diff --git a/README.md b/README.md index 452accc..e614978 100644 --- a/README.md +++ b/README.md @@ -151,10 +151,10 @@ administrative rights in one spore might have little or no rights in a different spore. `spore-disperse` can also be used to create GPG keyring of the users -with specific roles; this is done by specifying "keyrings:" in front +with specific roles; this is done by specifying "keyring:" in front of the output directory, as follows: - keyrings:/var/lib/production-keyrings/ + keyring:/var/lib/production-keyring/ The directory will be created, and keyrings will appear there based on the authorizations. diff --git a/bin/spore-disperse b/bin/spore-disperse index f1f802e..6262e5b 100755 --- a/bin/spore-disperse +++ b/bin/spore-disperse @@ -237,6 +237,12 @@ function main() { echo "You must specify an existing directory to work with." return 2 fi + + if [[ -r "$spores/users" && -d "$spores/users" ]] ; then + echo "The first argument: \"$spores\" should point to \"$spores/users\" instead" + return 2 + fi + do_auth "${@}" } diff --git a/sbin/create-symlinks-usr-local-bin b/sbin/create-symlinks-usr-local-bin new file mode 100755 index 0000000..49eceb6 --- /dev/null +++ b/sbin/create-symlinks-usr-local-bin @@ -0,0 +1,118 @@ +#!/usr/bin/env bash + +forceReplace=false + +function makeFilePathString() { + + local dirName=$1 + local fileName=$2 + + if [ -z $fileName ]; then + echo "$FUNCNAME requires fileName as the first parameter" 1>&2; + return 1 + fi + if [ -z $dirName ]; then + echo "$FUNCNAME requires dirName as the first parameter" 1>&2; + return 1 + fi + + echo "${dirName}/${fileName}" + +} + +function ensureSymLink() { + + local doCreate=false + local linkFileExists=false + local linkFileIsSymlink=false + local linkTargetIsCorrect=false + + + local linkPath=$1 + local linkTarget=$2 + + local currentTarget="" + + if [ -z $linkPath ]; then + echo "$FUNCNAME requires linkPath as the first parameter" 1>&2; + return 1 + fi + if [ -z $linkTarget ]; then + echo "$FUNCNAME requires linkTarget as the first parameter" 1>&2; + return 1 + fi + + + if [ -h "$linkPath" ]; then + linkFileExists=true + currentTarget="$(readlink $linkPath)" + if [ "$currentTarget" == "$linkTarget" ] ; then + linkTargetIsCorrect=true + else + if [ ! "$forceReplace" = true ]; then + echo "linkfile $linkPath: has wrong target $currentTarget. consider using -f" 1>&2; + return 1 + else + echo "linkfile $linkPath: has wrong target $currentTarget" 1>&2; + fi + fi + else + if [ -f "$linkPath" ]; then + linkFileExists=true + if [ ! "$forceReplace" = true ]; then + echo "linkPath $linkPath is a regular file but must be a symlink. consider using -f" 1>&2; + return 1 + else + echo "linkPath $linkPath is a regular file but must be a symlink." 1>&2; + fi + else + if [ -d "$linkPath" ]; then + linkFileExists=true + if [ ! "$forceReplace" = true ]; then + echo "linkPath $linkPath is a directory bu must be a symlink. consider using -f" 1>&2; + return 1 + else + echo "linkPath $linkPath is a directory bu must be a symlink." 1>&2; + fi + fi + fi + fi + + + if [ "$linkFileExists" = true ]; then + if [ "$linkTargetIsCorrect" = true ]; then + return 0 + else + ## replace the link + echo "linkfile $linkPath: changing target $currentTarget to $linkTarget" 1>&2; + ln -f -s "$linkTarget" "$linkPath" + fi + else + ln -s "$linkTarget" "$linkPath" + fi + +} + +targetDirDefault="/usr/local/bin" + +disperseFileName="spore-disperse" +disperseFilePath=$(makeFilePathString "$targetDirDefault" "$disperseFileName") + +sporeFileName="spore" +sporeFilePath=$(makeFilePathString "$targetDirDefault" "$sporeFileName") + +downloadAndApplyFileName="spore-download-and-apply" +downloadAndApplyPath=$(makeFilePathString "$targetDirDefault" "$downloadAndApplyFileName") + + +if [[ "$1" == "-f" ]]; then + forceReplace=true +fi + +dirname=$(dirname $0) +cd ${dirname} +cd .. +sporehome=$(pwd) +ensureSymLink "$disperseFilePath" "${sporehome}/bin/spore-disperse" +ensureSymLink "$sporeFilePath" "${sporehome}/sbin/spore" +ensureSymLink "$downloadAndApplyPath" "${sporehome}/sbin/spore-download-and-apply" diff --git a/sbin/spore-download-and-apply b/sbin/spore-download-and-apply index a6a0ca0..b15a783 100755 --- a/sbin/spore-download-and-apply +++ b/sbin/spore-download-and-apply @@ -69,29 +69,39 @@ apply_spores=0 download_spores=0 verify_spores=0 default_operation=1 +quiet=true while [ $# -gt 0 ] ; do if [ "$1" == "-a" ] ; then apply_spores=1 default_operation=0 + quiet=false shift; continue; fi if [ "$1" == "-d" ] ; then download_spores=1 default_operation=0 + quiet=false shift; continue; fi if [ "$1" == "-c" ] ; then check_consistency_of_spores=1 default_operation=0 + quiet=false shift; continue; fi if [ "$1" == "-v" ] ; then verify_spores=1 default_operation=0 + quiet=false + shift; + continue; + fi + if [ "$1" == "--verbose" ] ; then + quiet=false shift; continue; fi @@ -202,8 +212,8 @@ function do_verify_spores() { return 1 fi - if ! grep -q "GOODSIG.*$spore_signee" $gpg_status ; then - log "Signature did not match requested signees. $(grep GOODSIGN $gpg_status)." + if ! grep -q "VALIDSIG.*$spore_signee" $gpg_status ; then + log "Signature did not match requested signees ($spore_signee). $(grep VALIDSIG $gpg_status)." rm $gpg_status return 1 fi @@ -250,19 +260,19 @@ function do_check_consistency_of_spores() { if ! do_verify_spores ; then - echo "The currently downloaded spores can't be trusted." + $quiet || echo "The currently downloaded spores can't be trusted." exit 1 elif ! do_check_consistency_of_spores ; then - echo "The system does not adhere to the currently downloaded spores." + $quiet || echo "The system does not adhere to the currently downloaded spores." exit 1 elif ! do_download_spores ; then - echo "The spores have not changed." + $quiet || echo "The spores have not changed." exit 0 elif ! do_verify_spores ; then - echo "The downloaded spores can't be trusted." + $quiet || echo "The downloaded spores can't be trusted." exit 1 elif ! do_apply_spores ; then - echo "The spores failed to apply cleanly." + $quiet || echo "The spores failed to apply cleanly." exit 1 else exit 0