Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

corrected the README for use of the keyring: prefix #1

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -151,10 +151,10 @@ administrative rights in one spore might have little or no rights in
a different spore.

`spore-disperse` can also be used to create GPG keyring of the users
with specific roles; this is done by specifying "keyrings:" in front
with specific roles; this is done by specifying "keyring:" in front
of the output directory, as follows:

keyrings:/var/lib/production-keyrings/
keyring:/var/lib/production-keyring/

The directory will be created, and keyrings will appear there based
on the authorizations.
Expand Down
6 changes: 6 additions & 0 deletions bin/spore-disperse
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,12 @@ function main() {
echo "You must specify an existing directory to work with."
return 2
fi

if [[ -r "$spores/users" && -d "$spores/users" ]] ; then
echo "The first argument: \"$spores\" should point to \"$spores/users\" instead"
return 2
fi

do_auth "${@}"
}

Expand Down
118 changes: 118 additions & 0 deletions sbin/create-symlinks-usr-local-bin
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
#!/usr/bin/env bash

forceReplace=false

function makeFilePathString() {

local dirName=$1
local fileName=$2

if [ -z $fileName ]; then
echo "$FUNCNAME requires fileName as the first parameter" 1>&2;
return 1
fi
if [ -z $dirName ]; then
echo "$FUNCNAME requires dirName as the first parameter" 1>&2;
return 1
fi

echo "${dirName}/${fileName}"

}

function ensureSymLink() {

local doCreate=false
local linkFileExists=false
local linkFileIsSymlink=false
local linkTargetIsCorrect=false


local linkPath=$1
local linkTarget=$2

local currentTarget=""

if [ -z $linkPath ]; then
echo "$FUNCNAME requires linkPath as the first parameter" 1>&2;
return 1
fi
if [ -z $linkTarget ]; then
echo "$FUNCNAME requires linkTarget as the first parameter" 1>&2;
return 1
fi


if [ -h "$linkPath" ]; then
linkFileExists=true
currentTarget="$(readlink $linkPath)"
if [ "$currentTarget" == "$linkTarget" ] ; then
linkTargetIsCorrect=true
else
if [ ! "$forceReplace" = true ]; then
echo "linkfile $linkPath: has wrong target $currentTarget. consider using -f" 1>&2;
return 1
else
echo "linkfile $linkPath: has wrong target $currentTarget" 1>&2;
fi
fi
else
if [ -f "$linkPath" ]; then
linkFileExists=true
if [ ! "$forceReplace" = true ]; then
echo "linkPath $linkPath is a regular file but must be a symlink. consider using -f" 1>&2;
return 1
else
echo "linkPath $linkPath is a regular file but must be a symlink." 1>&2;
fi
else
if [ -d "$linkPath" ]; then
linkFileExists=true
if [ ! "$forceReplace" = true ]; then
echo "linkPath $linkPath is a directory bu must be a symlink. consider using -f" 1>&2;
return 1
else
echo "linkPath $linkPath is a directory bu must be a symlink." 1>&2;
fi
fi
fi
fi


if [ "$linkFileExists" = true ]; then
if [ "$linkTargetIsCorrect" = true ]; then
return 0
else
## replace the link
echo "linkfile $linkPath: changing target $currentTarget to $linkTarget" 1>&2;
ln -f -s "$linkTarget" "$linkPath"
fi
else
ln -s "$linkTarget" "$linkPath"
fi

}

targetDirDefault="/usr/local/bin"

disperseFileName="spore-disperse"
disperseFilePath=$(makeFilePathString "$targetDirDefault" "$disperseFileName")

sporeFileName="spore"
sporeFilePath=$(makeFilePathString "$targetDirDefault" "$sporeFileName")

downloadAndApplyFileName="spore-download-and-apply"
downloadAndApplyPath=$(makeFilePathString "$targetDirDefault" "$downloadAndApplyFileName")


if [[ "$1" == "-f" ]]; then
forceReplace=true
fi

dirname=$(dirname $0)
cd ${dirname}
cd ..
sporehome=$(pwd)
ensureSymLink "$disperseFilePath" "${sporehome}/bin/spore-disperse"
ensureSymLink "$sporeFilePath" "${sporehome}/sbin/spore"
ensureSymLink "$downloadAndApplyPath" "${sporehome}/sbin/spore-download-and-apply"
24 changes: 17 additions & 7 deletions sbin/spore-download-and-apply
Original file line number Diff line number Diff line change
Expand Up @@ -69,29 +69,39 @@ apply_spores=0
download_spores=0
verify_spores=0
default_operation=1
quiet=true

while [ $# -gt 0 ] ; do
if [ "$1" == "-a" ] ; then
apply_spores=1
default_operation=0
quiet=false
shift;
continue;
fi
if [ "$1" == "-d" ] ; then
download_spores=1
default_operation=0
quiet=false
shift;
continue;
fi
if [ "$1" == "-c" ] ; then
check_consistency_of_spores=1
default_operation=0
quiet=false
shift;
continue;
fi
if [ "$1" == "-v" ] ; then
verify_spores=1
default_operation=0
quiet=false
shift;
continue;
fi
if [ "$1" == "--verbose" ] ; then
quiet=false
shift;
continue;
fi
Expand Down Expand Up @@ -202,8 +212,8 @@ function do_verify_spores() {
return 1
fi

if ! grep -q "GOODSIG.*$spore_signee" $gpg_status ; then
log "Signature did not match requested signees. $(grep GOODSIGN $gpg_status)."
if ! grep -q "VALIDSIG.*$spore_signee" $gpg_status ; then
log "Signature did not match requested signees ($spore_signee). $(grep VALIDSIG $gpg_status)."
rm $gpg_status
return 1
fi
Expand Down Expand Up @@ -250,19 +260,19 @@ function do_check_consistency_of_spores() {


if ! do_verify_spores ; then
echo "The currently downloaded spores can't be trusted."
$quiet || echo "The currently downloaded spores can't be trusted."
exit 1
elif ! do_check_consistency_of_spores ; then
echo "The system does not adhere to the currently downloaded spores."
$quiet || echo "The system does not adhere to the currently downloaded spores."
exit 1
elif ! do_download_spores ; then
echo "The spores have not changed."
$quiet || echo "The spores have not changed."
exit 0
elif ! do_verify_spores ; then
echo "The downloaded spores can't be trusted."
$quiet || echo "The downloaded spores can't be trusted."
exit 1
elif ! do_apply_spores ; then
echo "The spores failed to apply cleanly."
$quiet || echo "The spores failed to apply cleanly."
exit 1
else
exit 0
Expand Down