From fa2aeb658c22784edbb5a890e5de648b41069252 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 5 Sep 2008 11:21:29 -0400 Subject: abstract lockfile functions to be able to Depend: lockfile-progs | lockfile --- debian/control | 2 +- src/common | 72 ++++++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 58 insertions(+), 16 deletions(-) diff --git a/debian/control b/debian/control index ef62798..8f5aeef 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), lockfile-progs, adduser, ${shlibs:Depends} +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} Recommends: netcat | socat, ssh-askpass Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections diff --git a/src/common b/src/common index 2b05c3c..4fec452 100644 --- a/src/common +++ b/src/common @@ -91,6 +91,48 @@ cutline() { head --line="$1" "$2" | tail -1 } +# this is a wrapper for doing lock functions. +# +# it lets us depend on either lockfile-progs (preferred) or procmail's +# lockfile, and should +lock() { + local use_lockfileprogs=true + local action="$1" + local file="$file" + + if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then + if ! ( which lockfile >/dev/null ); then + failure "Neither lockfile-create nor lockfile are in the path!" + use_lockfileprogs= + fi + + case "$action" in + create) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-create "$file" || failure "unable to lock '$file'" + else + lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" + fi + ;; + touch) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-touch "$file" + else + # Nothing to do here + fi + ;; + remove) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-remove "$file" + else + rm -f "${file}.lock" + fi + ;; + *) + failure "bad argument for lock subfunction '$action'" + esac +} + # check that characters are in a string (in an AND fashion). # used for checking key capability # check_capability capability a [b...] @@ -724,11 +766,10 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $KNOWN_HOSTS" EXIT - - # create a lockfile on known_hosts - lockfile-create "$KNOWN_HOSTS" + # create a lockfile on known_hosts: + lock create "$KNOWN_HOSTS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT # note pre update file checksum fileCheck="$(file_hash "$KNOWN_HOSTS")" @@ -747,11 +788,12 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$KNOWN_HOSTS" + lock touch --oneshot "$KNOWN_HOSTS" done - # remove the lockfile - lockfile-remove "$KNOWN_HOSTS" + # remove the lockfile and the trap + lock remove "$KNOWN_HOSTS" + trap - EXIT # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then @@ -862,11 +904,10 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $AUTHORIZED_KEYS" EXIT - # create a lockfile on authorized_keys - lockfile-create "$AUTHORIZED_KEYS" + lock create "$AUTHORIZED_KEYS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $AUTHORIZED_KEYS" EXIT # note pre update file checksum fileCheck="$(file_hash "$AUTHORIZED_KEYS")" @@ -890,11 +931,12 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$AUTHORIZED_KEYS" + lock touch --oneshot "$AUTHORIZED_KEYS" done - # remove the lockfile - lockfile-remove "$AUTHORIZED_KEYS" + # remove the lockfile and the trap + lock remove "$AUTHORIZED_KEYS" + trap - EXIT # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then -- cgit v1.2.3 From a266aa89051dad0e057c1e042d483b9f86e67e59 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 5 Sep 2008 13:09:26 -0400 Subject: fix lockfile wrapper; it was sloppily constructed. --- src/common | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/common b/src/common index 4fec452..40ba8de 100644 --- a/src/common +++ b/src/common @@ -103,6 +103,7 @@ lock() { if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then if ! ( which lockfile >/dev/null ); then failure "Neither lockfile-create nor lockfile are in the path!" + fi use_lockfileprogs= fi @@ -116,9 +117,9 @@ lock() { ;; touch) if [ -n "$use_lockfileprogs" ] ; then - lockfile-touch "$file" + lockfile-touch --oneshot "$file" else - # Nothing to do here + : Nothing to do here fi ;; remove) @@ -131,7 +132,7 @@ lock() { *) failure "bad argument for lock subfunction '$action'" esac -} + # check that characters are in a string (in an AND fashion). # used for checking key capability @@ -788,7 +789,7 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lock touch --oneshot "$KNOWN_HOSTS" + lock touch "$KNOWN_HOSTS" done # remove the lockfile and the trap @@ -931,7 +932,7 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lock touch --oneshot "$AUTHORIZED_KEYS" + lock touch "$AUTHORIZED_KEYS" done # remove the lockfile and the trap -- cgit v1.2.3 From 74bd3557fe340555629fd8615c31fe4b6a8b8174 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 5 Sep 2008 10:40:31 -0700 Subject: add curly brace end to lock function that was oddly removed at one point. --- src/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common b/src/common index 40ba8de..25f7e4e 100644 --- a/src/common +++ b/src/common @@ -132,7 +132,7 @@ lock() { *) failure "bad argument for lock subfunction '$action'" esac - +} # check that characters are in a string (in an AND fashion). # used for checking key capability -- cgit v1.2.3 From b3af23e564681b5bb3ef8e56ce0ce7f0714be544 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 5 Sep 2008 10:45:01 -0700 Subject: add toc back to why page, even though i'm still not totally satisfied with it's formatting. --- website/why.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/why.mdwn b/website/why.mdwn index 3c70bab..3d67d32 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -2,6 +2,8 @@ # Why should you be interested in the Monkeysphere? # +[[!toc levels=2]] + ## As an `ssh` user ## Do you use `ssh` to connect to remote machines? Are you tired of -- cgit v1.2.3 From 374cbfaabbea94bcc9de215e461474df2a596a9f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 5 Sep 2008 18:08:46 -0400 Subject: prepring for 0.15-1 release. --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index d032017..6acb8e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.15~pre-1) UNRELEASED; urgency=low +monkeysphere (0.15-1) experimental; urgency=low * porting work and packaging simplification: clarifying makefiles, pruning dependencies, etc. -- cgit v1.2.3 From 1fbd95fe2dce34e6da59e7f465d53d88e623b3b9 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 5 Sep 2008 18:45:55 -0400 Subject: release notes for 0.15-1 --- website/download.mdwn | 38 ++++++++++++++++++++++---------------- website/news/release-0.15-1.mdwn | 17 +++++++++++++++++ 2 files changed, 39 insertions(+), 16 deletions(-) create mode 100644 website/news/release-0.15-1.mdwn diff --git a/website/download.mdwn b/website/download.mdwn index 64993c9..599e695 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -52,25 +52,31 @@ has this sha1sum: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -sha1sum for the monkeysphere 0.14 release: +checksums for the monkeysphere 0.15 release: -8b05fec041cec7f86ddde92fa72c8aabf8af0b3b monkeysphere_0.14.orig.tar.gz +MD5: +8be275e5b5119921a536d8a67d3bfe24 monkeysphere_0.15.orig.tar.gz + +SHA1: +65da0a047d935e856e2a0d7032dbbb339a3ce20a monkeysphere_0.15.orig.tar.gz + +SHA256: +44f3feb6e9f6921d2ed0406af4e3862f67da9261c8f00c7ea37cfea5031cbc77 monkeysphere_0.15.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) -iQIVAwUBSMBhXhjmZ/HrivMUAQJTmw//XB8y7UXAg2GD4A1wHS/lczQLlzN3fVmT -MGzLVdlRtATQgnL1Zd2CbKEEswSDpok9h+meZxMUvBXnpGV3iUouNo7q6vkt9Dp6 -Y5B+mgSe1vlxtkHPRCpLFvnLch2+x9zk+OhfHK+85zu6yPd2KqN0uFMpx6xLDWNq -iIx3KzEOqLNe5WjJoKbGDvBohxgPePDLkAQtz+6Bnvor+H5gR4Mg3enPCRUtndKs -sxyfw40ZCCZQV8Hma1YzP8jRrTNhXy3jY57cJ966FgWANPxDWzQh3k0W9ZTp4KP7 -3xcxSxKGMCFtfkNFhC6vcry4TRh/f33snGhwvPX2sAfWTsDP3PPeY4bK2rtVynZm -bHl6IT1ZEdFVtS9IwWz51SAW5nDjffQnjSUM6TWtviRAc+acCHBCWVaGCRea7PLt -7BJ/chJUf48gSIYStH/rFVcGJGOQD8CYQeUrKPBZu/CHowJziYfYcBQ0zydPEz9A -5Lvs7pUhBVB+YYRqx62LqOMxX+qbUGCNRa3xJHRbOq8j+qqwTTh2W/fAlT1ziez+ -VqmKwX5Fnxd9q0wEEn3NGNbV8SrhHtN0LxmVHwxPrk5uo5d9mfuLBFnA93vWacDd -M0bZHHnV7w6CuR4ReGPh1HJFAPRf42S3HM9JooFV6hWlEci2iomInba691PMQOJv -nd+N0oSL47A= -=uAHY +iQIVAwUBSMG2fxjmZ/HrivMUAQJ40RAAjb4Rh9qJQztp+tAOxpvXKmItRTFyBTeB +QQWjl/gNSWbAOvZX9t+F63P8Dp/ET9XoE2iXUnClvCtkkKvwbKISHyM4C9tgu0z9 +Yggb6lFPt/Qz2fD/HTMxkeN+n0p/FVjLW9WlLPyKF++u/o8JelyuiXocHORzjtc/ +9HyQfdbZuUPA16ZsAb9D66aIC2pWR21EiXHj95EvUkm6AO53Sy9G5gzzveflRrLm +UdrcwCnbXiZklbs9wXxeZTa4qLAhv31RmkCzbE3/lNwFSBfzFFfi2HXZqQdRmIgu +xuV/wmi8xgxUbv7dbB7yhhqwFmRnzeuV3rvuvSdjqGjFu6R0fqorIOtLtBkG1m0Q +RP5gs5mU+DreYkdeLWpFFFVjaJkz0cNUcnT22EJ5JgfeH3fkoAPpjlUMvgh8apGq +CbtqmBfYVOLyifiwptCSwlQvfY2guBVmsW+C60g78vMlCa0Tezp79I5H1KdsXKlY +cw1eLt3HhEy39yojmcD5EI293tfWTIYvULXvMIZjqEFnkFvoAogtinfd8fDoH15j +8yqXOUfkuuSeGmPReyiZZkbBTMXOdM6JsXmjEMI5T9dnZcC0CClnDGfcxE2UfPQZ +v9tneWXZzFmnWaAqH+T+SJJ4gpMhD+i0vXgQ7xOhUUCF+tiY8Qh1eltR2Kf+VeYW +d+MRglTs/Z4= +=AmW6 -----END PGP SIGNATURE----- - diff --git a/website/news/release-0.15-1.mdwn b/website/news/release-0.15-1.mdwn new file mode 100644 index 0000000..5a36ba1 --- /dev/null +++ b/website/news/release-0.15-1.mdwn @@ -0,0 +1,17 @@ +[[meta title="MonkeySphere 0.15-1 released!"]] + +# MonkeySphere 0.15-1 released! # + +MonkeySphere 0.15-1 has been released. + +From the changelog: + +
+  * porting work and packaging simplification: clarifying makefiles,
+    pruning dependencies, etc.
+  * added tests to monkeysphere-server diagnostics
+  * moved monkeysphere(5) to section 7 of the manual
+  * now shipping TODO in /usr/share/doc/monkeysphere
+
+ +[[Download]] it now! -- cgit v1.2.3 From 2bb4fdeabaf16d66c68ea92c3f332945ea7b53c4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 5 Sep 2008 18:46:41 -0400 Subject: scripts to "make releasenote" to make my life easier. --- Makefile | 5 ++++- utils/build-releasenote | 40 ++++++++++++++++++++++++++++++++++++++++ utils/download.mdwn.footer | 1 + utils/releasenote.footer | 3 +++ utils/releasenote.header | 9 +++++++++ 5 files changed, 57 insertions(+), 1 deletion(-) create mode 100755 utils/build-releasenote create mode 100644 utils/download.mdwn.footer create mode 100644 utils/releasenote.footer create mode 100644 utils/releasenote.header diff --git a/Makefile b/Makefile index 765c3e9..defd15a 100644 --- a/Makefile +++ b/Makefile @@ -45,4 +45,7 @@ install: all install man/man8/* $(DESTDIR)$(PREFIX)/share/man/man8 install -m 0644 etc/* $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere -.PHONY: all clean tarball debian-package install +releasenote: + ./utils/build-releasenote + +.PHONY: all clean tarball debian-package install releasenote diff --git a/utils/build-releasenote b/utils/build-releasenote new file mode 100755 index 0000000..af7ceb3 --- /dev/null +++ b/utils/build-releasenote @@ -0,0 +1,40 @@ +#!/bin/bash + +VERSION=`head -n1 debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` + +{ + sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header + head -n$(( $(grep -n '^ --' debian/changelog | head -n1 | cut -f1 -d:) - 2 )) debian/changelog | tail -n+3 + sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer +} > "website/news/release-$VERSION.mdwn" + +git add "website/news/release-$VERSION.mdwn" + +checksums() { + echo "checksums for the monkeysphere ${VERSION%%-*} release:" + echo + echo "MD5:" + md5sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" + echo + echo "SHA1:" + sha1sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" + echo + echo "SHA256:" + sha256sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" +} + +checksums + +temprelease=$(mktemp) +trap "rm -f $temprelease" EXIT +set -e +head -n$(( $(grep -n '^-----BEGIN PGP SIGNED MESSAGE-----$' website/download.mdwn | head -n1 | cut -f1 -d:) - 1 )) website/download.mdwn >$temprelease +checksums | gpg --no-tty --clearsign --default-key EB8AF314 >>$temprelease +cat utils/download.mdwn.footer >>$temprelease +mv "$temprelease" website/download.mdwn +trap - EXIT +set +e + +git add website/download.mdwn + +gpg --verify website/download.mdwn diff --git a/utils/download.mdwn.footer b/utils/download.mdwn.footer new file mode 100644 index 0000000..95bc788 --- /dev/null +++ b/utils/download.mdwn.footer @@ -0,0 +1 @@ + diff --git a/utils/releasenote.footer b/utils/releasenote.footer new file mode 100644 index 0000000..640e765 --- /dev/null +++ b/utils/releasenote.footer @@ -0,0 +1,3 @@ + + +[[Download]] it now! diff --git a/utils/releasenote.header b/utils/releasenote.header new file mode 100644 index 0000000..f08012c --- /dev/null +++ b/utils/releasenote.header @@ -0,0 +1,9 @@ +[[meta title="MonkeySphere __VERSION__ released!"]] + +# MonkeySphere __VERSION__ released! # + +MonkeySphere __VERSION__ has been released. + +From the changelog: + +
-- 
cgit v1.2.3


From d4d83e34a65cbb3be4b46da590297f326e660052 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Fri, 5 Sep 2008 18:52:33 -0400
Subject: cleanup automated releasenote bits.

---
 utils/releasenote.header | 8 ++++----
 website/download.mdwn    | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/utils/releasenote.header b/utils/releasenote.header
index f08012c..1dbc5b9 100644
--- a/utils/releasenote.header
+++ b/utils/releasenote.header
@@ -1,9 +1,9 @@
-[[meta title="MonkeySphere __VERSION__ released!"]]
+[[meta title="Monkeysphere __VERSION__ released!"]]
 
-# MonkeySphere __VERSION__ released! #
+# Monkeysphere __VERSION__ released! #
 
-MonkeySphere __VERSION__ has been released.  
+Monkeysphere __VERSION__ has been released.  
 
-From the changelog:
+Notes from the changelog:
 
 
diff --git a/website/download.mdwn b/website/download.mdwn
index 599e695..3ba40f4 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -46,7 +46,7 @@ look at the source, we recommend [using git](/community).
 But if you want a tarball of the most recent release, we publish those
 too.  The [latest
 tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.14.orig.tar.gz)
-has this sha1sum:
+has these checksums:
 
 
 -----BEGIN PGP SIGNED MESSAGE-----
-- 
cgit v1.2.3