X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Ftransitions%2F0.23;h=67d1f63527255dd066374acc46a5fbff053b084c;hb=6a8ca11c71b55becac131b58caa27e8d69696587;hp=6cbf99522317856677682730517559ea02c8d82c;hpb=6476671df265a673b678ee692d5010202bc519d6;p=monkeysphere.git diff --git a/src/transitions/0.23 b/src/transitions/0.23 index 6cbf995..67d1f63 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -21,6 +21,7 @@ set -e SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} +SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} MADATADIR="${SYSDATADIR}/authentication" MHDATADIR="${SYSDATADIR}/host" @@ -43,6 +44,13 @@ is_domain_name() { printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$' } + +# move the old server conf file to be the authentication conf file +if [ -f "$SYSCONFIGDIR"/monkeysphere-server.conf -a \ + ! -f "$SYSCONFIGDIR"/monkeysphere-authentication.conf ] ; then + mv "$SYSCONFIGDIR"/monkeysphere-server.conf "$SYSCONFIGDIR"/monkeysphere-authentication.conf +fi + # run the authentication setup (this is also the first chance to bail # if 0.23 is not fully-installed, because m-a did not exist before # 0.23) @@ -121,7 +129,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX) log "Adding identity certifier with fingerprint %s\n" "$keyfpr" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-clean >"$CERTKEY" + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY" MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY" rm -f "$CERTKEY" # clear the fingerprint so that we don't @@ -143,13 +151,25 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then + FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' ) + # create host home mkdir -p "${MHDATADIR}" chmod 0700 "${MHDATADIR}" log "importing host key from old monkeysphere installation\n" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \ - GNUPGHOME="$MHDATADIR" gpg --import + +# export from the pubring as well as the that new (non-expired) +# self-sigs are available, otherwise the secret key import may fail + +# FIXME: turns out the secret key import fails anyway, stupidly :( + +# FIXME: if all self-sigs are expired, then the secret key import may +# fail anyway. How should we deal with that? + + (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \ + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export $FPR) | \ + GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import monkeysphere-host update-gpg-pub-file else @@ -171,7 +191,7 @@ fi # the new authentication keyring. if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then - GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --export | \ + GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --no-permission-warning --export | \ monkeysphere-authentication gpg-cmd --import mkdir -p "$STASHDIR"