diff options
| -rw-r--r-- | Makefile | 5 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | src/common | 73 | ||||
| -rwxr-xr-x | utils/build-releasenote | 40 | ||||
| -rw-r--r-- | utils/download.mdwn.footer | 1 | ||||
| -rw-r--r-- | utils/releasenote.footer | 3 | ||||
| -rw-r--r-- | utils/releasenote.header | 9 | ||||
| -rw-r--r-- | website/download.mdwn | 40 | ||||
| -rw-r--r-- | website/news/release-0.15-1.mdwn | 17 | ||||
| -rw-r--r-- | website/why.mdwn | 2 |
11 files changed, 159 insertions, 35 deletions
@@ -45,4 +45,7 @@ install: all install man/man8/* $(DESTDIR)$(PREFIX)/share/man/man8 install -m 0644 etc/* $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere -.PHONY: all clean tarball debian-package install +releasenote: + ./utils/build-releasenote + +.PHONY: all clean tarball debian-package install releasenote diff --git a/debian/changelog b/debian/changelog index d032017..6acb8e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.15~pre-1) UNRELEASED; urgency=low +monkeysphere (0.15-1) experimental; urgency=low * porting work and packaging simplification: clarifying makefiles, pruning dependencies, etc. diff --git a/debian/control b/debian/control index ef62798..8f5aeef 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), lockfile-progs, adduser, ${shlibs:Depends} +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} Recommends: netcat | socat, ssh-askpass Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections @@ -91,6 +91,49 @@ cutline() { head --line="$1" "$2" | tail -1 } +# this is a wrapper for doing lock functions. +# +# it lets us depend on either lockfile-progs (preferred) or procmail's +# lockfile, and should +lock() { + local use_lockfileprogs=true + local action="$1" + local file="$file" + + if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then + if ! ( which lockfile >/dev/null ); then + failure "Neither lockfile-create nor lockfile are in the path!" + fi + use_lockfileprogs= + fi + + case "$action" in + create) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-create "$file" || failure "unable to lock '$file'" + else + lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" + fi + ;; + touch) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-touch --oneshot "$file" + else + : Nothing to do here + fi + ;; + remove) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-remove "$file" + else + rm -f "${file}.lock" + fi + ;; + *) + failure "bad argument for lock subfunction '$action'" + esac +} + # check that characters are in a string (in an AND fashion). # used for checking key capability # check_capability capability a [b...] @@ -724,11 +767,10 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $KNOWN_HOSTS" EXIT - - # create a lockfile on known_hosts - lockfile-create "$KNOWN_HOSTS" + # create a lockfile on known_hosts: + lock create "$KNOWN_HOSTS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT # note pre update file checksum fileCheck="$(file_hash "$KNOWN_HOSTS")" @@ -747,11 +789,12 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$KNOWN_HOSTS" + lock touch "$KNOWN_HOSTS" done - # remove the lockfile - lockfile-remove "$KNOWN_HOSTS" + # remove the lockfile and the trap + lock remove "$KNOWN_HOSTS" + trap - EXIT # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then @@ -862,11 +905,10 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $AUTHORIZED_KEYS" EXIT - # create a lockfile on authorized_keys - lockfile-create "$AUTHORIZED_KEYS" + lock create "$AUTHORIZED_KEYS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $AUTHORIZED_KEYS" EXIT # note pre update file checksum fileCheck="$(file_hash "$AUTHORIZED_KEYS")" @@ -890,11 +932,12 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$AUTHORIZED_KEYS" + lock touch "$AUTHORIZED_KEYS" done - # remove the lockfile - lockfile-remove "$AUTHORIZED_KEYS" + # remove the lockfile and the trap + lock remove "$AUTHORIZED_KEYS" + trap - EXIT # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then diff --git a/utils/build-releasenote b/utils/build-releasenote new file mode 100755 index 0000000..af7ceb3 --- /dev/null +++ b/utils/build-releasenote @@ -0,0 +1,40 @@ +#!/bin/bash + +VERSION=`head -n1 debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` + +{ + sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header + head -n$(( $(grep -n '^ --' debian/changelog | head -n1 | cut -f1 -d:) - 2 )) debian/changelog | tail -n+3 + sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer +} > "website/news/release-$VERSION.mdwn" + +git add "website/news/release-$VERSION.mdwn" + +checksums() { + echo "checksums for the monkeysphere ${VERSION%%-*} release:" + echo + echo "MD5:" + md5sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" + echo + echo "SHA1:" + sha1sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" + echo + echo "SHA256:" + sha256sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" +} + +checksums + +temprelease=$(mktemp) +trap "rm -f $temprelease" EXIT +set -e +head -n$(( $(grep -n '^-----BEGIN PGP SIGNED MESSAGE-----$' website/download.mdwn | head -n1 | cut -f1 -d:) - 1 )) website/download.mdwn >$temprelease +checksums | gpg --no-tty --clearsign --default-key EB8AF314 >>$temprelease +cat utils/download.mdwn.footer >>$temprelease +mv "$temprelease" website/download.mdwn +trap - EXIT +set +e + +git add website/download.mdwn + +gpg --verify website/download.mdwn diff --git a/utils/download.mdwn.footer b/utils/download.mdwn.footer new file mode 100644 index 0000000..95bc788 --- /dev/null +++ b/utils/download.mdwn.footer @@ -0,0 +1 @@ +</pre> diff --git a/utils/releasenote.footer b/utils/releasenote.footer new file mode 100644 index 0000000..640e765 --- /dev/null +++ b/utils/releasenote.footer @@ -0,0 +1,3 @@ +</pre> + +[[Download]] it now! diff --git a/utils/releasenote.header b/utils/releasenote.header new file mode 100644 index 0000000..1dbc5b9 --- /dev/null +++ b/utils/releasenote.header @@ -0,0 +1,9 @@ +[[meta title="Monkeysphere __VERSION__ released!"]] + +# Monkeysphere __VERSION__ released! # + +Monkeysphere __VERSION__ has been released. + +Notes from the changelog: + +<pre> diff --git a/website/download.mdwn b/website/download.mdwn index 64993c9..3ba40f4 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -46,31 +46,37 @@ look at the source, we recommend [using git](/community). But if you want a tarball of the most recent release, we publish those too. The [latest tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.14.orig.tar.gz) -has this sha1sum: +has these checksums: <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -sha1sum for the monkeysphere 0.14 release: +checksums for the monkeysphere 0.15 release: -8b05fec041cec7f86ddde92fa72c8aabf8af0b3b monkeysphere_0.14.orig.tar.gz +MD5: +8be275e5b5119921a536d8a67d3bfe24 monkeysphere_0.15.orig.tar.gz + +SHA1: +65da0a047d935e856e2a0d7032dbbb339a3ce20a monkeysphere_0.15.orig.tar.gz + +SHA256: +44f3feb6e9f6921d2ed0406af4e3862f67da9261c8f00c7ea37cfea5031cbc77 monkeysphere_0.15.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) -iQIVAwUBSMBhXhjmZ/HrivMUAQJTmw//XB8y7UXAg2GD4A1wHS/lczQLlzN3fVmT -MGzLVdlRtATQgnL1Zd2CbKEEswSDpok9h+meZxMUvBXnpGV3iUouNo7q6vkt9Dp6 -Y5B+mgSe1vlxtkHPRCpLFvnLch2+x9zk+OhfHK+85zu6yPd2KqN0uFMpx6xLDWNq -iIx3KzEOqLNe5WjJoKbGDvBohxgPePDLkAQtz+6Bnvor+H5gR4Mg3enPCRUtndKs -sxyfw40ZCCZQV8Hma1YzP8jRrTNhXy3jY57cJ966FgWANPxDWzQh3k0W9ZTp4KP7 -3xcxSxKGMCFtfkNFhC6vcry4TRh/f33snGhwvPX2sAfWTsDP3PPeY4bK2rtVynZm -bHl6IT1ZEdFVtS9IwWz51SAW5nDjffQnjSUM6TWtviRAc+acCHBCWVaGCRea7PLt -7BJ/chJUf48gSIYStH/rFVcGJGOQD8CYQeUrKPBZu/CHowJziYfYcBQ0zydPEz9A -5Lvs7pUhBVB+YYRqx62LqOMxX+qbUGCNRa3xJHRbOq8j+qqwTTh2W/fAlT1ziez+ -VqmKwX5Fnxd9q0wEEn3NGNbV8SrhHtN0LxmVHwxPrk5uo5d9mfuLBFnA93vWacDd -M0bZHHnV7w6CuR4ReGPh1HJFAPRf42S3HM9JooFV6hWlEci2iomInba691PMQOJv -nd+N0oSL47A= -=uAHY +iQIVAwUBSMG2fxjmZ/HrivMUAQJ40RAAjb4Rh9qJQztp+tAOxpvXKmItRTFyBTeB +QQWjl/gNSWbAOvZX9t+F63P8Dp/ET9XoE2iXUnClvCtkkKvwbKISHyM4C9tgu0z9 +Yggb6lFPt/Qz2fD/HTMxkeN+n0p/FVjLW9WlLPyKF++u/o8JelyuiXocHORzjtc/ +9HyQfdbZuUPA16ZsAb9D66aIC2pWR21EiXHj95EvUkm6AO53Sy9G5gzzveflRrLm +UdrcwCnbXiZklbs9wXxeZTa4qLAhv31RmkCzbE3/lNwFSBfzFFfi2HXZqQdRmIgu +xuV/wmi8xgxUbv7dbB7yhhqwFmRnzeuV3rvuvSdjqGjFu6R0fqorIOtLtBkG1m0Q +RP5gs5mU+DreYkdeLWpFFFVjaJkz0cNUcnT22EJ5JgfeH3fkoAPpjlUMvgh8apGq +CbtqmBfYVOLyifiwptCSwlQvfY2guBVmsW+C60g78vMlCa0Tezp79I5H1KdsXKlY +cw1eLt3HhEy39yojmcD5EI293tfWTIYvULXvMIZjqEFnkFvoAogtinfd8fDoH15j +8yqXOUfkuuSeGmPReyiZZkbBTMXOdM6JsXmjEMI5T9dnZcC0CClnDGfcxE2UfPQZ +v9tneWXZzFmnWaAqH+T+SJJ4gpMhD+i0vXgQ7xOhUUCF+tiY8Qh1eltR2Kf+VeYW +d+MRglTs/Z4= +=AmW6 -----END PGP SIGNATURE----- </pre> - diff --git a/website/news/release-0.15-1.mdwn b/website/news/release-0.15-1.mdwn new file mode 100644 index 0000000..5a36ba1 --- /dev/null +++ b/website/news/release-0.15-1.mdwn @@ -0,0 +1,17 @@ +[[meta title="MonkeySphere 0.15-1 released!"]] + +# MonkeySphere 0.15-1 released! # + +MonkeySphere 0.15-1 has been released. + +From the changelog: + +<pre> + * porting work and packaging simplification: clarifying makefiles, + pruning dependencies, etc. + * added tests to monkeysphere-server diagnostics + * moved monkeysphere(5) to section 7 of the manual + * now shipping TODO in /usr/share/doc/monkeysphere +</pre> + +[[Download]] it now! diff --git a/website/why.mdwn b/website/why.mdwn index 3c70bab..3d67d32 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -2,6 +2,8 @@ # Why should you be interested in the Monkeysphere? # +[[!toc levels=2]] + ## As an `ssh` user ## Do you use `ssh` to connect to remote machines? Are you tired of |