func parseConfig() { if android.OnAndroid() { return } configPath := osutil.UserClientConfigPath() if _, err := os.Stat(configPath); os.IsNotExist(err) { errMsg := fmt.Sprintf("Client configuration file %v does not exist. See 'camput init' to generate it.", configPath) if keyId := serverKeyId(); keyId != "" { hint := fmt.Sprintf("\nThe key id %v was found in the server config %v, so you might want:\n'camput init -gpgkey %v'", keyId, osutil.UserServerConfigPath(), keyId) errMsg += hint } log.Fatal(errMsg) } conf, err := jsonconfig.ReadFile(configPath) if err != nil { log.Fatal(err.Error()) } cfg := jsonconfig.Obj(conf) config = &clientConfig{ auth: cfg.OptionalString("auth", ""), server: cfg.OptionalString("server", ""), identity: cfg.OptionalString("identity", ""), identitySecretRing: cfg.OptionalString("identitySecretRing", osutil.IdentitySecretRing()), trustedCerts: cfg.OptionalList("trustedCerts"), ignoredFiles: cfg.OptionalList("ignoredFiles"), } if err := cfg.Validate(); err != nil { printConfigChangeHelp(cfg) log.Fatalf("Error in config file: %v", err) } }
// convertToMultiServers takes an old style single-server client configuration and maps it to new a multi-servers configuration that is returned. func convertToMultiServers(conf jsonconfig.Obj) (jsonconfig.Obj, error) { server := conf.OptionalString("server", "") if server == "" { return nil, errors.New("Could not convert config to multi-servers style: no \"server\" key found.") } newConf := jsonconfig.Obj{ "servers": map[string]interface{}{ server: map[string]interface{}{ "auth": conf.OptionalString("auth", ""), "default": true, "server": server, }, }, "identity": conf.OptionalString("identity", ""), "identitySecretRing": conf.OptionalString("identitySecretRing", osutil.IdentitySecretRing()), } if ignoredFiles := conf.OptionalList("ignoredFiles"); ignoredFiles != nil { var list []interface{} for _, v := range ignoredFiles { list = append(list, v) } newConf["ignoredFiles"] = list } return newConf, nil }
func (c *initCmd) getPublicKeyArmored(keyId string) (b []byte, err error) { file := osutil.IdentitySecretRing() b, err = c.getPublicKeyArmoredFromFile(file, keyId) if err != nil { return nil, fmt.Errorf("failed to export armored public key ID %q from %v: %v", keyId, file, err) } return b, nil }
func newDefaultConfigFile(path string) error { conf := defaultConfigFile{ Listen: defaultListenAddr, HTTPS: false, Auth: "localhost", ReplicateTo: make([]interface{}, 0), } blobDir := osutil.CamliBlobRoot() if err := os.MkdirAll(blobDir, 0700); err != nil { return fmt.Errorf("Could not create default blobs directory: %v", err) } conf.BlobPath = blobDir if sqlite.CompiledIn() { conf.SQLite = filepath.Join(osutil.CamliVarDir(), "camli-index.db") if fi, err := os.Stat(conf.SQLite); os.IsNotExist(err) || (fi != nil && fi.Size() == 0) { if err := initSQLiteDB(conf.SQLite); err != nil { log.Printf("Error initializing DB %s: %v", conf.SQLite, err) } } } else { conf.KVFile = filepath.Join(osutil.CamliVarDir(), "camli-index.kvdb") } var keyId string secRing := osutil.IdentitySecretRing() _, err := os.Stat(secRing) switch { case err == nil: keyId, err = jsonsign.KeyIdFromRing(secRing) if err != nil { return fmt.Errorf("Could not find any keyId in file %q: %v", secRing, err) } log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing) case os.IsNotExist(err): keyId, err = jsonsign.GenerateNewSecRing(secRing) if err != nil { return fmt.Errorf("Could not generate new secRing at file %q: %v", secRing, err) } log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing) } if err != nil { return fmt.Errorf("Could not stat secret ring %q: %v", secRing, err) } conf.Identity = keyId conf.IdentitySecretRing = secRing confData, err := json.MarshalIndent(conf, "", " ") if err != nil { return fmt.Errorf("Could not json encode config file : %v", err) } if err := ioutil.WriteFile(path, confData, 0600); err != nil { return fmt.Errorf("Could not create or write default server config: %v", err) } return nil }
func getSignerPublicKeyBlobref() (signerRef blob.Ref, armored string, ok bool) { configOnce.Do(parseConfig) key := "keyId" keyId, ok := config[key].(string) if !ok { log.Printf("No key %q in JSON configuration file %q; have you run \"camput init\"?", key, osutil.UserClientConfigPath()) return } keyRing, hasKeyRing := config["secretRing"].(string) if !hasKeyRing { if fn := osutil.IdentitySecretRing(); fileExists(fn) { keyRing = fn } else if fn := jsonsign.DefaultSecRingPath(); fileExists(fn) { keyRing = fn } else { log.Printf("Couldn't find keyId %q; no 'secretRing' specified in config file, and no standard secret ring files exist.") return } } entity, err := jsonsign.EntityFromSecring(keyId, keyRing) if err != nil { log.Printf("Couldn't find keyId %q in secret ring: %v", keyId, err) return } armored, err = jsonsign.ArmoredPublicKey(entity) if err != nil { log.Printf("Error serializing public key: %v", err) return } // TODO(mpl): integrate with getSelfPubKeyDir if possible. selfPubKeyDir, ok := config["selfPubKeyDir"].(string) if !ok { selfPubKeyDir = osutil.KeyBlobsDir() log.Printf("No 'selfPubKeyDir' defined in %q, defaulting to %v", osutil.UserClientConfigPath(), selfPubKeyDir) } fi, err := os.Stat(selfPubKeyDir) if err != nil || !fi.IsDir() { log.Printf("selfPubKeyDir of %q doesn't exist or not a directory", selfPubKeyDir) return } br := blob.SHA1FromString(armored) pubFile := filepath.Join(selfPubKeyDir, br.String()+".camli") fi, err = os.Stat(pubFile) if err != nil { err = ioutil.WriteFile(pubFile, []byte(armored), 0644) if err != nil { log.Printf("Error writing public key to %q: %v", pubFile, err) return } } return br, armored, true }
// TODO: move to config package? func SignerPublicKeyBlobref() *blobref.BlobRef { configOnce.Do(parseConfig) key := "keyId" keyId, ok := config[key].(string) if !ok { log.Printf("No key %q in JSON configuration file %q; have you run \"camput init\"?", key, ConfigFilePath()) return nil } keyRing, hasKeyRing := config["secretRing"].(string) if !hasKeyRing { if fn := osutil.IdentitySecretRing(); fileExists(fn) { keyRing = fn } else if fn := jsonsign.DefaultSecRingPath(); fileExists(fn) { keyRing = fn } else { log.Printf("Couldn't find keyId %q; no 'secretRing' specified in config file, and no standard secret ring files exist.") return nil } } entity, err := jsonsign.EntityFromSecring(keyId, keyRing) if err != nil { log.Printf("Couldn't find keyId %q in secret ring: %v", keyId, err) return nil } armored, err := jsonsign.ArmoredPublicKey(entity) if err != nil { log.Printf("Error serializing public key: %v", err) return nil } selfPubKeyDir, ok := config["selfPubKeyDir"].(string) if !ok { log.Printf("No 'selfPubKeyDir' defined in %q", ConfigFilePath()) return nil } fi, err := os.Stat(selfPubKeyDir) if err != nil || !fi.IsDir() { log.Printf("selfPubKeyDir of %q doesn't exist or not a directory", selfPubKeyDir) return nil } br := blobref.SHA1FromString(armored) pubFile := filepath.Join(selfPubKeyDir, br.String()+".camli") log.Printf("key file: %q", pubFile) fi, err = os.Stat(pubFile) if err != nil { err = ioutil.WriteFile(pubFile, []byte(armored), 0644) if err != nil { log.Printf("Error writing public key to %q: %v", pubFile, err) return nil } } return br }
func (c *initCmd) getPublicKeyArmored(keyId string) (b []byte, err error) { files := []string{osutil.IdentitySecretRing(), jsonsign.DefaultSecRingPath()} for _, file := range files { b, err = c.getPublicKeyArmoredFromFile(file, keyId) if err == nil { return b, nil } } return nil, fmt.Errorf("failed to export armored public key ID %q from locations: %q", keyId, files) }
func (c *Client) SecretRingFile() string { configOnce.Do(parseConfig) keyRing, ok := config["secretRing"].(string) if ok && keyRing != "" { return keyRing } if keyRing = osutil.IdentitySecretRing(); fileExists(keyRing) { return keyRing } return jsonsign.DefaultSecRingPath() }
func newDefaultConfigFile(path string) error { conf := defaultConfigFile{ Listen: ":3179", HTTPS: false, Auth: "localhost", ReplicateTo: make([]interface{}, 0), } blobDir := osutil.CamliBlobRoot() if err := os.MkdirAll(blobDir, 0700); err != nil { return fmt.Errorf("Could not create default blobs directory: %v", err) } conf.BlobPath = blobDir conf.SQLite = filepath.Join(osutil.CamliVarDir(), "camli-index.db") var keyId string secRing := osutil.IdentitySecretRing() _, err := os.Stat(secRing) switch { case err == nil: keyId, err = jsonsign.KeyIdFromRing(secRing) log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing) case os.IsNotExist(err): keyId, err = jsonsign.GenerateNewSecRing(secRing) log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing) } if err != nil { return fmt.Errorf("Secret ring: %v", err) } conf.Identity = keyId conf.IdentitySecretRing = secRing confData, err := json.MarshalIndent(conf, "", " ") if err != nil { return fmt.Errorf("Could not json encode config file : %v", err) } if err := ioutil.WriteFile(path, confData, 0600); err != nil { return fmt.Errorf("Could not create or write default server config: %v", err) } if sqlite.CompiledIn() { if fi, err := os.Stat(conf.SQLite); os.IsNotExist(err) || (fi != nil && fi.Size() == 0) { if err := initSQLiteDB(conf.SQLite); err != nil { log.Printf("Error initializing DB %s: %v", conf.SQLite, err) } } } else { log.Printf("Wrote config file assuming SQLite, but SQLite is not available. Recompile with SQLite or modify %s and pick an index type. Please see http://camlistore.org/docs/server-config#windows", path) return errors.New("Newly written configuration not usable.") } return nil }
// SecretRingFile returns the filename to the user's GPG secret ring. // The value comes from either a command-line flag, the // CAMLI_SECRET_RING environment variable, the client config file's // "identitySecretRing" value, or the operating system default location. func (c *Client) SecretRingFile() string { if flagSecretRing != "" { return flagSecretRing } if e := os.Getenv("CAMLI_SECRET_RING"); e != "" { return e } configOnce.Do(parseConfig) if config == nil || config.identitySecretRing == "" { return osutil.IdentitySecretRing() } return config.identitySecretRing }
// SecretRingFile returns the filename to the user's GPG secret ring. // The value comes from either a command-line flag, the // CAMLI_SECRET_RING environment variable, the client config file's // "identitySecretRing" value, or the operating system default location. func (c *Client) SecretRingFile() string { if flagSecretRing != "" { return flagSecretRing } if e := os.Getenv("CAMLI_SECRET_RING"); e != "" { return e } if android.OnAndroid() { panic("CAMLI_SECRET_RING should have been defined when on android") } configOnce.Do(parseConfig) if config.IdentitySecretRing == "" { return osutil.IdentitySecretRing() } return config.IdentitySecretRing }
func newDefaultConfigFile(path string) error { conf := `{ "listen": "localhost:3179", "TLS": false, "auth": "userpass:camlistore:pass3179:+localhost", "identity": "%KEYID%", "identitySecretRing": "%SECRING%", "blobPath": "%BLOBPATH%", "mysql": "", "mongo": "", "s3": "", "replicateTo": [], "publish": {} } ` blobDir := osutil.CamliBlobRoot() if err := os.MkdirAll(blobDir, 0700); err != nil { return fmt.Errorf("Could not create default blobs directory: %v", err) } conf = strings.Replace(conf, "%BLOBPATH%", blobDir, 1) var keyId string secRing := osutil.IdentitySecretRing() _, err := os.Stat(secRing) switch { case err == nil: keyId, err = keyIdFromRing(secRing) log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing) case os.IsNotExist(err): keyId, err = generateNewSecRing(secRing) log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing) } if err != nil { return fmt.Errorf("Secret ring: %v", err) } conf = strings.Replace(conf, "%SECRING%", secRing, 1) conf = strings.Replace(conf, "%KEYID%", keyId, 1) if err := ioutil.WriteFile(path, []byte(conf), 0600); err != nil { return fmt.Errorf("Could not create or write default server config: %v", err) } return nil }
func newDefaultConfigFile(path string) error { conf := defaultConfigFile{ Listen: ":3179", HTTPS: false, Auth: "localhost", ReplicateTo: make([]interface{}, 0), } blobDir := osutil.CamliBlobRoot() if err := os.MkdirAll(blobDir, 0700); err != nil { return fmt.Errorf("Could not create default blobs directory: %v", err) } conf.BlobPath = blobDir var keyId string secRing := osutil.IdentitySecretRing() _, err := os.Stat(secRing) switch { case err == nil: keyId, err = keyIdFromRing(secRing) log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing) case os.IsNotExist(err): keyId, err = generateNewSecRing(secRing) log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing) } if err != nil { return fmt.Errorf("Secret ring: %v", err) } conf.Identity = keyId conf.IdentitySecretRing = secRing confData, err := json.MarshalIndent(conf, "", " ") if err != nil { return fmt.Errorf("Could not json encode config file : %v", err) } if err := ioutil.WriteFile(path, confData, 0600); err != nil { return fmt.Errorf("Could not create or write default server config: %v", err) } return nil }
// EntityFromSecring returns the openpgp Entity from keyFile that matches keyId. If empty, keyFile defaults to osutil.IdentitySecretRing(). func EntityFromSecring(keyId, keyFile string) (*openpgp.Entity, error) { keyId = strings.ToUpper(keyId) if keyFile == "" { keyFile = osutil.IdentitySecretRing() } secring, err := os.Open(keyFile) if err != nil { return nil, fmt.Errorf("jsonsign: failed to open keyring: %v", err) } defer secring.Close() el, err := openpgp.ReadKeyRing(secring) if err != nil { return nil, fmt.Errorf("openpgp.ReadKeyRing of %q: %v", keyFile, err) } var entity *openpgp.Entity for _, e := range el { pk := e.PrivateKey if pk == nil || (pk.KeyIdString() != keyId && pk.KeyIdShortString() != keyId) { continue } entity = e } if entity == nil { found := []string{} for _, e := range el { pk := e.PrivateKey if pk == nil { continue } found = append(found, pk.KeyIdShortString()) } return nil, fmt.Errorf("didn't find a key in %q for keyId %q; other keyIds in file = %v", keyFile, keyId, found) } return entity, nil }
func parseConfig() { if android.OnAndroid() { panic("parseConfig should never have been called on Android") } configPath := osutil.UserClientConfigPath() if _, err := os.Stat(configPath); os.IsNotExist(err) { errMsg := fmt.Sprintf("Client configuration file %v does not exist. See 'camput init' to generate it.", configPath) if keyId := serverKeyId(); keyId != "" { hint := fmt.Sprintf("\nThe key id %v was found in the server config %v, so you might want:\n'camput init -gpgkey %v'", keyId, osutil.UserServerConfigPath(), keyId) errMsg += hint } log.Fatal(errMsg) } // TODO: instead of using jsonconfig, we could read the file, and unmarshall into the structs that we now have in pkg/types/clientconfig. But we'll have to add the old fields (before the name changes, and before the multi-servers change) to the structs as well for our gracefull conversion/error messages to work. conf, err := jsonconfig.ReadFile(configPath) if err != nil { log.Fatal(err.Error()) } cfg := jsonconfig.Obj(conf) if singleServerAuth := cfg.OptionalString("auth", ""); singleServerAuth != "" { newConf, err := convertToMultiServers(cfg) if err != nil { log.Print(err) } else { cfg = newConf } } config = &clientconfig.Config{ Identity: cfg.OptionalString("identity", ""), IdentitySecretRing: cfg.OptionalString("identitySecretRing", osutil.IdentitySecretRing()), IgnoredFiles: cfg.OptionalList("ignoredFiles"), } serversList := make(map[string]*clientconfig.Server) servers := cfg.OptionalObject("servers") for alias, vei := range servers { // An alias should never be confused with a host name, // so we forbid anything looking like one. if isURLOrHostPort(alias) { log.Fatalf("Server alias %q looks like a hostname; \".\" or \";\" are not allowed.", alias) } serverMap, ok := vei.(map[string]interface{}) if !ok { log.Fatalf("entry %q in servers section is a %T, want an object", alias, vei) } serverConf := jsonconfig.Obj(serverMap) server := &clientconfig.Server{ Server: cleanServer(serverConf.OptionalString("server", "")), Auth: serverConf.OptionalString("auth", ""), IsDefault: serverConf.OptionalBool("default", false), TrustedCerts: serverConf.OptionalList("trustedCerts"), } if err := serverConf.Validate(); err != nil { log.Fatalf("Error in servers section of config file for server %q: %v", alias, err) } serversList[alias] = server } config.Servers = serversList if err := cfg.Validate(); err != nil { printConfigChangeHelp(cfg) log.Fatalf("Error in config file: %v", err) } }
func (c *initCmd) RunCommand(args []string) error { if len(args) > 0 { return cmdmain.ErrUsage } if c.newKey && c.gpgkey != "" { log.Fatal("--newkey and --gpgkey are mutually exclusive") } blobDir := osutil.KeyBlobsDir() if err := os.MkdirAll(blobDir, 0700); err != nil { return err } var keyId string var err error secRing := osutil.IdentitySecretRing() if c.newKey { keyId, err = jsonsign.GenerateNewSecRing(secRing) if err != nil { return err } } else { keyId, err = c.keyId(secRing) if err != nil { return err } } pubArmor, err := c.getPublicKeyArmored(keyId) if err != nil { return err } bref := blob.SHA1FromString(string(pubArmor)) keyBlobPath := path.Join(blobDir, bref.String()+".camli") if err = ioutil.WriteFile(keyBlobPath, pubArmor, 0644); err != nil { log.Fatalf("Error writing public key blob to %q: %v", keyBlobPath, err) } if ok, err := jsonsign.VerifyPublicKeyFile(keyBlobPath, keyId); !ok { log.Fatalf("Error verifying public key at %q: %v", keyBlobPath, err) } log.Printf("Your Camlistore identity (your GPG public key's blobref) is: %s", bref.String()) if c.noconfig { return nil } configFilePath := osutil.UserClientConfigPath() _, err = os.Stat(configFilePath) if err == nil { log.Fatalf("Config file %q already exists; quitting without touching it.", configFilePath) } if f, err := os.OpenFile(configFilePath, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600); err == nil { defer f.Close() m := &clientconfig.Config{ Servers: map[string]*clientconfig.Server{ "localhost": { Server: "http://localhost:3179", IsDefault: true, Auth: "localhost", }, }, Identity: keyId, IgnoredFiles: []string{".DS_Store"}, } jsonBytes, err := json.MarshalIndent(m, "", " ") if err != nil { log.Fatalf("JSON serialization error: %v", err) } _, err = f.Write(jsonBytes) if err != nil { log.Fatalf("Error writing to %q: %v", configFilePath, err) } log.Printf("Wrote %q; modify as necessary.", configFilePath) } return nil }
func (sr *SignRequest) secretRingPath() string { if sr.SecretKeyringPath != "" { return sr.SecretKeyringPath } return osutil.IdentitySecretRing() }
func (c *initCmd) RunCommand(args []string) error { if len(args) > 0 { return cmdmain.ErrUsage } if c.newKey && c.gpgkey != "" { log.Fatal("--newkey and --gpgkey are mutually exclusive") } blobDir := path.Join(osutil.CamliConfigDir(), "keyblobs") os.Mkdir(osutil.CamliConfigDir(), 0700) os.Mkdir(blobDir, 0700) var keyId string var err error secRing := osutil.IdentitySecretRing() if c.newKey { keyId, err = jsonsign.GenerateNewSecRing(secRing) if err != nil { return err } } else { keyId, err = c.keyId(secRing) if err != nil { return err } } if os.Getenv("GPG_AGENT_INFO") == "" { log.Printf("No GPG_AGENT_INFO found in environment; you should setup gnupg-agent. camput might be annoying otherwise, if your private key is encrypted.") } pubArmor, err := c.getPublicKeyArmored(keyId) if err != nil { return err } bref := blobref.SHA1FromString(string(pubArmor)) keyBlobPath := path.Join(blobDir, bref.String()+".camli") if err = ioutil.WriteFile(keyBlobPath, pubArmor, 0644); err != nil { log.Fatalf("Error writing public key blob to %q: %v", keyBlobPath, err) } if ok, err := jsonsign.VerifyPublicKeyFile(keyBlobPath, keyId); !ok { log.Fatalf("Error verifying public key at %q: %v", keyBlobPath, err) } log.Printf("Your Camlistore identity (your GPG public key's blobref) is: %s", bref.String()) configFilePath := osutil.UserClientConfigPath() _, err = os.Stat(configFilePath) if err == nil { log.Fatalf("Config file %q already exists; quitting without touching it.", configFilePath) } if f, err := os.OpenFile(configFilePath, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600); err == nil { defer f.Close() m := make(map[string]interface{}) m["keyId"] = keyId // TODO(bradfitz): make this 'identity' to match server config? m["publicKeyBlobref"] = bref.String() // TODO(bradfitz): not used anymore? m["server"] = "http://localhost:3179/" m["selfPubKeyDir"] = blobDir m["auth"] = "localhost" jsonBytes, err := json.MarshalIndent(m, "", " ") if err != nil { log.Fatalf("JSON serialization error: %v", err) } _, err = f.Write(jsonBytes) if err != nil { log.Fatalf("Error writing to %q: %v", configFilePath, err) } log.Printf("Wrote %q; modify as necessary.", configFilePath) } return nil }
func FlagEntityFetcher() *FileEntityFetcher { return &FileEntityFetcher{File: osutil.IdentitySecretRing()} }
func (h *Handler) secretRingPath() string { if h.secretRing != "" { return h.secretRing } return osutil.IdentitySecretRing() }