up test user + - test an ssh connection between test user and test server + - modify server/user setup and rerun ssh_test to make sure it + suceeds/fails as expected + +- there are various FIXMEs in the script that outline some of the + further testing that should be undertaken. + +- good documentation in the code in the form of comments are needed. -- cgit v1.2.3