testing: tighten up the umask before sshd launch, so that the socket is not exposed...

[monkeysphere.git] / tests / basic

diff --git a/tests/basic b/tests/basic
index 393bcc22845e50b9cf61e65a83aa386322f17490..d82719df8ad9d1d4bf103e635a9e7c375a021682 100755 (executable)
--- a/tests/basic
+++ b/tests/basic
@@ -20,6 +20,7 @@ gpgadmin() {
 }
 
 launch_sshd() {
+    umask 0077
     socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
     export SSHD_PID=$!
 
@@ -42,6 +43,14 @@ failed_cleanup() {
     cleanup
 }
 
+get_gpg_prng_arg() {
+    if (gpg --quick-random --version >/dev/null 2>&1) ; then
+       echo quick-random
+    elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
+       echo debug-quick-random
+    fi
+}
+
 cleanup() {
     if [ "$SSHD_PID" ] && ( ps "$SSHD_PID" >/dev/null ) ; then 
        echo "### stopping still-running sshd..."
@@ -99,6 +108,8 @@ cat <<EOF >> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
 KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
 EOF
 
+get_gpg_prng_arg >> "$TEMPDIR"/testuser/.gnupg/gpg.conf
+
 # set up a simple default monkeysphere-server.conf
 cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf
 AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids"
@@ -118,7 +129,7 @@ EOF
 # create a new host key
 echo "### generating server key..."
 # add gpg.conf with quick-random
-echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
+get_gpg_prng_arg >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
 echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost
 # remove the gpg.conf
 rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf