X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fma%2Fsetup;h=263e5ca6868c407e9e139c9efe623f2b4487d801;hb=44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29;hp=abce3af4e45dd0f5b819ed763be6b6bf9d9206d9;hpb=98ee387a0ba4b15fe80cfcd7828127ff8ae9518d;p=monkeysphere.git

diff --git a/src/share/ma/setup b/src/share/ma/setup
index abce3af..263e5ca 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -12,10 +12,14 @@
 # version 3 or later.
 
 setup() {
-    # make the core and the sphere:
-    mkdir -p "${SYSDATADIR}"/authentication
-    mkdir -p "${GNUPGHOME_SPHERE}"
+    # make all needed directories
+    mkdir -p "${MADATADIR}"
+    mkdir -p "${MATMPDIR}"
     mkdir -p "${GNUPGHOME_CORE}"
+    chmod 700 "${GNUPGHOME_CORE}"
+    mkdir -p "${GNUPGHOME_SPHERE}"
+    chmod 700 "${GNUPGHOME_SPHERE}"
+    mkdir -p "${MADATADIR}"/authorized_keys
 
     # deliberately replace the config files via truncation
     # FIXME: should we be dumping to tmp files and then moving atomically?
@@ -33,12 +37,15 @@ EOF
 # Edits will be overwritten.
 no-greeting
 primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg
-keyring ${GNUPGHOME_CORE}/pubring.gpg
-
 list-options show-uid-validity
 EOF
 
-    # fingerprint of core key.  this should be empty on unconfigured systems.
+    # make sure the monkeysphere user owns everything in th sphere
+    # gnupghome
+    chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}"
+    chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}"
+
+    # get fingerprint of core key.  this should be empty on unconfigured systems.
     local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
 
     if [ -z "$CORE_FPR" ] ; then
@@ -46,14 +53,17 @@ EOF
 
 	local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64))
     
-	local TMPLOC=$(mktemp -d ${MATMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
-	ssh-keygen -q -b 2048 -t rsa -N'' "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
+	local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
 
+	# generate the key with ssh-keygen...
+	ssh-keygen -q -b 1024 -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
+	# and then translate to openpgp encoding and import
 	# FIXME: pem2openpgp currently sets the A flag and a short
 	# expiration date.  We should set the C flag and no expiration
 	# date.
-	< "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core"
+	< "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core"
 
+	# get fingerprint of core key.  should definitely not be empty at this point
 	CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
 	if [ -z "$CORE_FPR" ] ; then
 	    failure "Failed to create Monkeysphere authentication trust core!"