X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fshare%2Fma%2Fsetup;h=263e5ca6868c407e9e139c9efe623f2b4487d801;hb=44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29;hp=672a960f58758cee6fc649e35096056bff92db73;hpb=89e447e2001c0406fab6d2e6ca300a19d492435b;p=monkeysphere.git diff --git a/src/share/ma/setup b/src/share/ma/setup index 672a960..263e5ca 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -15,8 +15,11 @@ setup() { # make all needed directories mkdir -p "${MADATADIR}" mkdir -p "${MATMPDIR}" - mkdir -p "${GNUPGHOME_SPHERE}" mkdir -p "${GNUPGHOME_CORE}" + chmod 700 "${GNUPGHOME_CORE}" + mkdir -p "${GNUPGHOME_SPHERE}" + chmod 700 "${GNUPGHOME_SPHERE}" + mkdir -p "${MADATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? @@ -34,12 +37,15 @@ EOF # Edits will be overwritten. no-greeting primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg -keyring ${GNUPGHOME_CORE}/pubring.gpg - list-options show-uid-validity EOF - # fingerprint of core key. this should be empty on unconfigured systems. + # make sure the monkeysphere user owns everything in th sphere + # gnupghome + chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then @@ -55,9 +61,9 @@ EOF # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" - gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key + # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then failure "Failed to create Monkeysphere authentication trust core!"