1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
From c75c7553a88e387013e2b4310f4c4956adfd8a98 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 8 Aug 2016 20:45:07 -0400
Subject: [PATCH 1/2] avoid treating src/share/common as an executable
having src/share/common treated as an executable (commit
ed10318d3760b56e57d5e1bef04ab57761ab8bd1) was actually a terrible
idea.
In addition to causing "monkeysphere version" to print the version
number twice, it meant that any invocation of a monkeysphere command
that sourced src/share/common and had a first argument that happened
to be a function name would accidentally invoke that function.
This commit reverts that idea.
---
Makefile | 2 +-
src/share/common | 5 -----
src/share/ma/add_certifier | 2 +-
src/share/ma/update_users | 2 +-
src/share/mh/add_revoker | 2 +-
5 files changed, 4 insertions(+), 9 deletions(-)
mode change 100755 => 100644 src/share/common
diff --git a/Makefile b/Makefile
index 608a317..768564a 100755
--- a/Makefile
+++ b/Makefile
@@ -55,7 +55,7 @@ install: all installman
install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication
install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere
- install -m 0755 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
+ install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv
diff --git a/src/share/common b/src/share/common
old mode 100755
new mode 100644
index 66181a3..b10a040
--- a/src/share/common
+++ b/src/share/common
@@ -1,4 +1,3 @@
-#!/usr/bin/env bash
# -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
@@ -1022,7 +1021,3 @@ report_cruft() {
printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info
fi
}
-
-if [ -n "$1" ] && [ "$(type -t "$1" || true)" = "function" ]; then
- "$@"
-fi
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 1d450e7..5416aa9 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- "${SYSSHAREDIR}/common" list_primary_fingerprints < "$keyID")
+ bash -c ". ${SYSSHAREDIR}/common && list_primary_fingerprints" < "$keyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index d23c125..4f83e0c 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -79,7 +79,7 @@ for uname in $unames ; do
# process authorized_user_ids file, as monkeysphere user
su_monkeysphere_user \
- /usr/bin/env "STRICT_MODES=$STRICT_MODES" "${SYSSHAREDIR}/common" process_authorized_user_ids - \
+ /usr/bin/env "STRICT_MODES=$STRICT_MODES" bash -c ". ${SYSSHAREDIR}/common && process_authorized_user_ids -" \
< "$authorizedUserIDs" \
> "$tmpAuthorizedKeys"
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 28b11ac..e00ac4e 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- "${SYSSHAREDIR}/common" list_primary_fingerprints < "$revokerKeyID")
+ bash -c ". ${SYSSHAREDIR}/common && list_primary_fingerprints" < "$revokerKeyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
--
2.7.3
|
