From 924d4c617c5f5edcabb630521f0c97436f6f1cb7 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 15 Sep 2008 11:36:27 -0700 Subject: [PATCH] Start changes to move gpg.conf files into /etc/monkeysphere. --- debian/monkeysphere.postinst | 16 +++++----------- etc/gnupg-authentication.conf | 8 ++++++++ etc/gnupg-host.conf | 3 +++ etc/monkeysphere-server.conf | 9 +++------ man/man8/monkeysphere-server.8 | 12 +++++++++--- 5 files changed, 28 insertions(+), 20 deletions(-) create mode 100644 etc/gnupg-authentication.conf create mode 100644 etc/gnupg-host.conf diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst index 981c9df..bd3062f 100755 --- a/debian/monkeysphere.postinst +++ b/debian/monkeysphere.postinst @@ -5,6 +5,7 @@ # Author: Jameson Rollins # Copyright 2008 +ETC="/etc/monkeysphere" VARLIB="/var/lib/monkeysphere" if ! getent passwd monkeysphere >/dev/null ; then @@ -18,17 +19,10 @@ fi # install host gnupg home directory install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host -# install host gpg.conf -cat < "$VARLIB"/gnupg-host/gpg.conf -list-options show-uid-validity -EOF +# link in the gpg.conf +ln -s "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf # install authentication gnupg home directory install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication -# install authentication gpg.conf -cat < "$VARLIB"/gnupg-authentication/gpg.conf -list-options show-uid-validity -primary-keyring $VARLIB/gnupg-authentication/pubring.gpg -keyring $VARLIB/gnupg-host/pubring.gpg -EOF -chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf +# link in the gpg.conf +ln -s "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf diff --git a/etc/gnupg-authentication.conf b/etc/gnupg-authentication.conf new file mode 100644 index 0000000..760c5e3 --- /dev/null +++ b/etc/gnupg-authentication.conf @@ -0,0 +1,8 @@ +# Monkeysphere authentication GNUPG home gpg.conf + +primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg +keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg + +keyserver hkp://pgp.mit.edu + +list-options show-uid-validity diff --git a/etc/gnupg-host.conf b/etc/gnupg-host.conf new file mode 100644 index 0000000..c450910 --- /dev/null +++ b/etc/gnupg-host.conf @@ -0,0 +1,3 @@ +# Monkeysphere host GNUPG home gpg.conf + +list-options show-uid-validity diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf index c001f2d..adbac7e 100644 --- a/etc/monkeysphere-server.conf +++ b/etc/monkeysphere-server.conf @@ -6,13 +6,13 @@ # prefeced by "MONKEYSPHERE_" will take precedence over the values # specified here. +# User who controls the monkeysphere authentication keyring. +#MONKEYSPHERE_USER=monkeysphere + # Log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing order # of verbosity. #LOG_LEVEL=INFO -# GPG keyserver to search for keys. -#KEYSERVER=subkeys.pgp.net - # Path to authorized_user_ids file to process to create # authorized_keys file. '%h' will be replaced by the home directory # of the user, and %u will be replaced by the username of the user. @@ -27,6 +27,3 @@ # FIXME: this usage of "-" contravenes the normal convention where "-" # means standard in/out. Why not use "none" or "" instead? #RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" - -# User who controls the monkeysphere authentication keyring. -#MONKEYSPHERE_USER=monkeysphere diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index c905f2f..d25f0e8 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -185,6 +185,9 @@ The following environment variables will override those specified in the monkeysphere-server.conf configuration file (defaults in parentheses): .TP +MONKEYSPHERE_MONKEYSPHERE_USER +User to control authentication keychain (monkeysphere). +.TP MONKEYSPHERE_LOG_LEVEL Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in increasing order of verbosity. @@ -199,9 +202,6 @@ Path to user authorized_user_ids file MONKEYSPHERE_RAW_AUTHORIZED_KEYS Path to user-controlled authorized_keys file. `-' means not to add user-controlled file (%h/.ssh/authorized_keys). -.TP -MONKEYSPHERE_MONKEYSPHERE_USER -User to control authentication keychain (monkeysphere). .SH FILES @@ -212,6 +212,12 @@ System monkeysphere-server config file. /etc/monkeysphere/monkeysphere.conf System-wide monkeysphere config file. .TP +/etc/monkeysphere/gnupg-host.conf +Monkeysphere host GNUPG home gpg.conf +.TP +/etc/monkeysphere/gnupg-authentication.conf +Monkeysphere authentication GNUPG home gpg.conf +.TP /var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. .TP -- 2.25.1