From 117605f3a266c41593cade3f6344d108a772096d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 17:42:07 -0400 Subject: fix CHECK_KEYSERVER for deprecated keys-from-userid as well --- src/monkeysphere | 1 + 1 file changed, 1 insertion(+) diff --git a/src/monkeysphere b/src/monkeysphere index a763151..454da01 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -282,6 +282,7 @@ case $COMMAND in 'keys-from-userid') echo "Warning: 'keys-from-userid' is deprecated. Please use 'keys-for-userid' instead." >&2 + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} keys_for_userid "$@" ;; -- cgit v1.2.3 From 01012ce201590e939a82fcc2aeda88fc6a34ad57 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 19:06:15 -0400 Subject: use msmktempfile instead of raw mktemp -- should be more portable --- src/monkeysphere | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere b/src/monkeysphere index 454da01..8e6e81a 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -68,7 +68,7 @@ gpg_user() { # output the ssh fingerprint of a gpg key gpg_ssh_fingerprint() { keyid="$1" - local tmpfile=$(mktemp) + local tmpfile=$(msmktempfile) # trap to remove tmp file if break trap "rm -f $tmpfile" EXIT -- cgit v1.2.3 From c68b687613472b301fe62074e3005b6925a88ea8 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 19:19:28 -0400 Subject: deprecate sshfpr; add sshfprs-for-userid (closes: MS #1436) --- man/man1/monkeysphere.1 | 9 ++++----- src/monkeysphere | 20 +++++++++++++++++--- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 4d8eab6..25421ce 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -128,14 +128,13 @@ specify the full fingerprints of specific keys to add to the agent (space separated), instead of adding them all. `s' may be used in place of `subkey\-to\-ssh\-agent'. .TP -.B sshfpr KEYID -Output the ssh fingerprint of a key in your gpg keyring. `f' may be -used in place of `fingerprint'. -.TP .B keys\-for\-userid USERID -Output to stdout all acceptable keys for a given user ID literal. +Output to stdout all acceptable keys for a given user ID. `u' may be used in place of `keys\-for\-userid'. .TP +.B sshfprs\-for\-userid USERID +Output the ssh fingerprints of acceptable keys for a given user ID. +.TP .B version Show the monkeysphere version number. `v' may be used in place of `version'. diff --git a/src/monkeysphere b/src/monkeysphere index 8e6e81a..2d5cba8 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -48,9 +48,9 @@ subcommands: ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent - sshfpr (f) KEYID output ssh fingerprint of gpg key - keys-for-userid (u) USERID output valid keys for user id literal + keys-for-userid (u) USERID output valid keys for given user ids + sshfprs-for-userid USERID output ssh fingerprints for given user ids gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) @@ -271,7 +271,8 @@ case $COMMAND in subkey_to_ssh_agent "$@" ;; - 'sshfpr'|'f') + 'sshfpr') + echo "Warning: 'sshfpr' is deprecated. Please use 'sshfprs-for-userid' instead." >&2 gpg_ssh_fingerprint "$@" ;; @@ -280,6 +281,19 @@ case $COMMAND in keys_for_userid "$@" ;; + 'sshfprs-for-userid') + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} + keytmpdir=$(msmktempdir) + keytmpfile="$keytmpdir/ " + cd "$keytmpdir" + keys_for_userid "$@" | while read KEYLINE ; do + printf '%s\n' "$KEYLINE" > "$keytmpdir/ " + ssh-keygen -l -f ' ' + done + rm -f "$keytmpfile" + rmdir "$keytmpdir" + ;; + 'keys-from-userid') echo "Warning: 'keys-from-userid' is deprecated. Please use 'keys-for-userid' instead." >&2 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} -- cgit v1.2.3 From e5e42385df1a28810de609d97e6fb9e05495b30f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 21:06:16 -0400 Subject: updated changelog for 0.29 release --- changelog | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/changelog b/changelog index e29cbaf..cac0386 100644 --- a/changelog +++ b/changelog @@ -1,12 +1,22 @@ -monkeysphere (0.29~pre1) UNRELEASED; urgency=low +monkeysphere (0.29) unstable; urgency=low + * This is mainly a bugfix release * Fix man page typo about monkeysphere authorized_keys location * Monkeysphere should work properly even if the user has "armor" in their gpg.conf (closes MS #1625) * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER environment variable (and defaults to true) - - -- Daniel Kahn Gillmor Thu, 18 Feb 2010 12:38:43 -0500 + * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes + MS #1436 + * respect CHECK_KEYSERVER in more places (closes MS #1997) + * warn on keyserver failures for monkeysphere-authentication (closes MS + #1750) + * avoid checking trustdb for monkeysphere-host (closes MS #1957) + * allow monkeysphere-authentication to use hkps with trusted X.509 root + certificate authorities in + /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt + + -- Daniel Kahn Gillmor Sun, 14 Mar 2010 21:00:47 -0400 monkeysphere (0.28) unstable; urgency=low -- cgit v1.2.3 From 0bb2a15a2ebdd23c1e9bbbb5640e5ce8dbd63ef5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 21:06:44 -0400 Subject: change case of changelog to match other projects --- Changelog | 408 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ changelog | 408 -------------------------------------------------------------- 2 files changed, 408 insertions(+), 408 deletions(-) create mode 100644 Changelog delete mode 100644 changelog diff --git a/Changelog b/Changelog new file mode 100644 index 0000000..cac0386 --- /dev/null +++ b/Changelog @@ -0,0 +1,408 @@ +monkeysphere (0.29) unstable; urgency=low + + * This is mainly a bugfix release + * Fix man page typo about monkeysphere authorized_keys location + * Monkeysphere should work properly even if the user has "armor" in + their gpg.conf (closes MS #1625) + * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER + environment variable (and defaults to true) + * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes + MS #1436 + * respect CHECK_KEYSERVER in more places (closes MS #1997) + * warn on keyserver failures for monkeysphere-authentication (closes MS + #1750) + * avoid checking trustdb for monkeysphere-host (closes MS #1957) + * allow monkeysphere-authentication to use hkps with trusted X.509 root + certificate authorities in + /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt + + -- Daniel Kahn Gillmor Sun, 14 Mar 2010 21:00:47 -0400 + +monkeysphere (0.28) unstable; urgency=low + + * Major rework of monkeysphere-host to handle multiple host keys. We + also no longer assume ssh service keys. monkeysphere-host is now a + general-purpose host service OpenPGP key management UI. + * Rename keys-from-userid command to more accurate keys-for-userid + * separate upstream and debian changelogs + + -- Jameson Rollins Tue, 19 Jan 2010 13:50:31 -0500 + +monkeysphere (0.27) unstable; urgency=low + + * fixed monkeysphere gen-subkey subcommand that was erroneously creating + DSA subkeys due to unannounced change in gpg edit-key UI. Now tests + for gpg version (closes MS #1536) + * add new monkeysphere keys-from-userid subcommand to output all + acceptable keys for a given user ID literal + + -- Jameson Rollins Mon, 11 Jan 2010 20:54:21 -0500 + +monkeysphere (0.26) unstable; urgency=low + + * add 'refresh-keys' subcommand to monkeysphere-authentication + * improve marginal UI (closes MS #1141) + * add MONKEYSPHERE_STRICT_MODES configuration to avoid + permission-checking (closes MS #649) + * test scripts use STRICT_MODES to avoid failure when built under /tmp + * do permissions checks with a perl script instead of non-portable + readlink GNUisms + * bail on permissions check if we hit the home directory (helpful on Mac + OS and other systems with loose /home or /Users (closes MS #675) + + -- Jameson Graef Rollins Sat, 01 Aug 2009 17:11:05 -0400 + +monkeysphere (0.25) unstable; urgency=low + + * New upstream release: + * update/fix the marginal ui output + * use msmktempdir everywhere (avoid unwrapped calls to mktemp for + portability) + * clean out some redundant "cat"s + * fix monkeysphere update-known_hosts for sshd running on non-standard + ports + * add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key + * pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1 + (changes dependency to libdigest-sha-perl) + * some portability improvements + * properly handle translation of keys with fingerprints with leading + all-zero bytes. + * resolve symlinks when checking paths (thanks Silvio Rhatto) + (closes MS #917) + * explicitly set and use MONKEYSPHERE_GROUP from system "groups" + * monkeysphere-host now uses keytrans to add and revoke hostname + (closes MS #422) + + -- Jameson Graef Rollins Thu, 16 Jul 2009 22:09:19 -0400 + +monkeysphere (0.24) unstable; urgency=low + + * fixed how version information is stored/retrieved + * now uses perl-based keytrans for both pem2openpgp and openpgp2ssh + * no longer needs base64 in PATH + * added "test" make target + * improved transitions/0.23 script so it no longer fails in common + circumstances (Closes: #517779) + * RSA only: no longer handles DSA keys + * added ability to specify subkeys to add to ssh agent with new + MONKEYSPHERE_SUBKEYS_FOR_AGENT environment variable + + -- Jameson Graef Rollins Tue, 03 Mar 2009 19:38:33 -0500 + +monkeysphere (0.23) unstable; urgency=low + + "The Golden Bezoar Release" + + * rearchitect UI: + - replace monkeysphere-server with monkeysphere-{authentication,host} + - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere + * new ability to import existing ssh host key into monkeysphere. So now + m-a import-key replaces m-s gen-key. + * provide pem2openpgp for translating unencrypted PEM-encoded raw key + material into OpenPGP keys (introduces new perl dependencies) + * get rid of getopts dependency + * added version output option + * better checks for the existence of a host private key for + monkeysphere-host subcommands that need it. + * better checks on validity of existing authentication subkeys when + doing monkeysphere gen_subkey. + * add transition infrastructure for major changes between releases (see + transitions/README.txt) + * implement and document two new monkeysphere-host subcommands: + revoke-key and add-revoker + + -- Daniel Kahn Gillmor Sat, 21 Feb 2009 17:51:06 -0500 + +monkeysphere (0.22) unstable; urgency=low + + [ Jameson Graef Rollins ] + * added info log output when a new key is added to known_hosts file. + * added some useful output to the ssh-proxycommand for "marginal" cases + where keys are found for host but do not have full validity. + * force ssh-keygen to read from stdin to get ssh key fingerprint. + + [ Daniel Kahn Gillmor ] + * automatically output two copies of the host's public key: one standard + ssh public key file, and the other a minimal OpenPGP key with just the + latest valid self-sig. + * debian/control: corrected alternate dependency from procfile to + procmail (which provides /usr/bin/lockfile) + + -- Jameson Graef Rollins Fri, 28 Nov 2008 14:23:31 -0500 + +monkeysphere (0.21) unstable; urgency=low + + * move debian packaging to packaging subdirectory. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 16:14:27 -0500 + +monkeysphere (0.20) unstable; urgency=low + + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. + * minor fussing with the test script to make it cleaner. + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 + +monkeysphere (0.19) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * simulating an X11 session in the test script. + * updated packaging so that symlinks to config files are correct. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 + +monkeysphere (0.18) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bugs in authorized_{user_ids,keys} file permission checking. + * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys + files. + * chown authorized_keys files to `whoami`, for compatibility with test + suite. + * major improvements to test suite, added more tests. + + [ Daniel Kahn Gillmor ] + * update make install to ensure placement of + /etc/monkeysphere/gnupg-{host,authentication}.conf + * choose either --quick-random or --debug-quick-random depending on + which gpg supports for the test suite. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 + +monkeysphere (0.17) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix some bugs in, and cleanup, authorized_keys file creation in + monkeysphere-server update-users. + * Move to using the empty string for not adding a user-controlled + authorized_keys file in the RAW_AUTHORIZED_KEYS variable. + + -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 + +monkeysphere (0.16) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better + portability. + * fixed busted lockfile arrangement, where empty file was being locked + * portability fixes in the way we use date, mktemp, hostname, su + * stop using /usr/bin/stat, since the syntax appears to be totally + unportable + * require GNU getopt, and test for getopt failures (look for getopt in + /usr/local/bin first, since that's where FreeBSD's GNU-compatible + getopt lives. + * monkeysphere-server diagnostics now counts problems and suggests a + re-run after they have been resolved. + * completed basic test suite: this can be run from the git sources or + the tarball with: cd tests && ./basic + + [ Jameson Graef Rollins ] + * Genericize fs location variables. + * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at + install. + + -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 + +monkeysphere (0.15) experimental; urgency=low + + * porting work and packaging simplification: clarifying makefiles, + pruning dependencies, etc. + * added tests to monkeysphere-server diagnostics + * moved monkeysphere(5) to section 7 of the manual + * now shipping TODO in /usr/share/doc/monkeysphere + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 + +monkeysphere (0.14) experimental; urgency=low + + * changing debian packaging back to format 1.0 so we get automatic + tarballs, and easier inclusion in other build networks. + * no other source changes. + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 + +monkeysphere (0.13) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. + * updated makefile to reflect the package building technique we've been + using for a month now. + + [ Jameson Graef Rollins ] + * move location of user config directory to ~/.monkeysphere. + + -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 + +monkeysphere (0.12) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Improved output handling. New LOG_LEVEL variable. + + [ Daniel Kahn Gillmor ] + * debian/control: switched Homepage: and Vcs-Git: to canonicalized + upstream hostnames. + * updated documentation for new release. + * changed my associated e-mail address for this package. + + -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 + +monkeysphere (0.11) experimental; urgency=low + + [ Jameson Graef Rollins ] + * fix bug in trustdb update on add/revoke-hostname. + + [ Daniel Kahn Gillmor ] + * debian/control: added Build-Depends: git-core for the new packaging + format + * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched + GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly + if not found). + + -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 + +monkeysphere (0.10) experimental; urgency=low + + [ Jameson Graef Rollins ] + * brown paper bag release: invert test on calculated validity of keys. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 + +monkeysphere (0.9) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * implemented "monkeysphere-server extend-key" to adjust expiration + date of host key. + * removed "monkeysphere-server fingerprint". Use "monkeysphere-server + show-key" instead. + + [ Jameson Graef Rollins ] + * fixed bug in user id processing that prevented bad primary keys from + being properly removed. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 + +monkeysphere (0.8) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * debian/control: switched Vcs-Git to use "centralized" git repo instead + of my own. + * More monkeysphere-server diagnostics + * monkeysphere --gen-subkey now guesses what KeyID you meant. + * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey + works sensibly under X11 + + [ Jameson Graef Rollins ] + * fix another bug when known_hosts files are missing. + * sort processed keys so that "good" keys are processed after "bad" + keys. This will prevent malicious bad keys from causing good keys to + be removed from key files. + * enabled host key publication. + * added checking of gpg.conf for keyserver + * new functions to add/revoke host key user IDs + * improved list-certifiers function (now non-privileged) + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 + +monkeysphere (0.7) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * Added monkeysphere-server diagnostics subcommand. + * rebuilding package using Format: 3.0 (git) + + [ Jameson Graef Rollins ] + * fix how check for file modification is done. + * rework out user id processing is done to provide more verbose log + output. + * fix bug in monkeysphpere update-authorized_keys subcommand where + disallowed keys failed to be remove from authorized_keys file. + + -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 + +monkeysphere (0.6) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bug in return on error of ssh-proxycommand. + + [ Daniel Kahn Gillmor ] + * try socat if netcat is not available in proxycommand. + + -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 + +monkeysphere (0.5) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * updated READMEs to match current state of code + + [ Jameson Graef Rollins ] + * Tweak how empty authorized_user_ids and known_hosts files are handled. + * Do not fail when authorized_user_ids or known_hosts file is not found. + + -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 + +monkeysphere (0.4) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * New version. + * Fixed return code error in openpgp2ssh + + [ Jameson Graef Rollins ] + * Privilege separation: use monkeysphere user to handle maintenance of + the gnupg authentication keychain for server. + * Improved certifier key management. + * Fixed variable scoping and config file precedence. + * Add options for key generation and add-certifier functions. + * Fix return codes for known_host and authorized_keys updating + functions. + * Add write permission check on authorized_keys, known_hosts, and + authorized_user_ids files. + + -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 + +monkeysphere (0.3) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * new version. + + [ Jameson Graef Rollins ] + * Move files in /var/cache/monkeysphere and GNUPGHOME for server to + the more appropriate /var/lib/monkeysphere. + + -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 + +monkeysphere (0.2) experimental; urgency=low + + * added lockfile-progs dependency + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 + +monkeysphere (0.2) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * openpgp2ssh now supports specifying keys by full fingerprint. + + [ Jameson Graef Rollins ] + * Add AUTHORIZED_USER_IDS config variable for server, which defaults to + %h/.config/monkeysphere/authorized_user_ids, instead of + /etc/monkeysphere/authorized_user_ids. + * Remove {update,remove}-userids functions, since we decided they + weren't useful enough to be worth maintaining. + * Better handling of unknown users in server update-users + * Add file locking when modifying known_hosts or authorized_keys + * Better failure/prompting for gen-subkey + * Add ability to set any owner trust level for keys in server keychain. + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 + +monkeysphere (0.1) experimental; urgency=low + + * First release of debian package for monkeysphere. + * This is experimental -- please report bugs! + + -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 + diff --git a/changelog b/changelog deleted file mode 100644 index cac0386..0000000 --- a/changelog +++ /dev/null @@ -1,408 +0,0 @@ -monkeysphere (0.29) unstable; urgency=low - - * This is mainly a bugfix release - * Fix man page typo about monkeysphere authorized_keys location - * Monkeysphere should work properly even if the user has "armor" in - their gpg.conf (closes MS #1625) - * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER - environment variable (and defaults to true) - * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes - MS #1436 - * respect CHECK_KEYSERVER in more places (closes MS #1997) - * warn on keyserver failures for monkeysphere-authentication (closes MS - #1750) - * avoid checking trustdb for monkeysphere-host (closes MS #1957) - * allow monkeysphere-authentication to use hkps with trusted X.509 root - certificate authorities in - /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt - - -- Daniel Kahn Gillmor Sun, 14 Mar 2010 21:00:47 -0400 - -monkeysphere (0.28) unstable; urgency=low - - * Major rework of monkeysphere-host to handle multiple host keys. We - also no longer assume ssh service keys. monkeysphere-host is now a - general-purpose host service OpenPGP key management UI. - * Rename keys-from-userid command to more accurate keys-for-userid - * separate upstream and debian changelogs - - -- Jameson Rollins Tue, 19 Jan 2010 13:50:31 -0500 - -monkeysphere (0.27) unstable; urgency=low - - * fixed monkeysphere gen-subkey subcommand that was erroneously creating - DSA subkeys due to unannounced change in gpg edit-key UI. Now tests - for gpg version (closes MS #1536) - * add new monkeysphere keys-from-userid subcommand to output all - acceptable keys for a given user ID literal - - -- Jameson Rollins Mon, 11 Jan 2010 20:54:21 -0500 - -monkeysphere (0.26) unstable; urgency=low - - * add 'refresh-keys' subcommand to monkeysphere-authentication - * improve marginal UI (closes MS #1141) - * add MONKEYSPHERE_STRICT_MODES configuration to avoid - permission-checking (closes MS #649) - * test scripts use STRICT_MODES to avoid failure when built under /tmp - * do permissions checks with a perl script instead of non-portable - readlink GNUisms - * bail on permissions check if we hit the home directory (helpful on Mac - OS and other systems with loose /home or /Users (closes MS #675) - - -- Jameson Graef Rollins Sat, 01 Aug 2009 17:11:05 -0400 - -monkeysphere (0.25) unstable; urgency=low - - * New upstream release: - * update/fix the marginal ui output - * use msmktempdir everywhere (avoid unwrapped calls to mktemp for - portability) - * clean out some redundant "cat"s - * fix monkeysphere update-known_hosts for sshd running on non-standard - ports - * add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key - * pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1 - (changes dependency to libdigest-sha-perl) - * some portability improvements - * properly handle translation of keys with fingerprints with leading - all-zero bytes. - * resolve symlinks when checking paths (thanks Silvio Rhatto) - (closes MS #917) - * explicitly set and use MONKEYSPHERE_GROUP from system "groups" - * monkeysphere-host now uses keytrans to add and revoke hostname - (closes MS #422) - - -- Jameson Graef Rollins Thu, 16 Jul 2009 22:09:19 -0400 - -monkeysphere (0.24) unstable; urgency=low - - * fixed how version information is stored/retrieved - * now uses perl-based keytrans for both pem2openpgp and openpgp2ssh - * no longer needs base64 in PATH - * added "test" make target - * improved transitions/0.23 script so it no longer fails in common - circumstances (Closes: #517779) - * RSA only: no longer handles DSA keys - * added ability to specify subkeys to add to ssh agent with new - MONKEYSPHERE_SUBKEYS_FOR_AGENT environment variable - - -- Jameson Graef Rollins Tue, 03 Mar 2009 19:38:33 -0500 - -monkeysphere (0.23) unstable; urgency=low - - "The Golden Bezoar Release" - - * rearchitect UI: - - replace monkeysphere-server with monkeysphere-{authentication,host} - - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere - * new ability to import existing ssh host key into monkeysphere. So now - m-a import-key replaces m-s gen-key. - * provide pem2openpgp for translating unencrypted PEM-encoded raw key - material into OpenPGP keys (introduces new perl dependencies) - * get rid of getopts dependency - * added version output option - * better checks for the existence of a host private key for - monkeysphere-host subcommands that need it. - * better checks on validity of existing authentication subkeys when - doing monkeysphere gen_subkey. - * add transition infrastructure for major changes between releases (see - transitions/README.txt) - * implement and document two new monkeysphere-host subcommands: - revoke-key and add-revoker - - -- Daniel Kahn Gillmor Sat, 21 Feb 2009 17:51:06 -0500 - -monkeysphere (0.22) unstable; urgency=low - - [ Jameson Graef Rollins ] - * added info log output when a new key is added to known_hosts file. - * added some useful output to the ssh-proxycommand for "marginal" cases - where keys are found for host but do not have full validity. - * force ssh-keygen to read from stdin to get ssh key fingerprint. - - [ Daniel Kahn Gillmor ] - * automatically output two copies of the host's public key: one standard - ssh public key file, and the other a minimal OpenPGP key with just the - latest valid self-sig. - * debian/control: corrected alternate dependency from procfile to - procmail (which provides /usr/bin/lockfile) - - -- Jameson Graef Rollins Fri, 28 Nov 2008 14:23:31 -0500 - -monkeysphere (0.21) unstable; urgency=low - - * move debian packaging to packaging subdirectory. - - -- Jameson Graef Rollins Sat, 15 Nov 2008 16:14:27 -0500 - -monkeysphere (0.20) unstable; urgency=low - - [ Daniel Kahn Gillmor ] - * ensure that tempdirs are properly created, bail out otherwise instead - of stumbling ahead. - * minor fussing with the test script to make it cleaner. - - [ Jameson Graef Rollins ] - * clean up Makefile to generate more elegant source tarballs. - * make myself the maintainer. - - -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 - -monkeysphere (0.19) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * simulating an X11 session in the test script. - * updated packaging so that symlinks to config files are correct. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 - -monkeysphere (0.18) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bugs in authorized_{user_ids,keys} file permission checking. - * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys - files. - * chown authorized_keys files to `whoami`, for compatibility with test - suite. - * major improvements to test suite, added more tests. - - [ Daniel Kahn Gillmor ] - * update make install to ensure placement of - /etc/monkeysphere/gnupg-{host,authentication}.conf - * choose either --quick-random or --debug-quick-random depending on - which gpg supports for the test suite. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 - -monkeysphere (0.17) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix some bugs in, and cleanup, authorized_keys file creation in - monkeysphere-server update-users. - * Move to using the empty string for not adding a user-controlled - authorized_keys file in the RAW_AUTHORIZED_KEYS variable. - - -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 - -monkeysphere (0.16) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better - portability. - * fixed busted lockfile arrangement, where empty file was being locked - * portability fixes in the way we use date, mktemp, hostname, su - * stop using /usr/bin/stat, since the syntax appears to be totally - unportable - * require GNU getopt, and test for getopt failures (look for getopt in - /usr/local/bin first, since that's where FreeBSD's GNU-compatible - getopt lives. - * monkeysphere-server diagnostics now counts problems and suggests a - re-run after they have been resolved. - * completed basic test suite: this can be run from the git sources or - the tarball with: cd tests && ./basic - - [ Jameson Graef Rollins ] - * Genericize fs location variables. - * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at - install. - - -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 - -monkeysphere (0.15) experimental; urgency=low - - * porting work and packaging simplification: clarifying makefiles, - pruning dependencies, etc. - * added tests to monkeysphere-server diagnostics - * moved monkeysphere(5) to section 7 of the manual - * now shipping TODO in /usr/share/doc/monkeysphere - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 - -monkeysphere (0.14) experimental; urgency=low - - * changing debian packaging back to format 1.0 so we get automatic - tarballs, and easier inclusion in other build networks. - * no other source changes. - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 - -monkeysphere (0.13) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. - * updated makefile to reflect the package building technique we've been - using for a month now. - - [ Jameson Graef Rollins ] - * move location of user config directory to ~/.monkeysphere. - - -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 - -monkeysphere (0.12) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Improved output handling. New LOG_LEVEL variable. - - [ Daniel Kahn Gillmor ] - * debian/control: switched Homepage: and Vcs-Git: to canonicalized - upstream hostnames. - * updated documentation for new release. - * changed my associated e-mail address for this package. - - -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 - -monkeysphere (0.11) experimental; urgency=low - - [ Jameson Graef Rollins ] - * fix bug in trustdb update on add/revoke-hostname. - - [ Daniel Kahn Gillmor ] - * debian/control: added Build-Depends: git-core for the new packaging - format - * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched - GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly - if not found). - - -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 - -monkeysphere (0.10) experimental; urgency=low - - [ Jameson Graef Rollins ] - * brown paper bag release: invert test on calculated validity of keys. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 - -monkeysphere (0.9) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * implemented "monkeysphere-server extend-key" to adjust expiration - date of host key. - * removed "monkeysphere-server fingerprint". Use "monkeysphere-server - show-key" instead. - - [ Jameson Graef Rollins ] - * fixed bug in user id processing that prevented bad primary keys from - being properly removed. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 - -monkeysphere (0.8) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * debian/control: switched Vcs-Git to use "centralized" git repo instead - of my own. - * More monkeysphere-server diagnostics - * monkeysphere --gen-subkey now guesses what KeyID you meant. - * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey - works sensibly under X11 - - [ Jameson Graef Rollins ] - * fix another bug when known_hosts files are missing. - * sort processed keys so that "good" keys are processed after "bad" - keys. This will prevent malicious bad keys from causing good keys to - be removed from key files. - * enabled host key publication. - * added checking of gpg.conf for keyserver - * new functions to add/revoke host key user IDs - * improved list-certifiers function (now non-privileged) - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 - -monkeysphere (0.7) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * Added monkeysphere-server diagnostics subcommand. - * rebuilding package using Format: 3.0 (git) - - [ Jameson Graef Rollins ] - * fix how check for file modification is done. - * rework out user id processing is done to provide more verbose log - output. - * fix bug in monkeysphpere update-authorized_keys subcommand where - disallowed keys failed to be remove from authorized_keys file. - - -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 - -monkeysphere (0.6) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bug in return on error of ssh-proxycommand. - - [ Daniel Kahn Gillmor ] - * try socat if netcat is not available in proxycommand. - - -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 - -monkeysphere (0.5) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * updated READMEs to match current state of code - - [ Jameson Graef Rollins ] - * Tweak how empty authorized_user_ids and known_hosts files are handled. - * Do not fail when authorized_user_ids or known_hosts file is not found. - - -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 - -monkeysphere (0.4) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * New version. - * Fixed return code error in openpgp2ssh - - [ Jameson Graef Rollins ] - * Privilege separation: use monkeysphere user to handle maintenance of - the gnupg authentication keychain for server. - * Improved certifier key management. - * Fixed variable scoping and config file precedence. - * Add options for key generation and add-certifier functions. - * Fix return codes for known_host and authorized_keys updating - functions. - * Add write permission check on authorized_keys, known_hosts, and - authorized_user_ids files. - - -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 - -monkeysphere (0.3) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * new version. - - [ Jameson Graef Rollins ] - * Move files in /var/cache/monkeysphere and GNUPGHOME for server to - the more appropriate /var/lib/monkeysphere. - - -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 - -monkeysphere (0.2) experimental; urgency=low - - * added lockfile-progs dependency - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 - -monkeysphere (0.2) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * openpgp2ssh now supports specifying keys by full fingerprint. - - [ Jameson Graef Rollins ] - * Add AUTHORIZED_USER_IDS config variable for server, which defaults to - %h/.config/monkeysphere/authorized_user_ids, instead of - /etc/monkeysphere/authorized_user_ids. - * Remove {update,remove}-userids functions, since we decided they - weren't useful enough to be worth maintaining. - * Better handling of unknown users in server update-users - * Add file locking when modifying known_hosts or authorized_keys - * Better failure/prompting for gen-subkey - * Add ability to set any owner trust level for keys in server keychain. - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 - -monkeysphere (0.1) experimental; urgency=low - - * First release of debian package for monkeysphere. - * This is experimental -- please report bugs! - - -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 - -- cgit v1.2.3 From 7bad26c6d298f3151fc28d6124dfaced8e50f59f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 21:07:40 -0400 Subject: update for the release of 0.29-1 --- packaging/debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index d971ee6..eb5c441 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low +monkeysphere (0.29-1) unstable; urgency=low [ Jameson Graef Rollins ] * New upstream release @@ -10,7 +10,7 @@ monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low administrators and users can choose to start up a validation agent for each X session using monkeysphere.conf - -- Daniel Kahn Gillmor Fri, 12 Mar 2010 01:57:39 -0500 + -- Daniel Kahn Gillmor Sun, 14 Mar 2010 21:07:17 -0400 monkeysphere (0.28-1) unstable; urgency=low -- cgit v1.2.3 From 4bbb264765fe2cdf24271a26c77d4bae44021eff Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 21:09:51 -0400 Subject: renaming changelog to Changelog in the makefile --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 4b0c9e1..aeb5d9a 100755 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ # © 2008-2010 Daniel Kahn Gillmor # Licensed under GPL v3 or later -MONKEYSPHERE_VERSION = `head -n1 changelog | sed 's/.*(\([^-]*\)).*/\1/'` +MONKEYSPHERE_VERSION = `head -n1 Changelog | sed 's/.*(\([^-]*\)).*/\1/'` # these defaults are for debian. porters should probably adjust them # before calling make install @@ -21,7 +21,7 @@ tarball: clean rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc - ln -s ../changelog ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) + ln -s ../Changelog ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) echo Monkeysphere $(MONKEYSPHERE_VERSION) > monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION echo -n "git revision " >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION git rev-parse HEAD >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION @@ -68,7 +68,7 @@ install: all installman install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh install -m 0644 src/share/ma/* $(DESTDIR)$(PREFIX)/share/monkeysphere/ma install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere - install changelog $(DESTDIR)$(PREFIX)/share/doc/monkeysphere + install Changelog $(DESTDIR)$(PREFIX)/share/doc/monkeysphere install -m 0644 etc/monkeysphere.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-host.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-host.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-authentication.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-authentication.conf$(ETCSUFFIX) -- cgit v1.2.3 From 1bb35e8d63f3c28d29f0c033333aeff7a57bde91 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 23:25:40 -0400 Subject: added comment about why the key file is named with whitespace --- src/monkeysphere | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/monkeysphere b/src/monkeysphere index 2d5cba8..fe92960 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -284,6 +284,8 @@ case $COMMAND in 'sshfprs-for-userid') CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} keytmpdir=$(msmktempdir) + # use a file named " " to avoid arbitrary non-whitespace text + # in the fingerprint output keytmpfile="$keytmpdir/ " cd "$keytmpdir" keys_for_userid "$@" | while read KEYLINE ; do -- cgit v1.2.3 From f2e90a01372b60d5511fb07d56223b3900100f63 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 15 Mar 2010 00:58:31 -0400 Subject: more fixes for s/changelog/Changelog/ -- i begin to suspect it was not worth it :( --- utils/build-releasenote | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/build-releasenote b/utils/build-releasenote index cac0869..71891ff 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -8,11 +8,11 @@ # Copyright: © 2008-2010 # License: GPL, v3 or later -VERSION=`head -n1 changelog | sed 's/.*(\([^)]*\)).*/\1/'` +VERSION=`head -n1 Changelog | sed 's/.*(\([^)]*\)).*/\1/'` { sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header - head -n$(( $(grep -n '^ --' changelog | head -n1 | cut -f1 -d:) - 2 )) changelog | tail -n+3 + head -n$(( $(grep -n '^ --' Changelog | head -n1 | cut -f1 -d:) - 2 )) Changelog | tail -n+3 sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer } > "website/news/release-$VERSION.mdwn" -- cgit v1.2.3 From 511037b79827cf016010ae2d8b7afc285d675442 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 15 Mar 2010 01:01:26 -0400 Subject: releasenote header should match new ikiwiki syntax --- utils/releasenote.header | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/releasenote.header b/utils/releasenote.header index cf08728..91fbcfc 100644 --- a/utils/releasenote.header +++ b/utils/releasenote.header @@ -1,4 +1,4 @@ -[[meta title="Monkeysphere __VERSION__ released!"]] +[[!meta title="Monkeysphere __VERSION__ released!"]] Monkeysphere __VERSION__ has been released. -- cgit v1.2.3 From cedd7ea2bd2add99d08651e4b852f65c6d0d3fd1 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 15 Mar 2010 01:02:56 -0400 Subject: prepared releasenote for 0.29 --- website/download.mdwn | 36 ++++++++++++++++++------------------ website/news/release-0.29.mdwn | 25 +++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 18 deletions(-) create mode 100644 website/news/release-0.29.mdwn diff --git a/website/download.mdwn b/website/download.mdwn index 119c42a..46ac75b 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -86,38 +86,38 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.28.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.29.orig.tar.gz) is also available, and has these checksums:
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-checksums for the monkeysphere 0.28 release:
+checksums for the monkeysphere 0.29 release:
 
 MD5:
-b66f671ec48725a0eb55de7de4d7ce6d  monkeysphere_0.28.orig.tar.gz
+009e26cc77d38e25697cdea06eecd5ab  monkeysphere_0.29.orig.tar.gz
 
 SHA1:
-ead634e0ea0a795e8a96812b7397d318a4be54b0  monkeysphere_0.28.orig.tar.gz
+db1074d6c5f424859ddec31cff0a0b6214789f16  monkeysphere_0.29.orig.tar.gz
 
 SHA256:
-b463577d36d6e8f5eb698d8e3c75d27bcfb3f928628c128f5d342e8a83bef6f2  monkeysphere_0.28.orig.tar.gz
+0e3c683b7d8a07e6ceae80cb0d3acf647c3f8c74cbaab527f73608dcdd1b01fb  monkeysphere_0.29.orig.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
-iQIVAwUBS1YAyBjmZ/HrivMUAQqbBBAAqhnDfDZukFUDEN6Y164o/AXMtBO20KUg
-GyrgjgJElQJC2oz9OooNJ60iPSOz/G+Wu5lSMnRqdKU8x50F7ogYE1Gnd+8J3c2G
-1ciDQbLrR7pE2jua7xyfA+SQgg3bSgSN/7Jl61+OosQpcI/WnJvOQWKA6TI+iRGC
-B4g87ZRSRUAVZoFDRY0lBINP70+riGrYm8b2tgp7FbpgVBtUFL8gsmxnPZ7cGYF2
-yTwg9ZCAlDQ6LIZ7DAwb2lUAtAHtlLfAhulr3qLW2SNc95vcJ7Ss7CjgIuCL8qTe
-2zX2fysG7Hgbi0G0GNjv+yomOFlRGWC1Gf3pv0Clmy7cVgIgcP61nE3djFSYa9vk
-k7cKtppNEzoleEjz+dMIOezcXCdLO2g+sQfpaYU5acRp95ouCaXYINS8DYDkaKwj
-Wjra6BSCbClzZYblOJIlCmK4JJPE4EB8NShL/VXSwV8uvtNniGNpGHeHqaKvbT+Y
-RYlCzL+/Ruyv1dQbtiBtErB8yP+psheoQYk6lU7nNy+MTH+R/xXrbHxptSDRQwru
-O1hbfONnEK6JfdVQI4zEBuBz8NVuZPPQqqy1mxLSWMxWKz4GtNbTXOR1tRFVqlxk
-eCTYdhhyIz7gu8EUwvTLZoqKOB6kQWS1ygycFRi/g+DOOXuSpazF5XmutF6HpJx1
-1nK2WBl5loE=
-=164p
+iQIVAwUBS52/UhjmZ/HrivMUAQr98g/7B+6CCN9vrJFNZp2KX+jTcxBLRxY/2cJp
+fIjtaNzoyr86Q6gXzsgavB6E+olqhM3YR2gy6Z+fzNe8CdI74ikFCb0b8JpbzU6a
+F5et7RqQ/pkQrCawrVPTZnompqfJrWBPYZU5is85SJgX4jJrgUFrGbvTq2PsJDbC
+w9H8oOxELmCGYUAxRYGcQKdhQTBoRYz0a7/DzKt4sQHYbNblO1T2YNuqBxn372Wp
+bd8xholyfO6EjCfoEJPee8Uf1sxE4nhsYFYIHsuckqLbcdoE8crAmjeDdDt+yVCO
+N35Y/SRKNbIe/Nj8NSwAobd8N2DWj1qBWtHbT8Mw5kyd65kRPnfTQII5W0/3m3rT
+DwcXGsMMfOsPEMtAYfmGOaIdEH9y2O7tmV1Om2CGx0AV9F9F3RnyNlYB6mfVaUVO
+fZOJuUU61FoGRYCb/R4DF0IdFUhy0yMgTgT5tAYGMFpHd5ZTYgzIAWrIbV7QhrHs
+9LgrnJYffScHjjsE6NjjvOZQe9RrI25ZLHZEMo/zhZEMMzdIne8IZUXvz68v1wN9
+mLcGRMG8B1CT4gXyi1uy1he7Zw0Hmz2Kbq619alRmyV8CqNhNrvMQicRqklKvcuW
+mwKQx+bOxpwZgW4/46EDHJ4nUOaGjVXIwoDdisvKU5jDIMZBXB4lLJtPNFFsv18D
+AxOLE3KlzF0=
+=372c
 -----END PGP SIGNATURE-----
 
diff --git a/website/news/release-0.29.mdwn b/website/news/release-0.29.mdwn new file mode 100644 index 0000000..e113614 --- /dev/null +++ b/website/news/release-0.29.mdwn @@ -0,0 +1,25 @@ +[[!meta title="Monkeysphere 0.29 released!"]] + +Monkeysphere 0.29 has been released. + +Notes from the changelog: + +
+  * This is mainly a bugfix release
+  * Fix man page typo about monkeysphere authorized_keys location
+  * Monkeysphere should work properly even if the user has "armor" in
+    their gpg.conf (closes MS #1625)
+  * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER
+    environment variable (and defaults to true)
+  * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes
+    MS #1436
+  * respect CHECK_KEYSERVER in more places (closes MS #1997)
+  * warn on keyserver failures for monkeysphere-authentication (closes MS
+    #1750)
+  * avoid checking trustdb for monkeysphere-host (closes MS #1957)
+  * allow monkeysphere-authentication to use hkps with trusted X.509 root
+    certificate authorities in
+    /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt
+
+ +[[Download]] it now! -- cgit v1.2.3 From 7e571f43d93e8fe6cfb47dd1e0ac62c502c482d5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 15 Mar 2010 15:31:27 -0400 Subject: announce msva-perl version 0.2 --- website/news/msva-perl-0.2.mdwn | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 website/news/msva-perl-0.2.mdwn diff --git a/website/news/msva-perl-0.2.mdwn b/website/news/msva-perl-0.2.mdwn new file mode 100644 index 0000000..cb01bb8 --- /dev/null +++ b/website/news/msva-perl-0.2.mdwn @@ -0,0 +1,20 @@ +[[!meta title="Monkeysphere Validation Agent (Perl) 0.2 released!"]] + +Version 0.2 of the Perl implementation of the Monkeysphere Validation +Agent has been released. + +Notes from the changelog: + +
+  * can now be invoked with a sub-command; will run until subcommand
+    completes, and then terminate with the same return code (this is
+    similar to the ssh-agent technique, and enables inclusion in
+    Xsession.d; see monkeysphere 0.29 package for automatic startup).
+  * chooses arbitrary open port by default (can still be specified with
+    MSVA_PORT environment variable)
+  * minimized logging spew by default.
+  * now shipping README.schema (notes about possible future MSVA
+    implementations)
+  * cleanup Makefile and distribution strategies.
+
+ -- cgit v1.2.3 From b602ccf1795ff8f07f2b534c1995163d4c79aefa Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 19 Mar 2010 11:47:45 -0400 Subject: add some rough instructions on getting the extension/perl validation agent going for website validation --- website/download.mdwn | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/website/download.mdwn b/website/download.mdwn index 46ac75b..a238ad9 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -15,6 +15,19 @@ Monkeysphere relies on: * [GnuPG](http://gnupg.org/) * [Perl](http://www.perl.org/) (including the [Crypt::OpenSSL::RSA](http://search.cpan.org/dist/Crypt-OpenSSL-RSA/) and [Digest::SHA](http://search.cpan.org/dist/Digest-SHA/) modules and their dependencies) +## Firefox (or Iceweasel) ## + +To use the Monkeysphere for website validation, you will need the +Firefox (Iceweasel) add-on, the monkeysphere package and the +validation agent. + +[Download and install the Firefox (Iceweasel) +add-on](http://archive.monkeysphere.info/monkeysphere.xul) + +Once you have installed the add-on, you will need to restart your +browser, and then proceed to install the monkeysphere package and +validation agent below. + ## Debian ## If you are running a [Debian](http://www.debian.org/) system, the @@ -28,6 +41,13 @@ version as follows: If you are running Debian stable, you can get the monkeysphere package from [backports.org](http://backports.org/dokuwiki/doku.php?id=instructions) +To get started using the Monkeysphere for website validation, you will +need to install the Monkeysphere Validation Agent. Currently the perl +version of the agent is available in Debian sid, or directly from our +APT repository (see below): + + aptitude install msva-perl + ## Debian derivatives (including Ubuntu) ## You can also install the Monkeysphere directly from the Monkeysphere -- cgit v1.2.3 From 30bc68284d25706ff91403a8bdb9a6e126d92e23 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 19 Mar 2010 12:00:53 -0400 Subject: minor change to setup website levels --- website/download.mdwn | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/website/download.mdwn b/website/download.mdwn index a238ad9..5f42668 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -7,19 +7,11 @@ page](/doc) to read up on how to get started [as a regular user](/getting-started-user) or [as a systems administrator](/getting-started-admin). -## Dependencies ## - -Monkeysphere relies on: - - * [OpenSSH](http://openssh.com/) - * [GnuPG](http://gnupg.org/) - * [Perl](http://www.perl.org/) (including the [Crypt::OpenSSL::RSA](http://search.cpan.org/dist/Crypt-OpenSSL-RSA/) and [Digest::SHA](http://search.cpan.org/dist/Digest-SHA/) modules and their dependencies) - -## Firefox (or Iceweasel) ## +# Installing the Firefox (or Iceweasel) add-on # To use the Monkeysphere for website validation, you will need the Firefox (Iceweasel) add-on, the monkeysphere package and the -validation agent. +validation agent. [Download and install the Firefox (Iceweasel) add-on](http://archive.monkeysphere.info/monkeysphere.xul) @@ -28,6 +20,16 @@ Once you have installed the add-on, you will need to restart your browser, and then proceed to install the monkeysphere package and validation agent below. +# Installing the Monkeysphere package and validation agent # + +## Dependencies ## + +Monkeysphere relies on: + + * [OpenSSH](http://openssh.com/) + * [GnuPG](http://gnupg.org/) + * [Perl](http://www.perl.org/) (including the [Crypt::OpenSSL::RSA](http://search.cpan.org/dist/Crypt-OpenSSL-RSA/) and [Digest::SHA](http://search.cpan.org/dist/Digest-SHA/) modules and their dependencies) + ## Debian ## If you are running a [Debian](http://www.debian.org/) system, the -- cgit v1.2.3 From c8596c0fe07697677a4f3daebac5f889a0fd5372 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 19 Mar 2010 12:11:04 -0400 Subject: change from parens to slashes --- website/download.mdwn | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/download.mdwn b/website/download.mdwn index 5f42668..8c824ef 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -7,20 +7,20 @@ page](/doc) to read up on how to get started [as a regular user](/getting-started-user) or [as a systems administrator](/getting-started-admin). -# Installing the Firefox (or Iceweasel) add-on # +# Installing the Firefox/Iceweasel add-on # To use the Monkeysphere for website validation, you will need the -Firefox (Iceweasel) add-on, the monkeysphere package and the +Firefox/Iceweasel add-on, the monkeysphere package and the validation agent. -[Download and install the Firefox (Iceweasel) +[Download and install the Firefox/Iceweasel add-on](http://archive.monkeysphere.info/monkeysphere.xul) Once you have installed the add-on, you will need to restart your browser, and then proceed to install the monkeysphere package and validation agent below. -# Installing the Monkeysphere package and validation agent # +# Installing the Monkeysphere package and validation agent # ## Dependencies ## -- cgit v1.2.3 From e9f00652e3503ef2292e6d27df80cbb4c8e09504 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 19 Mar 2010 13:57:41 -0400 Subject: add location for the xpi download --- website/download.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/download.mdwn b/website/download.mdwn index 8c824ef..7ffa8ed 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -14,7 +14,7 @@ Firefox/Iceweasel add-on, the monkeysphere package and the validation agent. [Download and install the Firefox/Iceweasel -add-on](http://archive.monkeysphere.info/monkeysphere.xul) +add-on](http://archive.monkeysphere.info/xul-ext/monkeysphere.xpi) Once you have installed the add-on, you will need to restart your browser, and then proceed to install the monkeysphere package and -- cgit v1.2.3