made transitions/0.23 a little bit more resilient; made it so that running again...

[monkeysphere.git] / src / transitions / 0.23

diff --git a/src/transitions/0.23 b/src/transitions/0.23
index f09dfff4489af8a4d5162e43e73552ffa4864e75..b0c967ac08a97ea3b740f7d3e3f6e305f3fade97 100755 (executable)
--- a/src/transitions/0.23
+++ b/src/transitions/0.23
@@ -21,6 +21,7 @@
 set -e
 
 SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
 
 MADATADIR="${SYSDATADIR}/authentication"
 MHDATADIR="${SYSDATADIR}/host"
@@ -43,6 +44,13 @@ is_domain_name() {
     printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$'
 }
 
+
+# move the old server conf file to be the authentication conf file
+if [ -f "$SYSCONFIGDIR"/monkeysphere-server.conf -a \
+    ! -f "$SYSCONFIGDIR"/monkeysphere-authentication.conf ] ; then
+    mv "$SYSCONFIGDIR"/monkeysphere-server.conf "$SYSCONFIGDIR"/monkeysphere-authentication.conf
+fi
+
 # run the authentication setup (this is also the first chance to bail
 # if 0.23 is not fully-installed, because m-a did not exist before
 # 0.23)
@@ -143,14 +151,37 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
        if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
            GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then
            
+           FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' )
+           
        # create host home
-           mkdir -p "${MHDATADIR}"
-           chmod 0700 "${MHDATADIR}"
+           mkdir -p $(dirname "$MHDATADIR")
+           NEWDATADIR=$(mktemp -d "${MHDATADIR}.XXXXXX")
+           chmod 0700 "${NEWDATADIR}"
            
            log "importing host key from old monkeysphere installation\n"
-           GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \
-               GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import
+
+# export from the pubring as well as the that new (non-expired)
+# self-sigs are available, otherwise the secret key import may fail
+
+# FIXME: turns out the secret key import fails anyway, stupidly :(
+
+# FIXME: if all self-sigs are expired, then the secret key import may
+# fail anyway. How should we deal with that?
            
+           if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \
+               GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "$FPR") | \
+               GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --import ; then
+               : we are in good shape!
+           else
+               if ! GNUPGHOME="$NEWDATADIR" gpg --list-secret-key >/dev/null ; then
+                   log "The old host key (%s) was not imported properly.\n" "$FPR"
+                   exit 1
+               fi
+           fi
+               
+           # if we get here cleanly, then we're OK to move forward:
+           mv "$NEWDATADIR" "$MHDATADIR"
+
            monkeysphere-host update-gpg-pub-file
        else
            log "No host key found in old monkeysphere install; not importing any host key.\n"
@@ -172,7 +203,8 @@ fi
 if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then
 
     GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --no-permission-warning --export | \
-       monkeysphere-authentication gpg-cmd --import
+       monkeysphere-authentication gpg-cmd --import || \
+       log "No OpenPGP certificates imported into monkeysphere-authentication trust sphere.\n"
 
     mkdir -p "$STASHDIR"
     chmod 0700 "$STASHDIR"