2 # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
4 # Monkeysphere authentication setup subcommand
6 # The monkeysphere scripts are written by:
7 # Jameson Rollins <jrollins@finestructure.net>
8 # Jamie McClelland <jm@mayfirst.org>
9 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
11 # They are Copyright 2009, and are all released under the GPL,
15 # make the core and the sphere:
16 mkdir -p ${SYSDATADIR}/authentication
17 mkdir -p ${GNUPGHOME_SPHERE}
18 mkdir -p ${GNUPGHOME_CORE}
20 # deliberately replace the config files via truncation
21 # FIXME: should we be dumping to tmp files and then moving atomically?
22 cat >${GNUPGHOME_CORE}/gpg.conf <<EOF
23 # Monkeysphere trust core GnuPG configuration
24 # This file is maintained by the Monkeysphere software.
25 # Edits will be overwritten.
27 list-options show-uid-validity
30 cat >${GNUPGHOME_SPHERE}/gpg.conf <<EOF
31 # Monkeysphere trust sphere GnuPG configuration
32 # This file is maintained by the Monkeysphere software.
33 # Edits will be overwritten.
35 primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg
36 keyring ${GNUPGHOME_CORE}/pubring.gpg
38 list-options show-uid-validity
41 local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
43 if [ -z "$CORE_FPR" ] ; then
44 log info "Setting up Monkeysphere authentication trust core"
46 local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 | base64))
48 if gpg_core --gen-key --batch <<EOF
58 CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
59 if [ -z "$CORE_FPR" ] ; then
60 failure "Failed to find fingerprint of Monkeysphere authentication trust core!"
63 failure "Failed to create Monkeysphere authentication trust core!"
67 log verbose "This system has already set up the Monkeysphere authentication trust core"
71 # ensure that the authentication sphere checker has absolute ownertrust on the expected key.
72 printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
74 if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
75 if [ "$CORE_FPR:6:" != "$ORIG_TRUST" ] ; then
76 failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
79 failure "Could not get monkeysphere-authentication trust guidleines."
82 # ensure that we're using the extended trust model (1), and that
83 # our preferences are reasonable (i.e. 3 marginal OR 1 fully
84 # trusted certifications are sufficient to grant full validity.
85 if [ "1:3:1" != $(gpg_sphere --with-colons --fixed-list-mode --list-keys | head -n1 | grep ^tru: cut -f3,6,7 -d:) ] ; then
86 failure "monkeysphere-preference does not have the expected trust model settings"