diff options
| author | Matt Goins <mjgoins@openflows.com> | 2008-10-31 16:05:13 -0400 |
|---|---|---|
| committer | Matt Goins <mjgoins@openflows.com> | 2008-10-31 16:05:13 -0400 |
| commit | 7f79f55addb03d438f1afebfc19be8086f7afc9a (patch) | |
| tree | 80cc83b351ed3690f40c51d777d3ca3ec240cae5 | |
| parent | 680d7340d29d16325eb991feb37885d6faa955e2 (diff) | |
| parent | dbd07cf1282c4831f605924e9b13d34278db7f86 (diff) | |
Merge commit 'dkg/master'
22 files changed, 213 insertions, 13 deletions
@@ -17,7 +17,7 @@ tarball: clean mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) - tar -ch monkeysphere-$(MONKEYSPHERE_VERSION) | gzip -n > monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz + tar -ch --exclude='*~' monkeysphere-$(MONKEYSPHERE_VERSION) | gzip -n > monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) debian-package: tarball @@ -62,4 +62,4 @@ installman: releasenote: ./utils/build-releasenote -.PHONY: all clean tarball debian-package install releasenote +.PHONY: all tarball debian-package freebsd-distinfo clean install installman releasenote diff --git a/debian/changelog b/debian/changelog index a7514a3..300175d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +monkeysphere (0.20-1) UNRELEASED; urgency=low + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 30 Oct 2008 15:03:23 -0400 + monkeysphere (0.19-1) experimental; urgency=low [ Daniel Kahn Gillmor ] diff --git a/debian/control b/debian/control index efd734b..ccc3ad2 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: monkeysphere Section: net Priority: extra Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -Uploaders: Jameson Graef Rollins <jrollins@phys.columbia.edu> +Uploaders: Jameson Graef Rollins <jrollins@finestructure.net> Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) Standards-Version: 3.8.0.1 Homepage: http://web.monkeysphere.info/ diff --git a/debian/monkeysphere.dirs b/debian/monkeysphere.dirs index cfafe15..1f9e66b 100644 --- a/debian/monkeysphere.dirs +++ b/debian/monkeysphere.dirs @@ -7,6 +7,6 @@ usr/share usr/share/monkeysphere usr/share/man usr/share/man/man1 -usr/share/man/man5 +usr/share/man/man7 usr/share/man/man8 etc/monkeysphere diff --git a/doc/george/changelog b/doc/george/changelog index 74daf17..83d6843 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -7,6 +7,11 @@ * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-10-29 - dkg + * aptitude update && aptitude full-upgrade + * brought monkeysphere up to 0.19-1 + * removed tasksel + 2008-10-25 - dkg * aptitude update && aptitude full-upgrade * brought monkeysphere up to 0.16-1 diff --git a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff new file mode 100644 index 0000000..2450bc3 --- /dev/null +++ b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff @@ -0,0 +1,144 @@ +--- ./lib/opencdk/opencdk.h.orig 2008-06-30 16:45:51.000000000 -0400 ++++ ./lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400 +@@ -214,7 +214,11 @@ + enum cdk_s2k_type_t { + CDK_S2K_SIMPLE = 0, + CDK_S2K_SALTED = 1, +- CDK_S2K_ITERSALTED = 3 ++ CDK_S2K_ITERSALTED = 3, ++ CDK_S2K_GNU_EXT = 101 ++ /* GNU S2K extensions: refer to DETAILS from GnuPG: ++ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG ++ */ + }; + + +--- ./lib/opencdk/read-packet.c.orig 2008-06-30 16:45:51.000000000 -0400 ++++ ./lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400 +@@ -78,10 +78,35 @@ + } + + +-static int ++/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */ ++static cdk_error_t + read_s2k (cdk_stream_t inp, cdk_s2k_t s2k) + { +- return CDK_Not_Implemented; ++ size_t nread; ++ ++ s2k->mode = cdk_stream_getc (inp); ++ s2k->hash_algo = cdk_stream_getc (inp); ++ if (s2k->mode == CDK_S2K_SIMPLE) ++ return 0; ++ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) ++ { ++ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) ++ return CDK_Inv_Packet; ++ if (nread != DIM (s2k->salt)) ++ return CDK_Inv_Packet; ++ ++ if (s2k->mode == CDK_S2K_ITERSALTED) ++ s2k->count = cdk_stream_getc (inp); ++ } ++ else if (s2k->mode == CDK_S2K_GNU_EXT) ++ { ++ /* GNU extensions to the S2K : read DETAILS from gnupg */ ++ return 0; ++ } ++ else ++ return CDK_Not_Implemented; ++ ++ return 0; + } + + +@@ -194,6 +219,7 @@ + static cdk_error_t + read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske) + { ++ cdk_error_t ret; + cdk_s2k_t s2k; + size_t minlen; + size_t nread, nleft; +@@ -213,7 +239,9 @@ + return CDK_Out_Of_Core; + + ske->cipher_algo = cdk_stream_getc (inp); +- s2k->mode = cdk_stream_getc (inp); ++ ret = read_s2k(inp, s2k); ++ if (ret != 0) ++ return ret; + switch (s2k->mode) + { + case CDK_S2K_SIMPLE : minlen = 0; break; +@@ -225,18 +253,6 @@ + return CDK_Inv_Packet; + } + +- s2k->hash_algo = cdk_stream_getc (inp); +- if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) +- { +- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) +- return CDK_Inv_Packet; +- if (nread != DIM (s2k->salt)) +- return CDK_Inv_Packet; +- +- if (s2k->mode == CDK_S2K_ITERSALTED) +- s2k->count = cdk_stream_getc (inp); +- } +- + ske->seskeylen = pktlen - 4 - minlen; + /* We check if there is an encrypted session key and if it fits into + the buffer. The maximal key length is 256-bit. */ +@@ -421,14 +437,19 @@ + rc = read_s2k (inp, sk->protect.s2k); + if (rc) + return rc; +- sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); +- if (!sk->protect.ivlen) +- return CDK_Inv_Packet; +- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); +- if (rc) +- return rc; +- if (nread != sk->protect.ivlen) +- return CDK_Inv_Packet; ++ /* refer to --export-secret-subkeys in gpg(1) */ ++ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) ++ sk->protect.ivlen = 0; ++ else { ++ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); ++ if (!sk->protect.ivlen) ++ return CDK_Inv_Packet; ++ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); ++ if (rc) ++ return rc; ++ if (nread != sk->protect.ivlen) ++ return CDK_Inv_Packet; ++ } + } + else + sk->protect.algo = sk->s2k_usage; +@@ -476,6 +497,22 @@ + return CDK_Out_Of_Core; + if (stream_read (inp, sk->encdata, sk->enclen, &nread)) + return CDK_Inv_Packet; ++ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */ ++ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) { ++ unsigned char gnumode; ++ if ((sk->enclen < strlen("GNU") + 1) || ++ (0 != memcmp("GNU", sk->encdata, strlen("GNU")))) ++ return CDK_Inv_Packet; ++ gnumode = sk->encdata[strlen("GNU")]; ++ /* we only handle gnu-dummy (mode 1). ++ mode 2 should refer to external smart cards. ++ */ ++ if (gnumode != 1) ++ return CDK_Inv_Packet; ++ /* gnu-dummy should have no more data */ ++ if (sk->enclen != strlen("GNU") + 1) ++ return CDK_Inv_Packet; ++ } + nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); + if (!nskey) + return CDK_Inv_Algo; diff --git a/packaging/freebsd/Makefile b/packaging/freebsd/security/monkeysphere/Makefile index 984bc87..984bc87 100644 --- a/packaging/freebsd/Makefile +++ b/packaging/freebsd/security/monkeysphere/Makefile diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/security/monkeysphere/distinfo index 86aecd1..86aecd1 100644 --- a/packaging/freebsd/distinfo +++ b/packaging/freebsd/security/monkeysphere/distinfo diff --git a/packaging/freebsd/files/patch-etclocation b/packaging/freebsd/security/monkeysphere/files/patch-etclocation index 0100a9c..2ab3ac0 100644 --- a/packaging/freebsd/files/patch-etclocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-etclocation @@ -6,8 +6,8 @@ index c001f2d..d33fd36 100644 # authorized_keys file. '%h' will be replaced by the home directory # of the user, and %u will be replaced by the username of the user. # For purely admin-controlled authorized_user_ids, you might put them --# in /etc/monkeysphere/authorized_user_ids/%u -+# in /usr/local/etc/monkeysphere/authorized_user_ids/%u +-# in /etc/monkeysphere/authorized_user_ids/%u, for instance. ++# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance. #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" # Whether to add user controlled authorized_keys file to diff --git a/packaging/freebsd/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation index 99c9604..99c9604 100644 --- a/packaging/freebsd/files/patch-sharelocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation diff --git a/packaging/freebsd/files/patch-varlocation b/packaging/freebsd/security/monkeysphere/files/patch-varlocation index c4d8dcd..c4d8dcd 100644 --- a/packaging/freebsd/files/patch-varlocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-varlocation diff --git a/packaging/freebsd/pkg-deinstall b/packaging/freebsd/security/monkeysphere/pkg-deinstall index 3000878..3000878 100755 --- a/packaging/freebsd/pkg-deinstall +++ b/packaging/freebsd/security/monkeysphere/pkg-deinstall diff --git a/packaging/freebsd/pkg-descr b/packaging/freebsd/security/monkeysphere/pkg-descr index 9adc44f..9adc44f 100644 --- a/packaging/freebsd/pkg-descr +++ b/packaging/freebsd/security/monkeysphere/pkg-descr diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/security/monkeysphere/pkg-install index d7e4dbe..70d37b5 100755 --- a/packaging/freebsd/pkg-install +++ b/packaging/freebsd/security/monkeysphere/pkg-install @@ -65,7 +65,7 @@ POST-INSTALL) install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf - chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf + install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys monkeysphere-server diagnostics ;; diff --git a/packaging/freebsd/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist index 04a704a..04a704a 100644 --- a/packaging/freebsd/pkg-plist +++ b/packaging/freebsd/security/monkeysphere/pkg-plist diff --git a/repo/conf/options b/repo/conf/options index c00ee94..6de6cad 100644 --- a/repo/conf/options +++ b/repo/conf/options @@ -1 +1,2 @@ verbose +keepunreferencedfiles diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 5f0cb73..e78903b 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -134,7 +134,7 @@ show_server_key() { # dumping to a file named ' ' so that the ssh-keygen output # doesn't claim any potentially bogus hostname(s): - tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ " echo -n "ssh fingerprint: " (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }') @@ -180,7 +180,7 @@ update_users() { log verbose "----- user: $uname -----" # make temporary directory - TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) + TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" # trap to delete temporary directory on exit trap "rm -rf $TMPLOC" EXIT diff --git a/tests/basic b/tests/basic index d735578..289a1b7 100755 --- a/tests/basic +++ b/tests/basic @@ -14,6 +14,13 @@ # all subcommands in this script should complete without failure: set -e +## make sure that the right tools are installed to run the test. the +## test has *more* requirements than plain ol' monkeysphere: + +which socat || { echo "You must have socat installed to run this test." ; exit 1; } + +## FIXME: other checks? + # gpg command for test admin user gpgadmin() { GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" diff --git a/utils/build-freebsd-distinfo b/utils/build-freebsd-distinfo index 5d4a2e8..a333ba7 100755 --- a/utils/build-freebsd-distinfo +++ b/utils/build-freebsd-distinfo @@ -6,6 +6,6 @@ VERSION=`head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` echo "MD5 (monkeysphere_${VERSION}.orig.tar.gz) =" $(md5sum "monkeysphere_${VERSION}.orig.tar.gz" | cut -f1 -d\ ) echo "SHA256 (monkeysphere_${VERSION}.orig.tar.gz) =" $(sha256sum "monkeysphere_${VERSION}.orig.tar.gz" | cut -f1 -d\ ) echo "SIZE (monkeysphere_${VERSION}.orig.tar.gz) =" $(stat -c %s "monkeysphere_${VERSION}.orig.tar.gz") -} > packaging/freebsd/distinfo +} > packaging/freebsd/security/monkeysphere/distinfo -sed -i~ 's/^PORTVERSION=.*$/PORTVERSION= '"${VERSION}"/ packaging/freebsd/Makefile +sed -i~ 's/^PORTVERSION=.*$/PORTVERSION= '"${VERSION}"/ packaging/freebsd/security/monkeysphere/Makefile diff --git a/utils/releasenote.header b/utils/releasenote.header index 1dbc5b9..cf08728 100644 --- a/utils/releasenote.header +++ b/utils/releasenote.header @@ -1,7 +1,5 @@ [[meta title="Monkeysphere __VERSION__ released!"]] -# Monkeysphere __VERSION__ released! # - Monkeysphere __VERSION__ has been released. Notes from the changelog: diff --git a/website/news/FreeBSD-port-available.mdwn b/website/news/FreeBSD-port-available.mdwn new file mode 100644 index 0000000..a03af4e --- /dev/null +++ b/website/news/FreeBSD-port-available.mdwn @@ -0,0 +1,31 @@ +[[meta title="FreeBSD port available"]] + +There is now a FreeBSD port available for the Monkeysphere. + +It has been built and tested (so far) on a FreeBSD 7.1 AMD64 system, +installed from the [BETA2 +ISOs](ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.1/). Many +thanks to [Anarcat](http://anarcat.ath.cx/pgp) for his work in pulling +this port together! + +While the monkeysphere is not officially included in the ports tree +yet, [a problem +report](http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/128406) has +been submitted, and the package itself is functional. + +The latest version of the ports directory can be found in [the git +repository](/community) under +`packaging/freebsd/security/monkeysphere`. Please [let us +know](/community) if you encounter any problems with it on a FreeBSD +system. + +If you have git installed on your FreeBSD system, you should be able +to build the latest port with: + + git clone git://git.monkeysphere.info/monkeysphere + cp -a monkeysphere/packaging/freebsd/security/monkeysphere /usr/ports/security + cd /usr/ports/security/monkeysphere + make && make install + +Happy Hacking! + diff --git a/website/why.mdwn b/website/why.mdwn index 3d67d32..5c060a5 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -137,6 +137,9 @@ than the current infrastructure allows, and is more meaningful to actual humans using these tools than some message like "Certified by GloboTrust". +You may also be interested in [some thoughts about alternate PKIs for +SSH](/similar). + ## Philosophy ## Humans (and |