X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Ftransitions%2F0.23;h=b0c967ac08a97ea3b740f7d3e3f6e305f3fade97;hb=26527731b6b1bbeaa9e2e8a0507c52ca164803ed;hp=f09dfff4489af8a4d5162e43e73552ffa4864e75;hpb=16161f54955fda7bf71e3d8bc9ffc192b98f5a4f;p=monkeysphere.git diff --git a/src/transitions/0.23 b/src/transitions/0.23 index f09dfff..b0c967a 100755 --- a/src/transitions/0.23 +++ b/src/transitions/0.23 @@ -21,6 +21,7 @@ set -e SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} +SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} MADATADIR="${SYSDATADIR}/authentication" MHDATADIR="${SYSDATADIR}/host" @@ -43,6 +44,13 @@ is_domain_name() { printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$' } + +# move the old server conf file to be the authentication conf file +if [ -f "$SYSCONFIGDIR"/monkeysphere-server.conf -a \ + ! -f "$SYSCONFIGDIR"/monkeysphere-authentication.conf ] ; then + mv "$SYSCONFIGDIR"/monkeysphere-server.conf "$SYSCONFIGDIR"/monkeysphere-authentication.conf +fi + # run the authentication setup (this is also the first chance to bail # if 0.23 is not fully-installed, because m-a did not exist before # 0.23) @@ -143,14 +151,37 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then + FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' ) + # create host home - mkdir -p "${MHDATADIR}" - chmod 0700 "${MHDATADIR}" + mkdir -p $(dirname "$MHDATADIR") + NEWDATADIR=$(mktemp -d "${MHDATADIR}.XXXXXX") + chmod 0700 "${NEWDATADIR}" log "importing host key from old monkeysphere installation\n" - GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys | \ - GNUPGHOME="$MHDATADIR" gpg --quiet --no-tty --import + +# export from the pubring as well as the that new (non-expired) +# self-sigs are available, otherwise the secret key import may fail + +# FIXME: turns out the secret key import fails anyway, stupidly :( + +# FIXME: if all self-sigs are expired, then the secret key import may +# fail anyway. How should we deal with that? + if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export-secret-keys && \ + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --no-permission-warning --export "$FPR") | \ + GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --import ; then + : we are in good shape! + else + if ! GNUPGHOME="$NEWDATADIR" gpg --list-secret-key >/dev/null ; then + log "The old host key (%s) was not imported properly.\n" "$FPR" + exit 1 + fi + fi + + # if we get here cleanly, then we're OK to move forward: + mv "$NEWDATADIR" "$MHDATADIR" + monkeysphere-host update-gpg-pub-file else log "No host key found in old monkeysphere install; not importing any host key.\n" @@ -172,7 +203,8 @@ fi if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --no-permission-warning --export | \ - monkeysphere-authentication gpg-cmd --import + monkeysphere-authentication gpg-cmd --import || \ + log "No OpenPGP certificates imported into monkeysphere-authentication trust sphere.\n" mkdir -p "$STASHDIR" chmod 0700 "$STASHDIR"