unexpected failure in openpgp2ssh can cause monkeysphere-authentication to lock people out
Kristian reports that an unexpected failure of openpgp2ssh (in his case, a major breakage in his perl installation) can leave the user locked out based on a monkeysphere-authentication run.
I would have expected the failure of openpgp2ssh to cause m-a to abort, since it is set -e -- we need to understand why that's not happening.
Kristian proposed a temporary workaround: just test that openpgp2ssh doesn't die horribly when run as a test:
(I) Delete RSA.pm (II) kristianf@kflaptop ~ $ openpgp2ssh Can't locate Crypt/OpenSSL/RSA.pm in @INC (@INC contains: /etc/perl /usr/local/lib64/perl5/5.16.3/x86_64-linux /usr/local/lib64/perl5/5.16.3 /usr/lib64/perl5/vendor_perl/5.16.3/x86_64-linux /usr/lib64/perl5/vendor_perl/5.16.3 /usr/local/lib64/perl5 /usr/lib64/perl5/vendor_perl /usr/lib64/perl5/5.16.3/x86_64-linux /usr/lib64/perl5/5.16.3) at /usr/bin/openpgp2ssh line 54. BEGIN failed--compilation aborted at /usr/bin/openpgp2ssh line 54. (III) Apply patch (IV) kflaptop OpenSSL # monkeysphere-authentication u gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u gpg: next trustdb check due at 2016-12-31 openpgp2ssh command gives unexpected return code. This can lead to a scenario where no authorized keys are populated, even though they are otherwise valid. Aborting! (V) Fix RSA.pm issue (VI) runs as expected
here's his patch:
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index edc7995..2711ff2 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -84,6 +84,13 @@ gpg_sphere() { su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@" } +check_openpgp2ssh_sanity() { + if [[ `su_monkeysphere_user openpgp2ssh ABC &>/dev/null || echo $?` != "255" ]]; then + echo "openpgp2ssh command gives unexpected return code. This can lead to a scenario where no authorized keys are populated, even though they are otherwise valid. Aborting!" + exit 1 + fi; +} + # output to stdout the core fingerprint from the gpg core secret # keyring core_fingerprint() { @@ -163,6 +170,7 @@ case $COMMAND in 'update-users'|'update-user'|'update'|'u') source "${MASHAREDIR}/setup" setup + check_openpgp2ssh_sanity source "${MASHAREDIR}/update_users" OUTPUT_STDOUT= update_users "$@" ;; @@ -171,6 +179,7 @@ case $COMMAND in (( $# > 0 )) || failure "Must specify user." source "${MASHAREDIR}/setup" setup + check_openpgp2ssh_sanity source "${MASHAREDIR}/update_users" OUTPUT_STDOUT=true update_users "$1" ;;
(from redmine: created on 2013-12-18)
Edited by John Scott