- some portability improvements
- properly handle translation of keys with fingerprints with leading
all-zero bytes.
- - resolve symlinks when checking paths (thanks Silvio Rhatto) (closes MS #917)
+ - resolve symlinks when checking paths (thanks Silvio Rhatto)
+ (closes MS #917)
+ - explicitly set and use MONKEYSPHERE_GROUP from system "groups"
+ (closes #534008)
* update Standard-Version to 3.8.1
- -- Jameson Graef Rollins <jrollins@finestructure.net> Mon, 29 Jun 2009 11:27:33 -0400
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 11 Jul 2009 16:06:09 -0400
monkeysphere (0.24-1) unstable; urgency=low
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(get_primary_group "$MONKEYSPHERE_USER")
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS}
RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS}
export LOG_LEVEL
export KEYSERVER
export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
export PROMPT
export CHECK_KEYSERVER
export REQUIRED_USER_KEY_CAPABILITY
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(get_primary_group "$MONKEYSPHERE_USER")
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
# other variables
export KEYSERVER
export CHECK_KEYSERVER
export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
export PROMPT
export GNUPGHOME_HOST
export GNUPGHOME
eval "echo ~${uname}"
}
+# return the primary group of a user
+get_primary_group() {
+ local uname=${1:-`whoami`}
+ groups "$uname" | sed 's/^..* : //' | awk '{ print $1 }'
+}
+
### CONVERSION UTILITIES
# output the ssh key for a given key ID
log debug "checking authentication directory structure..."
mkdir -p "${MADATADIR}"
chmod 0750 "${MADATADIR}"
- chgrp "$MONKEYSPHERE_USER" "${MADATADIR}"
+ chgrp "$MONKEYSPHERE_GROUP" "${MADATADIR}"
mkdir -p "${MATMPDIR}"
chmod 0750 "${MATMPDIR}"
- chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}"
+ chgrp "$MONKEYSPHERE_GROUP" "${MATMPDIR}"
mkdir -p "${GNUPGHOME_CORE}"
chmod 0700 "${GNUPGHOME_CORE}"
mkdir -p "${GNUPGHOME_SPHERE}"
# make sure the monkeysphere user owns everything in the sphere
# gnupghome
log debug "fixing sphere gnupg home ownership..."
- chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
+ chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
# get fingerprint of core key. this should be empty on unconfigured systems.
local CORE_FPR=$(core_fingerprint)
# fix permissions and ownership on temporary directory which will
# be used by monkeysphere user for storing the downloaded key
chmod 0700 "$tmpDir"
- chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir"
+ chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"
# download the key from the keyserver as the monkeysphere user
log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
# create a temporary gnupg directory from which to publish the key
export GNUPGHOME=$(msmktempdir)
chmod 0700 "$GNUPGHOME"
-chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME"
+chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME"
# trap to remove tmp dir if break
trap "rm -rf $GNUPGHOME" EXIT
projects / monkeysphere.git / commitdiff