From 2b07f52eaa10ff83fac10027a3b7ab921769c18b Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Sun, 21 Jun 2015 13:54:29 +0200 Subject: [PATCH 01/11] corrected the README for use of the keyring: prefix --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 452accc..e614978 100644 --- a/README.md +++ b/README.md @@ -151,10 +151,10 @@ administrative rights in one spore might have little or no rights in a different spore. `spore-disperse` can also be used to create GPG keyring of the users -with specific roles; this is done by specifying "keyrings:" in front +with specific roles; this is done by specifying "keyring:" in front of the output directory, as follows: - keyrings:/var/lib/production-keyrings/ + keyring:/var/lib/production-keyring/ The directory will be created, and keyrings will appear there based on the authorizations. From ffa71aff9aa04ba2f5cdb48818773f078b8a3027 Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Sun, 21 Jun 2015 15:27:49 +0200 Subject: [PATCH 02/11] added an CLI arg error condition when the user points to {dir} instead of {dir}/users --- bin/spore-disperse | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/spore-disperse b/bin/spore-disperse index f1f802e..6262e5b 100755 --- a/bin/spore-disperse +++ b/bin/spore-disperse @@ -237,6 +237,12 @@ function main() { echo "You must specify an existing directory to work with." return 2 fi + + if [[ -r "$spores/users" && -d "$spores/users" ]] ; then + echo "The first argument: \"$spores\" should point to \"$spores/users\" instead" + return 2 + fi + do_auth "${@}" } From b2485ad53add16ab966e24699430711583b94a7e Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Tue, 23 Jun 2015 17:26:58 +0200 Subject: [PATCH 03/11] added a nice script --- sbin/create-symlinks-usr-local-bin | 5 +++++ 1 file changed, 5 insertions(+) create mode 100755 sbin/create-symlinks-usr-local-bin diff --git a/sbin/create-symlinks-usr-local-bin b/sbin/create-symlinks-usr-local-bin new file mode 100755 index 0000000..4db055d --- /dev/null +++ b/sbin/create-symlinks-usr-local-bin @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +dir=$(dirname $0) +ln -s ${dirname}/../bin/disperse /usr/local/bin/disperse +ln -s ${dirname}/spore /usr/local/bin/spore +ln -s ${dirname}/spore-download-and-apply /usr/local/bin/spore-download-and-apply From 117f28c36da7ed5e551242d958b400cf33dbb060 Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Fri, 3 Jul 2015 12:24:42 +0200 Subject: [PATCH 04/11] correction --- sbin/create-symlinks-usr-local-bin | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/create-symlinks-usr-local-bin b/sbin/create-symlinks-usr-local-bin index 4db055d..8ff40dc 100755 --- a/sbin/create-symlinks-usr-local-bin +++ b/sbin/create-symlinks-usr-local-bin @@ -1,5 +1,5 @@ #!/usr/bin/env bash dir=$(dirname $0) -ln -s ${dirname}/../bin/disperse /usr/local/bin/disperse +ln -s ${dirname}/../bin/spore-disperse /usr/local/bin/spore-disperse ln -s ${dirname}/spore /usr/local/bin/spore ln -s ${dirname}/spore-download-and-apply /usr/local/bin/spore-download-and-apply From 79f2db24c04b77d23bc2d137be283e620332ae2d Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Sat, 4 Jul 2015 14:32:49 +0200 Subject: [PATCH 05/11] bugfixing --- sbin/create-symlinks-usr-local-bin | 128 ++++++++++++++++++++++++++++- 1 file changed, 124 insertions(+), 4 deletions(-) diff --git a/sbin/create-symlinks-usr-local-bin b/sbin/create-symlinks-usr-local-bin index 4db055d..2f6eaa1 100755 --- a/sbin/create-symlinks-usr-local-bin +++ b/sbin/create-symlinks-usr-local-bin @@ -1,5 +1,125 @@ #!/usr/bin/env bash -dir=$(dirname $0) -ln -s ${dirname}/../bin/disperse /usr/local/bin/disperse -ln -s ${dirname}/spore /usr/local/bin/spore -ln -s ${dirname}/spore-download-and-apply /usr/local/bin/spore-download-and-apply + +forceReplace=false + +function makeFilePathString() { + + local dirName=$1 + local fileName=$2 + + if [ -z $fileName ]; then + echo "$FUNCNAME requires fileName as the first parameter" 1>&2; + return 1 + fi + if [ -z $dirName ]; then + echo "$FUNCNAME requires dirName as the first parameter" 1>&2; + return 1 + fi + + echo "${dirName}/${fileName}" + +} + +function ensureSymLink() { + + local doCreate=false + local linkFileExists=false + local linkFileIsSymlink=false + local linkTargetIsCorrect=false + + + local linkPath=$1 + local linkTarget=$2 + + local currentTarget="" + + if [ -z $linkPath ]; then + echo "$FUNCNAME requires linkPath as the first parameter" 1>&2; + return 1 + fi + if [ -z $linkTarget ]; then + echo "$FUNCNAME requires linkTarget as the first parameter" 1>&2; + return 1 + fi + + echo "$1 $2" 1>&2; + + + + if [ -h "$linkPath" ]; then + linkFileExists=true + currentTarget="$(readlink $linkPath)" + if [[ "$currentTarget" == "$target_path" ]] ; then + echo "linkfile $linkPath: has correct target $currentTarget" 1>&2; + linkTargetIsCorrect=true + else + if [ ! "$forceReplace" = true ]; then + echo "linkfile $linkPath: has wrong target $currentTarget. consider using -f" 1>&2; + return 1 + else + echo "linkfile $linkPath: has wrong target $currentTarget" 1>&2; + fi + fi + else + if [ -f "$linkPath" ]; then + linkFileExists=true + if [ ! "$forceReplace" = true ]; then + echo "linkPath $linkPath is a regular file but must be a symlink. consider using -f" 1>&2; + return 1 + else + echo "linkPath $linkPath is a regular file but must be a symlink." 1>&2; + fi + else + if [ -d "$linkPath" ]; then + linkFileExists=true + if [ ! "$forceReplace" = true ]; then + echo "linkPath $linkPath is a directory bu must be a symlink. consider using -f" 1>&2; + return 1 + else + echo "linkPath $linkPath is a directory bu must be a symlink." 1>&2; + fi + fi + fi + fi + + + if [ "$linkFileExists" = true ]; then + if [ "$linkTargetIsCorrect" = true ]; then + ## all well + echo "linkfile $linkPath: happy with target $currentTarget" 1>&2; + return 0 + else + ## replace the link + echo "linkfile $linkPath: changing target $currentTarget to $linkTarget" 1>&2; + ln -f -s "$linkPath" "$linkTarget" + fi + else + echo "creating linkfile $linkPath pointing to $linkTarget" 1>&2; + ln -s "$linkPath" "$linkTarget" + fi + +} + +targetDirDefault="/usr/local/bin" + +disperseFileName="spore-disperse" +disperseFilePath=$(makeFilePathString "$targetDirDefault" "$disperseFileName") + +sporeFileName="spore" +sporeFilePath=$(makeFilePathString "$targetDirDefault" "$sporeFileName") + +downloadAndApplyFileName="spore-download-and-apply" +downloadAndApplyPath=$(makeFilePathString "$targetDirDefault" "$downloadAndApplyFileName") + + +if [[ "$1" == "-f" ]]; then + forceReplace=true +fi + +dirname=$(dirname $0) +cd ${dirname} +cd .. +sporehome=$(pwd) +ensureSymLink "$disperseFilePath" "${sporehome}/bin/spore-disperse" +ensureSymLink "$sporeFilePath" "${sporehome}/sbin/spore" +ensureSymLink "$downloadAndApplyPath" "${sporehome}/sbin/spore-download-and-apply" From a493780380913c45f80638f34fa5063bd49c77f6 Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Sat, 4 Jul 2015 14:33:49 +0200 Subject: [PATCH 06/11] bugfixing --- sbin/create-symlinks-usr-local-bin | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/create-symlinks-usr-local-bin b/sbin/create-symlinks-usr-local-bin index 2f6eaa1..5b20dbd 100755 --- a/sbin/create-symlinks-usr-local-bin +++ b/sbin/create-symlinks-usr-local-bin @@ -91,11 +91,11 @@ function ensureSymLink() { else ## replace the link echo "linkfile $linkPath: changing target $currentTarget to $linkTarget" 1>&2; - ln -f -s "$linkPath" "$linkTarget" + ln -f -s "$linkTarget" "$linkPath" fi else echo "creating linkfile $linkPath pointing to $linkTarget" 1>&2; - ln -s "$linkPath" "$linkTarget" + ln -s "$linkTarget" "$linkPath" fi } From 1c971c580ef516883cb92b37d36f6c23a27e0a5f Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Sat, 4 Jul 2015 14:45:55 +0200 Subject: [PATCH 07/11] bugfixing --- sbin/create-symlinks-usr-local-bin | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/sbin/create-symlinks-usr-local-bin b/sbin/create-symlinks-usr-local-bin index 5b20dbd..49eceb6 100755 --- a/sbin/create-symlinks-usr-local-bin +++ b/sbin/create-symlinks-usr-local-bin @@ -41,16 +41,12 @@ function ensureSymLink() { echo "$FUNCNAME requires linkTarget as the first parameter" 1>&2; return 1 fi - - echo "$1 $2" 1>&2; - if [ -h "$linkPath" ]; then linkFileExists=true currentTarget="$(readlink $linkPath)" - if [[ "$currentTarget" == "$target_path" ]] ; then - echo "linkfile $linkPath: has correct target $currentTarget" 1>&2; + if [ "$currentTarget" == "$linkTarget" ] ; then linkTargetIsCorrect=true else if [ ! "$forceReplace" = true ]; then @@ -85,8 +81,6 @@ function ensureSymLink() { if [ "$linkFileExists" = true ]; then if [ "$linkTargetIsCorrect" = true ]; then - ## all well - echo "linkfile $linkPath: happy with target $currentTarget" 1>&2; return 0 else ## replace the link @@ -94,7 +88,6 @@ function ensureSymLink() { ln -f -s "$linkTarget" "$linkPath" fi else - echo "creating linkfile $linkPath pointing to $linkTarget" 1>&2; ln -s "$linkTarget" "$linkPath" fi From bb7c3cebaac68ef4871918fcedfd3ffdecbcbbe6 Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Mon, 24 Aug 2015 11:42:33 +0200 Subject: [PATCH 08/11] correcting typo in error message --- sbin/spore-download-and-apply | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/spore-download-and-apply b/sbin/spore-download-and-apply index a6a0ca0..120ccd4 100755 --- a/sbin/spore-download-and-apply +++ b/sbin/spore-download-and-apply @@ -203,7 +203,7 @@ function do_verify_spores() { fi if ! grep -q "GOODSIG.*$spore_signee" $gpg_status ; then - log "Signature did not match requested signees. $(grep GOODSIGN $gpg_status)." + log "Signature did not match requested signees. $(grep GOODSIG $gpg_status)." rm $gpg_status return 1 fi From 36fa1e4ced714c31d0977fb6310eea2913c2c7ad Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Mon, 24 Aug 2015 12:03:53 +0200 Subject: [PATCH 09/11] changing GOODSIG to VALIDSIG --- sbin/spore-download-and-apply | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/spore-download-and-apply b/sbin/spore-download-and-apply index 120ccd4..d6c17c5 100755 --- a/sbin/spore-download-and-apply +++ b/sbin/spore-download-and-apply @@ -202,8 +202,8 @@ function do_verify_spores() { return 1 fi - if ! grep -q "GOODSIG.*$spore_signee" $gpg_status ; then - log "Signature did not match requested signees. $(grep GOODSIG $gpg_status)." + if ! grep -q "VALIDSIG.*$spore_signee" $gpg_status ; then + log "Signature did not match requested signees ($spore_signee). $(grep GOODSIG $gpg_status)." rm $gpg_status return 1 fi From 56d6cb62035b479bb442bcbdb24456ef1eee8008 Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Mon, 24 Aug 2015 12:04:19 +0200 Subject: [PATCH 10/11] correcting the error message as well --- sbin/spore-download-and-apply | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/spore-download-and-apply b/sbin/spore-download-and-apply index d6c17c5..ce70500 100755 --- a/sbin/spore-download-and-apply +++ b/sbin/spore-download-and-apply @@ -203,7 +203,7 @@ function do_verify_spores() { fi if ! grep -q "VALIDSIG.*$spore_signee" $gpg_status ; then - log "Signature did not match requested signees ($spore_signee). $(grep GOODSIG $gpg_status)." + log "Signature did not match requested signees ($spore_signee). $(grep VALIDSIG $gpg_status)." rm $gpg_status return 1 fi From 2d9ced35871ef81ad4cac21bbbdc762face30087 Mon Sep 17 00:00:00 2001 From: Thomas Velthoven Date: Mon, 24 Aug 2015 13:01:37 +0200 Subject: [PATCH 11/11] quiet in default operation to suppress syslog "(CRON) info (No MTA installed, discarding output)" --- sbin/spore-download-and-apply | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sbin/spore-download-and-apply b/sbin/spore-download-and-apply index ce70500..b15a783 100755 --- a/sbin/spore-download-and-apply +++ b/sbin/spore-download-and-apply @@ -69,29 +69,39 @@ apply_spores=0 download_spores=0 verify_spores=0 default_operation=1 +quiet=true while [ $# -gt 0 ] ; do if [ "$1" == "-a" ] ; then apply_spores=1 default_operation=0 + quiet=false shift; continue; fi if [ "$1" == "-d" ] ; then download_spores=1 default_operation=0 + quiet=false shift; continue; fi if [ "$1" == "-c" ] ; then check_consistency_of_spores=1 default_operation=0 + quiet=false shift; continue; fi if [ "$1" == "-v" ] ; then verify_spores=1 default_operation=0 + quiet=false + shift; + continue; + fi + if [ "$1" == "--verbose" ] ; then + quiet=false shift; continue; fi @@ -250,19 +260,19 @@ function do_check_consistency_of_spores() { if ! do_verify_spores ; then - echo "The currently downloaded spores can't be trusted." + $quiet || echo "The currently downloaded spores can't be trusted." exit 1 elif ! do_check_consistency_of_spores ; then - echo "The system does not adhere to the currently downloaded spores." + $quiet || echo "The system does not adhere to the currently downloaded spores." exit 1 elif ! do_download_spores ; then - echo "The spores have not changed." + $quiet || echo "The spores have not changed." exit 0 elif ! do_verify_spores ; then - echo "The downloaded spores can't be trusted." + $quiet || echo "The downloaded spores can't be trusted." exit 1 elif ! do_apply_spores ; then - echo "The spores failed to apply cleanly." + $quiet || echo "The spores failed to apply cleanly." exit 1 else exit 0