diff options
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | doc/TODO | 3 | ||||
| -rw-r--r-- | doc/george/changelog | 12 | ||||
| -rw-r--r-- | src/common | 30 | ||||
| -rw-r--r-- | website/bugs/install-seckey2sshagent-in-usr-bin.mdwn | 22 | ||||
| -rw-r--r-- | website/bugs/multiple-hostnames.mdwn | 15 | ||||
| -rw-r--r-- | website/bugs/setup-test-server-for-public.mdwn | 16 | ||||
| -rw-r--r-- | website/download.mdwn | 8 | ||||
| -rw-r--r-- | website/favicon.ico | bin | 903 -> 937 bytes |
10 files changed, 92 insertions, 25 deletions
diff --git a/debian/changelog b/debian/changelog index 9c51e91..f7bf5f0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +monkeysphere (0.8-1) UNRELEASED; urgency=low + + [ Daniel Kahn Gillmor ] + * debian/control: switched Vcs-Git to use "centralized" git repo instead + of my own. + * More monkeysphere-server diagnostics + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 07 Aug 2008 13:31:14 -0400 + monkeysphere (0.7-1) experimental; urgency=low [ Daniel Kahn Gillmor ] diff --git a/debian/control b/debian/control index 7b5115d..0b3d871 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Uploaders: Jameson Rollins <jrollins@fifthhorseman.net> Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) Standards-Version: 3.8.0.1 Homepage: http://monkeysphere.info/ -Vcs-Git: http://lair.fifthhorseman.net/~dkg/git/monkeysphere.git +Vcs-Git: git://monkeysphere.info/monkeysphere Dm-Upload-Allowed: yes Format: 3.0 (git) @@ -9,9 +9,6 @@ Handle unverified monkeysphere hosts in such a way that they're not always removed from known_hosts file. Ask user to lsign the host key? -Handle multiple hostnames (multiple user IDs?) when generating host - keys with gen-key. - Work out the details (and describe a full use case) for assigning a REVOKER during monkeysphere-server gen_key -- how is this set? How do we export it so it's available when a second-party revocation is diff --git a/doc/george/changelog b/doc/george/changelog index 9cc628a..93f00db 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -7,6 +7,18 @@ * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-08-07 - dkg + * aptitude update && aptitude dist-upgrade + * removed debian's experimental from the sources.list + * removed experimental stanza from /etc/apt/preferences (now the + monkeysphere packages should upgrade automatically) + * upgraded to monkeysphere 0.7-1 + * installed runit + * set up a public git daemon service to serve git repos from + george, using runit. (root-served repos are served from + /srv/git, but ~USER/public_git is supported as well, if anyone + wants to use that for publication). + 2008-08-03 - dkg * aptitude update && aptitude dist-upgrade * installed iproute @@ -294,7 +294,7 @@ gpg_fetch_userid() { # (see /usr/share/doc/gnupg/DETAILS.gz) # output is one line for every found key, in the following format: # -# flag fingerprint +# flag:fingerprint # # "flag" is an acceptability flag, 0 = ok, 1 = bad # "fingerprint" is the fingerprint of the key @@ -380,6 +380,14 @@ process_user_id() { fi ;; 'uid') # user ids + if [ "$lastKey" != pub ] ; then + log " - got a user ID after a sub key! user IDs should only follow primary keys!" + continue + fi + # don't bother with a uid if there is no valid or reasonable primary key. + if [ "$keyOK" != true ] ; then + continue + fi # if an acceptable user ID was already found, skip if [ "$uidOK" ] ; then continue @@ -401,14 +409,14 @@ process_user_id() { if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then log " * acceptable primary key." if [ -z "$sshKey" ] ; then - log " ! primary key could not be translated." + log " ! primary key could not be translated (not RSA or DSA?)." else echo "0:${sshKey}" fi else log " - unacceptable primary key." if [ -z "$sshKey" ] ; then - log " ! primary key could not be translated." + log " ! primary key could not be translated (not RSA or DSA?)." else echo "1:${sshKey}" fi @@ -419,7 +427,17 @@ process_user_id() { lastKey=sub lastKeyOK= fingerprint= + + # don't bother with sub keys if the primary key is not valid + if [ "$keyOK" != true ] ; then + continue + fi + # don't bother with sub keys if no user ID is acceptable: + if [ "$uidOK" != true ] ; then + continue + fi + # if sub key validity is not ok, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then continue @@ -442,19 +460,19 @@ process_user_id() { continue fi - # output a line for the primary key + # output a line for the sub key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then log " * acceptable sub key." if [ -z "$sshKey" ] ; then - log " ! sub key could not be translated." + log " ! sub key could not be translated (not RSA or DSA?)." else echo "0:${sshKey}" fi else log " - unacceptable sub key." if [ -z "$sshKey" ] ; then - log " ! sub key could not be translated." + log " ! sub key could not be translated (not RSA or DSA?)." else echo "1:${sshKey}" fi diff --git a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn index e1ca0e4..5b19b13 100644 --- a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn +++ b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn @@ -5,17 +5,23 @@ much easier for people to use. --- -I'm not sure I really want to include this hack with the debs. It's really not useful for any kind of regular use. I would rather focus on getting openpgp2ssh to support passprotected keys. +I'm not sure I really want to include this hack with the debs. It's +really not useful for any kind of regular use. I would rather focus +on getting openpgp2ssh to support passprotected keys. -As another possibility, I was planning on modifying the script so that it could export to a passprotected file. I think this would be a lot more useful. Let me get that working, then let's revist the issue of including it in the packaging. +As another possibility, I was planning on modifying the script so that +it could export to a passprotected file. I think this would be a lot +more useful. Let me get that working, then let's revist the issue of +including it in the packaging. --- Big Jimmy. +-- Big Jimmy --- -> Ok - sounds good to me. I'm thinking in terms of getting other people to try -> out the Monkeysphere - maybe the README should just say: we're only half -> done. You can verify the identity of servers, but we haven't completed the -> part about verifying you to a server. Then it could say: if you're really -> interested, you can run this hacky script but we make no guarantees. +Ok - sounds good to me. I'm thinking in terms of getting other people to try +out the Monkeysphere - maybe the README should just say: we're only half +done. You can verify the identity of servers, but we haven't completed the +part about verifying you to a server. Then it could say: if you're really +interested, you can run this hacky script but we make no guarantees. + -- Sir Jam Jam diff --git a/website/bugs/multiple-hostnames.mdwn b/website/bugs/multiple-hostnames.mdwn new file mode 100644 index 0000000..ab5e4e2 --- /dev/null +++ b/website/bugs/multiple-hostnames.mdwn @@ -0,0 +1,15 @@ +[[meta title="Support multiple host names for monkeysphere-enabled servers"]] + +Some monkeysphere-enabled hosts answer to multiple host names, but the +current `monkeysphere-server` only generates a single User ID +corresponding to a single hostname. + +We should make it easier for machines with multiple names to create +multiple User IDs at `gen-key` time. + +We should also make it easy to add new hostnames (and remove outdated +ones). + +For example: `george.riseup.net` is now also known as +`monkeysphere.info`. It'd be nice to have a convenient way to add +that hostname to the key without mucking around with gpg directly. diff --git a/website/bugs/setup-test-server-for-public.mdwn b/website/bugs/setup-test-server-for-public.mdwn index b659b53..2cafafc 100644 --- a/website/bugs/setup-test-server-for-public.mdwn +++ b/website/bugs/setup-test-server-for-public.mdwn @@ -14,11 +14,15 @@ authentication, I guess. -- Big Jimmy. -> Maybe we should use George? As you point out - it doesn't actually -> have to do any user authentication. It seems like a waste to have a -> virtual machine that does nothing but deny people's ssh connections. -> And - george is already setup and ready to go. -> -- Sir Jam Jam +--- + +Maybe we should use George? As you point out - it doesn't actually +have to do any user authentication. It seems like a waste to have a +virtual machine that does nothing but deny people's ssh connections. +And - george is already setup and ready to go. +-- Sir Jam Jam + +--- I like the idea of using George for this. There's nothing wrong with denying people's ssh connections. Also, we could make public user @@ -38,3 +42,5 @@ write a simple note like: You can verify george's ssh host key with the monkeysphere before you connect to the host. Here's how... + +--dkg diff --git a/website/download.mdwn b/website/download.mdwn index a4228dd..f215f80 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -6,8 +6,8 @@ by following these directions: You can add this repo to your system by putting the following lines in /etc/apt/sources.list.d/monkeysphere.list: - deb http://george.riseup.net/debian experimental monkeysphere - deb-src http://george.riseup.net/debian experimental monkeysphere + deb http://monkeysphere.info/debian experimental monkeysphere + deb-src http://monkeysphere.info/debian experimental monkeysphere The repository is currently signed by [Daniel Kahn Gillmor's OpenPGP key](http://fifthhorseman.net/dkg.gpg "dkg's key"), key id D21739E9 (fingerprint: `0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9`). @@ -22,6 +22,10 @@ can [git clone](http://www.kernel.org/pub/software/scm/git/docs/git-clone.html) any of the developer repositories, including: +The git repo from this web site: + + git clone git://monkeysphere.info/monkeysphere monkeysphere + [Jameson Graef Rollins](http://cmrg.fifthhorseman.net/wiki/jrollins): git clone http://lair.fifthhorseman.net/~jrollins/git/monkeysphere.git monkeysphere diff --git a/website/favicon.ico b/website/favicon.ico Binary files differindex dc30bcc..13b5efc 100644 --- a/website/favicon.ico +++ b/website/favicon.ico |