summaryrefslogtreecommitdiff
path: root/src/transitions/0.23
blob: dead78871926c9462844481303133ce625d99429 (plain)
  1. #!/bin/bash
  2. # This is a post-install script for monkeysphere, to transition an old
  3. # (<0.23) setup to the new (>=0.23) setup.
  4. # You should be able to run this script after any version >= 0.23 is
  5. # installed. This script should be well-behaved, even if it is run
  6. # repeatedly.
  7. # Written by
  8. # Jameson Rollins <jrollins@finestructure.net>
  9. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  10. #
  11. # Copyright 2009, released under the GPL, version 3 or later
  12. # NOTE: the reverse operation (downgrading) is not directly supported,
  13. # and MAY LOCK YOU OUT OF YOUR SYSTEM, depending on how you have
  14. # configured the monkeysphere!
  15. # any unexpected errors should cause this script to bail:
  16. set -e
  17. SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
  18. MADATADIR="${SYSDATADIR}/authentication"
  19. MHDATADIR="${SYSDATADIR}/host"
  20. STASHDIR="${SYSDATADIR}/backup-from-0.23-transition"
  21. log() {
  22. printf "$@" >&2
  23. }
  24. # FIXME: implement this function better. here, we only care about
  25. # dots, *and* about reversing the regexification of them.
  26. gpg_unescape_and_unregex() {
  27. sed 's/\\x5c\././g'
  28. }
  29. is_domain_name() {
  30. printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$'
  31. }
  32. # run the authentication setup (this is also the first chance to bail
  33. # if 0.23 is not fully-installed, because m-a did not exist before
  34. # 0.23)
  35. monkeysphere-authentication setup
  36. # before 0.23, the old gnupg-host data directory used to contain the
  37. # trust core and the system's ssh host key.
  38. if [ -d "$SYSDATADIR"/gnupg-host ] ; then
  39. ### transfer identity certifiers, if they don't already exist in the
  40. ### current setup:
  41. if monkeysphere-authentication list-identity-certifiers | \
  42. grep -q '^[A-F0-9]{40}:$' ; then
  43. log 'There are already certifiers in the new system!\nNot transferring any certifiers.\n'
  44. else
  45. # get the old host keygrip (don't know why there would be more
  46. # than one, but we'll transfer all tsigs made by any key that
  47. # had been given ultimate ownertrust):
  48. for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-ownertrust | \
  49. grep ':6:$' | \
  50. sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do
  51. # we're assuming that old id certifiers were only added by old
  52. # versions of m-s c+, which added certifiers by ltsigning
  53. # entire keys.
  54. # so we'll walk the list of tsigs from the old host key, and
  55. # add those keys as certifiers to the new system.
  56. # FIXME: if an admin has run "m-s add-id-certifier $foo"
  57. # multiple times for the same $foo, we'll only transfer
  58. # one of those certifications (even if later
  59. # certifications had different parameters).
  60. GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \
  61. cut -f 1,2,5,8,9,10 -d: | \
  62. egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
  63. while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
  64. case $type in
  65. 'fpr') # this is a new key
  66. keyfpr=$fpr
  67. ;;
  68. 'sig') # deal with all trust signatures, including
  69. # regexes if present.
  70. if [ "$keyfpr" ] ; then
  71. trustdepth=${trustparams%% *}
  72. trustlevel=${trustparams##* }
  73. if [ "$trustlevel" -ge 120 ] ; then
  74. truststring=full
  75. elif [ "$trustlevel" -ge 60 ] ; then
  76. truststring=marginal
  77. else
  78. # trust levels below marginal are ignored.
  79. continue
  80. fi
  81. finaldomain=
  82. if [ "$trustdomain" ] ; then
  83. # FIXME: deal with translating
  84. # $trustdomain back to a domain.
  85. if [ printf "%s" "$trustdomain" | egrep -q '^<\[\^>\]\+\[@\.\][^>]+>\$$' ] ; then
  86. dpart=$(printf "%s" "$trustdomain" | sed -r 's/^<\[\^>\]\+\[@\.\]([^>]+)>\$$/\1/' | gpg_unescape_and_unregex)
  87. if [ is_domain_name "$dpart" ]; then
  88. finaldomain="--domain $dpart"
  89. else
  90. log "Does not seem to be a domain name (%s), not adding certifier\n" "$dpart"
  91. continue
  92. fi
  93. else
  94. log "Does not seem to be a standard gpg domain-based tsig (%s), not adding certifier\n" "$trustdomain"
  95. continue
  96. fi
  97. fi
  98. CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX)
  99. log "Adding identity certifier with fingerprint %s\n" "$keyfpr"
  100. GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY"
  101. MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY"
  102. rm -f "$CERTKEY"
  103. # clear the fingerprint so that we don't
  104. # make additional tsigs on it if more uids
  105. # are present:
  106. keyfpr=
  107. fi
  108. ;;
  109. esac
  110. done
  111. done
  112. fi
  113. ### transfer host key information (if present) into the new spot
  114. if [ -d "${MHDATADIR}" ] ; then
  115. log "Not transferring host key info because host directory already exists.\n"
  116. else
  117. if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
  118. GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then
  119. FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' )
  120. # create host home
  121. mkdir -p "${MHDATADIR}"
  122. chmod 0700 "${MHDATADIR}"
  123. log "importing host key from old monkeysphere installation\n"
  124. # export from the pubring as well as the that new (non-expired)
  125. # self-sigs are available, otherwise the secret key import may fail
  126. # FIXME: turns out the secret key import fails anyway, stupidly :(
  127. # FIXME: if all self-sigs are expired, then the secret key import may
  128. # fail anyway. How should we deal with that?
  129. (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \
  130. GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export $FPR) | \
  131. GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import
  132. monkeysphere-host update-gpg-pub-file
  133. else
  134. log "No host key found in old monkeysphere install; not importing any host key.\n"
  135. fi
  136. fi
  137. ### get rid of this old stuff, since we've transferred it all:
  138. mkdir -p "$STASHDIR"
  139. chmod 0700 "$STASHDIR"
  140. mv "${SYSDATADIR}/gnupg-host" "$STASHDIR"
  141. fi
  142. # There is nothing in the old authentication directory that we should
  143. # need to keep around, but it is not unreasonable to transfer keys to
  144. # the new authentication keyring.
  145. if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then
  146. GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --no-permission-warning --export | \
  147. monkeysphere-authentication gpg-cmd --import
  148. mkdir -p "$STASHDIR"
  149. chmod 0700 "$STASHDIR"
  150. mv "${SYSDATADIR}/gnupg-authentication" "$STASHDIR"
  151. fi