| Age | Commit message (Collapse) | Author |
|---|
|
Unfortunately there's still a problem that I can't quite figure out.
gpg is for some reason failing to import that revocation certificate.
Could it be because gpg can't accept ascii armored certificates as
input? I'm at a loss.
|
|
This rework removes any assumption that monkeysphere-host is just
managing a single host key, or that the keys are used specifically for
ssh. The UI is exactly backwards compatible except that hostnames
('example.com') must be replaced by full service names
('ssh://example.com'). This incarnation passes the old tests with
those changes only.
There are a couple of things that still need to be done:
- need to see if a transition script is needed (some local file names
have changed)
- need to fill in check_service_name function to verify that a
specified service name fits the expected format.
- update diagnostics appropriately
|
|
unknown subcommand is issued
|
|
|
|
an improper number of arguments is passed, rather output a line
telling the user how to get the help output.
|
|
I made a couple of improvements to the mh diagnostics script,
including rearranging some of the test, to try to better handle some
of the possible low-level failures that one might run into. Hopefully
this will be a little more informative. closes MS #624.
|
|
|
|
|
|
Closes #624
|
|
|
|
The monkeysphere group is now determined from the system "groups"
command, and then MONKEYSPHERE_GROUP is explicitly set from this, and
then used when setting group ownership.
|
|
|
|
|
|
LOG_PREFIX. also make sure to always export the LOG_PREFIX, so that
it gets passed to subprocces su_monkeysphere_user.
|
|
of log prefix.
|
|
|
|
|
|
this allows the common file to be sourced without reseting variables
to their defaults, which was causing a problem with
su_monkeysphere_user.
also added some more debug messages.
|
|
temporary gpghome, instead of from the saved ssh_host_key_rsa.pub.gpg key file.
|
|
name of return code variable in update_users, since all-caps variables should be reserved for global vars.
|
|
VERSION file, which is created in the tarball target. This is then
installed at /usr/share/monkeysphere/VERSION, and cat'ed when the
version number is requested by the front-end ui. No more manual
setting of version number required (to avoid future problems, aka
"0.23.1"). This system is also more flexible, as the VERSION file
could potentially hold more info than just the release number.
|
|
|
|
|
|
|
|
|
|
any hostname guessing. this is so that we don't have to worry about
prompting the user when guessing the hostname. also updated
documentation.
|
|
revocation certificate to the keyservers directly, should the admin
want that.
It can also run without prompting, if MONKEYSPHERE_PROMPT=false. In
the no-prompts case, it never publishes to the keyserver, it indicates
that the key was compromised, and it writes a boilerplate description
to make it easy to identify this kind of certificate.
|
|
is more similar, and so that they can read keys from stdin instead of
just from a file. Also fix the permissions on the tempdir in
publish_key.
|
|
to import from stdin. modify man page and test accordingly.
|
|
a tmp file.
|
|
|
|
about transitions README
|
|
|
|
- define more common variables in share/common
- cleanup how defaults are specified
- fix how CHECK_KEYSERVER was determined in monkeysphere
Fix calls to update_known_hosts and update_authorized_keys in
monkeysphere so that some of the checks are done within the functions
themselves, as opposed in the monkeysphere wrapper, so that other
functions can call them easier.
Fix ssh-proxycommand that had some left over cruft from the
transition.
|
|
MHTMPDIR, since it's not needed.
|
|
much gpg output as possible. then cleanup gpg invocations.
|
|
|
|
it's never needed to be run manually, and can therefore be supressed
in the usage/documentation. Also, add setup to the postinst script so
that it's setup on installation.
Also add pipefail to ma, and try to supress unnecessary gpg output,
and redirect other to log debug.
|
|
|
|
for functions that prompt for confirmation. Also fix publish_key
function (NOT TESTED).
|
|
every function that alters the host keyring, so that all changes will
show up in exported pub key file, and in show-key.
|
|
|
|
|
|
to be able to show full key info to all users.
|
|
as it should have been doing before
|
|
to "expert" in test.
|
|
this was OK now that import_key works, and we can't really see a
reason to keep it around. We can resurect it down the line if need
be. Also, removed "expert" subcommand, after promting import_key,
since it may be need semi-regularly. The other "expert" commands are
now just not listed in the usage.
|
|
the fingerprint from the host pgp public key. Prevents us from having
to maintain the ssh pub key file, and generally makes things simpler.
Also allows us to go back to having import_key take the key on stdin
(which dkg will like).
|
|
|
|
ssh key files, since they are actually done in different ways under different circumstances.
|
