Bug 354381

Summary: server key file has wrong permissions, passphrase file gets overwritten
Product: [Fedora] Fedora Reporter: Thomas Moschny <thomas.moschny>
Component: monotoneAssignee: Roland McGrath <roland>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.37-3.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-01 21:13:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas Moschny 2007-10-26 16:18:37 UTC 
Description of problem:

First, more severe problem: Running 'service monotone genkey' generates a new 
key in /etc/monotone/private-keys/HOSTNAME, with permissions '0600', and 
ownership 'root:monotone'. The monotone server process runs as 
user 'monotone', thus it cannot read that file, and will refuse to start. 
Permissions should be changed to '0640' after generation by the init script.

Second, minor problem: If HOSTNAME changes for some reason, and 'service 
monotone genkey' is run a second time (maybe by mistake), a new key file will 
be generated (no problem), but /etc/monotone/passphrase.lua will silently be 
overwritten, so the old server key is essentially lost. Easiest solution would 
be to make the init script refuse to generate a second key if passphrase.lua 
is already present.

Version-Release number of selected component (if applicable):
monotone-server-0.35-3.fc7
Comment 1 Fedora Update System 2007-11-01 21:13:53 UTC 
monotone-0.37-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 2 Fedora Update System 2007-11-06 16:03:39 UTC 
monotone-0.37-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.