diff options
-rw-r--r-- | Changelog (renamed from changelog) | 16 | ||||
-rwxr-xr-x | Makefile | 6 | ||||
-rw-r--r-- | man/man1/monkeysphere.1 | 9 | ||||
-rw-r--r-- | packaging/debian/changelog | 4 | ||||
-rwxr-xr-x | src/monkeysphere | 25 | ||||
-rwxr-xr-x | utils/build-releasenote | 4 | ||||
-rw-r--r-- | utils/releasenote.header | 2 | ||||
-rw-r--r-- | website/download.mdwn | 58 | ||||
-rw-r--r-- | website/news/msva-perl-0.2.mdwn | 20 | ||||
-rw-r--r-- | website/news/release-0.29.mdwn | 25 |
10 files changed, 131 insertions, 38 deletions
@@ -1,12 +1,22 @@ -monkeysphere (0.29~pre1) UNRELEASED; urgency=low +monkeysphere (0.29) unstable; urgency=low + * This is mainly a bugfix release * Fix man page typo about monkeysphere authorized_keys location * Monkeysphere should work properly even if the user has "armor" in their gpg.conf (closes MS #1625) * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER environment variable (and defaults to true) - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 18 Feb 2010 12:38:43 -0500 + * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes + MS #1436 + * respect CHECK_KEYSERVER in more places (closes MS #1997) + * warn on keyserver failures for monkeysphere-authentication (closes MS + #1750) + * avoid checking trustdb for monkeysphere-host (closes MS #1957) + * allow monkeysphere-authentication to use hkps with trusted X.509 root + certificate authorities in + /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 14 Mar 2010 21:00:47 -0400 monkeysphere (0.28) unstable; urgency=low @@ -5,7 +5,7 @@ # © 2008-2010 Daniel Kahn Gillmor <dkg@fifthhorseman.net> # Licensed under GPL v3 or later -MONKEYSPHERE_VERSION = `head -n1 changelog | sed 's/.*(\([^-]*\)).*/\1/'` +MONKEYSPHERE_VERSION = `head -n1 Changelog | sed 's/.*(\([^-]*\)).*/\1/'` # these defaults are for debian. porters should probably adjust them # before calling make install @@ -21,7 +21,7 @@ tarball: clean rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc - ln -s ../changelog ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) + ln -s ../Changelog ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) echo Monkeysphere $(MONKEYSPHERE_VERSION) > monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION echo -n "git revision " >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION git rev-parse HEAD >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION @@ -68,7 +68,7 @@ install: all installman install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh install -m 0644 src/share/ma/* $(DESTDIR)$(PREFIX)/share/monkeysphere/ma install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere - install changelog $(DESTDIR)$(PREFIX)/share/doc/monkeysphere + install Changelog $(DESTDIR)$(PREFIX)/share/doc/monkeysphere install -m 0644 etc/monkeysphere.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-host.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-host.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-authentication.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-authentication.conf$(ETCSUFFIX) diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 4d8eab6..25421ce 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -128,14 +128,13 @@ specify the full fingerprints of specific keys to add to the agent (space separated), instead of adding them all. `s' may be used in place of `subkey\-to\-ssh\-agent'. .TP -.B sshfpr KEYID -Output the ssh fingerprint of a key in your gpg keyring. `f' may be -used in place of `fingerprint'. -.TP .B keys\-for\-userid USERID -Output to stdout all acceptable keys for a given user ID literal. +Output to stdout all acceptable keys for a given user ID. `u' may be used in place of `keys\-for\-userid'. .TP +.B sshfprs\-for\-userid USERID +Output the ssh fingerprints of acceptable keys for a given user ID. +.TP .B version Show the monkeysphere version number. `v' may be used in place of `version'. diff --git a/packaging/debian/changelog b/packaging/debian/changelog index d971ee6..eb5c441 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low +monkeysphere (0.29-1) unstable; urgency=low [ Jameson Graef Rollins ] * New upstream release @@ -10,7 +10,7 @@ monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low administrators and users can choose to start up a validation agent for each X session using monkeysphere.conf - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 12 Mar 2010 01:57:39 -0500 + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 14 Mar 2010 21:07:17 -0400 monkeysphere (0.28-1) unstable; urgency=low diff --git a/src/monkeysphere b/src/monkeysphere index a763151..fe92960 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -48,9 +48,9 @@ subcommands: ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent - sshfpr (f) KEYID output ssh fingerprint of gpg key - keys-for-userid (u) USERID output valid keys for user id literal + keys-for-userid (u) USERID output valid keys for given user ids + sshfprs-for-userid USERID output ssh fingerprints for given user ids gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) @@ -68,7 +68,7 @@ gpg_user() { # output the ssh fingerprint of a gpg key gpg_ssh_fingerprint() { keyid="$1" - local tmpfile=$(mktemp) + local tmpfile=$(msmktempfile) # trap to remove tmp file if break trap "rm -f $tmpfile" EXIT @@ -271,7 +271,8 @@ case $COMMAND in subkey_to_ssh_agent "$@" ;; - 'sshfpr'|'f') + 'sshfpr') + echo "Warning: 'sshfpr' is deprecated. Please use 'sshfprs-for-userid' instead." >&2 gpg_ssh_fingerprint "$@" ;; @@ -280,8 +281,24 @@ case $COMMAND in keys_for_userid "$@" ;; + 'sshfprs-for-userid') + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} + keytmpdir=$(msmktempdir) + # use a file named " " to avoid arbitrary non-whitespace text + # in the fingerprint output + keytmpfile="$keytmpdir/ " + cd "$keytmpdir" + keys_for_userid "$@" | while read KEYLINE ; do + printf '%s\n' "$KEYLINE" > "$keytmpdir/ " + ssh-keygen -l -f ' ' + done + rm -f "$keytmpfile" + rmdir "$keytmpdir" + ;; + 'keys-from-userid') echo "Warning: 'keys-from-userid' is deprecated. Please use 'keys-for-userid' instead." >&2 + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} keys_for_userid "$@" ;; diff --git a/utils/build-releasenote b/utils/build-releasenote index cac0869..71891ff 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -8,11 +8,11 @@ # Copyright: © 2008-2010 # License: GPL, v3 or later -VERSION=`head -n1 changelog | sed 's/.*(\([^)]*\)).*/\1/'` +VERSION=`head -n1 Changelog | sed 's/.*(\([^)]*\)).*/\1/'` { sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header - head -n$(( $(grep -n '^ --' changelog | head -n1 | cut -f1 -d:) - 2 )) changelog | tail -n+3 + head -n$(( $(grep -n '^ --' Changelog | head -n1 | cut -f1 -d:) - 2 )) Changelog | tail -n+3 sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer } > "website/news/release-$VERSION.mdwn" diff --git a/utils/releasenote.header b/utils/releasenote.header index cf08728..91fbcfc 100644 --- a/utils/releasenote.header +++ b/utils/releasenote.header @@ -1,4 +1,4 @@ -[[meta title="Monkeysphere __VERSION__ released!"]] +[[!meta title="Monkeysphere __VERSION__ released!"]] Monkeysphere __VERSION__ has been released. diff --git a/website/download.mdwn b/website/download.mdwn index 119c42a..7ffa8ed 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -7,6 +7,21 @@ page](/doc) to read up on how to get started [as a regular user](/getting-started-user) or [as a systems administrator](/getting-started-admin). +# Installing the Firefox/Iceweasel add-on # + +To use the Monkeysphere for website validation, you will need the +Firefox/Iceweasel add-on, the monkeysphere package and the +validation agent. + +[Download and install the Firefox/Iceweasel +add-on](http://archive.monkeysphere.info/xul-ext/monkeysphere.xpi) + +Once you have installed the add-on, you will need to restart your +browser, and then proceed to install the monkeysphere package and +validation agent below. + +# Installing the Monkeysphere package and validation agent # + ## Dependencies ## Monkeysphere relies on: @@ -28,6 +43,13 @@ version as follows: If you are running Debian stable, you can get the monkeysphere package from [backports.org](http://backports.org/dokuwiki/doku.php?id=instructions) +To get started using the Monkeysphere for website validation, you will +need to install the Monkeysphere Validation Agent. Currently the perl +version of the agent is available in Debian sid, or directly from our +APT repository (see below): + + aptitude install msva-perl + ## Debian derivatives (including Ubuntu) ## You can also install the Monkeysphere directly from the Monkeysphere @@ -86,38 +108,38 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.28.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.29.orig.tar.gz) is also available, and has these checksums: <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -checksums for the monkeysphere 0.28 release: +checksums for the monkeysphere 0.29 release: MD5: -b66f671ec48725a0eb55de7de4d7ce6d monkeysphere_0.28.orig.tar.gz +009e26cc77d38e25697cdea06eecd5ab monkeysphere_0.29.orig.tar.gz SHA1: -ead634e0ea0a795e8a96812b7397d318a4be54b0 monkeysphere_0.28.orig.tar.gz +db1074d6c5f424859ddec31cff0a0b6214789f16 monkeysphere_0.29.orig.tar.gz SHA256: -b463577d36d6e8f5eb698d8e3c75d27bcfb3f928628c128f5d342e8a83bef6f2 monkeysphere_0.28.orig.tar.gz +0e3c683b7d8a07e6ceae80cb0d3acf647c3f8c74cbaab527f73608dcdd1b01fb monkeysphere_0.29.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) -iQIVAwUBS1YAyBjmZ/HrivMUAQqbBBAAqhnDfDZukFUDEN6Y164o/AXMtBO20KUg -GyrgjgJElQJC2oz9OooNJ60iPSOz/G+Wu5lSMnRqdKU8x50F7ogYE1Gnd+8J3c2G -1ciDQbLrR7pE2jua7xyfA+SQgg3bSgSN/7Jl61+OosQpcI/WnJvOQWKA6TI+iRGC -B4g87ZRSRUAVZoFDRY0lBINP70+riGrYm8b2tgp7FbpgVBtUFL8gsmxnPZ7cGYF2 -yTwg9ZCAlDQ6LIZ7DAwb2lUAtAHtlLfAhulr3qLW2SNc95vcJ7Ss7CjgIuCL8qTe -2zX2fysG7Hgbi0G0GNjv+yomOFlRGWC1Gf3pv0Clmy7cVgIgcP61nE3djFSYa9vk -k7cKtppNEzoleEjz+dMIOezcXCdLO2g+sQfpaYU5acRp95ouCaXYINS8DYDkaKwj -Wjra6BSCbClzZYblOJIlCmK4JJPE4EB8NShL/VXSwV8uvtNniGNpGHeHqaKvbT+Y -RYlCzL+/Ruyv1dQbtiBtErB8yP+psheoQYk6lU7nNy+MTH+R/xXrbHxptSDRQwru -O1hbfONnEK6JfdVQI4zEBuBz8NVuZPPQqqy1mxLSWMxWKz4GtNbTXOR1tRFVqlxk -eCTYdhhyIz7gu8EUwvTLZoqKOB6kQWS1ygycFRi/g+DOOXuSpazF5XmutF6HpJx1 -1nK2WBl5loE= -=164p +iQIVAwUBS52/UhjmZ/HrivMUAQr98g/7B+6CCN9vrJFNZp2KX+jTcxBLRxY/2cJp +fIjtaNzoyr86Q6gXzsgavB6E+olqhM3YR2gy6Z+fzNe8CdI74ikFCb0b8JpbzU6a +F5et7RqQ/pkQrCawrVPTZnompqfJrWBPYZU5is85SJgX4jJrgUFrGbvTq2PsJDbC +w9H8oOxELmCGYUAxRYGcQKdhQTBoRYz0a7/DzKt4sQHYbNblO1T2YNuqBxn372Wp +bd8xholyfO6EjCfoEJPee8Uf1sxE4nhsYFYIHsuckqLbcdoE8crAmjeDdDt+yVCO +N35Y/SRKNbIe/Nj8NSwAobd8N2DWj1qBWtHbT8Mw5kyd65kRPnfTQII5W0/3m3rT +DwcXGsMMfOsPEMtAYfmGOaIdEH9y2O7tmV1Om2CGx0AV9F9F3RnyNlYB6mfVaUVO +fZOJuUU61FoGRYCb/R4DF0IdFUhy0yMgTgT5tAYGMFpHd5ZTYgzIAWrIbV7QhrHs +9LgrnJYffScHjjsE6NjjvOZQe9RrI25ZLHZEMo/zhZEMMzdIne8IZUXvz68v1wN9 +mLcGRMG8B1CT4gXyi1uy1he7Zw0Hmz2Kbq619alRmyV8CqNhNrvMQicRqklKvcuW +mwKQx+bOxpwZgW4/46EDHJ4nUOaGjVXIwoDdisvKU5jDIMZBXB4lLJtPNFFsv18D +AxOLE3KlzF0= +=372c -----END PGP SIGNATURE----- </pre> diff --git a/website/news/msva-perl-0.2.mdwn b/website/news/msva-perl-0.2.mdwn new file mode 100644 index 0000000..cb01bb8 --- /dev/null +++ b/website/news/msva-perl-0.2.mdwn @@ -0,0 +1,20 @@ +[[!meta title="Monkeysphere Validation Agent (Perl) 0.2 released!"]] + +Version 0.2 of the Perl implementation of the Monkeysphere Validation +Agent has been released. + +Notes from the changelog: + +<pre> + * can now be invoked with a sub-command; will run until subcommand + completes, and then terminate with the same return code (this is + similar to the ssh-agent technique, and enables inclusion in + Xsession.d; see monkeysphere 0.29 package for automatic startup). + * chooses arbitrary open port by default (can still be specified with + MSVA_PORT environment variable) + * minimized logging spew by default. + * now shipping README.schema (notes about possible future MSVA + implementations) + * cleanup Makefile and distribution strategies. +</pre> + diff --git a/website/news/release-0.29.mdwn b/website/news/release-0.29.mdwn new file mode 100644 index 0000000..e113614 --- /dev/null +++ b/website/news/release-0.29.mdwn @@ -0,0 +1,25 @@ +[[!meta title="Monkeysphere 0.29 released!"]] + +Monkeysphere 0.29 has been released. + +Notes from the changelog: + +<pre> + * This is mainly a bugfix release + * Fix man page typo about monkeysphere authorized_keys location + * Monkeysphere should work properly even if the user has "armor" in + their gpg.conf (closes MS #1625) + * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER + environment variable (and defaults to true) + * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes + MS #1436 + * respect CHECK_KEYSERVER in more places (closes MS #1997) + * warn on keyserver failures for monkeysphere-authentication (closes MS + #1750) + * avoid checking trustdb for monkeysphere-host (closes MS #1957) + * allow monkeysphere-authentication to use hkps with trusted X.509 root + certificate authorities in + /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt +</pre> + +[[Download]] it now! |