set -e
SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
MADATADIR="${SYSDATADIR}/authentication"
MHDATADIR="${SYSDATADIR}/host"
printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$'
}
+
+# move the old server conf file to be the authentication conf file
+if [ -f "$SYSCONFIGDIR"/monkeysphere-server.conf -a \
+ ! -f "$SYSCONFIGDIR"/monkeysphere-authentication.conf ] ; then
+ mv "$SYSCONFIGDIR"/monkeysphere-server.conf "$SYSCONFIGDIR"/monkeysphere-authentication.conf
+fi
+
# run the authentication setup (this is also the first chance to bail
# if 0.23 is not fully-installed, because m-a did not exist before
# 0.23)
# one of those certifications (even if later
# certifications had different parameters).
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --fingerprint --with-colons --fixed-list-mode --check-sigs | \
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \
cut -f 1,2,5,8,9,10 -d: | \
egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX)
log "Adding identity certifier with fingerprint %s\n" "$keyfpr"
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export "0x$keyfpr" --export-clean >"$CERTKEY"
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY"
MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY"
rm -f "$CERTKEY"
# clear the fingerprint so that we don't
# make additional tsigs on it if more uids
# are present:
- $keyfpr=
+ keyfpr=
fi
;;
esac
log "Not transferring host key info because host directory already exists.\n"
else
if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --with-colons --list-secret-keys | grep -q '^sec:' ; then
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then
+
+ FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' )
# create host home
mkdir -p "${MHDATADIR}"
chmod 0700 "${MHDATADIR}"
log "importing host key from old monkeysphere installation\n"
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-secret-keys \
- GNUPGHOME="$MHDATADIR" gpg --import
+
+# export from the pubring as well as the that new (non-expired)
+# self-sigs are available, otherwise the secret key import may fail
+
+# FIXME: turns out the secret key import fails anyway, stupidly :(
+
+# FIXME: if all self-sigs are expired, then the secret key import may
+# fail anyway. How should we deal with that?
+
+ (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export $FPR) | \
+ GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import
monkeysphere-host update-gpg-pub-file
else
# the new authentication keyring.
if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then
- GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --export | \
+ GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --no-permission-warning --export | \
monkeysphere-authentication gpg-cmd --import
mkdir -p "$STASHDIR"
projects / monkeysphere.git / blobdiff