diff options
| author | Matt Goins <mjgoins@openflows.com> | 2009-03-10 09:33:05 -0400 |
|---|---|---|
| committer | Matt Goins <mjgoins@openflows.com> | 2009-03-10 09:33:05 -0400 |
| commit | 282c489f3101f0d744b66d88853a150e79b0870d (patch) | |
| tree | b4028ecbb3d313ba41f956cc00fea7925982bfbb /packaging | |
| parent | cec56faf07bb4f3b8d563e4f3c9042b6579356e2 (diff) | |
| parent | 69b3e256e2017d5664ef37d06aae5e5bcf446575 (diff) | |
Merge commit 'dkg/master'
Diffstat (limited to 'packaging')
18 files changed, 205 insertions, 427 deletions
diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 50a7071..873b058 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,3 +1,31 @@ +monkeysphere (0.24-1) unstable; urgency=low + + * New upstream release: + - fixed how version information is stored/retrieved + - now uses perl-based keytrans for both pem2openpgp and openpgp2ssh + - no longer needs base64 in PATH + - added "test" make target + - improved transitions/0.23 script so it no longer fails in common + circumstances (Closes: #517779) + - RSA only: no longer handles DSA keys + - added ability to specify subkeys to add to ssh agent with + new MONKEYSPHERE_SUBKEYS_FOR_AGENT environment variable + * update/cleanup maintainer scripts + * remove GnuTLS dependency + * remove versioned coreutils | base64 dependency + * added Build-Deps for dh_autotest + * switch to Architecture: all + * added cron to Recommends + + -- Jameson Graef Rollins <jrollins@finestructure.net> Tue, 03 Mar 2009 19:38:33 -0500 + +monkeysphere (0.23.1-1) unstable; urgency=low + + * New Upstrem "Brown Paper Bag" Release: + - adjusts internal version numbers + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 21 Feb 2009 18:09:47 -0500 + monkeysphere (0.23-1) unstable; urgency=low "The Golden Bezoar Release" diff --git a/packaging/debian/control b/packaging/debian/control index c20b978..616a95a 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -3,16 +3,16 @@ Section: net Priority: extra Maintainer: Jameson Graef Rollins <jrollins@finestructure.net> Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) +Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail Standards-Version: 3.8.0.1 Homepage: http://web.monkeysphere.info/ Vcs-Git: git://git.monkeysphere.info/monkeysphere Dm-Upload-Allowed: yes Package: monkeysphere -Architecture: any -Depends: openssh-client, gnupg, coreutils (>= 6) | base64, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail, adduser, ${shlibs:Depends} -Recommends: netcat | socat, ssh-askpass +Architecture: all +Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail, adduser, ${misc:Depends} +Recommends: netcat | socat, ssh-askpass, cron Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections SSH key-based authentication is tried-and-true, but it lacks a true diff --git a/packaging/debian/copyright b/packaging/debian/copyright index 4c25286..c85128f 100644 --- a/packaging/debian/copyright +++ b/packaging/debian/copyright @@ -21,4 +21,4 @@ License: GPL-3+ (at your option) any later version. . On Debian systems, the complete text of the GNU General Public License - can be found in file "/usr/share/common-licenses/GPL". + version 3 can be found in file "/usr/share/common-licenses/GPL-3". diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst index 3d0d66f..4e81167 100755 --- a/packaging/debian/monkeysphere.postinst +++ b/packaging/debian/monkeysphere.postinst @@ -1,27 +1,40 @@ -#!/bin/sh -e +#!/bin/sh # postinst script for monkeysphere # Author: Jameson Rollins <jrollins@finestructure.net> # Copyright 2008-2009 +set -e + VARLIB="/var/lib/monkeysphere" -# add a monkeysphere user if one does not already exist -if ! getent passwd monkeysphere >/dev/null ; then - echo "adding monkeysphere user..." - adduser --quiet --system --no-create-home --group \ - --home "$VARLIB" \ - --shell '/bin/bash' \ - --gecos 'monkeysphere authentication user,,,' \ - monkeysphere -fi - -# try to transition from to 0.23: -/usr/share/monkeysphere/transitions/0.23 - -# setup monkeysphere authentication -monkeysphere-authentication setup +case $1 in + configure) + # add a monkeysphere user if one does not already exist + if ! getent passwd monkeysphere >/dev/null ; then + echo "adding monkeysphere user..." + adduser --quiet --system --no-create-home --group \ + --home "$VARLIB" \ + --shell '/bin/bash' \ + --gecos 'monkeysphere authentication user,,,' \ + monkeysphere + fi + + # try all available transitions: + for trans in 0.23 ; do + /usr/share/monkeysphere/transitions/$trans || { \ + RET=$? + echo "Failed running transition script /usr/share/monkeysphere/transitions/$trans" >&2 + exit $RET + } + done + + + # setup monkeysphere authentication + monkeysphere-authentication setup + ;; +esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. diff --git a/packaging/debian/monkeysphere.postrm b/packaging/debian/monkeysphere.postrm index 79f7245..d789012 100755 --- a/packaging/debian/monkeysphere.postrm +++ b/packaging/debian/monkeysphere.postrm @@ -1,14 +1,21 @@ -#!/bin/sh -e +#!/bin/sh # postrm script for monkeysphere # Author: Jameson Rollins <jrollins@finestructure.net> # Copyright 2008-2009 +set -e + case $1 in purge) - echo "removing monkeysphere user..." - userdel monkeysphere > /dev/null || true + # delete monkeysphere user + # http://wiki.debian.org/AccountHandlingInMaintainerScripts + if which deluser >/dev/null 2>&1 ; then + deluser --quiet --system monkeysphere > /dev/null || true + else + echo >&2 "not removing monkeysphere system account because deluser command was not found" + fi ;; esac diff --git a/packaging/debian/monkeysphere.preinst b/packaging/debian/monkeysphere.preinst deleted file mode 100755 index fd22f6f..0000000 --- a/packaging/debian/monkeysphere.preinst +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -e - -# preinst script for monkeysphere - -# Author: Jameson Rollins <jrollins@finestructure.net> -# Copyright 2008-2009 - -ETC="/etc/monkeysphere" - -# move the old server conf file to be the authentication conf file -if [ -f "$ETC"/monkeysphere-server.conf -a \ - ! -f "$ETC"/monkeysphere-authentication.conf ] ; then - mv "$ETC"/monkeysphere-server.conf "$ETC"/monkeysphere-authentication.conf -fi - -# remove the old gpg-*.conf files -rm -f "$ETC"/gpg-host.conf -rm -f "$ETC"/gpg-authentication.conf - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/packaging/debian/monkeysphere.prerm b/packaging/debian/monkeysphere.prerm index 5835f53..1a5135a 100755 --- a/packaging/debian/monkeysphere.prerm +++ b/packaging/debian/monkeysphere.prerm @@ -2,10 +2,31 @@ # prerm script for monkeysphere -# Author: Jameson Rollins <jrollins@finestructure.net> -# Copyright 2008-2009 +# the only thing we're doing here is making sure that the local +# administrator is not trying to downgrade to a version below 0.23, +# since there was such a major reorganization of system data during +# the transition to 0.23. -true +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Copyright 2009 + +set -e + +case "$1" in + upgrade) + if dpkg --compare-versions "$2" lt 0.23 ; then + cat >&2 <<EOF + +Downgrading the monkeysphere to a version earlier than 0.23 can have +BAD CONSEQUENCES, including potentially locking you out of the system. +Downgrading in this fashion is NOT SUPPORTED. + +EOF + + exit 1 + fi + ;; +esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. diff --git a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff deleted file mode 100644 index 2450bc3..0000000 --- a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff +++ /dev/null @@ -1,144 +0,0 @@ ---- ./lib/opencdk/opencdk.h.orig 2008-06-30 16:45:51.000000000 -0400 -+++ ./lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400 -@@ -214,7 +214,11 @@ - enum cdk_s2k_type_t { - CDK_S2K_SIMPLE = 0, - CDK_S2K_SALTED = 1, -- CDK_S2K_ITERSALTED = 3 -+ CDK_S2K_ITERSALTED = 3, -+ CDK_S2K_GNU_EXT = 101 -+ /* GNU S2K extensions: refer to DETAILS from GnuPG: -+ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG -+ */ - }; - - ---- ./lib/opencdk/read-packet.c.orig 2008-06-30 16:45:51.000000000 -0400 -+++ ./lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400 -@@ -78,10 +78,35 @@ - } - - --static int -+/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */ -+static cdk_error_t - read_s2k (cdk_stream_t inp, cdk_s2k_t s2k) - { -- return CDK_Not_Implemented; -+ size_t nread; -+ -+ s2k->mode = cdk_stream_getc (inp); -+ s2k->hash_algo = cdk_stream_getc (inp); -+ if (s2k->mode == CDK_S2K_SIMPLE) -+ return 0; -+ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) -+ { -+ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) -+ return CDK_Inv_Packet; -+ if (nread != DIM (s2k->salt)) -+ return CDK_Inv_Packet; -+ -+ if (s2k->mode == CDK_S2K_ITERSALTED) -+ s2k->count = cdk_stream_getc (inp); -+ } -+ else if (s2k->mode == CDK_S2K_GNU_EXT) -+ { -+ /* GNU extensions to the S2K : read DETAILS from gnupg */ -+ return 0; -+ } -+ else -+ return CDK_Not_Implemented; -+ -+ return 0; - } - - -@@ -194,6 +219,7 @@ - static cdk_error_t - read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske) - { -+ cdk_error_t ret; - cdk_s2k_t s2k; - size_t minlen; - size_t nread, nleft; -@@ -213,7 +239,9 @@ - return CDK_Out_Of_Core; - - ske->cipher_algo = cdk_stream_getc (inp); -- s2k->mode = cdk_stream_getc (inp); -+ ret = read_s2k(inp, s2k); -+ if (ret != 0) -+ return ret; - switch (s2k->mode) - { - case CDK_S2K_SIMPLE : minlen = 0; break; -@@ -225,18 +253,6 @@ - return CDK_Inv_Packet; - } - -- s2k->hash_algo = cdk_stream_getc (inp); -- if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) -- { -- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) -- return CDK_Inv_Packet; -- if (nread != DIM (s2k->salt)) -- return CDK_Inv_Packet; -- -- if (s2k->mode == CDK_S2K_ITERSALTED) -- s2k->count = cdk_stream_getc (inp); -- } -- - ske->seskeylen = pktlen - 4 - minlen; - /* We check if there is an encrypted session key and if it fits into - the buffer. The maximal key length is 256-bit. */ -@@ -421,14 +437,19 @@ - rc = read_s2k (inp, sk->protect.s2k); - if (rc) - return rc; -- sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); -- if (!sk->protect.ivlen) -- return CDK_Inv_Packet; -- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); -- if (rc) -- return rc; -- if (nread != sk->protect.ivlen) -- return CDK_Inv_Packet; -+ /* refer to --export-secret-subkeys in gpg(1) */ -+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) -+ sk->protect.ivlen = 0; -+ else { -+ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); -+ if (!sk->protect.ivlen) -+ return CDK_Inv_Packet; -+ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); -+ if (rc) -+ return rc; -+ if (nread != sk->protect.ivlen) -+ return CDK_Inv_Packet; -+ } - } - else - sk->protect.algo = sk->s2k_usage; -@@ -476,6 +497,22 @@ - return CDK_Out_Of_Core; - if (stream_read (inp, sk->encdata, sk->enclen, &nread)) - return CDK_Inv_Packet; -+ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */ -+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) { -+ unsigned char gnumode; -+ if ((sk->enclen < strlen("GNU") + 1) || -+ (0 != memcmp("GNU", sk->encdata, strlen("GNU")))) -+ return CDK_Inv_Packet; -+ gnumode = sk->encdata[strlen("GNU")]; -+ /* we only handle gnu-dummy (mode 1). -+ mode 2 should refer to external smart cards. -+ */ -+ if (gnumode != 1) -+ return CDK_Inv_Packet; -+ /* gnu-dummy should have no more data */ -+ if (sk->enclen != strlen("GNU") + 1) -+ return CDK_Inv_Packet; -+ } - nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); - if (!nskey) - return CDK_Inv_Algo; diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile index 24f9b2b..65d71f4 100644 --- a/packaging/freebsd/security/monkeysphere/Makefile +++ b/packaging/freebsd/security/monkeysphere/Makefile @@ -5,46 +5,62 @@ # $FreeBSD$ # -PORTNAME= monkeysphere -PORTVERSION= 0.22 -CATEGORIES= security -MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ +PORTNAME= monkeysphere +PORTVERSION= 0.24 +CATEGORIES= security +MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ # hack for debian orig tarballs -DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz +DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz -MAINTAINER= dkg@fifthhorseman.net -COMMENT= use the OpenPGP web of trust to verify ssh connections +MAINTAINER= dkg@fifthhorseman.net +COMMENT= Use the OpenPGP web of trust to verify ssh connections -LIB_DEPENDS= gnutls.26:${PORTSDIR}/security/gnutls -RUN_DEPENDS= base64:${PORTSDIR}/converters/base64 \ - gpg:${PORTSDIR}/security/gnupg1 \ +RUN_DEPENDS= gpg:${PORTSDIR}/security/gnupg1 \ lockfile:${PORTSDIR}/mail/procmail \ - /usr/local/bin/getopt:${PORTSDIR}/misc/getopt \ - bash:${PORTSDIR}/shells/bash + bash:${PORTSDIR}/shells/bash \ + ${SITE_PERL}/${PERL_ARCH}/Crypt/OpenSSL/RSA.pm:${PORTSDIR}/security/p5-Crypt-OpenSSL-RSA \ + ${SITE_PERL}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1 -MAN1= monkeysphere.1 openpgp2ssh.1 monkeysphere-ssh-proxycommand.1 +MAN1= monkeysphere.1 openpgp2ssh.1 pem2openpgp.1 MAN7= monkeysphere.7 -MAN8= monkeysphere-server.8 -MANCOMPRESSED= yes +MAN8= monkeysphere-host.8 monkeysphere-authentication.8 +MANCOMPRESSED= yes -MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample +MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample -# get rid of cruft after the patching: +# use proper system paths for FreeBSD instead of debian's: post-patch: - find . -iname '*.orig' -delete + @${REINPLACE_CMD} -e 's|/etc/monkeysphere|/usr/local/etc/monkeysphere|g' \ + ${WRKSRC}/src/share/defaultenv \ + ${WRKSRC}/src/transitions/0.23 \ + ${WRKSRC}/man/man1/monkeysphere.1 \ + ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ + ${WRKSRC}/man/man8/monkeysphere-host.8 \ + ${WRKSRC}/etc/monkeysphere-authentication.conf + @${REINPLACE_CMD} -e 's|/var/lib/monkeysphere|/var/monkeysphere|g' \ + ${WRKSRC}/src/transitions/0.23 \ + ${WRKSRC}/man/man1/monkeysphere.1 \ + ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ + ${WRKSRC}/man/man8/monkeysphere-host.8 \ + ${WRKSRC}/src/monkeysphere-host \ + ${WRKSRC}/src/monkeysphere-authentication \ + ${WRKSRC}/doc/getting-started-admin.mdwn + @${REINPLACE_CMD} -e 's|/usr/share/monkeysphere|/usr/local/share/monkeysphere|g' \ + ${WRKSRC}/src/monkeysphere-host \ + ${WRKSRC}/src/monkeysphere-authentication \ + ${WRKSRC}/src/monkeysphere + # and clean up cruft from the sed replacements: + ${FIND} ${WRKSRC} -name '*.bak' -delete post-install: - @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-host.conf ]; then \ - ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-host.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-host.conf ; \ - fi - @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ]; then \ - ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ; \ - fi @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere.conf ]; then \ ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere.conf ; \ fi - @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ]; then \ - ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ; \ + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf ; \ fi .if !defined(PACKAGE_BUILDING) @${SETENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo index d6c6e5e..a0a9df9 100644 --- a/packaging/freebsd/security/monkeysphere/distinfo +++ b/packaging/freebsd/security/monkeysphere/distinfo @@ -1,3 +1,3 @@ -MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6 -SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24 -SIZE (monkeysphere_0.22.orig.tar.gz) = 70245 +MD5 (monkeysphere_0.24.orig.tar.gz) = 8590532f4702fa44027a6a583657c9ef +SHA256 (monkeysphere_0.24.orig.tar.gz) = 2a58cee998ddb1b21b953826fc746a743e17d94e6fa34ac9cbee4262873b5c5f +SIZE (monkeysphere_0.24.orig.tar.gz) = 86044 diff --git a/packaging/freebsd/security/monkeysphere/files/patch-etclocation b/packaging/freebsd/security/monkeysphere/files/patch-etclocation deleted file mode 100644 index 2ab3ac0..0000000 --- a/packaging/freebsd/security/monkeysphere/files/patch-etclocation +++ /dev/null @@ -1,54 +0,0 @@ -diff --git etc/monkeysphere-server.conf etc/monkeysphere-server.conf -index c001f2d..d33fd36 100644 ---- etc/monkeysphere-server.conf -+++ etc/monkeysphere-server.conf -@@ -17,7 +17,7 @@ - # authorized_keys file. '%h' will be replaced by the home directory - # of the user, and %u will be replaced by the username of the user. - # For purely admin-controlled authorized_user_ids, you might put them --# in /etc/monkeysphere/authorized_user_ids/%u, for instance. -+# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance. - #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" - - # Whether to add user controlled authorized_keys file to -diff --git man/man1/monkeysphere.1 man/man1/monkeysphere.1 -index 3ece735..09320d2 100644 ---- man/man1/monkeysphere.1 -+++ man/man1/monkeysphere.1 -@@ -111,7 +111,7 @@ Path to ssh authorized_keys file (~/.ssh/authorized_keys). - ~/.monkeysphere/monkeysphere.conf - User monkeysphere config file. - .TP --/etc/monkeysphere/monkeysphere.conf -+/usr/local/etc/monkeysphere/monkeysphere.conf - System-wide monkeysphere config file. - .TP - ~/.monkeysphere/authorized_user_ids -diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 -index f207e2c..360408e 100644 ---- man/man8/monkeysphere-server.8 -+++ man/man8/monkeysphere-server.8 -@@ -203,10 +203,10 @@ User to control authentication keychain (monkeysphere). - .SH FILES - - .TP --/etc/monkeysphere/monkeysphere-server.conf -+/usr/local/etc/monkeysphere/monkeysphere-server.conf - System monkeysphere-server config file. - .TP --/etc/monkeysphere/monkeysphere.conf -+/usr/local/etc/monkeysphere/monkeysphere.conf - System-wide monkeysphere config file. - .TP - /var/lib/monkeysphere/authorized_keys/USER ---- src/common.orig 2008-10-12 14:58:00.000000000 -0400 -+++ src/common 2008-10-25 17:40:34.000000000 -0400 -@@ -16,7 +16,7 @@ - ### COMMON VARIABLES - - # managed directories --SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} -+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/usr/local/etc/monkeysphere"} - export SYSCONFIGDIR - - ######################################################################## diff --git a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation deleted file mode 100644 index e41c479..0000000 --- a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation +++ /dev/null @@ -1,33 +0,0 @@ ---- src/monkeysphere.orig 2008-10-12 14:58:00.000000000 -0400 -+++ src/monkeysphere 2008-10-25 17:41:41.000000000 -0400 -@@ -13,7 +13,7 @@ - ######################################################################## - PGRM=$(basename $0) - --SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} -+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} - export SYSSHAREDIR - . "${SYSSHAREDIR}/common" || exit 1 - ---- src/monkeysphere-server.orig 2008-10-25 14:17:50.000000000 -0400 -+++ src/monkeysphere-server 2008-10-25 17:42:50.000000000 -0400 -@@ -13,7 +13,7 @@ - ######################################################################## - PGRM=$(basename $0) - --SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} -+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} - export SYSSHAREDIR - . "${SYSSHAREDIR}/common" || exit 1 - ---- src/monkeysphere-ssh-proxycommand.orig -+++ src/monkeysphere-ssh-proxycommand -@@ -16,7 +16,7 @@ - ######################################################################## - PGRM=$(basename $0) - --SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} -+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} - export SYSSHAREDIR - . "${SYSSHAREDIR}/common" || exit 1 - diff --git a/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host b/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host new file mode 100644 index 0000000..9414c73 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host @@ -0,0 +1,11 @@ +--- src/monkeysphere-host ++++ src/monkeysphere-host +@@ -103,7 +103,7 @@ update_gpg_pub_file() { + load_fingerprint() { + if [ -f "$HOST_KEY_FILE" ] ; then + HOST_FINGERPRINT=$( \ +- (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \ ++ (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \ + && gpg --quiet --import \ + && gpg --quiet --list-keys --with-colons --with-fingerprint \ + && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \ diff --git a/packaging/freebsd/security/monkeysphere/files/patch-src_share_keytrans b/packaging/freebsd/security/monkeysphere/files/patch-src_share_keytrans new file mode 100644 index 0000000..9d584ac --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-src_share_keytrans @@ -0,0 +1,11 @@ +--- src/share/keytrans 2009-03-01 13:39:50.000000000 -0500 ++++ src/share/keytrans 2009-03-10 00:39:53.681890554 -0400 +@@ -199,7 +199,7 @@ + sub simple_checksum { + my $bytes = shift; + +- return unpack("%32W*",$bytes) % 65536; ++ return unpack("%32U*",$bytes) % 65536; + } + + # calculate the multiplicative inverse of a mod b this is euclid's diff --git a/packaging/freebsd/security/monkeysphere/files/patch-varlocation b/packaging/freebsd/security/monkeysphere/files/patch-varlocation deleted file mode 100644 index c4d8dcd..0000000 --- a/packaging/freebsd/security/monkeysphere/files/patch-varlocation +++ /dev/null @@ -1,90 +0,0 @@ -diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 -index f207e2c..29c7b6a 100644 ---- man/man8/monkeysphere-server.8 -+++ man/man8/monkeysphere-server.8 -@@ -128,7 +128,7 @@ command to push the key to a keyserver. You must also modify the - sshd_config on the server to tell sshd where the new server host key - is located: - --HostKey /var/lib/monkeysphere/ssh_host_rsa_key -+HostKey /var/monkeysphere/ssh_host_rsa_key - - In order for users logging into the system to be able to verify the - host via the monkeysphere, at least one person (e.g. a server admin) -@@ -170,7 +170,7 @@ users. You must also tell sshd to look at the monkeysphere-generated - authorized_keys file for user authentication by setting the following - in the sshd_config: - --AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u -+AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u - - It is recommended to add "monkeysphere-server update-users" to a - system crontab, so that user keys are kept up-to-date, and key -@@ -209,17 +209,17 @@ System monkeysphere-server config file. - /etc/monkeysphere/monkeysphere.conf - System-wide monkeysphere config file. - .TP --/var/lib/monkeysphere/authorized_keys/USER -+/var/monkeysphere/authorized_keys/USER - Monkeysphere-generated user authorized_keys files. - .TP --/var/lib/monkeysphere/ssh_host_rsa_key -+/var/monkeysphere/ssh_host_rsa_key - Copy of the host's private key in ssh format, suitable for use by - sshd. - .TP --/var/lib/monkeysphere/gnupg-host -+/var/monkeysphere/gnupg-host - Monkeysphere host GNUPG home directory. - .TP --/var/lib/monkeysphere/gnupg-authentication -+/var/monkeysphere/gnupg-authentication - Monkeysphere authentication GNUPG home directory. - - .SH AUTHOR -diff --git doc/getting-started-admin.mdwn doc/getting-started-admin.mdwn -index 6c8ad53..67fdda1 100644 ---- doc/getting-started-admin.mdwn -+++ doc/getting-started-admin.mdwn -@@ -30,7 +30,7 @@ To use the newly-generated host key for ssh connections, put the - following line in `/etc/ssh/sshd_config` (be sure to remove references - to any other keys): - -- HostKey /var/lib/monkeysphere/ssh_host_rsa_key -+ HostKey /var/monkeysphere/ssh_host_rsa_key - - FIXME: should we just suggest symlinks in the filesystem here instead? - -@@ -40,7 +40,7 @@ To enable users to use the monkeysphere to authenticate using the - OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again, - making sure that no other AuthorizedKeysFile directive exists): - -- AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u -+ AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u - - And then read the section below about how to ensure these files are - maintained. You'll need to restart `sshd` to have your changes take ---- src/monkeysphere-server.orig 2008-10-25 18:01:19.000000000 -0400 -+++ src/monkeysphere-server 2008-10-25 18:01:24.000000000 -0400 -@@ -17,7 +17,7 @@ - export SYSSHAREDIR - . "${SYSSHAREDIR}/common" || exit 1 - --SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} -+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/monkeysphere"} - export SYSDATADIR - - # UTC date in ISO 8601 format if needed ---- etc/gnupg-authentication.conf.orig 2008-10-25 18:02:58.000000000 -0400 -+++ etc/gnupg-authentication.conf 2008-10-25 18:03:04.000000000 -0400 -@@ -4,8 +4,8 @@ - # It is highly recommended that you - # DO NOT MODIFY - # these variables. --primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg --keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg -+primary-keyring /var/monkeysphere/gnupg-authentication/pubring.gpg -+keyring /var/monkeysphere/gnupg-host/pubring.gpg - - # PGP keyserver to use for PGP queries. - keyserver hkp://pgp.mit.edu diff --git a/packaging/freebsd/security/monkeysphere/pkg-deinstall b/packaging/freebsd/security/monkeysphere/pkg-deinstall index 3000878..3e69eab 100755 --- a/packaging/freebsd/security/monkeysphere/pkg-deinstall +++ b/packaging/freebsd/security/monkeysphere/pkg-deinstall @@ -4,9 +4,9 @@ # monkeysphere's debian/monkeysphere.postrm) # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -# Copyright 2008 +# Copyright 2008,2009 -# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FIXME: is /var/monkeysphere the right place for this stuff on # FreeBSD? VARLIB="/var/monkeysphere" diff --git a/packaging/freebsd/security/monkeysphere/pkg-install b/packaging/freebsd/security/monkeysphere/pkg-install index 70d37b5..435c69a 100755 --- a/packaging/freebsd/security/monkeysphere/pkg-install +++ b/packaging/freebsd/security/monkeysphere/pkg-install @@ -5,9 +5,9 @@ # debian/monkeysphere.postinst) # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -# Copyright 2008 +# Copyright 2008,2009 -# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FIXME: is /var/monkeysphere the right place for this stuff on # FreeBSD? # PostgreSQL puts its data in /usr/local/pgsql/data @@ -57,16 +57,8 @@ POST-INSTALL) fi fi - ## set up the cache directories, and link them to the config files: + ## set up the monkeysphere authentication cache directory: - install -d -o root -g monkeysphere -m 750 "$VARLIB"/gnupg-host - ln -sf "$ETCDIR"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf - - install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication - ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf - - install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys - - monkeysphere-server diagnostics + monkeysphere-authentication setup ;; esac diff --git a/packaging/freebsd/security/monkeysphere/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist index 9d9d40a..95afa01 100644 --- a/packaging/freebsd/security/monkeysphere/pkg-plist +++ b/packaging/freebsd/security/monkeysphere/pkg-plist @@ -1,24 +1,49 @@ -sbin/monkeysphere-server +sbin/monkeysphere-host +sbin/monkeysphere-authentication share/doc/monkeysphere/TODO share/doc/monkeysphere/MonkeySpec share/doc/monkeysphere/getting-started-user.mdwn share/doc/monkeysphere/getting-started-admin.mdwn bin/openpgp2ssh -bin/monkeysphere-ssh-proxycommand +bin/pem2openpgp bin/monkeysphere +share/monkeysphere/mh/publish_key +share/monkeysphere/mh/import_key +share/monkeysphere/mh/set_expire +share/monkeysphere/mh/diagnostics +share/monkeysphere/mh/add_hostname +share/monkeysphere/mh/add_revoker +share/monkeysphere/mh/revoke_hostname +share/monkeysphere/mh/revoke_key +share/monkeysphere/keytrans +share/monkeysphere/defaultenv +share/monkeysphere/VERSION +share/monkeysphere/transitions/0.23 +share/monkeysphere/transitions/README.txt +share/monkeysphere/ma/list_certifiers +share/monkeysphere/ma/add_certifier +share/monkeysphere/ma/update_users +share/monkeysphere/ma/setup +share/monkeysphere/ma/remove_certifier +share/monkeysphere/ma/diagnostics share/monkeysphere/common +share/monkeysphere/m/gen_subkey +share/monkeysphere/m/ssh_proxycommand +share/monkeysphere/m/subkey_to_ssh_agent +share/monkeysphere/m/import_subkey @unexec if cmp -s %D/etc/monkeysphere/monkeysphere.conf.sample %D/etc/monkeysphere/monkeysphere.conf; then rm -f %D/etc/monkeysphere/monkeysphere.conf; fi etc/monkeysphere/monkeysphere.conf.sample @exec if [ ! -f %D/etc/monkeysphere/monkeysphere.conf ] ; then cp -p %D/%F %B/monkeysphere.conf; fi -@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi -etc/monkeysphere/monkeysphere-server.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi -@unexec if cmp -s %D/etc/monkeysphere/gnupg-host.conf.sample %D/etc/monkeysphere/gnupg-host.conf; then rm -f %D/etc/monkeysphere/gnupg-host.conf; fi -etc/monkeysphere/gnupg-host.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/gnupg-host.conf ] ; then cp -p %D/%F %B/gnupg-host.conf; fi -@unexec if cmp -s %D/etc/monkeysphere/gnupg-authentication.conf.sample %D/etc/monkeysphere/gnupg-authentication.conf; then rm -f %D/etc/monkeysphere/gnupg-authentication.conf; fi -etc/monkeysphere/gnupg-authentication.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/gnupg-authentication.conf ] ; then cp -p %D/%F %B/gnupg-authentication.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-host.conf.sample %D/etc/monkeysphere/monkeysphere-host.conf; then rm -f %D/etc/monkeysphere/monkeysphere-host.conf; fi +etc/monkeysphere/monkeysphere-host.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-host.conf ] ; then cp -p %D/%F %B/monkeysphere-host.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-authentication.conf.sample %D/etc/monkeysphere/monkeysphere-authentication.conf; then rm -f %D/etc/monkeysphere/monkeysphere-authentication.conf; fi +etc/monkeysphere/monkeysphere-authentication.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-authentication.conf ] ; then cp -p %D/%F %B/monkeysphere-authentication.conf; fi @dirrm share/doc/monkeysphere +@dirrm share/monkeysphere/transitions +@dirrm share/monkeysphere/mh +@dirrm share/monkeysphere/ma +@dirrm share/monkeysphere/m @dirrm share/monkeysphere @dirrm etc/monkeysphere |