Client signing of monkeysphere server keys
This commit is contained in:
parent
a7745f4cb7
commit
32ed82bd67
|
@ -821,6 +821,17 @@ function menu_admin {
|
|||
sudo freedombone-controlpanel
|
||||
}
|
||||
|
||||
function sign_keys {
|
||||
dialog --title $"Monkeysphere sign server keys" \
|
||||
--backtitle $"Freedombone Security Configuration" \
|
||||
--defaultno \
|
||||
--yesno $"\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60
|
||||
sel=$?
|
||||
case $sel in
|
||||
0) ${PROJECT_NAME}-sec --sign yes;;
|
||||
esac
|
||||
}
|
||||
|
||||
function menu_top_level {
|
||||
while true
|
||||
do
|
||||
|
@ -863,6 +874,7 @@ function menu_top_level {
|
|||
done
|
||||
}
|
||||
|
||||
sign_keys
|
||||
menu_top_level
|
||||
clear
|
||||
. ~/.bashrc
|
||||
|
|
|
@ -64,9 +64,6 @@ DH_KEYLENGTH=2048
|
|||
LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
|
||||
|
||||
MY_USERNAME=
|
||||
if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
|
||||
MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
||||
fi
|
||||
|
||||
function get_protocols_from_website {
|
||||
if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
|
||||
|
@ -614,6 +611,10 @@ function enable_monkeysphere {
|
|||
esac
|
||||
|
||||
if [ $monkey ]; then
|
||||
if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
|
||||
MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
||||
fi
|
||||
|
||||
if [ ! -f /home/$MY_USERNAME/.monkeysphere/authorized_user_ids ]; then
|
||||
dialog --title $"GPG based authentication" \
|
||||
--msgbox $"$MY_USERNAME does not currently have any ids within ~/.monkeysphere/authorized_user_ids" 6 40
|
||||
|
@ -927,6 +928,33 @@ function refresh_gpg_keys {
|
|||
exit 0
|
||||
}
|
||||
|
||||
function monkeysphere_sign_server_keys {
|
||||
server_keys_file=/home/$USER/.monkeysphere/server_keys
|
||||
if [ ! -f $server_keys_file ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
keys_signed=
|
||||
while read line; do
|
||||
echo $line
|
||||
if [ ${#line} -gt 2 ]; then
|
||||
fpr=$(gpg --with-colons --fingerprint "$line" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
|
||||
if [ ${#fpr} -gt 2 ]; then
|
||||
gpg --sign-key $fpr
|
||||
if [ "$?" = "0" ]; then
|
||||
gpg --update-trustdb
|
||||
keys_signed=1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done <$server_keys_file
|
||||
|
||||
if [ $keys_signed ]; then
|
||||
rm $server_keys_file
|
||||
fi
|
||||
exit 0
|
||||
}
|
||||
|
||||
function show_help {
|
||||
echo ''
|
||||
echo "${PROJECT_NAME}-sec"
|
||||
|
@ -938,6 +966,7 @@ function show_help {
|
|||
echo $' -e --export Export security settings to a file'
|
||||
echo $' -i --import Import security settings from a file'
|
||||
echo $' -r --refresh Refresh GPG keys for all users'
|
||||
echo $' -s --sign Sign monkeysphere server keys'
|
||||
echo $' --register [domain] Register a https domain with monkeysphere'
|
||||
echo ''
|
||||
exit 0
|
||||
|
@ -973,6 +1002,11 @@ case $key in
|
|||
shift
|
||||
register_website "$1"
|
||||
;;
|
||||
# user signs monkeysphere server keys
|
||||
-s|--sign)
|
||||
shift
|
||||
monkeysphere_sign_server_keys
|
||||
;;
|
||||
*)
|
||||
# unknown option
|
||||
;;
|
||||
|
|
Loading…
Reference in New Issue