From 504dc4666e1d327b82c985a88da6e208c8348e81 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 13:33:09 -0400 Subject: add check to su_monkeysphere_user to not use su if the user is the monkeysphere user. --- src/monkeysphere-server | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index d3ba5e4..0c56279 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -66,8 +66,17 @@ subcommands: EOF } +# function to run command as monkeysphere user su_monkeysphere_user() { - su "$MONKEYSPHERE_USER" -c "$@" + # if the current user is the monkeysphere user, then just eval + # command + if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then + eval "$@" + + # otherwise su command as monkeysphere user + else + su "$MONKEYSPHERE_USER" -c "$@" + fi } # function to interact with the host gnupg keyring -- cgit v1.2.3 From 5f29ad789dda115b477d53fbedd3a71b64962e27 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 25 Oct 2008 14:17:34 -0400 Subject: test now has better sshd configuration. --- tests/basic | 5 ++++- tests/etc/ssh/sshd_config | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 tests/etc/ssh/sshd_config diff --git a/tests/basic b/tests/basic index b9ae8f1..e3cc42e 100755 --- a/tests/basic +++ b/tests/basic @@ -81,9 +81,12 @@ gpgadmin --sign-key "$HOSTKEYID" echo "-- adding admin as certifier..." monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg +# initialize base sshd_config +cp etc/ssh/sshd_config "$TEMPDIR"/sshd_config # write the sshd_config -cat < "$TEMPDIR"/sshd_config +cat <> "$TEMPDIR"/sshd_config HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key +AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF # launch sshd with the new host key. diff --git a/tests/etc/ssh/sshd_config b/tests/etc/ssh/sshd_config new file mode 100644 index 0000000..75f0314 --- /dev/null +++ b/tests/etc/ssh/sshd_config @@ -0,0 +1,21 @@ +# Base sshd_config for monkeysphere test + +# HostKey and AuthorizedKeysFile lines will be added dynamically +# during test. + +# goal: minimal ssh configuration to do public key authentication. + +Protocol 2 +PubkeyAuthentication yes +HostbasedAuthentication no +PermitEmptyPasswords no +ChallengeResponseAuthentication no +PasswordAuthentication no +KerberosAuthentication no +GSSAPIAuthentication no +X11Forwarding no +PrintMotd no +PrintLastLog no +TCPKeepAlive no +AcceptEnv LANG LC_* +UsePAM no -- cgit v1.2.3 From 2983d63efb6371cf7dc8815bfcdbefb42cadb1d3 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 14:58:36 -0400 Subject: more changes to test suite, and add admin/testuser gpg.conf files to use quick-random option --- tests/basic | 40 +++++++++++++++++++++++-------------- tests/home/admin/.gnupg/gpg.conf | 2 ++ tests/home/testuser/.gnupg/gpg.conf | 2 ++ 3 files changed, 29 insertions(+), 15 deletions(-) create mode 100644 tests/home/admin/.gnupg/gpg.conf create mode 100644 tests/home/testuser/.gnupg/gpg.conf diff --git a/tests/basic b/tests/basic index b9ae8f1..d73e162 100755 --- a/tests/basic +++ b/tests/basic @@ -24,7 +24,7 @@ cleanup() { # FIXME: stop the sshd process echo - echo "-- removing temp dir..." + echo "### removing temp dir..." rm -rf "$TEMPDIR" # FIXME: how should we clear out the temporary $VARLIB? @@ -42,6 +42,10 @@ export TESTDIR=$(pwd) # make temp dir TEMPDIR="$TESTDIR"/tmp +if [ -e "$TEMPDIR" ] ; then + echo "tempdir '$TEMPDIR' already exists." + exit 1 +fi mkdir "$TEMPDIR" # Use the local copy of executables first, instead of system ones. @@ -52,6 +56,9 @@ export MONKEYSPHERE_SYSDATADIR="$TEMPDIR" export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src export MONKEYSPHERE_MONKEYSPHERE_USER="$USER" +export MONKEYSPHERE_CHECK_KEYSERVER=false + +SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket ### SERVER TESTS @@ -60,15 +67,18 @@ export SOCKET="$TEMPDIR"/ssh-socket mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication +# add the quick-random option to the gpg host config +echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host.conf + # create a new host key -echo "-- generating server key..." -echo | monkeysphere-server gen-key --length 1024 --expire 0 +echo "### generating server key..." +echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) # certify it with the "Admin's Key". # (this would normally be done via keyservers) -echo "-- certifying server key..." +echo "### certifying server key..." monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import gpgadmin --sign-key "$HOSTKEYID" @@ -78,17 +88,17 @@ gpgadmin --sign-key "$HOSTKEYID" # indicate that the "Admin's" key is an identity certifier for the # host -echo "-- adding admin as certifier..." +echo "### adding admin as certifier..." monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg # write the sshd_config -cat < "$TEMPDIR"/sshd_config +cat < "$SSHD_CONFIG" HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key EOF -# launch sshd with the new host key. -echo "-- starting sshd..." -socat EXEC:'/usr/sbin/sshd -f '"$TEMPDIR"/sshd_config' -i -d -d -d -D -e' "UNIX-LISTEN:${TEMPDIR/socket}" & +# launch test sshd with the new host key. +echo "### starting sshd..." +socat EXEC:'/usr/sbin/sshd -f '"$SSHD_CONFIG"' -i -d -d -d -D -e' "UNIX-LISTEN:${SOCKET}" & ### TESTUSER TESTS @@ -97,17 +107,17 @@ socat EXEC:'/usr/sbin/sshd -f '"$TEMPDIR"/sshd_config' -i -d -d -d -D -e' "UNIX- cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ # generate an auth subkey for the test user -echo "-- generating key for testuser..." +echo "### generating key for testuser..." MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ monkeysphere gen-subkey --expire 0 -# connect to sample sshd host key, using monkeysphere to verify the -# identity before connection. - -## FIXME: implement! +# connect to test sshd, using monkeysphere to verify the identity +# before connection. +echo "### connecting to sshd socket..." +PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" +ssh -oProxyCommand="$PROXY_COMMAND" testhost # create a new client side key, certify it with the "CA", use it to # log in. ## FIXME: implement! - diff --git a/tests/home/admin/.gnupg/gpg.conf b/tests/home/admin/.gnupg/gpg.conf new file mode 100644 index 0000000..34bf93a --- /dev/null +++ b/tests/home/admin/.gnupg/gpg.conf @@ -0,0 +1,2 @@ +# command to avoid depleting the system entropy +quick-random diff --git a/tests/home/testuser/.gnupg/gpg.conf b/tests/home/testuser/.gnupg/gpg.conf new file mode 100644 index 0000000..34bf93a --- /dev/null +++ b/tests/home/testuser/.gnupg/gpg.conf @@ -0,0 +1,2 @@ +# command to avoid depleting the system entropy +quick-random -- cgit v1.2.3 From 46aa44a14c0812905d3f13ebbd84981cd5f87fd2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 15:04:19 -0400 Subject: fix path to sshd_config in test script --- tests/basic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index 3f94856..e14b765 100755 --- a/tests/basic +++ b/tests/basic @@ -92,7 +92,7 @@ echo "### adding admin as certifier..." monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg # initialize base sshd_config -cp etc/ssh/sshd_config "$TEMPDIR"/sshd_config +cp etc/ssh/sshd_config "$SSHD_CONFIG" # write the sshd_config cat <> "$SSHD_CONFIG" HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key -- cgit v1.2.3 From 7b30291a2d162934c98e361256fd29b54c76854b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 15:50:59 -0400 Subject: more tweaks to test script. --- tests/basic | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tests/basic b/tests/basic index e14b765..fc7dfba 100755 --- a/tests/basic +++ b/tests/basic @@ -18,7 +18,6 @@ gpgadmin() { GNUPGHOME="$TESTDIR"/home/admin/.gnupg gpg "$@" } - # cleanup: cleanup() { # FIXME: stop the sshd process @@ -33,7 +32,7 @@ cleanup() { } ## setup trap -#trap cleanup EXIT +trap cleanup EXIT ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: @@ -61,6 +60,7 @@ export MONKEYSPHERE_CHECK_KEYSERVER=false SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket + ### SERVER TESTS # create the temp gnupghome directories @@ -68,7 +68,7 @@ mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication # add the quick-random option to the gpg host config -echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host.conf +echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf # create a new host key echo "### generating server key..." @@ -114,6 +114,10 @@ echo "### generating key for testuser..." MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ monkeysphere gen-subkey --expire 0 +# add server key to testuser keychain +monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | \ + GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import + # connect to test sshd, using monkeysphere to verify the identity # before connection. echo "### connecting to sshd socket..." @@ -122,5 +126,8 @@ ssh -oProxyCommand="$PROXY_COMMAND" testhost # create a new client side key, certify it with the "CA", use it to # log in. - ## FIXME: implement! + + +### FINISH +read -p "press enter to cleanup tmp:" -- cgit v1.2.3 From 7676e30c681c9c040a92780409ba962a45499d41 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 25 Oct 2008 16:18:32 -0400 Subject: testing: admin has signed key of testuser; testuser has lsigned key of admin, and granted full ownertrust to admin. --- tests/home/testuser/.gnupg/pubring.gpg | Bin 405 -> 1153 bytes tests/home/testuser/.gnupg/trustdb.gpg | Bin 1280 -> 1360 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/tests/home/testuser/.gnupg/pubring.gpg b/tests/home/testuser/.gnupg/pubring.gpg index 8cea4b5..bef6b42 100644 Binary files a/tests/home/testuser/.gnupg/pubring.gpg and b/tests/home/testuser/.gnupg/pubring.gpg differ diff --git a/tests/home/testuser/.gnupg/trustdb.gpg b/tests/home/testuser/.gnupg/trustdb.gpg index e67f5c8..bc946df 100644 Binary files a/tests/home/testuser/.gnupg/trustdb.gpg and b/tests/home/testuser/.gnupg/trustdb.gpg differ -- cgit v1.2.3 From fa4afa22523331e9d0325bdbb5b6f92115686bce Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 17:33:27 -0400 Subject: more work on test suite. --- etc/gnupg-authentication.conf | 2 +- tests/basic | 40 +++++++++++++++++++++++------------- tests/home/admin/.gnupg/gpg.conf | 2 -- tests/home/admin/.gnupg/pubring.gpg | Bin 421 -> 4331 bytes tests/home/admin/.gnupg/trustdb.gpg | Bin 1280 -> 1760 bytes tests/home/testuser/.gnupg/gpg.conf | 3 +++ 6 files changed, 30 insertions(+), 17 deletions(-) delete mode 100644 tests/home/admin/.gnupg/gpg.conf diff --git a/etc/gnupg-authentication.conf b/etc/gnupg-authentication.conf index e00d317..7e5620b 100644 --- a/etc/gnupg-authentication.conf +++ b/etc/gnupg-authentication.conf @@ -8,7 +8,7 @@ primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg # PGP keyserver to use for PGP queries. -keyserver hkp://pgp.mit.edu +keyserver hkp://pool.sks-keyservers.net # GPG list options. It is recommended that you have at least # "show-uid-validity". diff --git a/tests/basic b/tests/basic index fc7dfba..81f3b91 100755 --- a/tests/basic +++ b/tests/basic @@ -12,6 +12,9 @@ # NOTE: these tests have *not* themselves been tested yet # (2008-09-13). Please exercise with caution! +# fail on fail +set -e + # these tests assume a commonly-trusted "Admin's key", a fake key # permanently stored in ./home/admin/.gnupg: gpgadmin() { @@ -20,6 +23,9 @@ gpgadmin() { # cleanup: cleanup() { + + read -p "press enter to cleanup and remove tmp:" + # FIXME: stop the sshd process echo @@ -63,16 +69,21 @@ export SOCKET="$TEMPDIR"/ssh-socket ### SERVER TESTS -# create the temp gnupghome directories +# setup monkeysphere temp gnupghome directories mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication - -# add the quick-random option to the gpg host config -echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf +cat < "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf +primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg +keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg +EOF # create a new host key echo "### generating server key..." +# add gpg.conf with quick-random +echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost +# remove the gpg.conf +rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) @@ -80,7 +91,7 @@ HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) # (this would normally be done via keyservers) echo "### certifying server key..." monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import -gpgadmin --sign-key "$HOSTKEYID" +echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # FIXME: how can we test publish-key without flooding junk into the # keyservers? @@ -89,7 +100,7 @@ gpgadmin --sign-key "$HOSTKEYID" # host echo "### adding admin as certifier..." -monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg +echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg # initialize base sshd_config cp etc/ssh/sshd_config "$SSHD_CONFIG" @@ -101,12 +112,13 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." -socat EXEC:'/usr/sbin/sshd -f '"$SSHD_CONFIG"' -i -d -d -d -D -e' "UNIX-LISTEN:${SOCKET}" & +socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & ### TESTUSER TESTS # copy testuser home directory into temp dir +echo "### seting up testuser home..." cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ # generate an auth subkey for the test user @@ -115,19 +127,19 @@ MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ monkeysphere gen-subkey --expire 0 # add server key to testuser keychain -monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | \ +echo "### export server key to testuser..." +gpgadmin --armor --export "$HOSTKEYID" | \ GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import +#GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --list-keys +#read -p "?" + # connect to test sshd, using monkeysphere to verify the identity # before connection. -echo "### connecting to sshd socket..." +echo "### testuser connecting to sshd socket..." PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" -ssh -oProxyCommand="$PROXY_COMMAND" testhost +GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -oProxyCommand="$PROXY_COMMAND" testhost # create a new client side key, certify it with the "CA", use it to # log in. ## FIXME: implement! - - -### FINISH -read -p "press enter to cleanup tmp:" diff --git a/tests/home/admin/.gnupg/gpg.conf b/tests/home/admin/.gnupg/gpg.conf deleted file mode 100644 index 34bf93a..0000000 --- a/tests/home/admin/.gnupg/gpg.conf +++ /dev/null @@ -1,2 +0,0 @@ -# command to avoid depleting the system entropy -quick-random diff --git a/tests/home/admin/.gnupg/pubring.gpg b/tests/home/admin/.gnupg/pubring.gpg index ce19633..8e10c4a 100644 Binary files a/tests/home/admin/.gnupg/pubring.gpg and b/tests/home/admin/.gnupg/pubring.gpg differ diff --git a/tests/home/admin/.gnupg/trustdb.gpg b/tests/home/admin/.gnupg/trustdb.gpg index 77ef133..171a891 100644 Binary files a/tests/home/admin/.gnupg/trustdb.gpg and b/tests/home/admin/.gnupg/trustdb.gpg differ diff --git a/tests/home/testuser/.gnupg/gpg.conf b/tests/home/testuser/.gnupg/gpg.conf index 34bf93a..f65c71b 100644 --- a/tests/home/testuser/.gnupg/gpg.conf +++ b/tests/home/testuser/.gnupg/gpg.conf @@ -1,2 +1,5 @@ # command to avoid depleting the system entropy quick-random +# other options +verify-options show-uid-validity +list-options show-uid-validity -- cgit v1.2.3 From 55bc90d41588be450c7ab28146683a3017d7ddb3 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 25 Oct 2008 17:38:46 -0400 Subject: tests: do not use privilege separation with sshd. --- tests/etc/ssh/sshd_config | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/etc/ssh/sshd_config b/tests/etc/ssh/sshd_config index 75f0314..15b980c 100644 --- a/tests/etc/ssh/sshd_config +++ b/tests/etc/ssh/sshd_config @@ -19,3 +19,4 @@ PrintLastLog no TCPKeepAlive no AcceptEnv LANG LC_* UsePAM no +UsePrivilegeSeparation no -- cgit v1.2.3 From e836e3d6f26d1c2bd03d70a4b37a6cce26ebb69f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 18:16:38 -0400 Subject: more work on test suite. --- tests/basic | 17 +++++------------ tests/home/admin/.gnupg/pubring.gpg | Bin 4331 -> 5349 bytes tests/home/admin/.gnupg/trustdb.gpg | Bin 1760 -> 1920 bytes 3 files changed, 5 insertions(+), 12 deletions(-) diff --git a/tests/basic b/tests/basic index 81f3b91..83d6920 100755 --- a/tests/basic +++ b/tests/basic @@ -24,17 +24,14 @@ gpgadmin() { # cleanup: cleanup() { + echo read -p "press enter to cleanup and remove tmp:" - # FIXME: stop the sshd process + echo "### stop sshd..." + kill "$SSHD_PID" - echo echo "### removing temp dir..." rm -rf "$TEMPDIR" - - # FIXME: how should we clear out the temporary $VARLIB? - - # FIXME: clear out ssh client config file and known hosts. } ## setup trap @@ -96,9 +93,7 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # FIXME: how can we test publish-key without flooding junk into the # keyservers? -# indicate that the "Admin's" key is an identity certifier for the -# host - +# add admin as identity certifier for testhost echo "### adding admin as certifier..." echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg @@ -114,6 +109,7 @@ EOF echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & +export SSHD_PID=$! ### TESTUSER TESTS @@ -131,9 +127,6 @@ echo "### export server key to testuser..." gpgadmin --armor --export "$HOSTKEYID" | \ GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import -#GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --list-keys -#read -p "?" - # connect to test sshd, using monkeysphere to verify the identity # before connection. echo "### testuser connecting to sshd socket..." diff --git a/tests/home/admin/.gnupg/pubring.gpg b/tests/home/admin/.gnupg/pubring.gpg index 8e10c4a..d22babd 100644 Binary files a/tests/home/admin/.gnupg/pubring.gpg and b/tests/home/admin/.gnupg/pubring.gpg differ diff --git a/tests/home/admin/.gnupg/trustdb.gpg b/tests/home/admin/.gnupg/trustdb.gpg index 171a891..d46e25f 100644 Binary files a/tests/home/admin/.gnupg/trustdb.gpg and b/tests/home/admin/.gnupg/trustdb.gpg differ -- cgit v1.2.3 From 9719b46f11c197187551241fee4bd6cd733e0b24 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 18:48:32 -0400 Subject: more test suite fixes. --- tests/basic | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/basic b/tests/basic index 83d6920..e97f998 100755 --- a/tests/basic +++ b/tests/basic @@ -15,10 +15,9 @@ # fail on fail set -e -# these tests assume a commonly-trusted "Admin's key", a fake key -# permanently stored in ./home/admin/.gnupg: +# gpg command for test admin user gpgadmin() { - GNUPGHOME="$TESTDIR"/home/admin/.gnupg gpg "$@" + GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" } # cleanup: @@ -63,6 +62,12 @@ export MONKEYSPHERE_CHECK_KEYSERVER=false SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket +# copy in admin and testuser home to tmp +echo "### copying admin and testuser homes..." +cp -r "$TESTDIR"/home/admin "$TEMPDIR"/ +cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ + + ### SERVER TESTS @@ -95,7 +100,7 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # add admin as identity certifier for testhost echo "### adding admin as certifier..." -echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg +echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg # initialize base sshd_config cp etc/ssh/sshd_config "$SSHD_CONFIG" @@ -108,14 +113,10 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & - export SSHD_PID=$! -### TESTUSER TESTS -# copy testuser home directory into temp dir -echo "### seting up testuser home..." -cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ +### TESTUSER TESTS # generate an auth subkey for the test user echo "### generating key for testuser..." -- cgit v1.2.3 From 37045570e881c240c9ff597a6d0612589d7c26db Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 25 Oct 2008 19:28:19 -0400 Subject: freebsd port: changes from anarcat --- packaging/freebsd/Makefile | 4 ++-- packaging/freebsd/distinfo | 6 ++--- packaging/freebsd/files/patch-etclocation | 12 ++++------ packaging/freebsd/files/patch-sharelocation | 28 ++++++++++------------ packaging/freebsd/files/patch-varlocation | 37 +++++++++++++++++++---------- packaging/freebsd/pkg-plist | 1 - 6 files changed, 46 insertions(+), 42 deletions(-) diff --git a/packaging/freebsd/Makefile b/packaging/freebsd/Makefile index e5e3694..cc3d93f 100644 --- a/packaging/freebsd/Makefile +++ b/packaging/freebsd/Makefile @@ -22,7 +22,7 @@ LIB_DEPENDS= gnutls.26:${PORTSDIR}/security/gnutls RUN_DEPENDS= base64:${PORTSDIR}/converters/base64 \ gpg:${PORTSDIR}/security/gnupg \ lockfile:${PORTSDIR}/mail/procmail \ - getopt:${PORTSDIR}/misc/getopt \ + /usr/local/bin/getopt:${PORTSDIR}/misc/getopt \ bash:${PORTSDIR}/shells/bash MAN1= monkeysphere.1 openpgp2ssh.1 monkeysphere-ssh-proxycommand.1 @@ -30,7 +30,7 @@ MAN7= monkeysphere.7 MAN8= monkeysphere-server.8 MANCOMPRESSED= yes -MAKE_ARGS= ETCPREFIX=/usr/local MANPREFIX=/usr/local/man ETCSUFFIX=.sample +MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample # get rid of cruft after the patching: post-patch: diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo index b8ad49b..3495f1a 100644 --- a/packaging/freebsd/distinfo +++ b/packaging/freebsd/distinfo @@ -1,3 +1,3 @@ -MD5 (monkeysphere_0.16~pre.orig.tar.gz) = c5c5211440e31d04df1f7904ec859fb9 -SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = 77faf81cc51dff754ecb7122de26818b908e06ab4e0bdbd0320346dde53612cd -SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59253 +MD5 (monkeysphere_0.16~pre.orig.tar.gz) = 6e9489117794fa6afab8935b75cc5ccf +SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = fceab7cc77d9755e6484895ede56701b298ce3649bfcd10288a12803a565b7e5 +SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59721 diff --git a/packaging/freebsd/files/patch-etclocation b/packaging/freebsd/files/patch-etclocation index ebf5c0e..0100a9c 100644 --- a/packaging/freebsd/files/patch-etclocation +++ b/packaging/freebsd/files/patch-etclocation @@ -41,16 +41,14 @@ index f207e2c..360408e 100644 System-wide monkeysphere config file. .TP /var/lib/monkeysphere/authorized_keys/USER -diff --git src/common src/common -index c8a7db6..cb4f8e1 100644 ---- src/common -+++ src/common +--- src/common.orig 2008-10-12 14:58:00.000000000 -0400 ++++ src/common 2008-10-25 17:40:34.000000000 -0400 @@ -16,7 +16,7 @@ ### COMMON VARIABLES # managed directories --ETC="/etc/monkeysphere" -+ETC="/usr/local/etc/monkeysphere" - export ETC +-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} ++SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/usr/local/etc/monkeysphere"} + export SYSCONFIGDIR ######################################################################## diff --git a/packaging/freebsd/files/patch-sharelocation b/packaging/freebsd/files/patch-sharelocation index be88e13..99c9604 100644 --- a/packaging/freebsd/files/patch-sharelocation +++ b/packaging/freebsd/files/patch-sharelocation @@ -1,26 +1,22 @@ -diff --git src/monkeysphere src/monkeysphere -index 512d608..44f2b17 100755 ---- src/monkeysphere -+++ src/monkeysphere +--- src/monkeysphere.orig 2008-10-12 14:58:00.000000000 -0400 ++++ src/monkeysphere 2008-10-25 17:41:41.000000000 -0400 @@ -13,7 +13,7 @@ ######################################################################## PGRM=$(basename $0) --SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"} -+SHARE=${MONKEYSPHERE_SHARE:-"/usr/local/share/monkeysphere"} - export SHARE - . "${SHARE}/common" || exit 1 +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 -diff --git src/monkeysphere-server src/monkeysphere-server -index 4cda008..e359be7 100755 ---- src/monkeysphere-server -+++ src/monkeysphere-server +--- src/monkeysphere-server.orig 2008-10-25 14:17:50.000000000 -0400 ++++ src/monkeysphere-server 2008-10-25 17:42:50.000000000 -0400 @@ -13,7 +13,7 @@ ######################################################################## PGRM=$(basename $0) --SHARE=${MONKEYSPHERE_SHARE:="/usr/share/monkeysphere"} -+SHARE=${MONKEYSPHERE_SHARE:="/usr/local/share/monkeysphere"} - export SHARE - . "${SHARE}/common" || exit 1 +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 diff --git a/packaging/freebsd/files/patch-varlocation b/packaging/freebsd/files/patch-varlocation index 27f1527..c4d8dcd 100644 --- a/packaging/freebsd/files/patch-varlocation +++ b/packaging/freebsd/files/patch-varlocation @@ -42,19 +42,6 @@ index f207e2c..29c7b6a 100644 Monkeysphere authentication GNUPG home directory. .SH AUTHOR -diff --git src/monkeysphere-server src/monkeysphere-server -index e590f3c..f46e8bb 100755 ---- src/monkeysphere-server -+++ src/monkeysphere-server -@@ -17,7 +17,7 @@ SHARE=${MONKEYSPHERE_SHARE:="/usr/share/monkeysphere"} - export SHARE - . "${SHARE}/common" || exit 1 - --VARLIB="/var/lib/monkeysphere" -+VARLIB="/var/monkeysphere" - export VARLIB - - # UTC date in ISO 8601 format if needed diff --git doc/getting-started-admin.mdwn doc/getting-started-admin.mdwn index 6c8ad53..67fdda1 100644 --- doc/getting-started-admin.mdwn @@ -77,3 +64,27 @@ index 6c8ad53..67fdda1 100644 And then read the section below about how to ensure these files are maintained. You'll need to restart `sshd` to have your changes take +--- src/monkeysphere-server.orig 2008-10-25 18:01:19.000000000 -0400 ++++ src/monkeysphere-server 2008-10-25 18:01:24.000000000 -0400 +@@ -17,7 +17,7 @@ + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + +-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} ++SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/monkeysphere"} + export SYSDATADIR + + # UTC date in ISO 8601 format if needed +--- etc/gnupg-authentication.conf.orig 2008-10-25 18:02:58.000000000 -0400 ++++ etc/gnupg-authentication.conf 2008-10-25 18:03:04.000000000 -0400 +@@ -4,8 +4,8 @@ + # It is highly recommended that you + # DO NOT MODIFY + # these variables. +-primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg +-keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg ++primary-keyring /var/monkeysphere/gnupg-authentication/pubring.gpg ++keyring /var/monkeysphere/gnupg-host/pubring.gpg + + # PGP keyserver to use for PGP queries. + keyserver hkp://pgp.mit.edu diff --git a/packaging/freebsd/pkg-plist b/packaging/freebsd/pkg-plist index 43346c1..04a704a 100644 --- a/packaging/freebsd/pkg-plist +++ b/packaging/freebsd/pkg-plist @@ -16,4 +16,3 @@ etc/monkeysphere/monkeysphere-server.conf.sample @dirrm share/doc/monkeysphere @dirrm share/monkeysphere @dirrm etc/monkeysphere - -- cgit v1.2.3 From 3880f2735f20ab92a7c9fee03a280947d8be8d32 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 25 Oct 2008 19:46:17 -0400 Subject: repaired admin keyring --- tests/home/admin/.gnupg/pubring.gpg | Bin 5349 -> 421 bytes tests/home/admin/.gnupg/trustdb.gpg | Bin 1920 -> 1280 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/tests/home/admin/.gnupg/pubring.gpg b/tests/home/admin/.gnupg/pubring.gpg index d22babd..ce19633 100644 Binary files a/tests/home/admin/.gnupg/pubring.gpg and b/tests/home/admin/.gnupg/pubring.gpg differ diff --git a/tests/home/admin/.gnupg/trustdb.gpg b/tests/home/admin/.gnupg/trustdb.gpg index d46e25f..77ef133 100644 Binary files a/tests/home/admin/.gnupg/trustdb.gpg and b/tests/home/admin/.gnupg/trustdb.gpg differ -- cgit v1.2.3 From e0eab1b5b18a6f7ab21de7f91166d3b640fbf0f8 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 00:32:00 -0400 Subject: testing: transfer permissions of home directories for testuser and admin. --- tests/basic | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index e97f998..722b837 100755 --- a/tests/basic +++ b/tests/basic @@ -64,8 +64,8 @@ export SOCKET="$TEMPDIR"/ssh-socket # copy in admin and testuser home to tmp echo "### copying admin and testuser homes..." -cp -r "$TESTDIR"/home/admin "$TEMPDIR"/ -cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ +cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ +cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ -- cgit v1.2.3 From 0461219ac31b04250dd7ea0630ef6da4c6bc1065 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 00:42:35 -0400 Subject: testing: make final ssh command more verbose; supplying a default empty password for gen-subkey. --- tests/basic | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/basic b/tests/basic index 722b837..b1f3493 100755 --- a/tests/basic +++ b/tests/basic @@ -121,6 +121,7 @@ export SSHD_PID=$! # generate an auth subkey for the test user echo "### generating key for testuser..." MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ +SSH_ASKPASS=echo \ monkeysphere gen-subkey --expire 0 # add server key to testuser keychain @@ -128,12 +129,10 @@ echo "### export server key to testuser..." gpgadmin --armor --export "$HOSTKEYID" | \ GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import -# connect to test sshd, using monkeysphere to verify the identity -# before connection. +# connect to test sshd, using monkeysphere-ssh-proxycommand to verify +# the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" -GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -oProxyCommand="$PROXY_COMMAND" testhost +GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost + -# create a new client side key, certify it with the "CA", use it to -# log in. -## FIXME: implement! -- cgit v1.2.3 From a718b8d343f7b7de02be1a27a9f98a0ae52f0071 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 00:58:33 -0400 Subject: testing: adding temporary monkeysphere config and ssh config. --- tests/basic | 13 ++++++++++--- tests/home/testuser/.monkeysphere/monkeysphere.conf | 3 +++ tests/home/testuser/.ssh/config | 9 +++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 tests/home/testuser/.monkeysphere/monkeysphere.conf create mode 100644 tests/home/testuser/.ssh/config diff --git a/tests/basic b/tests/basic index b1f3493..2314684 100755 --- a/tests/basic +++ b/tests/basic @@ -67,6 +67,13 @@ echo "### copying admin and testuser homes..." cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ +cat < "$TEMPDIR"/testuser/.ssh/config +UserKnownHosts $TEMPDIR/testuser/.ssh/known_hosts +EOF + +cat < "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf +KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts +EOF ### SERVER TESTS @@ -133,6 +140,6 @@ gpgadmin --armor --export "$HOSTKEYID" | \ # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" -GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost - - +GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ +MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ + ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost diff --git a/tests/home/testuser/.monkeysphere/monkeysphere.conf b/tests/home/testuser/.monkeysphere/monkeysphere.conf new file mode 100644 index 0000000..59cc0cf --- /dev/null +++ b/tests/home/testuser/.monkeysphere/monkeysphere.conf @@ -0,0 +1,3 @@ +# monkeysphere config for testuser in monkeysphere test suite + +# KNOWN_HOSTS will be dynamically defined after creation. diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config new file mode 100644 index 0000000..566d1c0 --- /dev/null +++ b/tests/home/testuser/.ssh/config @@ -0,0 +1,9 @@ +# ssh config file for testuser for monkeysphere test suite. +Host * +PasswordAuthentication no +KbdInteractiveAuthentication no +RSAAuthentication no +GSSAPIAuthentication no +StrictHostKeyChecking yes + +# UserKnownHosts file will be filled in dynamically. -- cgit v1.2.3 From f0fc313acc49c2f24cfc4d7e0a49fb7c1e3755f7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:07:41 -0400 Subject: testing: fix ssh_config var UserKnownHosts to UserKnownHostsFile. --- tests/basic | 2 +- tests/home/testuser/.ssh/config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index 2314684..30c6d17 100755 --- a/tests/basic +++ b/tests/basic @@ -68,7 +68,7 @@ cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ cat < "$TEMPDIR"/testuser/.ssh/config -UserKnownHosts $TEMPDIR/testuser/.ssh/known_hosts +UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts EOF cat < "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config index 566d1c0..8610bc9 100644 --- a/tests/home/testuser/.ssh/config +++ b/tests/home/testuser/.ssh/config @@ -6,4 +6,4 @@ RSAAuthentication no GSSAPIAuthentication no StrictHostKeyChecking yes -# UserKnownHosts file will be filled in dynamically. +# UserKnownHostsFile will be filled in dynamically. -- cgit v1.2.3 From 5e6fa0164c6003d09434e8e1b806a3d9ab8a2fcf Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:12:05 -0400 Subject: testing: using jobspec instead of SSHD_PID --- tests/basic | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/basic b/tests/basic index 30c6d17..cb3730d 100755 --- a/tests/basic +++ b/tests/basic @@ -27,10 +27,12 @@ cleanup() { read -p "press enter to cleanup and remove tmp:" echo "### stop sshd..." - kill "$SSHD_PID" + kill %1 echo "### removing temp dir..." rm -rf "$TEMPDIR" + + wait } ## setup trap @@ -120,8 +122,6 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & -export SSHD_PID=$! - ### TESTUSER TESTS -- cgit v1.2.3 From af628454baaa110b31521a4d524d8690450defac Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:14:49 -0400 Subject: testing: only try to kill backgrounded sshd if process exists. --- tests/basic | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index cb3730d..a917f9f 100755 --- a/tests/basic +++ b/tests/basic @@ -26,8 +26,10 @@ cleanup() { echo read -p "press enter to cleanup and remove tmp:" - echo "### stop sshd..." - kill %1 + if ( jobs %1 >/dev/null 2>/dev/null ) ; then + echo "### stopping still-running sshd..." + kill %1 + fi echo "### removing temp dir..." rm -rf "$TEMPDIR" -- cgit v1.2.3 From 485b28a03e3f53361a4084921b1d3c68c0fda968 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:23:21 -0400 Subject: testing switching back to SSHD_PID, since the jobspec does not seem to work through a trap. --- tests/basic | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index a917f9f..a04cc0e 100755 --- a/tests/basic +++ b/tests/basic @@ -26,9 +26,9 @@ cleanup() { echo read -p "press enter to cleanup and remove tmp:" - if ( jobs %1 >/dev/null 2>/dev/null ) ; then + if ( ps $SSHD_PID >/dev/null ) ; then echo "### stopping still-running sshd..." - kill %1 + kill $SSHD_PID fi echo "### removing temp dir..." @@ -124,6 +124,7 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & +export SSHD_PID=$! ### TESTUSER TESTS -- cgit v1.2.3 From 8859ba489c1234a3920cb121c177d06b3b8779f7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:51:13 -0400 Subject: testing: move ProxyCommand into a simple shell script to ease invocation (shell logical operators do not work directly in ProxyCommand argument). --- tests/basic | 9 ++++----- tests/home/testuser/.ssh/config | 2 +- tests/home/testuser/.ssh/proxy-command | 8 ++++++++ 3 files changed, 13 insertions(+), 6 deletions(-) create mode 100755 tests/home/testuser/.ssh/proxy-command diff --git a/tests/basic b/tests/basic index a04cc0e..d497d84 100755 --- a/tests/basic +++ b/tests/basic @@ -71,15 +71,15 @@ echo "### copying admin and testuser homes..." cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ -cat < "$TEMPDIR"/testuser/.ssh/config +cat <> "$TEMPDIR"/testuser/.ssh/config UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts +ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET EOF -cat < "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf +cat <> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts EOF - ### SERVER TESTS # setup monkeysphere temp gnupghome directories @@ -142,7 +142,6 @@ gpgadmin --armor --export "$HOSTKEYID" | \ # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." -PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ - ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v -oProxyCommand="$PROXY_COMMAND" testhost + ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v testhost diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config index 8610bc9..113a511 100644 --- a/tests/home/testuser/.ssh/config +++ b/tests/home/testuser/.ssh/config @@ -6,4 +6,4 @@ RSAAuthentication no GSSAPIAuthentication no StrictHostKeyChecking yes -# UserKnownHostsFile will be filled in dynamically. +# UserKnownHostsFile and ProxyCommand will be filled in dynamically. diff --git a/tests/home/testuser/.ssh/proxy-command b/tests/home/testuser/.ssh/proxy-command new file mode 100755 index 0000000..630327d --- /dev/null +++ b/tests/home/testuser/.ssh/proxy-command @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# simple socket-based proxy-command wrapper for testing monkeysphere. + +# pass this thing the host, the port, and the socket. + +monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \ +socat STDIO UNIX:"$3" -- cgit v1.2.3 From 74b446aef77a46302430ee8aac7124f40d9bf1b4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 01:59:55 -0400 Subject: testing: moved the LogLevel debugging for ssh into config files, added an ssh-agent to the final ssh invocation. --- tests/basic | 31 ++++++++++++++++++++----------- tests/etc/ssh/sshd_config | 1 + tests/home/testuser/.ssh/config | 1 + 3 files changed, 22 insertions(+), 11 deletions(-) diff --git a/tests/basic b/tests/basic index d497d84..751dec4 100755 --- a/tests/basic +++ b/tests/basic @@ -2,17 +2,16 @@ # Tests to ensure that the monkeysphere is working -# Author: Daniel Kahn Gillmor -# Date: 2008-09-13 13:40:15-0400 +# Authors: +# Daniel Kahn Gillmor +# Jameson Rollins +# Copyright: 2008 +# License: GPL v3 or later -# these tests might be best run under fakeroot, particularly the -# "server-side" tests. Using fakeroot, they should be able to be run +# these tests should all be able to # as a non-privileged user. -# NOTE: these tests have *not* themselves been tested yet -# (2008-09-13). Please exercise with caution! - -# fail on fail +# all subcommands in this script should complete without failure: set -e # gpg command for test admin user @@ -20,6 +19,12 @@ gpgadmin() { GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" } +failed_cleanup() { +# FIXME: can we be more verbose here? + echo 'FAILED!' + cleanup +} + # cleanup: cleanup() { @@ -38,7 +43,7 @@ cleanup() { } ## setup trap -trap cleanup EXIT +trap failed_cleanup EXIT ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: @@ -123,7 +128,7 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." -socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & +socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & export SSHD_PID=$! ### TESTUSER TESTS @@ -144,4 +149,8 @@ gpgadmin --armor --export "$HOSTKEYID" | \ echo "### testuser connecting to sshd socket..." GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ - ssh -F "$TEMPDIR"/testuser/.ssh/config -v -v -v testhost + ssh-agent bash -c \ + 'monkeysphere subkey-to-ssh-agent && ssh -F "$TEMPDIR"/testuser/.ssh/config testhost' + +trap - EXIT +cleanup diff --git a/tests/etc/ssh/sshd_config b/tests/etc/ssh/sshd_config index 15b980c..82c72b9 100644 --- a/tests/etc/ssh/sshd_config +++ b/tests/etc/ssh/sshd_config @@ -20,3 +20,4 @@ TCPKeepAlive no AcceptEnv LANG LC_* UsePAM no UsePrivilegeSeparation no +LogLevel DEBUG diff --git a/tests/home/testuser/.ssh/config b/tests/home/testuser/.ssh/config index 113a511..1da2344 100644 --- a/tests/home/testuser/.ssh/config +++ b/tests/home/testuser/.ssh/config @@ -5,5 +5,6 @@ KbdInteractiveAuthentication no RSAAuthentication no GSSAPIAuthentication no StrictHostKeyChecking yes +LogLevel DEBUG # UserKnownHostsFile and ProxyCommand will be filled in dynamically. -- cgit v1.2.3 From c4a5813c6847201ae55ab8d3d49b6b4bb9691561 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:24:01 -0400 Subject: testing: added a passphrase (abc123) for the testuser private key; supplied a phony SSH_ASKPASS to provide the password when needed. --- tests/basic | 16 ++++++++-------- tests/home/testuser/.gnupg/random_seed | Bin 600 -> 600 bytes tests/home/testuser/.gnupg/secring.gpg | Bin 737 -> 775 bytes tests/home/testuser/.ssh/askpass | 6 ++++++ 4 files changed, 14 insertions(+), 8 deletions(-) create mode 100755 tests/home/testuser/.ssh/askpass diff --git a/tests/basic b/tests/basic index 751dec4..10b3c31 100755 --- a/tests/basic +++ b/tests/basic @@ -135,21 +135,21 @@ export SSHD_PID=$! # generate an auth subkey for the test user echo "### generating key for testuser..." -MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ -SSH_ASKPASS=echo \ - monkeysphere gen-subkey --expire 0 +export GNUPGHOME="$TEMPDIR"/testuser/.gnupg +export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass +export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere + +monkeysphere gen-subkey --expire 0 # add server key to testuser keychain echo "### export server key to testuser..." -gpgadmin --armor --export "$HOSTKEYID" | \ - GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import +gpgadmin --armor --export "$HOSTKEYID" | gpg --import # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." -GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ -MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere \ - ssh-agent bash -c \ + +ssh-agent bash -c \ 'monkeysphere subkey-to-ssh-agent && ssh -F "$TEMPDIR"/testuser/.ssh/config testhost' trap - EXIT diff --git a/tests/home/testuser/.gnupg/random_seed b/tests/home/testuser/.gnupg/random_seed index 40ab6a6..230b315 100644 Binary files a/tests/home/testuser/.gnupg/random_seed and b/tests/home/testuser/.gnupg/random_seed differ diff --git a/tests/home/testuser/.gnupg/secring.gpg b/tests/home/testuser/.gnupg/secring.gpg index a5519a6..26cf230 100644 Binary files a/tests/home/testuser/.gnupg/secring.gpg and b/tests/home/testuser/.gnupg/secring.gpg differ diff --git a/tests/home/testuser/.ssh/askpass b/tests/home/testuser/.ssh/askpass new file mode 100755 index 0000000..5b7b059 --- /dev/null +++ b/tests/home/testuser/.ssh/askpass @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +# phony/automatic askpass, to provide the passphrase for the +# testuser's GPG key. + +echo abc123 -- cgit v1.2.3 From deff162a515d6cbd4a657f62d8137c4e82ca7d30 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:28:45 -0400 Subject: testing: fixing some bash escaping, adding in one last FIXME --- tests/basic | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index 10b3c31..832b33a 100755 --- a/tests/basic +++ b/tests/basic @@ -126,6 +126,9 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF +# FIXME: teach the "server" about the testuser's key, and update the +# fake authorized_keys file for testuser! + # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & @@ -150,7 +153,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import echo "### testuser connecting to sshd socket..." ssh-agent bash -c \ - 'monkeysphere subkey-to-ssh-agent && ssh -F "$TEMPDIR"/testuser/.ssh/config testhost' + "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost" trap - EXIT cleanup -- cgit v1.2.3 From a40dd55ec85e64d3cc86bf7dc3eb14f4475cccaf Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:37:18 -0400 Subject: testing: setting up the authorized_keys for testuser. --- tests/basic | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index 832b33a..3ef5c6c 100755 --- a/tests/basic +++ b/tests/basic @@ -90,6 +90,7 @@ EOF # setup monkeysphere temp gnupghome directories mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication +mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys cat < "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg @@ -126,8 +127,11 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF -# FIXME: teach the "server" about the testuser's key, and update the -# fake authorized_keys file for testuser! +# teach the "server" about the testuser's key +GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --export testuser | \ + monkeysphere-server gpg-authentication-cmd --import + +monkeysphere-server update-users testuser # launch test sshd with the new host key. echo "### starting sshd..." -- cgit v1.2.3 From e3864891de9261409297d4d6a959bce89ef5f42a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:40:29 -0400 Subject: testing: change order of operations to make sure that authentication subkey is available during authorized_keys update. --- tests/basic | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/basic b/tests/basic index 3ef5c6c..9f4d02e 100755 --- a/tests/basic +++ b/tests/basic @@ -127,12 +127,6 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF -# teach the "server" about the testuser's key -GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --export testuser | \ - monkeysphere-server gpg-authentication-cmd --import - -monkeysphere-server update-users testuser - # launch test sshd with the new host key. echo "### starting sshd..." socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & @@ -152,6 +146,12 @@ monkeysphere gen-subkey --expire 0 echo "### export server key to testuser..." gpgadmin --armor --export "$HOSTKEYID" | gpg --import +# teach the "server" about the testuser's key +echo "### export testuser key to server..." +gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import +echo "### update server authorized_keys file for testuser..." +monkeysphere-server update-users testuser + # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "### testuser connecting to sshd socket..." -- cgit v1.2.3 From 6b5b0fdfc95625892df654e4ae057a798e59d588 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 02:56:03 -0400 Subject: testing: setting up the fake testuser account with an authorized_user_id. --- tests/basic | 9 +++++++-- tests/home/testuser/.monkeysphere/authorized_user_ids | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 tests/home/testuser/.monkeysphere/authorized_user_ids diff --git a/tests/basic b/tests/basic index 9f4d02e..8d2b8f8 100755 --- a/tests/basic +++ b/tests/basic @@ -85,6 +85,11 @@ cat <> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts EOF +# set up a simple default monkeysphere-server.conf +cat <> "$TEMPDIR"/monkeysphere-server.conf +AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids" +EOF + ### SERVER TESTS # setup monkeysphere temp gnupghome directories @@ -149,8 +154,8 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo "### export testuser key to server..." gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import -echo "### update server authorized_keys file for testuser..." -monkeysphere-server update-users testuser +echo "### update server authorized_keys file for this testuser..." +monkeysphere-server update-users "$USER" # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! diff --git a/tests/home/testuser/.monkeysphere/authorized_user_ids b/tests/home/testuser/.monkeysphere/authorized_user_ids new file mode 100644 index 0000000..4b51eaf --- /dev/null +++ b/tests/home/testuser/.monkeysphere/authorized_user_ids @@ -0,0 +1 @@ +Monkeysphere Test Suite Test User (DO NOT USE!!!) -- cgit v1.2.3 From 96ac22cf25565e62b5a8a2dae820b074cb5ab32d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 03:02:11 -0400 Subject: testing: A bit more fine-tuning, so that the test suite should successfully complete without any user interaction. --- tests/basic | 17 ++++++++++------- tests/home/testuser/.ssh/proxy-command | 2 +- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/tests/basic b/tests/basic index 8d2b8f8..2befac2 100755 --- a/tests/basic +++ b/tests/basic @@ -22,18 +22,16 @@ gpgadmin() { failed_cleanup() { # FIXME: can we be more verbose here? echo 'FAILED!' + read -p "press enter to cleanup and remove tmp:" + cleanup } # cleanup: cleanup() { - - echo - read -p "press enter to cleanup and remove tmp:" - - if ( ps $SSHD_PID >/dev/null ) ; then + if ( ps "$SSHD_PID" >/dev/null ) ; then echo "### stopping still-running sshd..." - kill $SSHD_PID + kill "$SSHD_PID" fi echo "### removing temp dir..." @@ -162,7 +160,12 @@ monkeysphere-server update-users "$USER" echo "### testuser connecting to sshd socket..." ssh-agent bash -c \ - "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost" + "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true" trap - EXIT + +echo +echo "Monkeysphere basic tests completed successfully!" +echo + cleanup diff --git a/tests/home/testuser/.ssh/proxy-command b/tests/home/testuser/.ssh/proxy-command index 630327d..21c66fa 100755 --- a/tests/home/testuser/.ssh/proxy-command +++ b/tests/home/testuser/.ssh/proxy-command @@ -5,4 +5,4 @@ # pass this thing the host, the port, and the socket. monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \ -socat STDIO UNIX:"$3" +exec socat STDIO UNIX:"$3" -- cgit v1.2.3 From ee285d5b62432f35203774835f3dd347ad92afbc Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 03:07:57 -0400 Subject: packaging preparations for 0.16-1 release. --- Makefile | 2 +- debian/changelog | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 4ea3898..057707a 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ tarball: clean rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc - ln -s ../COPYING ../etc ../Makefile ../man ../src monkeysphere-$(MONKEYSPHERE_VERSION) + ln -s ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) tar -ch monkeysphere-$(MONKEYSPHERE_VERSION) | gzip -n > monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) diff --git a/debian/changelog b/debian/changelog index 7acf323..ad795e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.16~pre-1) UNRELEASED; urgency=low +monkeysphere (0.16-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better @@ -12,13 +12,15 @@ monkeysphere (0.16~pre-1) UNRELEASED; urgency=low getopt lives. * monkeysphere-server diagnostics now counts problems and suggests a re-run after they have been resolved. + * completed basic test suite: this can be run from the git sources or + the tarball with: cd tests && ./basic [ Jameson Graef Rollins ] * Genericize fs location variables. * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at install. - -- Jameson Graef Rollins Sat, 11 Oct 2008 14:27:17 -0400 + -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 monkeysphere (0.15-1) experimental; urgency=low -- cgit v1.2.3 From 502915e19c9715b866f2c9f5bf89abf85fd8aa52 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 03:35:27 -0400 Subject: added 0.16-1 release announcement, plus new bug. --- website/bugs/authorized_keys_not_cleared.mdwn | 20 ++++++++++++++++ website/download.mdwn | 34 +++++++++++++-------------- website/news/release-0.16-1.mdwn | 31 ++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 17 deletions(-) create mode 100644 website/bugs/authorized_keys_not_cleared.mdwn create mode 100644 website/news/release-0.16-1.mdwn diff --git a/website/bugs/authorized_keys_not_cleared.mdwn b/website/bugs/authorized_keys_not_cleared.mdwn new file mode 100644 index 0000000..7246997 --- /dev/null +++ b/website/bugs/authorized_keys_not_cleared.mdwn @@ -0,0 +1,20 @@ +[[meta title="users with missing or empty authorized keys and User IDs should have MS-generated keys cleared" ]] + +I had a user who had a bunch of entries in +`~/.monkeysphere/authorized_user_ids`, and a bunch of raw keys in +`~/.ssh/authorized_keys`. My system's `monkeysphere-server` handled +this situation appropriately, and populated +`/var/lib/monkeysphere/authorized_keys/user` with the full set. + +Then i wanted to wipe out all key entries for that user. So i did: + + mkdir ~user/backup + mv ~user/.ssh ~user/.monkeysphere ~user/backup + monkeysphere-server update-users user + +I expected this to either remove +`/var/lib/monkeysphere/authorized_keys/user`, or truncate it to 0 +bytes. However, it just remained untouched, and the old keys +persisted. + +This seems like a potential security problem. diff --git a/website/download.mdwn b/website/download.mdwn index 3ba40f4..c87666b 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -52,31 +52,31 @@ has these checksums: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -checksums for the monkeysphere 0.15 release: +checksums for the monkeysphere 0.16 release: MD5: -8be275e5b5119921a536d8a67d3bfe24 monkeysphere_0.15.orig.tar.gz +4bc223e8004e0e374bd54f0315585c49 monkeysphere_0.16.orig.tar.gz SHA1: -65da0a047d935e856e2a0d7032dbbb339a3ce20a monkeysphere_0.15.orig.tar.gz +82c78ea1aeecb3059a14af9dfab0f471ce315e38 monkeysphere_0.16.orig.tar.gz SHA256: -44f3feb6e9f6921d2ed0406af4e3862f67da9261c8f00c7ea37cfea5031cbc77 monkeysphere_0.15.orig.tar.gz +f2dbd031315f99c82099a4a902f2240cca97536b035ef75872e72a65f324c9d7 monkeysphere_0.16.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) -iQIVAwUBSMG2fxjmZ/HrivMUAQJ40RAAjb4Rh9qJQztp+tAOxpvXKmItRTFyBTeB -QQWjl/gNSWbAOvZX9t+F63P8Dp/ET9XoE2iXUnClvCtkkKvwbKISHyM4C9tgu0z9 -Yggb6lFPt/Qz2fD/HTMxkeN+n0p/FVjLW9WlLPyKF++u/o8JelyuiXocHORzjtc/ -9HyQfdbZuUPA16ZsAb9D66aIC2pWR21EiXHj95EvUkm6AO53Sy9G5gzzveflRrLm -UdrcwCnbXiZklbs9wXxeZTa4qLAhv31RmkCzbE3/lNwFSBfzFFfi2HXZqQdRmIgu -xuV/wmi8xgxUbv7dbB7yhhqwFmRnzeuV3rvuvSdjqGjFu6R0fqorIOtLtBkG1m0Q -RP5gs5mU+DreYkdeLWpFFFVjaJkz0cNUcnT22EJ5JgfeH3fkoAPpjlUMvgh8apGq -CbtqmBfYVOLyifiwptCSwlQvfY2guBVmsW+C60g78vMlCa0Tezp79I5H1KdsXKlY -cw1eLt3HhEy39yojmcD5EI293tfWTIYvULXvMIZjqEFnkFvoAogtinfd8fDoH15j -8yqXOUfkuuSeGmPReyiZZkbBTMXOdM6JsXmjEMI5T9dnZcC0CClnDGfcxE2UfPQZ -v9tneWXZzFmnWaAqH+T+SJJ4gpMhD+i0vXgQ7xOhUUCF+tiY8Qh1eltR2Kf+VeYW -d+MRglTs/Z4= -=AmW6 +iQIVAwUBSQQdZRjmZ/HrivMUAQJaIA/6AnZG0yYJJ+0C4S0McnBnLMyiA4zQzVsH +5J9dAYO771h0TZnlre1NZdgiP37YiPA1et24O/S7da0Ud/CND+V7CGrsxPzsfEbP +xTPVDST2BgvnDo9LYN4Q9h7QD4lOiGjhoJM6PN/R6Zo2OGiw+yZ8RP+BW5AxW21e +3AnasZ2XLEmwqI0AMl9OWsLk4NzeS7t+ycWjwJKINOk/5ghzlOR0Use/mRyTHvzy +GhMjrLoqtgHo85pAfAWT7LkwTt+FDVRzLZl2shzJszewvPFva+z2A8kvuY+vAzUw +CSvIAC5MSrheFUg1JC+6efVbUTgn3RZj+zn7CxyttVuRzjyrnY2WkiMOT5mKuZCg +LR42FEXnDCNHjreVLB6PoU1bOseohRbfK2yN+oDSoXmO4GoKetokGEWU/S+pi/gq +dhjyMZUYv1pgE9Vtz3ps0vVC4e8D/i39qEm7JB2AWPWU4jGX5cLCeEkrfXGsGWyu +OxGGywarXfNp83R62QTh2cPZlkACj3IwoYgZ2h8r98ikyJlQE0Y7V8uHKsx1DMJX +JBemkEVW5P7pZiRS7X2zqLGIDNwqBKNRnjZ7bAhqThJXpCBWNuZ+DjGY743BBddr +RAfQUvdjbSEOD78NMh6pLLg3iYJA902EVXZX8Q8JQnjg5GlUrB2yS5uz82dwjbpx +dy0gzEhr4DA= +=DY0y -----END PGP SIGNATURE----- diff --git a/website/news/release-0.16-1.mdwn b/website/news/release-0.16-1.mdwn new file mode 100644 index 0000000..7354521 --- /dev/null +++ b/website/news/release-0.16-1.mdwn @@ -0,0 +1,31 @@ +[[meta title="Monkeysphere 0.16-1 released!"]] + +# Monkeysphere 0.16-1 released! # + +Monkeysphere 0.16-1 has been released. + +Notes from the changelog: + +
+  [ Daniel Kahn Gillmor ]
+  * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
+    portability.
+  * fixed busted lockfile arrangement, where empty file was being locked
+  * portability fixes in the way we use date, mktemp, hostname, su
+  * stop using /usr/bin/stat, since the syntax appears to be totally
+    unportable
+  * require GNU getopt, and test for getopt failures (look for getopt in
+    /usr/local/bin first, since that's where FreeBSD's GNU-compatible
+    getopt lives.
+  * monkeysphere-server diagnostics now counts problems and suggests a
+    re-run after they have been resolved.
+  * completed basic test suite: this can be run from the git sources or
+    the tarball with: cd tests && ./basic
+
+  [ Jameson Graef Rollins ]
+  * Genericize fs location variables.
+  * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
+    install.
+
+ +[[Download]] it now! -- cgit v1.2.3 From 0e69638709367ccd337460adc4a50a76fce064fa Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 03:38:51 -0400 Subject: fixing download link for latest released tarball. --- website/download.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/download.mdwn b/website/download.mdwn index c87666b..ae8ad9a 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -45,7 +45,7 @@ look at the source, we recommend [using git](/community). But if you want a tarball of the most recent release, we publish those too. The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.14.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.16.orig.tar.gz) has these checksums: 
-- 
cgit v1.2.3


From eef5c546af5f7a723be67303feee9b05b47b0fdb Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Sun, 26 Oct 2008 03:51:55 -0400
Subject: fixing build-releasenote so that it updates the tarball download link
 as well.

---
 utils/build-releasenote | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/utils/build-releasenote b/utils/build-releasenote
index 1b832a4..f7561da 100755
--- a/utils/build-releasenote
+++ b/utils/build-releasenote
@@ -28,7 +28,8 @@ checksums
 temprelease=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
 trap "rm -f $temprelease" EXIT
 set -e
-head -n$(( $(grep -n '^-----BEGIN PGP SIGNED MESSAGE-----$' website/download.mdwn | head -n1 | cut -f1 -d:) - 1 )) website/download.mdwn >$temprelease
+head -n$(( $(grep -n '^-----BEGIN PGP SIGNED MESSAGE-----$' website/download.mdwn | head -n1 | cut -f1 -d:) - 1 )) website/download.mdwn | \
+ sed -e 's|http://archive\.monkeysphere\.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_[[:digit:].]\+\.orig\.tar\.gz|http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_'"${VERSION%%-*}"'.orig.tar.gz|g' >$temprelease
 checksums | gpg --no-tty --clearsign --default-key EB8AF314 >>$temprelease
 cat utils/download.mdwn.footer >>$temprelease
 mv "$temprelease" website/download.mdwn
-- 
cgit v1.2.3