- fix reference to MONKEYSPHERE_USER for GNUPGHOME_SPHERE
- break out core_fingerprint function
- export core key to sphere keyring (necessary)
- fix some logging (add more debug) and formatting
GNUPGHOME="$GNUPGHOME_CORE"
export GNUPGHOME
GNUPGHOME="$GNUPGHOME_CORE"
export GNUPGHOME
- # NOTE: we supress this warning because we need the monkeysphere
- # user to be able to read the host pubring. we realize this might
- # be problematic, but it's the simplest solution, without too much
- # loss of security.
gpg "$@"
}
# function to interact with the gpg sphere keyring
gpg "$@"
}
# function to interact with the gpg sphere keyring
-# FIXME: this function requires basically accepts only a single
-# argument because of problems with quote expansion. this needs to be
-# fixed/improved.
+# FIXME: this function requires only a single argument because of
+# problems with quote expansion. this needs to be fixed/improved.
gpg_sphere() {
GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME
gpg_sphere() {
GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME
su_monkeysphere_user "gpg $@"
}
su_monkeysphere_user "gpg $@"
}
+# load the core fingerprint into the fingerprint variable, using the
+# gpg host secret key
+core_fingerprint() {
+ log debug "determining core key fingerprint..."
+ gpg_core --quiet --list-secret-key \
+ --with-colons --fixed-list-mode --with-fingerprint \
+ | grep ^fpr: | cut -d: -f10
+}
+
# export signatures from core to sphere
gpg_core_sphere_sig_transfer() {
# export signatures from core to sphere
gpg_core_sphere_sig_transfer() {
+ log debug "exporting core local sigs to sphere..."
gpg_core --export-options export-local-sigs --export | \
gpg_sphere --import-options import-local-sigs --import
}
gpg_core --export-options export-local-sigs --export | \
gpg_sphere --import-options import-local-sigs --import
}
# deliberately replace the config files via truncation
# FIXME: should we be dumping to tmp files and then moving atomically?
# deliberately replace the config files via truncation
# FIXME: should we be dumping to tmp files and then moving atomically?
+ log debug "write core gpg.conf..."
cat >"${GNUPGHOME_CORE}"/gpg.conf <<EOF
# Monkeysphere trust core GnuPG configuration
# This file is maintained by the Monkeysphere software.
cat >"${GNUPGHOME_CORE}"/gpg.conf <<EOF
# Monkeysphere trust core GnuPG configuration
# This file is maintained by the Monkeysphere software.
no-greeting
list-options show-uid-validity
EOF
no-greeting
list-options show-uid-validity
EOF
+
+ log debug "write sphere gpg.conf..."
cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
# Monkeysphere trust sphere GnuPG configuration
# This file is maintained by the Monkeysphere software.
cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
# Monkeysphere trust sphere GnuPG configuration
# This file is maintained by the Monkeysphere software.
# make sure the monkeysphere user owns everything in the sphere
# gnupghome
# make sure the monkeysphere user owns everything in the sphere
# gnupghome
- chown -R "$MONKEYPSHERE_USER" "${GNUPGHOME_SPHERE}"
- chgrp -R "$MONKEYPSHERE_USER" "${GNUPGHOME_SPHERE}"
+ log debuf "fix sphere gnupg home ownership..."
+ chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
+ chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
# get fingerprint of core key. this should be empty on unconfigured systems.
# get fingerprint of core key. this should be empty on unconfigured systems.
- local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
+ local CORE_FPR=$(core_fingerprint)
+ log debug "core fingerprint: $CORE_FPR"
if [ -z "$CORE_FPR" ] ; then
if [ -z "$CORE_FPR" ] ; then
- log info "Setting up Monkeysphere authentication trust core..."
+ log info "setting up Monkeysphere authentication trust core..."
local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64))
log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64))
log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
- PEM2OPENPGP_USAGE_FLAGS=certify PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core"
+ PEM2OPENPGP_USAGE_FLAGS=certify \
+ PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
+ | gpg_core --import \
+ || failure "Could not import new key for Monkeysphere authentication trust core"
# get fingerprint of core key. should definitely not be empty at this point
# get fingerprint of core key. should definitely not be empty at this point
- log debug "get core key fingerprint..."
- CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
+ CORE_FPR=$(core_fingerprint)
+ log debug "core fingerprint: $CORE_FPR"
if [ -z "$CORE_FPR" ] ; then
failure "Failed to create Monkeysphere authentication trust core!"
fi
if [ -z "$CORE_FPR" ] ; then
failure "Failed to create Monkeysphere authentication trust core!"
fi
log verbose "This system has already set up the Monkeysphere authentication trust core."
fi
log verbose "This system has already set up the Monkeysphere authentication trust core."
fi
+ # export the core key to the sphere keyring
+ log debug "export core pub key to sphere keyring..."
+ gpg_core --export | gpg_sphere --import
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
log debug "set ultimate owner trust on core key in gpg_sphere..."
printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
log debug "set ultimate owner trust on core key in gpg_sphere..."
printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
+ gpg_sphere --export-ownertrust | log debug
+
+ # check the owner trust
log debug "check gpg_sphere owner trust set properly..."
log debug "check gpg_sphere owner trust set properly..."
if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
# ensure that we're using the extended trust model (1), and that
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
# ensure that we're using the extended trust model (1), and that
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
- log debug "check trust level of core key..."
+ log debug "checking trust level of core key..."
local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
- log debug "trust level: $TRUST_LEVEL"
+ log debug "sphere trust level of core: $TRUST_LEVEL"
if [ "$TRUST_LEVEL" != '1:3:1' ] ; then
failure "monkeysphere-authentication does not have the expected trust model settings."
fi
if [ "$TRUST_LEVEL" != '1:3:1' ] ; then
failure "monkeysphere-authentication does not have the expected trust model settings."
fi