summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile4
-rw-r--r--debian/changelog5
-rwxr-xr-xdebian/monkeysphere.postinst2
-rw-r--r--man/man8/monkeysphere-server.861
-rw-r--r--packaging/freebsd/distinfo6
-rwxr-xr-xpackaging/freebsd/pkg-install15
-rwxr-xr-xsrc/monkeysphere-server83
-rw-r--r--tests/basic78
-rw-r--r--website/bugs/genericize-filesystem-locations-for-testsuite.mdwn28
-rw-r--r--website/bugs/make-tarball-is-not-idempotent.mdwn12
-rw-r--r--website/bugs/postinst-clobbers-gpg.conf-settings.mdwn2
-rw-r--r--website/bugs/problems-with-root-owned-gpg-keyrings.mdwn24
-rw-r--r--website/bugs/setup-subcommand-for-monkeysphere-server.mdwn2
13 files changed, 267 insertions, 55 deletions
diff --git a/Makefile b/Makefile
index 779bb1a..4ea3898 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,9 @@ debian-package: tarball
(cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us)
rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
-freebsd-distinfo: tarball
+# don't explicitly depend on the tarball, since our tarball
+# (re)generation is not idempotent even when no source changes.
+freebsd-distinfo:
./utils/build-freebsd-distinfo
clean:
diff --git a/debian/changelog b/debian/changelog
index 13872bf..32d5a19 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,10 +5,13 @@ monkeysphere (0.16~pre-1) UNRELEASED; urgency=low
portability.
* fixed busted lockfile arrangement, where empty file was being locked
* portability fixes in the way we use date, mktemp, hostname, su
- * stop using stat, since the syntax appears to be totally unportable
+ * stop using /usr/bin/stat, since the syntax appears to be totally
+ unportable
* require GNU getopt, and test for getopt failures (look for getopt in
/usr/local/bin first, since that's where FreeBSD's GNU-compatible
getopt lives.
+ * monkeysphere-server diagnostics now counts problems and suggests a
+ re-run after they have been resolved.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 11 Sep 2008 23:16:31 -0400
diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst
index d3c3b96..981c9df 100755
--- a/debian/monkeysphere.postinst
+++ b/debian/monkeysphere.postinst
@@ -11,7 +11,7 @@ if ! getent passwd monkeysphere >/dev/null ; then
echo "adding monkeysphere user..."
adduser --quiet --system --no-create-home --group \
--home "$VARLIB" \
- --shell '/bin/sh' \
+ --shell '/bin/bash' \
--gecos 'monkeysphere authentication user,,,' \
monkeysphere
fi
diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index f207e2c..c905f2f 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -130,51 +130,54 @@ is located:
HostKey /var/lib/monkeysphere/ssh_host_rsa_key
-In order for users logging into the system to be able to verify the
+In order for users logging into the system to be able to identify the
host via the monkeysphere, at least one person (e.g. a server admin)
-will need to sign the host's key. This is done using standard key
-signing techniquies, usually by pulling the key from the keyserver,
-signing the key, and re-publishing the signature. Once that is done,
-users logging into the host will be able to certify the host's key via
-the signature of the host admin.
+will need to sign the host's key. This is done using standard OpenPGP
+keysigning techniques, usually: pul the key from the keyserver, verify
+and sign the key, and then re-publish the signature. Once an admin's
+signature is published, users logging into the host can use it to
+validate the host's key.
If the server will also handle user authentication through
monkeysphere-generated authorized_keys files, the server must be told
-which keys will act as user certifiers. This is done with the
-\fBadd-certifier\fP command:
-
-$ monkeysphere-server add-certifier KEYID
-
-where KEYID is the key ID of the server admin, or whoever's signature
-will be certifying users to the system. Certifiers can be removed
-with the \fBremove-certifier\fP command, and listed with the
-\fBlist-certifiers\fP command.
-
-Remote user's will then be granted access to a local user account
-based on the appropriately signed and valid keys associated with user
-IDs listed in the authorized_user_ids file of the local user. By
-default, the authorized_user_ids file for local users is found in
+which keys will act as identity certifiers. This is done with the
+\fBadd-identity-certifier\fP command:
+
+$ monkeysphere-server add-identity-certifier KEYID
+
+where KEYID is the key ID of the server admin, or whoever's
+certifications should be acceptable to the system for the purposes of
+authenticating remote users. You can run this command multiple times
+to indicate that multiple certifiers are trusted. You may also
+specify a filename instead of a key ID, as long as the file contains a
+single OpenPGP public key. Certifiers can be removed with the
+\fBremove-identity-certifier\fP command, and listed with the
+\fBlist-identity-certifiers\fP command.
+
+Remote users will then be granted access to a local account based on
+the appropriately-signed and valid keys associated with user IDs
+listed in that account's authorized_user_ids file. By default, the
+authorized_user_ids file for an account is
~/.monkeysphere/authorized_user_ids. This can be changed in the
monkeysphere-server.conf file.
The \fBupdate-users\fP command can then be used to generate
-authorized_keys file for local users based on the authorized user IDs
-listed in the various local user's authorized_user_ids file:
+authorized_keys file for local accounts based on the authorized user
+IDs listed in the account's authorized_user_ids file:
$ monkeysphere-server update-users USER
-Not specifying a specific user will cause all users on the system to
-updated. sshd can then use these monkeysphere generated
-authorized_keys files to grant access to user accounts for remote
-users. You must also tell sshd to look at the monkeysphere-generated
-authorized_keys file for user authentication by setting the following
-in the sshd_config:
+Not specifying USER will cause all accounts on the system to updated.
+sshd can then use these monkeysphere generated authorized_keys files
+to grant access to user accounts for remote users. You must also tell
+sshd to look at the monkeysphere-generated authorized_keys file for
+user authentication by setting the following in the sshd_config:
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
It is recommended to add "monkeysphere-server update-users" to a
system crontab, so that user keys are kept up-to-date, and key
-revocations and expirations can be processed in a timely manor.
+revocations and expirations can be processed in a timely manner.
.SH ENVIRONMENT
diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo
index 1a3b6c5..b8ad49b 100644
--- a/packaging/freebsd/distinfo
+++ b/packaging/freebsd/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.16~pre.orig.tar.gz) = 7ec79824cf814c618b39e9bf33ff65b1
-SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = bce97a2b2f90bc85b81af374cc0d32dfb23c6b2c1f1b2145f8a4d4a5bb00645b
-SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 58595
+MD5 (monkeysphere_0.16~pre.orig.tar.gz) = c5c5211440e31d04df1f7904ec859fb9
+SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = 77faf81cc51dff754ecb7122de26818b908e06ab4e0bdbd0320346dde53612cd
+SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59253
diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install
index b832190..940b796 100755
--- a/packaging/freebsd/pkg-install
+++ b/packaging/freebsd/pkg-install
@@ -22,6 +22,7 @@ POST-INSTALL)
GROUP=${USER}
UID=641
GID=${UID}
+ SHELL=/usr/local/bin/bash
if pw group show "${GROUP}" 2>/dev/null; then
echo "You already have a group \"${GROUP}\", so I will use it."
@@ -34,11 +35,18 @@ POST-INSTALL)
fi
fi
- if pw user show "${USER}" 2>/dev/null; then
- echo "You already have a user \"${USER}\", so I will use it."
+ if oldshell=`pw user show "${USER}" 2>/dev/null`; then
+ if [ x"$oldshell" != x"$SHELL" ]; then
+ echo "You already have a \"${USER}\" user, but its shell is '$oldshell'."
+ echo "This package requires that \"${USER}\"'s shell be '$SHELL'."
+ echo "You should fix this by hand and then re-install the package."
+ echo " hint: pw usermod '$USER' -s '$SHELL'"
+ exit 1
+ fi
+ echo "You already have a user \"${USER}\" with the proper shell, so I will use it."
else
if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \
- -d "$VARLIB" -s /bin/sh -c "monkeysphere authentication user,,,"
+ -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,,"
then
echo "Added user \"${USER}\"."
else
@@ -63,5 +71,6 @@ keyring $VARLIB/gnupg-host/pubring.gpg
EOF
chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf
+ monkeysphere-server diagnostics
;;
esac
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 6798fab..db3687b 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -67,7 +67,7 @@ EOF
}
su_monkeysphere_user() {
- su -m "$MONKEYSPHERE_USER" -c "$@"
+ su "$MONKEYSPHERE_USER" -c "$@"
}
# function to interact with the host gnupg keyring
@@ -188,25 +188,25 @@ update_users() {
fi
# make temporary directory
- TMPDIR=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+ TMPLOC=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
# trap to delete temporary directory on exit
- trap "rm -rf $TMPDIR" EXIT
+ trap "rm -rf $TMPLOC" EXIT
# create temporary authorized_user_ids file
- TMP_AUTHORIZED_USER_IDS="${TMPDIR}/authorized_user_ids"
+ TMP_AUTHORIZED_USER_IDS="${TMPLOC}/authorized_user_ids"
touch "$TMP_AUTHORIZED_USER_IDS"
# create temporary authorized_keys file
- AUTHORIZED_KEYS="${TMPDIR}/authorized_keys"
+ AUTHORIZED_KEYS="${TMPLOC}/authorized_keys"
touch "$AUTHORIZED_KEYS"
# set restrictive permissions on the temporary files
# FIXME: is there a better way to do this?
- chmod 0700 "$TMPDIR"
+ chmod 0700 "$TMPLOC"
chmod 0600 "$AUTHORIZED_KEYS"
chmod 0600 "$TMP_AUTHORIZED_USER_IDS"
- chown -R "$MONKEYSPHERE_USER" "$TMPDIR"
+ chown -R "$MONKEYSPHERE_USER" "$TMPLOC"
# if the authorized_user_ids file exists...
if [ -s "$authorizedUserIDs" ] ; then
@@ -243,7 +243,7 @@ update_users() {
mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}"
# destroy temporary directory
- rm -rf "$TMPDIR"
+ rm -rf "$TMPLOC"
done
}
@@ -559,6 +559,7 @@ diagnostics() {
local fingerprint
local badhostkeys
local sshd_config
+ local problemsfound=0
# FIXME: what's the correct, cross-platform answer?
sshd_config=/etc/ssh/sshd_config
@@ -570,20 +571,24 @@ diagnostics() {
warndate=$(advance_date $warnwindow +%s)
if ! id monkeysphere >/dev/null ; then
- echo "! No monkeysphere user found! Please create a monkeysphere system user."
+ echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell."
+ problemsfound=$(($problemsfound+1))
fi
if ! [ -d "$VARLIB" ] ; then
echo "! no $VARLIB directory found. Please create it."
+ problemsfound=$(($problemsfound+1))
fi
echo "Checking host GPG key..."
if (( "$keysfound" < 1 )); then
echo "! No host key found."
echo " - Recommendation: run 'monkeysphere-server gen-key'"
+ problemsfound=$(($problemsfound+1))
elif (( "$keysfound" > 1 )); then
echo "! More than one host key found?"
# FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
else
create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
@@ -593,9 +598,11 @@ diagnostics() {
if (( "$expire" < "$curdate" )); then
echo "! Host key is expired."
echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ problemsfound=$(($problemsfound+1))
elif (( "$expire" < "$warndate" )); then
echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ problemsfound=$(($problemsfound+1))
fi
fi
@@ -603,6 +610,7 @@ diagnostics() {
if [ "$create" ] && (( "$create" > "$curdate" )); then
echo "! Host key was created in the future(?!). Is your clock correct?"
echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+ problemsfound=$(($problemsfound+1))
fi
# check for UserID expiration:
@@ -614,14 +622,17 @@ diagnostics() {
if [ "$create" ] && (( "$create" > "$curdate" )); then
echo "! User ID '$uid' was created in the future(?!). Is your clock correct?"
echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+ problemsfound=$(($problemsfound+1))
fi
if [ "$expire" ] ; then
if (( "$expire" < "$curdate" )); then
echo "! User ID '$uid' is expired."
- # FIXME: recommend a way to resolve this
+ # FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
elif (( "$expire" < "$warndate" )); then
echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
# FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
fi
fi
done
@@ -641,20 +652,24 @@ diagnostics() {
echo "Checking host SSH key..."
if [ ! -s "${VARLIB}/ssh_host_rsa_key" ] ; then
echo "! The host key as prepared for SSH (${VARLIB}/ssh_host_rsa_key) is missing or empty."
+ problemsfound=$(($problemsfound+1))
else
if [ $(ls -l "${VARLIB}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
echo "! Permissions seem wrong for ${VARLIB}/ssh_host_rsa_key -- should be 0600."
+ problemsfound=$(($problemsfound+1))
fi
# propose changes needed for sshd_config (if any)
if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+ problemsfound=$(($problemsfound+1))
fi
- if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
+ if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
echo "! $sshd_config refers to some non-monkeysphere host keys:"
echo "$badhostkeys"
echo " - Recommendation: remove the above HostKey lines from $sshd_config"
+ problemsfound=$(($problemsfound+1))
fi
fi
fi
@@ -668,17 +683,29 @@ diagnostics() {
# FIXME: make sure that at least one identity certifier exists
+# FIXME: look at the timestamps on the monkeysphere-generated
+# authorized_keys files -- warn if they seem out-of-date.
+
echo
echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
# Ensure that User ID authentication is enabled:
if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then
echo "! $sshd_config does not point to monkeysphere authorized keys."
echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+ problemsfound=$(($problemsfound+1))
fi
- if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+ if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
echo "$badauthorizedkeys"
echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ if [ "$problemsfound" -gt 0 ]; then
+ echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
+ echo " monkeysphere-server diagnostics"
+ else
+ echo "Everything seems to be in order!"
fi
}
@@ -733,12 +760,38 @@ add_certifier() {
keyID="$1"
if [ -z "$keyID" ] ; then
- failure "You must specify the key ID of a key to add."
+ failure "You must specify the key ID of a key to add, or specify a file to read the key from."
fi
+ if [ -f "$keyID" ] ; then
+ echo "Reading key from file '$keyID':"
+ importinfo=$(gpg_authentication "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'"
+ # FIXME: if this is tried when the key database is not
+ # up-to-date, i got these errors (using set -x):
+
+# ++ su -m monkeysphere -c '\''gpg --import'\''
+# Warning: using insecure memory!
+# gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+# gpg: Total number processed: 1
+# gpg: imported: 1 (RSA: 1)
+# gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied
+# gpg: failed to rebuild keyring cache: Permission denied
+# gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+# gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+# gpg: next trustdb check due at 2009-01-10'
+# + failure 'could not read key from '\''/root/dkg.gpg'\'''
+# + echo 'could not read key from '\''/root/dkg.gpg'\'''
+
+ keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ )
+ if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then
+ failure "Expected there to be a single gpg key in the file."
+ fi
+ else
+ # get the key from the key server
+ gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
+ fi
+
export keyID
- # get the key from the key server
- gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'"
# get the full fingerprint of a key ID
fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \
diff --git a/tests/basic b/tests/basic
new file mode 100644
index 0000000..7d354f9
--- /dev/null
+++ b/tests/basic
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Tests to ensure that the monkeysphere is working
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Date: 2008-09-13 13:40:15-0400
+
+# these tests might be best run under fakeroot, particularly the
+# "server-side" tests. Using fakeroot, they should be able to be run
+# as a non-privileged user.
+
+# NOTE: these tests have *not* themselves been tested yet
+# (2008-09-13). Please exercise with caution!
+
+# these tests assume a commonly-trusted "Admin's key", a fake key
+# permanently stored in ./admin:
+
+gpgadmin() {
+ GNUPGHOME=./admin gpg "$@"
+}
+
+
+# cleanup:
+
+cleanup() {
+ rm -f ./ssh-socket
+
+ # FIXME: how should we clear out the temporary $VARLIB?
+
+ # FIXME: clear out ssh client config file and known hosts.
+}
+
+## set up some variables to ensure that we're operating strictly in
+## the tests, not system-wide:
+
+# FIXME: can we override $VARLIB ?
+# FIXME: can we override $ETC ?
+
+# Use the local copy of executables first, instead of system ones.
+# This should help us test without installing.
+export PATH=$(pwd)/../src:$(pwd)/../src/keytrans:$PATH
+export MONKEYSPHERE_SHARE=$(pwd)/../src
+
+# create a new host key, certify it with the "Admin's Key".
+
+echo | monkeysphere-server gen-key --expire 2d
+
+HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ )
+
+monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
+
+gpgadmin --sign-key "$HOSTKEYID"
+
+# FIXME: how can we test publish-key without flooding junk into the
+# keyservers?
+
+# indicate that the "Admin's" key is an identity certifier for the
+# host
+
+monkeysphere-server add-identity-certifier ./admin/pubkey.gpg
+
+# launch sshd with the new host key.
+
+mkfifo ./ssh-socket
+
+sshd -f ./sshd_config -i <>./ssh-socket
+
+# connect to sample sshd host key, using monkeysphere to verify the
+# identity before connection.
+
+## FIXME: implement!
+
+# create a new client side key, certify it with the "CA", use it to
+# log in.
+
+## FIXME: implement!
+
+
diff --git a/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn
new file mode 100644
index 0000000..1d70313
--- /dev/null
+++ b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn
@@ -0,0 +1,28 @@
+[[meta title="genericize all filesystem locations to enable test suite:" ]]
+
+I'm in the process of writing a testsuite for the monkeysphere so that
+we can verify that it actually performs all the basic expected duties
+properly.
+
+It occurs to me that lines like these:
+
+ ETC="/etc/monkeysphere"
+ VARLIB="/var/lib/monkeysphere"
+
+Actually make it very difficult to generically test the tool without
+it being installed system-wide.
+
+Is there any reason that we should not allow these directories to be
+overridden with environment variables in the same way that
+`/usr/share/monkeysphere/share` is handled?
+
+ SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"}
+
+I guess i'm proposing something like:
+
+ SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+ SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+
+Thoughts?
+
+--dkg
diff --git a/website/bugs/make-tarball-is-not-idempotent.mdwn b/website/bugs/make-tarball-is-not-idempotent.mdwn
new file mode 100644
index 0000000..03779c5
--- /dev/null
+++ b/website/bugs/make-tarball-is-not-idempotent.mdwn
@@ -0,0 +1,12 @@
+[[meta title="make tarball is not idempotent" ]]
+
+The current monkeysphere Makefile has a "tarball" target, which
+produces the "upstream tarball". Unfortunately, it is not idempotent.
+That is, if you run it twice in a row (without changing any other
+source), the second .orig.tar.gz file is bytewise different from the
+first.
+
+We should fix this so that the tarball generated is the same at least
+as long as no local file has been touched.
+
+--dkg
diff --git a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
index 8f518c1..e58b9c7 100644
--- a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
+++ b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]]
+[[meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]]
Do we want to allow the system administrator to make adjustments to
the `gpg.conf` config files found in `/var/lib/monkeysphere`? At the
diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
new file mode 100644
index 0000000..65268c5
--- /dev/null
+++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
@@ -0,0 +1,24 @@
+[[meta title="Problems with root-owned gpg keyrings"]]
+
+`/var/lib/monkeysphere/gnupg-host/` is root-owned, and the public
+keyring in that directory is controlled by the superuser.
+
+We currently expect the `monkeysphere` user to read from (but not
+write to) that keyring. But using a keyring in a directory that you
+don't control appears to trigger [a subtle bug in
+gpg](http://bugs.debian.org/361539) that has been unresolved for quite
+a long time.
+
+With some of the new error checking i'm doing in
+`monkeysphere-server`, typical operations that involve both keyrings
+as the non-privileged user can fail with an error message like:
+
+ gpg: failed to rebuild keyring cache: file open error
+
+Running the relevant operation a second time as the same user usually
+lets things go through without a failure, but this seems like it would
+be hiding a bug, rather than getting it fixed correctly.
+
+Are there other ways we can deal with this problem?
+
+--dkg
diff --git a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
index 614e471..c491f8b 100644
--- a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
+++ b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="proposed new monkeysphere-server subcommand: setup" ]]
+[[meta title="proposed new monkeysphere-server subcommand: setup" ]]
What if everything that's done in the package post-installation
scripts (aside from maybe the creation of the monkeysphere user