func parseConfig() {
if android.OnAndroid() {
return
}
configPath := osutil.UserClientConfigPath()
if _, err := os.Stat(configPath); os.IsNotExist(err) {
errMsg := fmt.Sprintf("Client configuration file %v does not exist. See 'camput init' to generate it.", configPath)
if keyId := serverKeyId(); keyId != "" {
hint := fmt.Sprintf("\nThe key id %v was found in the server config %v, so you might want:\n'camput init -gpgkey %v'", keyId, osutil.UserServerConfigPath(), keyId)
errMsg += hint
}
log.Fatal(errMsg)
}
conf, err := jsonconfig.ReadFile(configPath)
if err != nil {
log.Fatal(err.Error())
}
cfg := jsonconfig.Obj(conf)
config = &clientConfig{
auth: cfg.OptionalString("auth", ""),
server: cfg.OptionalString("server", ""),
identity: cfg.OptionalString("identity", ""),
identitySecretRing: cfg.OptionalString("identitySecretRing", osutil.IdentitySecretRing()),
trustedCerts: cfg.OptionalList("trustedCerts"),
ignoredFiles: cfg.OptionalList("ignoredFiles"),
}
if err := cfg.Validate(); err != nil {
printConfigChangeHelp(cfg)
log.Fatalf("Error in config file: %v", err)
}
}
// convertToMultiServers takes an old style single-server client configuration and maps it to new a multi-servers configuration that is returned.
func convertToMultiServers(conf jsonconfig.Obj) (jsonconfig.Obj, error) {
server := conf.OptionalString("server", "")
if server == "" {
return nil, errors.New("Could not convert config to multi-servers style: no \"server\" key found.")
}
newConf := jsonconfig.Obj{
"servers": map[string]interface{}{
server: map[string]interface{}{
"auth": conf.OptionalString("auth", ""),
"default": true,
"server": server,
},
},
"identity": conf.OptionalString("identity", ""),
"identitySecretRing": conf.OptionalString("identitySecretRing", osutil.IdentitySecretRing()),
}
if ignoredFiles := conf.OptionalList("ignoredFiles"); ignoredFiles != nil {
var list []interface{}
for _, v := range ignoredFiles {
list = append(list, v)
}
newConf["ignoredFiles"] = list
}
return newConf, nil
}
func (c *initCmd) getPublicKeyArmored(keyId string) (b []byte, err error) {
file := osutil.IdentitySecretRing()
b, err = c.getPublicKeyArmoredFromFile(file, keyId)
if err != nil {
return nil, fmt.Errorf("failed to export armored public key ID %q from %v: %v", keyId, file, err)
}
return b, nil
}
func newDefaultConfigFile(path string) error {
conf := defaultConfigFile{
Listen: defaultListenAddr,
HTTPS: false,
Auth: "localhost",
ReplicateTo: make([]interface{}, 0),
}
blobDir := osutil.CamliBlobRoot()
if err := os.MkdirAll(blobDir, 0700); err != nil {
return fmt.Errorf("Could not create default blobs directory: %v", err)
}
conf.BlobPath = blobDir
if sqlite.CompiledIn() {
conf.SQLite = filepath.Join(osutil.CamliVarDir(), "camli-index.db")
if fi, err := os.Stat(conf.SQLite); os.IsNotExist(err) || (fi != nil && fi.Size() == 0) {
if err := initSQLiteDB(conf.SQLite); err != nil {
log.Printf("Error initializing DB %s: %v", conf.SQLite, err)
}
}
} else {
conf.KVFile = filepath.Join(osutil.CamliVarDir(), "camli-index.kvdb")
}
var keyId string
secRing := osutil.IdentitySecretRing()
_, err := os.Stat(secRing)
switch {
case err == nil:
keyId, err = jsonsign.KeyIdFromRing(secRing)
if err != nil {
return fmt.Errorf("Could not find any keyId in file %q: %v", secRing, err)
}
log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing)
case os.IsNotExist(err):
keyId, err = jsonsign.GenerateNewSecRing(secRing)
if err != nil {
return fmt.Errorf("Could not generate new secRing at file %q: %v", secRing, err)
}
log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing)
}
if err != nil {
return fmt.Errorf("Could not stat secret ring %q: %v", secRing, err)
}
conf.Identity = keyId
conf.IdentitySecretRing = secRing
confData, err := json.MarshalIndent(conf, "", " ")
if err != nil {
return fmt.Errorf("Could not json encode config file : %v", err)
}
if err := ioutil.WriteFile(path, confData, 0600); err != nil {
return fmt.Errorf("Could not create or write default server config: %v", err)
}
return nil
}
func getSignerPublicKeyBlobref() (signerRef blob.Ref, armored string, ok bool) {
configOnce.Do(parseConfig)
key := "keyId"
keyId, ok := config[key].(string)
if !ok {
log.Printf("No key %q in JSON configuration file %q; have you run \"camput init\"?", key, osutil.UserClientConfigPath())
return
}
keyRing, hasKeyRing := config["secretRing"].(string)
if !hasKeyRing {
if fn := osutil.IdentitySecretRing(); fileExists(fn) {
keyRing = fn
} else if fn := jsonsign.DefaultSecRingPath(); fileExists(fn) {
keyRing = fn
} else {
log.Printf("Couldn't find keyId %q; no 'secretRing' specified in config file, and no standard secret ring files exist.")
return
}
}
entity, err := jsonsign.EntityFromSecring(keyId, keyRing)
if err != nil {
log.Printf("Couldn't find keyId %q in secret ring: %v", keyId, err)
return
}
armored, err = jsonsign.ArmoredPublicKey(entity)
if err != nil {
log.Printf("Error serializing public key: %v", err)
return
}
// TODO(mpl): integrate with getSelfPubKeyDir if possible.
selfPubKeyDir, ok := config["selfPubKeyDir"].(string)
if !ok {
selfPubKeyDir = osutil.KeyBlobsDir()
log.Printf("No 'selfPubKeyDir' defined in %q, defaulting to %v", osutil.UserClientConfigPath(), selfPubKeyDir)
}
fi, err := os.Stat(selfPubKeyDir)
if err != nil || !fi.IsDir() {
log.Printf("selfPubKeyDir of %q doesn't exist or not a directory", selfPubKeyDir)
return
}
br := blob.SHA1FromString(armored)
pubFile := filepath.Join(selfPubKeyDir, br.String()+".camli")
fi, err = os.Stat(pubFile)
if err != nil {
err = ioutil.WriteFile(pubFile, []byte(armored), 0644)
if err != nil {
log.Printf("Error writing public key to %q: %v", pubFile, err)
return
}
}
return br, armored, true
}
// TODO: move to config package?
func SignerPublicKeyBlobref() *blobref.BlobRef {
configOnce.Do(parseConfig)
key := "keyId"
keyId, ok := config[key].(string)
if !ok {
log.Printf("No key %q in JSON configuration file %q; have you run \"camput init\"?", key, ConfigFilePath())
return nil
}
keyRing, hasKeyRing := config["secretRing"].(string)
if !hasKeyRing {
if fn := osutil.IdentitySecretRing(); fileExists(fn) {
keyRing = fn
} else if fn := jsonsign.DefaultSecRingPath(); fileExists(fn) {
keyRing = fn
} else {
log.Printf("Couldn't find keyId %q; no 'secretRing' specified in config file, and no standard secret ring files exist.")
return nil
}
}
entity, err := jsonsign.EntityFromSecring(keyId, keyRing)
if err != nil {
log.Printf("Couldn't find keyId %q in secret ring: %v", keyId, err)
return nil
}
armored, err := jsonsign.ArmoredPublicKey(entity)
if err != nil {
log.Printf("Error serializing public key: %v", err)
return nil
}
selfPubKeyDir, ok := config["selfPubKeyDir"].(string)
if !ok {
log.Printf("No 'selfPubKeyDir' defined in %q", ConfigFilePath())
return nil
}
fi, err := os.Stat(selfPubKeyDir)
if err != nil || !fi.IsDir() {
log.Printf("selfPubKeyDir of %q doesn't exist or not a directory", selfPubKeyDir)
return nil
}
br := blobref.SHA1FromString(armored)
pubFile := filepath.Join(selfPubKeyDir, br.String()+".camli")
log.Printf("key file: %q", pubFile)
fi, err = os.Stat(pubFile)
if err != nil {
err = ioutil.WriteFile(pubFile, []byte(armored), 0644)
if err != nil {
log.Printf("Error writing public key to %q: %v", pubFile, err)
return nil
}
}
return br
}
func (c *initCmd) getPublicKeyArmored(keyId string) (b []byte, err error) {
files := []string{osutil.IdentitySecretRing(), jsonsign.DefaultSecRingPath()}
for _, file := range files {
b, err = c.getPublicKeyArmoredFromFile(file, keyId)
if err == nil {
return b, nil
}
}
return nil, fmt.Errorf("failed to export armored public key ID %q from locations: %q", keyId, files)
}
func (c *Client) SecretRingFile() string {
configOnce.Do(parseConfig)
keyRing, ok := config["secretRing"].(string)
if ok && keyRing != "" {
return keyRing
}
if keyRing = osutil.IdentitySecretRing(); fileExists(keyRing) {
return keyRing
}
return jsonsign.DefaultSecRingPath()
}
func newDefaultConfigFile(path string) error {
conf := defaultConfigFile{
Listen: ":3179",
HTTPS: false,
Auth: "localhost",
ReplicateTo: make([]interface{}, 0),
}
blobDir := osutil.CamliBlobRoot()
if err := os.MkdirAll(blobDir, 0700); err != nil {
return fmt.Errorf("Could not create default blobs directory: %v", err)
}
conf.BlobPath = blobDir
conf.SQLite = filepath.Join(osutil.CamliVarDir(), "camli-index.db")
var keyId string
secRing := osutil.IdentitySecretRing()
_, err := os.Stat(secRing)
switch {
case err == nil:
keyId, err = jsonsign.KeyIdFromRing(secRing)
log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing)
case os.IsNotExist(err):
keyId, err = jsonsign.GenerateNewSecRing(secRing)
log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing)
}
if err != nil {
return fmt.Errorf("Secret ring: %v", err)
}
conf.Identity = keyId
conf.IdentitySecretRing = secRing
confData, err := json.MarshalIndent(conf, "", " ")
if err != nil {
return fmt.Errorf("Could not json encode config file : %v", err)
}
if err := ioutil.WriteFile(path, confData, 0600); err != nil {
return fmt.Errorf("Could not create or write default server config: %v", err)
}
if sqlite.CompiledIn() {
if fi, err := os.Stat(conf.SQLite); os.IsNotExist(err) || (fi != nil && fi.Size() == 0) {
if err := initSQLiteDB(conf.SQLite); err != nil {
log.Printf("Error initializing DB %s: %v", conf.SQLite, err)
}
}
} else {
log.Printf("Wrote config file assuming SQLite, but SQLite is not available. Recompile with SQLite or modify %s and pick an index type. Please see http://camlistore.org/docs/server-config#windows", path)
return errors.New("Newly written configuration not usable.")
}
return nil
}
// SecretRingFile returns the filename to the user's GPG secret ring.
// The value comes from either a command-line flag, the
// CAMLI_SECRET_RING environment variable, the client config file's
// "identitySecretRing" value, or the operating system default location.
func (c *Client) SecretRingFile() string {
if flagSecretRing != "" {
return flagSecretRing
}
if e := os.Getenv("CAMLI_SECRET_RING"); e != "" {
return e
}
configOnce.Do(parseConfig)
if config == nil || config.identitySecretRing == "" {
return osutil.IdentitySecretRing()
}
return config.identitySecretRing
}
// SecretRingFile returns the filename to the user's GPG secret ring.
// The value comes from either a command-line flag, the
// CAMLI_SECRET_RING environment variable, the client config file's
// "identitySecretRing" value, or the operating system default location.
func (c *Client) SecretRingFile() string {
if flagSecretRing != "" {
return flagSecretRing
}
if e := os.Getenv("CAMLI_SECRET_RING"); e != "" {
return e
}
if android.OnAndroid() {
panic("CAMLI_SECRET_RING should have been defined when on android")
}
configOnce.Do(parseConfig)
if config.IdentitySecretRing == "" {
return osutil.IdentitySecretRing()
}
return config.IdentitySecretRing
}
func newDefaultConfigFile(path string) error {
conf :=
`{
"listen": "localhost:3179",
"TLS": false,
"auth": "userpass:camlistore:pass3179:+localhost",
"identity": "%KEYID%",
"identitySecretRing": "%SECRING%",
"blobPath": "%BLOBPATH%",
"mysql": "",
"mongo": "",
"s3": "",
"replicateTo": [],
"publish": {}
}
`
blobDir := osutil.CamliBlobRoot()
if err := os.MkdirAll(blobDir, 0700); err != nil {
return fmt.Errorf("Could not create default blobs directory: %v", err)
}
conf = strings.Replace(conf, "%BLOBPATH%", blobDir, 1)
var keyId string
secRing := osutil.IdentitySecretRing()
_, err := os.Stat(secRing)
switch {
case err == nil:
keyId, err = keyIdFromRing(secRing)
log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing)
case os.IsNotExist(err):
keyId, err = generateNewSecRing(secRing)
log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing)
}
if err != nil {
return fmt.Errorf("Secret ring: %v", err)
}
conf = strings.Replace(conf, "%SECRING%", secRing, 1)
conf = strings.Replace(conf, "%KEYID%", keyId, 1)
if err := ioutil.WriteFile(path, []byte(conf), 0600); err != nil {
return fmt.Errorf("Could not create or write default server config: %v", err)
}
return nil
}
func newDefaultConfigFile(path string) error {
conf := defaultConfigFile{
Listen: ":3179",
HTTPS: false,
Auth: "localhost",
ReplicateTo: make([]interface{}, 0),
}
blobDir := osutil.CamliBlobRoot()
if err := os.MkdirAll(blobDir, 0700); err != nil {
return fmt.Errorf("Could not create default blobs directory: %v", err)
}
conf.BlobPath = blobDir
var keyId string
secRing := osutil.IdentitySecretRing()
_, err := os.Stat(secRing)
switch {
case err == nil:
keyId, err = keyIdFromRing(secRing)
log.Printf("Re-using identity with keyId %q found in file %s", keyId, secRing)
case os.IsNotExist(err):
keyId, err = generateNewSecRing(secRing)
log.Printf("Generated new identity with keyId %q in file %s", keyId, secRing)
}
if err != nil {
return fmt.Errorf("Secret ring: %v", err)
}
conf.Identity = keyId
conf.IdentitySecretRing = secRing
confData, err := json.MarshalIndent(conf, "", " ")
if err != nil {
return fmt.Errorf("Could not json encode config file : %v", err)
}
if err := ioutil.WriteFile(path, confData, 0600); err != nil {
return fmt.Errorf("Could not create or write default server config: %v", err)
}
return nil
}
// EntityFromSecring returns the openpgp Entity from keyFile that matches keyId. If empty, keyFile defaults to osutil.IdentitySecretRing().
func EntityFromSecring(keyId, keyFile string) (*openpgp.Entity, error) {
keyId = strings.ToUpper(keyId)
if keyFile == "" {
keyFile = osutil.IdentitySecretRing()
}
secring, err := os.Open(keyFile)
if err != nil {
return nil, fmt.Errorf("jsonsign: failed to open keyring: %v", err)
}
defer secring.Close()
el, err := openpgp.ReadKeyRing(secring)
if err != nil {
return nil, fmt.Errorf("openpgp.ReadKeyRing of %q: %v", keyFile, err)
}
var entity *openpgp.Entity
for _, e := range el {
pk := e.PrivateKey
if pk == nil || (pk.KeyIdString() != keyId && pk.KeyIdShortString() != keyId) {
continue
}
entity = e
}
if entity == nil {
found := []string{}
for _, e := range el {
pk := e.PrivateKey
if pk == nil {
continue
}
found = append(found, pk.KeyIdShortString())
}
return nil, fmt.Errorf("didn't find a key in %q for keyId %q; other keyIds in file = %v", keyFile, keyId, found)
}
return entity, nil
}
func parseConfig() {
if android.OnAndroid() {
panic("parseConfig should never have been called on Android")
}
configPath := osutil.UserClientConfigPath()
if _, err := os.Stat(configPath); os.IsNotExist(err) {
errMsg := fmt.Sprintf("Client configuration file %v does not exist. See 'camput init' to generate it.", configPath)
if keyId := serverKeyId(); keyId != "" {
hint := fmt.Sprintf("\nThe key id %v was found in the server config %v, so you might want:\n'camput init -gpgkey %v'", keyId, osutil.UserServerConfigPath(), keyId)
errMsg += hint
}
log.Fatal(errMsg)
}
// TODO: instead of using jsonconfig, we could read the file, and unmarshall into the structs that we now have in pkg/types/clientconfig. But we'll have to add the old fields (before the name changes, and before the multi-servers change) to the structs as well for our gracefull conversion/error messages to work.
conf, err := jsonconfig.ReadFile(configPath)
if err != nil {
log.Fatal(err.Error())
}
cfg := jsonconfig.Obj(conf)
if singleServerAuth := cfg.OptionalString("auth", ""); singleServerAuth != "" {
newConf, err := convertToMultiServers(cfg)
if err != nil {
log.Print(err)
} else {
cfg = newConf
}
}
config = &clientconfig.Config{
Identity: cfg.OptionalString("identity", ""),
IdentitySecretRing: cfg.OptionalString("identitySecretRing", osutil.IdentitySecretRing()),
IgnoredFiles: cfg.OptionalList("ignoredFiles"),
}
serversList := make(map[string]*clientconfig.Server)
servers := cfg.OptionalObject("servers")
for alias, vei := range servers {
// An alias should never be confused with a host name,
// so we forbid anything looking like one.
if isURLOrHostPort(alias) {
log.Fatalf("Server alias %q looks like a hostname; \".\" or \";\" are not allowed.", alias)
}
serverMap, ok := vei.(map[string]interface{})
if !ok {
log.Fatalf("entry %q in servers section is a %T, want an object", alias, vei)
}
serverConf := jsonconfig.Obj(serverMap)
server := &clientconfig.Server{
Server: cleanServer(serverConf.OptionalString("server", "")),
Auth: serverConf.OptionalString("auth", ""),
IsDefault: serverConf.OptionalBool("default", false),
TrustedCerts: serverConf.OptionalList("trustedCerts"),
}
if err := serverConf.Validate(); err != nil {
log.Fatalf("Error in servers section of config file for server %q: %v", alias, err)
}
serversList[alias] = server
}
config.Servers = serversList
if err := cfg.Validate(); err != nil {
printConfigChangeHelp(cfg)
log.Fatalf("Error in config file: %v", err)
}
}
func (c *initCmd) RunCommand(args []string) error {
if len(args) > 0 {
return cmdmain.ErrUsage
}
if c.newKey && c.gpgkey != "" {
log.Fatal("--newkey and --gpgkey are mutually exclusive")
}
blobDir := osutil.KeyBlobsDir()
if err := os.MkdirAll(blobDir, 0700); err != nil {
return err
}
var keyId string
var err error
secRing := osutil.IdentitySecretRing()
if c.newKey {
keyId, err = jsonsign.GenerateNewSecRing(secRing)
if err != nil {
return err
}
} else {
keyId, err = c.keyId(secRing)
if err != nil {
return err
}
}
pubArmor, err := c.getPublicKeyArmored(keyId)
if err != nil {
return err
}
bref := blob.SHA1FromString(string(pubArmor))
keyBlobPath := path.Join(blobDir, bref.String()+".camli")
if err = ioutil.WriteFile(keyBlobPath, pubArmor, 0644); err != nil {
log.Fatalf("Error writing public key blob to %q: %v", keyBlobPath, err)
}
if ok, err := jsonsign.VerifyPublicKeyFile(keyBlobPath, keyId); !ok {
log.Fatalf("Error verifying public key at %q: %v", keyBlobPath, err)
}
log.Printf("Your Camlistore identity (your GPG public key's blobref) is: %s", bref.String())
if c.noconfig {
return nil
}
configFilePath := osutil.UserClientConfigPath()
_, err = os.Stat(configFilePath)
if err == nil {
log.Fatalf("Config file %q already exists; quitting without touching it.", configFilePath)
}
if f, err := os.OpenFile(configFilePath, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600); err == nil {
defer f.Close()
m := &clientconfig.Config{
Servers: map[string]*clientconfig.Server{
"localhost": {
Server: "http://localhost:3179",
IsDefault: true,
Auth: "localhost",
},
},
Identity: keyId,
IgnoredFiles: []string{".DS_Store"},
}
jsonBytes, err := json.MarshalIndent(m, "", " ")
if err != nil {
log.Fatalf("JSON serialization error: %v", err)
}
_, err = f.Write(jsonBytes)
if err != nil {
log.Fatalf("Error writing to %q: %v", configFilePath, err)
}
log.Printf("Wrote %q; modify as necessary.", configFilePath)
}
return nil
}
func (sr *SignRequest) secretRingPath() string {
if sr.SecretKeyringPath != "" {
return sr.SecretKeyringPath
}
return osutil.IdentitySecretRing()
}
func (c *initCmd) RunCommand(args []string) error {
if len(args) > 0 {
return cmdmain.ErrUsage
}
if c.newKey && c.gpgkey != "" {
log.Fatal("--newkey and --gpgkey are mutually exclusive")
}
blobDir := path.Join(osutil.CamliConfigDir(), "keyblobs")
os.Mkdir(osutil.CamliConfigDir(), 0700)
os.Mkdir(blobDir, 0700)
var keyId string
var err error
secRing := osutil.IdentitySecretRing()
if c.newKey {
keyId, err = jsonsign.GenerateNewSecRing(secRing)
if err != nil {
return err
}
} else {
keyId, err = c.keyId(secRing)
if err != nil {
return err
}
}
if os.Getenv("GPG_AGENT_INFO") == "" {
log.Printf("No GPG_AGENT_INFO found in environment; you should setup gnupg-agent. camput might be annoying otherwise, if your private key is encrypted.")
}
pubArmor, err := c.getPublicKeyArmored(keyId)
if err != nil {
return err
}
bref := blobref.SHA1FromString(string(pubArmor))
keyBlobPath := path.Join(blobDir, bref.String()+".camli")
if err = ioutil.WriteFile(keyBlobPath, pubArmor, 0644); err != nil {
log.Fatalf("Error writing public key blob to %q: %v", keyBlobPath, err)
}
if ok, err := jsonsign.VerifyPublicKeyFile(keyBlobPath, keyId); !ok {
log.Fatalf("Error verifying public key at %q: %v", keyBlobPath, err)
}
log.Printf("Your Camlistore identity (your GPG public key's blobref) is: %s", bref.String())
configFilePath := osutil.UserClientConfigPath()
_, err = os.Stat(configFilePath)
if err == nil {
log.Fatalf("Config file %q already exists; quitting without touching it.", configFilePath)
}
if f, err := os.OpenFile(configFilePath, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600); err == nil {
defer f.Close()
m := make(map[string]interface{})
m["keyId"] = keyId // TODO(bradfitz): make this 'identity' to match server config?
m["publicKeyBlobref"] = bref.String() // TODO(bradfitz): not used anymore?
m["server"] = "http://localhost:3179/"
m["selfPubKeyDir"] = blobDir
m["auth"] = "localhost"
jsonBytes, err := json.MarshalIndent(m, "", " ")
if err != nil {
log.Fatalf("JSON serialization error: %v", err)
}
_, err = f.Write(jsonBytes)
if err != nil {
log.Fatalf("Error writing to %q: %v", configFilePath, err)
}
log.Printf("Wrote %q; modify as necessary.", configFilePath)
}
return nil
}
func FlagEntityFetcher() *FileEntityFetcher {
return &FileEntityFetcher{File: osutil.IdentitySecretRing()}
}
func (h *Handler) secretRingPath() string {
if h.secretRing != "" {
return h.secretRing
}
return osutil.IdentitySecretRing()
}