diff options
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | website/bugs/handle-passphrase-locked-secret-keys.mdwn | 6 | ||||
| -rw-r--r-- | website/bugs/install-seckey2sshagent-in-usr-bin.mdwn | 10 |
3 files changed, 18 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index fb1c2f4..f3efd57 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.11-1) UNRELEASED; urgency=low +monkeysphere (0.11-1) experimental; urgency=low [ Jameson Graef Rollins ] * fix bug in trustdb update on add/revoke-hostname. @@ -6,6 +6,9 @@ monkeysphere (0.11-1) UNRELEASED; urgency=low [ Daniel Kahn Gillmor ] * debian/control: added Build-Depends: git-core for the new packaging format + * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched + GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly + if not found). -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Wed, 20 Aug 2008 11:24:35 -0400 diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn index ae5bf72..2df14eb 100644 --- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn +++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn @@ -32,7 +32,7 @@ primary key, then something like the following script should actually work for reasonable values of `$KEYID`: TMPDIR=$(mktemp -d) - uname 077 + umask 077 mkfifo "$TMPDIR/passphrase" kname="MonkeySphere Key $KEYID" mkfifo "$TMPDIR/$kname" @@ -50,6 +50,10 @@ so if we can get it incorporated into upstream (and/or into debian), we have a possible solution, as long as the authentication key is a subkey, and not a primary key. +As of version 0.11-1, `monkeysphere subkey-to-ssh-agent` implements +this particular strategy (and fails cleanly if the version of GnuTLS +present doesn't support the GNU dummy S2K extension). + --------- Ben Laurie and Rachel Willmer's diff --git a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn index 0163727..e2c2682 100644 --- a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn +++ b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn @@ -35,9 +35,17 @@ which means that we can cleanly test whether the proposed [handling of passphrase-locked secret keys](bugs/handle-passphrase-locked-secret-keys/) is functional. With that in mind, I'd like to propose that we could resolve this bug -simply by adding a new subcommand: `monkeysphere authkey-to-agent`, +simply by adding a new subcommand: `monkeysphere subkey-to-ssh-agent`, which would fail in the absence of a functionally-patched GnuTLS. Would this proposal be sufficient to resolve this bug? --dkg + +--- + +Version 0.11-1 now has the `monkeysphere subkey-to-ssh-agent` +subcommand, which works cleanly in the presence of a +functionally-patched GnuTLS. + +--dkg |