summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@finestructure.net>2009-03-10 11:43:03 -0400
committerJameson Graef Rollins <jrollins@finestructure.net>2009-03-10 11:43:03 -0400
commit4d3d6d2b49d21e5e1ed0b0d3e32d21f99b0e2588 (patch)
treea331ab2963d2804bd2cadc3c43805f2b0e8c7f4f
parent0260604f7a205964dfec7ee7c29a37d6ed190b31 (diff)
parent69b3e256e2017d5664ef37d06aae5e5bcf446575 (diff)
Merge commit 'dkg/master'
-rw-r--r--packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff144
-rw-r--r--packaging/freebsd/security/monkeysphere/Makefile68
-rw-r--r--packaging/freebsd/security/monkeysphere/distinfo6
-rw-r--r--packaging/freebsd/security/monkeysphere/files/patch-etclocation54
-rw-r--r--packaging/freebsd/security/monkeysphere/files/patch-sharelocation33
-rw-r--r--packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host11
-rw-r--r--packaging/freebsd/security/monkeysphere/files/patch-src_share_keytrans11
-rw-r--r--packaging/freebsd/security/monkeysphere/files/patch-varlocation90
-rwxr-xr-xpackaging/freebsd/security/monkeysphere/pkg-deinstall4
-rwxr-xr-xpackaging/freebsd/security/monkeysphere/pkg-install16
-rw-r--r--packaging/freebsd/security/monkeysphere/pkg-plist47
-rwxr-xr-xsrc/monkeysphere-host2
12 files changed, 110 insertions, 376 deletions
diff --git a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff
deleted file mode 100644
index 2450bc3..0000000
--- a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff
+++ /dev/null
@@ -1,144 +0,0 @@
---- ./lib/opencdk/opencdk.h.orig 2008-06-30 16:45:51.000000000 -0400
-+++ ./lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400
-@@ -214,7 +214,11 @@
- enum cdk_s2k_type_t {
- CDK_S2K_SIMPLE = 0,
- CDK_S2K_SALTED = 1,
-- CDK_S2K_ITERSALTED = 3
-+ CDK_S2K_ITERSALTED = 3,
-+ CDK_S2K_GNU_EXT = 101
-+ /* GNU S2K extensions: refer to DETAILS from GnuPG:
-+ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
-+ */
- };
-
-
---- ./lib/opencdk/read-packet.c.orig 2008-06-30 16:45:51.000000000 -0400
-+++ ./lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400
-@@ -78,10 +78,35 @@
- }
-
-
--static int
-+/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */
-+static cdk_error_t
- read_s2k (cdk_stream_t inp, cdk_s2k_t s2k)
- {
-- return CDK_Not_Implemented;
-+ size_t nread;
-+
-+ s2k->mode = cdk_stream_getc (inp);
-+ s2k->hash_algo = cdk_stream_getc (inp);
-+ if (s2k->mode == CDK_S2K_SIMPLE)
-+ return 0;
-+ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
-+ {
-+ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
-+ return CDK_Inv_Packet;
-+ if (nread != DIM (s2k->salt))
-+ return CDK_Inv_Packet;
-+
-+ if (s2k->mode == CDK_S2K_ITERSALTED)
-+ s2k->count = cdk_stream_getc (inp);
-+ }
-+ else if (s2k->mode == CDK_S2K_GNU_EXT)
-+ {
-+ /* GNU extensions to the S2K : read DETAILS from gnupg */
-+ return 0;
-+ }
-+ else
-+ return CDK_Not_Implemented;
-+
-+ return 0;
- }
-
-
-@@ -194,6 +219,7 @@
- static cdk_error_t
- read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske)
- {
-+ cdk_error_t ret;
- cdk_s2k_t s2k;
- size_t minlen;
- size_t nread, nleft;
-@@ -213,7 +239,9 @@
- return CDK_Out_Of_Core;
-
- ske->cipher_algo = cdk_stream_getc (inp);
-- s2k->mode = cdk_stream_getc (inp);
-+ ret = read_s2k(inp, s2k);
-+ if (ret != 0)
-+ return ret;
- switch (s2k->mode)
- {
- case CDK_S2K_SIMPLE : minlen = 0; break;
-@@ -225,18 +253,6 @@
- return CDK_Inv_Packet;
- }
-
-- s2k->hash_algo = cdk_stream_getc (inp);
-- if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
-- {
-- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
-- return CDK_Inv_Packet;
-- if (nread != DIM (s2k->salt))
-- return CDK_Inv_Packet;
--
-- if (s2k->mode == CDK_S2K_ITERSALTED)
-- s2k->count = cdk_stream_getc (inp);
-- }
--
- ske->seskeylen = pktlen - 4 - minlen;
- /* We check if there is an encrypted session key and if it fits into
- the buffer. The maximal key length is 256-bit. */
-@@ -421,14 +437,19 @@
- rc = read_s2k (inp, sk->protect.s2k);
- if (rc)
- return rc;
-- sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
-- if (!sk->protect.ivlen)
-- return CDK_Inv_Packet;
-- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
-- if (rc)
-- return rc;
-- if (nread != sk->protect.ivlen)
-- return CDK_Inv_Packet;
-+ /* refer to --export-secret-subkeys in gpg(1) */
-+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
-+ sk->protect.ivlen = 0;
-+ else {
-+ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
-+ if (!sk->protect.ivlen)
-+ return CDK_Inv_Packet;
-+ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
-+ if (rc)
-+ return rc;
-+ if (nread != sk->protect.ivlen)
-+ return CDK_Inv_Packet;
-+ }
- }
- else
- sk->protect.algo = sk->s2k_usage;
-@@ -476,6 +497,22 @@
- return CDK_Out_Of_Core;
- if (stream_read (inp, sk->encdata, sk->enclen, &nread))
- return CDK_Inv_Packet;
-+ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
-+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) {
-+ unsigned char gnumode;
-+ if ((sk->enclen < strlen("GNU") + 1) ||
-+ (0 != memcmp("GNU", sk->encdata, strlen("GNU"))))
-+ return CDK_Inv_Packet;
-+ gnumode = sk->encdata[strlen("GNU")];
-+ /* we only handle gnu-dummy (mode 1).
-+ mode 2 should refer to external smart cards.
-+ */
-+ if (gnumode != 1)
-+ return CDK_Inv_Packet;
-+ /* gnu-dummy should have no more data */
-+ if (sk->enclen != strlen("GNU") + 1)
-+ return CDK_Inv_Packet;
-+ }
- nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
- if (!nskey)
- return CDK_Inv_Algo;
diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile
index 24f9b2b..65d71f4 100644
--- a/packaging/freebsd/security/monkeysphere/Makefile
+++ b/packaging/freebsd/security/monkeysphere/Makefile
@@ -5,46 +5,62 @@
# $FreeBSD$
#
-PORTNAME= monkeysphere
-PORTVERSION= 0.22
-CATEGORIES= security
-MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/
+PORTNAME= monkeysphere
+PORTVERSION= 0.24
+CATEGORIES= security
+MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/
# hack for debian orig tarballs
-DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz
+DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz
-MAINTAINER= dkg@fifthhorseman.net
-COMMENT= use the OpenPGP web of trust to verify ssh connections
+MAINTAINER= dkg@fifthhorseman.net
+COMMENT= Use the OpenPGP web of trust to verify ssh connections
-LIB_DEPENDS= gnutls.26:${PORTSDIR}/security/gnutls
-RUN_DEPENDS= base64:${PORTSDIR}/converters/base64 \
- gpg:${PORTSDIR}/security/gnupg1 \
+RUN_DEPENDS= gpg:${PORTSDIR}/security/gnupg1 \
lockfile:${PORTSDIR}/mail/procmail \
- /usr/local/bin/getopt:${PORTSDIR}/misc/getopt \
- bash:${PORTSDIR}/shells/bash
+ bash:${PORTSDIR}/shells/bash \
+ ${SITE_PERL}/${PERL_ARCH}/Crypt/OpenSSL/RSA.pm:${PORTSDIR}/security/p5-Crypt-OpenSSL-RSA \
+ ${SITE_PERL}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1
-MAN1= monkeysphere.1 openpgp2ssh.1 monkeysphere-ssh-proxycommand.1
+MAN1= monkeysphere.1 openpgp2ssh.1 pem2openpgp.1
MAN7= monkeysphere.7
-MAN8= monkeysphere-server.8
-MANCOMPRESSED= yes
+MAN8= monkeysphere-host.8 monkeysphere-authentication.8
+MANCOMPRESSED= yes
-MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample
+MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample
-# get rid of cruft after the patching:
+# use proper system paths for FreeBSD instead of debian's:
post-patch:
- find . -iname '*.orig' -delete
+ @${REINPLACE_CMD} -e 's|/etc/monkeysphere|/usr/local/etc/monkeysphere|g' \
+ ${WRKSRC}/src/share/defaultenv \
+ ${WRKSRC}/src/transitions/0.23 \
+ ${WRKSRC}/man/man1/monkeysphere.1 \
+ ${WRKSRC}/man/man8/monkeysphere-authentication.8 \
+ ${WRKSRC}/man/man8/monkeysphere-host.8 \
+ ${WRKSRC}/etc/monkeysphere-authentication.conf
+ @${REINPLACE_CMD} -e 's|/var/lib/monkeysphere|/var/monkeysphere|g' \
+ ${WRKSRC}/src/transitions/0.23 \
+ ${WRKSRC}/man/man1/monkeysphere.1 \
+ ${WRKSRC}/man/man8/monkeysphere-authentication.8 \
+ ${WRKSRC}/man/man8/monkeysphere-host.8 \
+ ${WRKSRC}/src/monkeysphere-host \
+ ${WRKSRC}/src/monkeysphere-authentication \
+ ${WRKSRC}/doc/getting-started-admin.mdwn
+ @${REINPLACE_CMD} -e 's|/usr/share/monkeysphere|/usr/local/share/monkeysphere|g' \
+ ${WRKSRC}/src/monkeysphere-host \
+ ${WRKSRC}/src/monkeysphere-authentication \
+ ${WRKSRC}/src/monkeysphere
+ # and clean up cruft from the sed replacements:
+ ${FIND} ${WRKSRC} -name '*.bak' -delete
post-install:
- @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-host.conf ]; then \
- ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-host.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-host.conf ; \
- fi
- @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ]; then \
- ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ; \
- fi
@if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere.conf ]; then \
${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere.conf ; \
fi
- @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ]; then \
- ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ; \
+ @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf ]; then \
+ ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf ; \
+ fi
+ @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf ]; then \
+ ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf ; \
fi
.if !defined(PACKAGE_BUILDING)
@${SETENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo
index d6c6e5e..a0a9df9 100644
--- a/packaging/freebsd/security/monkeysphere/distinfo
+++ b/packaging/freebsd/security/monkeysphere/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6
-SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24
-SIZE (monkeysphere_0.22.orig.tar.gz) = 70245
+MD5 (monkeysphere_0.24.orig.tar.gz) = 8590532f4702fa44027a6a583657c9ef
+SHA256 (monkeysphere_0.24.orig.tar.gz) = 2a58cee998ddb1b21b953826fc746a743e17d94e6fa34ac9cbee4262873b5c5f
+SIZE (monkeysphere_0.24.orig.tar.gz) = 86044
diff --git a/packaging/freebsd/security/monkeysphere/files/patch-etclocation b/packaging/freebsd/security/monkeysphere/files/patch-etclocation
deleted file mode 100644
index 2ab3ac0..0000000
--- a/packaging/freebsd/security/monkeysphere/files/patch-etclocation
+++ /dev/null
@@ -1,54 +0,0 @@
-diff --git etc/monkeysphere-server.conf etc/monkeysphere-server.conf
-index c001f2d..d33fd36 100644
---- etc/monkeysphere-server.conf
-+++ etc/monkeysphere-server.conf
-@@ -17,7 +17,7 @@
- # authorized_keys file. '%h' will be replaced by the home directory
- # of the user, and %u will be replaced by the username of the user.
- # For purely admin-controlled authorized_user_ids, you might put them
--# in /etc/monkeysphere/authorized_user_ids/%u, for instance.
-+# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance.
- #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids"
-
- # Whether to add user controlled authorized_keys file to
-diff --git man/man1/monkeysphere.1 man/man1/monkeysphere.1
-index 3ece735..09320d2 100644
---- man/man1/monkeysphere.1
-+++ man/man1/monkeysphere.1
-@@ -111,7 +111,7 @@ Path to ssh authorized_keys file (~/.ssh/authorized_keys).
- ~/.monkeysphere/monkeysphere.conf
- User monkeysphere config file.
- .TP
--/etc/monkeysphere/monkeysphere.conf
-+/usr/local/etc/monkeysphere/monkeysphere.conf
- System-wide monkeysphere config file.
- .TP
- ~/.monkeysphere/authorized_user_ids
-diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8
-index f207e2c..360408e 100644
---- man/man8/monkeysphere-server.8
-+++ man/man8/monkeysphere-server.8
-@@ -203,10 +203,10 @@ User to control authentication keychain (monkeysphere).
- .SH FILES
-
- .TP
--/etc/monkeysphere/monkeysphere-server.conf
-+/usr/local/etc/monkeysphere/monkeysphere-server.conf
- System monkeysphere-server config file.
- .TP
--/etc/monkeysphere/monkeysphere.conf
-+/usr/local/etc/monkeysphere/monkeysphere.conf
- System-wide monkeysphere config file.
- .TP
- /var/lib/monkeysphere/authorized_keys/USER
---- src/common.orig 2008-10-12 14:58:00.000000000 -0400
-+++ src/common 2008-10-25 17:40:34.000000000 -0400
-@@ -16,7 +16,7 @@
- ### COMMON VARIABLES
-
- # managed directories
--SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
-+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/usr/local/etc/monkeysphere"}
- export SYSCONFIGDIR
-
- ########################################################################
diff --git a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation
deleted file mode 100644
index e41c479..0000000
--- a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation
+++ /dev/null
@@ -1,33 +0,0 @@
---- src/monkeysphere.orig 2008-10-12 14:58:00.000000000 -0400
-+++ src/monkeysphere 2008-10-25 17:41:41.000000000 -0400
-@@ -13,7 +13,7 @@
- ########################################################################
- PGRM=$(basename $0)
-
--SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
-+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
- export SYSSHAREDIR
- . "${SYSSHAREDIR}/common" || exit 1
-
---- src/monkeysphere-server.orig 2008-10-25 14:17:50.000000000 -0400
-+++ src/monkeysphere-server 2008-10-25 17:42:50.000000000 -0400
-@@ -13,7 +13,7 @@
- ########################################################################
- PGRM=$(basename $0)
-
--SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
-+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
- export SYSSHAREDIR
- . "${SYSSHAREDIR}/common" || exit 1
-
---- src/monkeysphere-ssh-proxycommand.orig
-+++ src/monkeysphere-ssh-proxycommand
-@@ -16,7 +16,7 @@
- ########################################################################
- PGRM=$(basename $0)
-
--SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
-+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
- export SYSSHAREDIR
- . "${SYSSHAREDIR}/common" || exit 1
-
diff --git a/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host b/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host
new file mode 100644
index 0000000..9414c73
--- /dev/null
+++ b/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host
@@ -0,0 +1,11 @@
+--- src/monkeysphere-host
++++ src/monkeysphere-host
+@@ -103,7 +103,7 @@ update_gpg_pub_file() {
+ load_fingerprint() {
+ if [ -f "$HOST_KEY_FILE" ] ; then
+ HOST_FINGERPRINT=$( \
+- (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \
++ (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \
+ && gpg --quiet --import \
+ && gpg --quiet --list-keys --with-colons --with-fingerprint \
+ && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \
diff --git a/packaging/freebsd/security/monkeysphere/files/patch-src_share_keytrans b/packaging/freebsd/security/monkeysphere/files/patch-src_share_keytrans
new file mode 100644
index 0000000..9d584ac
--- /dev/null
+++ b/packaging/freebsd/security/monkeysphere/files/patch-src_share_keytrans
@@ -0,0 +1,11 @@
+--- src/share/keytrans 2009-03-01 13:39:50.000000000 -0500
++++ src/share/keytrans 2009-03-10 00:39:53.681890554 -0400
+@@ -199,7 +199,7 @@
+ sub simple_checksum {
+ my $bytes = shift;
+
+- return unpack("%32W*",$bytes) % 65536;
++ return unpack("%32U*",$bytes) % 65536;
+ }
+
+ # calculate the multiplicative inverse of a mod b this is euclid's
diff --git a/packaging/freebsd/security/monkeysphere/files/patch-varlocation b/packaging/freebsd/security/monkeysphere/files/patch-varlocation
deleted file mode 100644
index c4d8dcd..0000000
--- a/packaging/freebsd/security/monkeysphere/files/patch-varlocation
+++ /dev/null
@@ -1,90 +0,0 @@
-diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8
-index f207e2c..29c7b6a 100644
---- man/man8/monkeysphere-server.8
-+++ man/man8/monkeysphere-server.8
-@@ -128,7 +128,7 @@ command to push the key to a keyserver. You must also modify the
- sshd_config on the server to tell sshd where the new server host key
- is located:
-
--HostKey /var/lib/monkeysphere/ssh_host_rsa_key
-+HostKey /var/monkeysphere/ssh_host_rsa_key
-
- In order for users logging into the system to be able to verify the
- host via the monkeysphere, at least one person (e.g. a server admin)
-@@ -170,7 +170,7 @@ users. You must also tell sshd to look at the monkeysphere-generated
- authorized_keys file for user authentication by setting the following
- in the sshd_config:
-
--AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
-+AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u
-
- It is recommended to add "monkeysphere-server update-users" to a
- system crontab, so that user keys are kept up-to-date, and key
-@@ -209,17 +209,17 @@ System monkeysphere-server config file.
- /etc/monkeysphere/monkeysphere.conf
- System-wide monkeysphere config file.
- .TP
--/var/lib/monkeysphere/authorized_keys/USER
-+/var/monkeysphere/authorized_keys/USER
- Monkeysphere-generated user authorized_keys files.
- .TP
--/var/lib/monkeysphere/ssh_host_rsa_key
-+/var/monkeysphere/ssh_host_rsa_key
- Copy of the host's private key in ssh format, suitable for use by
- sshd.
- .TP
--/var/lib/monkeysphere/gnupg-host
-+/var/monkeysphere/gnupg-host
- Monkeysphere host GNUPG home directory.
- .TP
--/var/lib/monkeysphere/gnupg-authentication
-+/var/monkeysphere/gnupg-authentication
- Monkeysphere authentication GNUPG home directory.
-
- .SH AUTHOR
-diff --git doc/getting-started-admin.mdwn doc/getting-started-admin.mdwn
-index 6c8ad53..67fdda1 100644
---- doc/getting-started-admin.mdwn
-+++ doc/getting-started-admin.mdwn
-@@ -30,7 +30,7 @@ To use the newly-generated host key for ssh connections, put the
- following line in `/etc/ssh/sshd_config` (be sure to remove references
- to any other keys):
-
-- HostKey /var/lib/monkeysphere/ssh_host_rsa_key
-+ HostKey /var/monkeysphere/ssh_host_rsa_key
-
- FIXME: should we just suggest symlinks in the filesystem here instead?
-
-@@ -40,7 +40,7 @@ To enable users to use the monkeysphere to authenticate using the
- OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again,
- making sure that no other AuthorizedKeysFile directive exists):
-
-- AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
-+ AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u
-
- And then read the section below about how to ensure these files are
- maintained. You'll need to restart `sshd` to have your changes take
---- src/monkeysphere-server.orig 2008-10-25 18:01:19.000000000 -0400
-+++ src/monkeysphere-server 2008-10-25 18:01:24.000000000 -0400
-@@ -17,7 +17,7 @@
- export SYSSHAREDIR
- . "${SYSSHAREDIR}/common" || exit 1
-
--SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/monkeysphere"}
- export SYSDATADIR
-
- # UTC date in ISO 8601 format if needed
---- etc/gnupg-authentication.conf.orig 2008-10-25 18:02:58.000000000 -0400
-+++ etc/gnupg-authentication.conf 2008-10-25 18:03:04.000000000 -0400
-@@ -4,8 +4,8 @@
- # It is highly recommended that you
- # DO NOT MODIFY
- # these variables.
--primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg
--keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg
-+primary-keyring /var/monkeysphere/gnupg-authentication/pubring.gpg
-+keyring /var/monkeysphere/gnupg-host/pubring.gpg
-
- # PGP keyserver to use for PGP queries.
- keyserver hkp://pgp.mit.edu
diff --git a/packaging/freebsd/security/monkeysphere/pkg-deinstall b/packaging/freebsd/security/monkeysphere/pkg-deinstall
index 3000878..3e69eab 100755
--- a/packaging/freebsd/security/monkeysphere/pkg-deinstall
+++ b/packaging/freebsd/security/monkeysphere/pkg-deinstall
@@ -4,9 +4,9 @@
# monkeysphere's debian/monkeysphere.postrm)
# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-# Copyright 2008
+# Copyright 2008,2009
-# FIXME: is /var/lib/monkeysphere the right place for this stuff on
+# FIXME: is /var/monkeysphere the right place for this stuff on
# FreeBSD?
VARLIB="/var/monkeysphere"
diff --git a/packaging/freebsd/security/monkeysphere/pkg-install b/packaging/freebsd/security/monkeysphere/pkg-install
index 70d37b5..435c69a 100755
--- a/packaging/freebsd/security/monkeysphere/pkg-install
+++ b/packaging/freebsd/security/monkeysphere/pkg-install
@@ -5,9 +5,9 @@
# debian/monkeysphere.postinst)
# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-# Copyright 2008
+# Copyright 2008,2009
-# FIXME: is /var/lib/monkeysphere the right place for this stuff on
+# FIXME: is /var/monkeysphere the right place for this stuff on
# FreeBSD?
# PostgreSQL puts its data in /usr/local/pgsql/data
@@ -57,16 +57,8 @@ POST-INSTALL)
fi
fi
- ## set up the cache directories, and link them to the config files:
+ ## set up the monkeysphere authentication cache directory:
- install -d -o root -g monkeysphere -m 750 "$VARLIB"/gnupg-host
- ln -sf "$ETCDIR"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf
-
- install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication
- ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
-
- install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys
-
- monkeysphere-server diagnostics
+ monkeysphere-authentication setup
;;
esac
diff --git a/packaging/freebsd/security/monkeysphere/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist
index 9d9d40a..95afa01 100644
--- a/packaging/freebsd/security/monkeysphere/pkg-plist
+++ b/packaging/freebsd/security/monkeysphere/pkg-plist
@@ -1,24 +1,49 @@
-sbin/monkeysphere-server
+sbin/monkeysphere-host
+sbin/monkeysphere-authentication
share/doc/monkeysphere/TODO
share/doc/monkeysphere/MonkeySpec
share/doc/monkeysphere/getting-started-user.mdwn
share/doc/monkeysphere/getting-started-admin.mdwn
bin/openpgp2ssh
-bin/monkeysphere-ssh-proxycommand
+bin/pem2openpgp
bin/monkeysphere
+share/monkeysphere/mh/publish_key
+share/monkeysphere/mh/import_key
+share/monkeysphere/mh/set_expire
+share/monkeysphere/mh/diagnostics
+share/monkeysphere/mh/add_hostname
+share/monkeysphere/mh/add_revoker
+share/monkeysphere/mh/revoke_hostname
+share/monkeysphere/mh/revoke_key
+share/monkeysphere/keytrans
+share/monkeysphere/defaultenv
+share/monkeysphere/VERSION
+share/monkeysphere/transitions/0.23
+share/monkeysphere/transitions/README.txt
+share/monkeysphere/ma/list_certifiers
+share/monkeysphere/ma/add_certifier
+share/monkeysphere/ma/update_users
+share/monkeysphere/ma/setup
+share/monkeysphere/ma/remove_certifier
+share/monkeysphere/ma/diagnostics
share/monkeysphere/common
+share/monkeysphere/m/gen_subkey
+share/monkeysphere/m/ssh_proxycommand
+share/monkeysphere/m/subkey_to_ssh_agent
+share/monkeysphere/m/import_subkey
@unexec if cmp -s %D/etc/monkeysphere/monkeysphere.conf.sample %D/etc/monkeysphere/monkeysphere.conf; then rm -f %D/etc/monkeysphere/monkeysphere.conf; fi
etc/monkeysphere/monkeysphere.conf.sample
@exec if [ ! -f %D/etc/monkeysphere/monkeysphere.conf ] ; then cp -p %D/%F %B/monkeysphere.conf; fi
-@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi
-etc/monkeysphere/monkeysphere-server.conf.sample
-@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi
-@unexec if cmp -s %D/etc/monkeysphere/gnupg-host.conf.sample %D/etc/monkeysphere/gnupg-host.conf; then rm -f %D/etc/monkeysphere/gnupg-host.conf; fi
-etc/monkeysphere/gnupg-host.conf.sample
-@exec if [ ! -f %D/etc/monkeysphere/gnupg-host.conf ] ; then cp -p %D/%F %B/gnupg-host.conf; fi
-@unexec if cmp -s %D/etc/monkeysphere/gnupg-authentication.conf.sample %D/etc/monkeysphere/gnupg-authentication.conf; then rm -f %D/etc/monkeysphere/gnupg-authentication.conf; fi
-etc/monkeysphere/gnupg-authentication.conf.sample
-@exec if [ ! -f %D/etc/monkeysphere/gnupg-authentication.conf ] ; then cp -p %D/%F %B/gnupg-authentication.conf; fi
+@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-host.conf.sample %D/etc/monkeysphere/monkeysphere-host.conf; then rm -f %D/etc/monkeysphere/monkeysphere-host.conf; fi
+etc/monkeysphere/monkeysphere-host.conf.sample
+@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-host.conf ] ; then cp -p %D/%F %B/monkeysphere-host.conf; fi
+@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-authentication.conf.sample %D/etc/monkeysphere/monkeysphere-authentication.conf; then rm -f %D/etc/monkeysphere/monkeysphere-authentication.conf; fi
+etc/monkeysphere/monkeysphere-authentication.conf.sample
+@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-authentication.conf ] ; then cp -p %D/%F %B/monkeysphere-authentication.conf; fi
@dirrm share/doc/monkeysphere
+@dirrm share/monkeysphere/transitions
+@dirrm share/monkeysphere/mh
+@dirrm share/monkeysphere/ma
+@dirrm share/monkeysphere/m
@dirrm share/monkeysphere
@dirrm etc/monkeysphere
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index da7fc9c..507b47f 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -103,7 +103,7 @@ update_gpg_pub_file() {
load_fingerprint() {
if [ -f "$HOST_KEY_FILE" ] ; then
HOST_FINGERPRINT=$( \
- (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \
+ (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \
&& gpg --quiet --import \
&& gpg --quiet --list-keys --with-colons --with-fingerprint \
&& rm -rf "$FUBAR") <"$HOST_KEY_FILE" \