From 3726f3dd674e74258c5f47b00f3f6f15f4037175 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 14:43:22 -0500 Subject: move debian packaging to the packaging/ subdirectory. --- COPYING | 6 +- Makefile | 4 +- changelog | 1 + debian/changelog | 270 -------------------------------- debian/compat | 1 - debian/control | 23 --- debian/copyright | 24 --- debian/monkeysphere.dirs | 12 -- debian/monkeysphere.postinst | 28 ---- debian/monkeysphere.postrm | 21 --- debian/monkeysphere.preinst | 22 --- debian/rules | 3 - packaging/debian/changelog | 1 + packaging/debian/compat | 1 + packaging/debian/control | 23 +++ packaging/debian/copyright | 24 +++ packaging/debian/monkeysphere.dirs | 12 ++ packaging/debian/monkeysphere.postinst | 28 ++++ packaging/debian/monkeysphere.postrm | 21 +++ packaging/debian/monkeysphere.preinst | 22 +++ packaging/debian/rules | 3 + website/changelog | 276 +++++++++++++++++++++++++++++++++ website/news/release-0.20-1.mdwn | 18 +++ 23 files changed, 435 insertions(+), 409 deletions(-) create mode 120000 changelog delete mode 100644 debian/changelog delete mode 100644 debian/compat delete mode 100644 debian/control delete mode 100644 debian/copyright delete mode 100644 debian/monkeysphere.dirs delete mode 100755 debian/monkeysphere.postinst delete mode 100755 debian/monkeysphere.postrm delete mode 100755 debian/monkeysphere.preinst delete mode 100755 debian/rules create mode 120000 packaging/debian/changelog create mode 100644 packaging/debian/compat create mode 100644 packaging/debian/control create mode 100644 packaging/debian/copyright create mode 100644 packaging/debian/monkeysphere.dirs create mode 100755 packaging/debian/monkeysphere.postinst create mode 100755 packaging/debian/monkeysphere.postrm create mode 100755 packaging/debian/monkeysphere.preinst create mode 100755 packaging/debian/rules create mode 100644 website/changelog create mode 100644 website/news/release-0.20-1.mdwn diff --git a/COPYING b/COPYING index fefe9ab..070c992 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -MonkeySphere is a system to use the OpenPGP web-of-trust to +Monkeysphere is a system to use the OpenPGP web-of-trust to authenticate and encrypt ssh connections. It is free software, developed by: @@ -12,12 +12,12 @@ It is free software, developed by: Ross Glover Greg Lyle -MonkeySphere is distributed in the hope that it will be useful, but +Monkeysphere is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -MonkeySphere Copyright 2007, and are all released under the GPL, +Monkeysphere Copyright 2007, and are all released under the GPL, version 3 or later. diff --git a/Makefile b/Makefile index 7db645a..7493b1f 100755 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ # (c) 2008 Daniel Kahn Gillmor # Licensed under GPL v3 or later -MONKEYSPHERE_VERSION = `head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` # these defaults are for debian. porters should probably adjust them # before calling make install @@ -29,7 +29,7 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz - cp -a debian monkeysphere-$(MONKEYSPHERE_VERSION) + cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) diff --git a/changelog b/changelog new file mode 120000 index 0000000..b9a9e21 --- /dev/null +++ b/changelog @@ -0,0 +1 @@ +website/changelog \ No newline at end of file diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index 6988e89..0000000 --- a/debian/changelog +++ /dev/null @@ -1,270 +0,0 @@ -monkeysphere (0.20-1) unstable; urgency=low - - [ Daniel Kahn Gillmor ] - * ensure that tempdirs are properly created, bail out otherwise instead - of stumbling ahead. - * minor fussing with the test script to make it cleaner. - - [ Jameson Graef Rollins ] - * clean up Makefile to generate more elegant source tarballs. - * make myself the maintainer. - - -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 - -monkeysphere (0.19-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * simulating an X11 session in the test script. - * updated packaging so that symlinks to config files are correct. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 - -monkeysphere (0.18-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bugs in authorized_{user_ids,keys} file permission checking. - * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys - files. - * chown authorized_keys files to `whoami`, for compatibility with test - suite. - * major improvements to test suite, added more tests. - - [ Daniel Kahn Gillmor ] - * update make install to ensure placement of - /etc/monkeysphere/gnupg-{host,authentication}.conf - * choose either --quick-random or --debug-quick-random depending on - which gpg supports for the test suite. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 - -monkeysphere (0.17-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix some bugs in, and cleanup, authorized_keys file creation in - monkeysphere-server update-users. - * Move to using the empty string for not adding a user-controlled - authorized_keys file in the RAW_AUTHORIZED_KEYS variable. - - -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 - -monkeysphere (0.16-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better - portability. - * fixed busted lockfile arrangement, where empty file was being locked - * portability fixes in the way we use date, mktemp, hostname, su - * stop using /usr/bin/stat, since the syntax appears to be totally - unportable - * require GNU getopt, and test for getopt failures (look for getopt in - /usr/local/bin first, since that's where FreeBSD's GNU-compatible - getopt lives. - * monkeysphere-server diagnostics now counts problems and suggests a - re-run after they have been resolved. - * completed basic test suite: this can be run from the git sources or - the tarball with: cd tests && ./basic - - [ Jameson Graef Rollins ] - * Genericize fs location variables. - * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at - install. - - -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 - -monkeysphere (0.15-1) experimental; urgency=low - - * porting work and packaging simplification: clarifying makefiles, - pruning dependencies, etc. - * added tests to monkeysphere-server diagnostics - * moved monkeysphere(5) to section 7 of the manual - * now shipping TODO in /usr/share/doc/monkeysphere - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 - -monkeysphere (0.14-1) experimental; urgency=low - - * changing debian packaging back to format 1.0 so we get automatic - tarballs, and easier inclusion in other build networks. - * no other source changes. - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 - -monkeysphere (0.13-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. - * updated makefile to reflect the package building technique we've been - using for a month now. - - [ Jameson Graef Rollins ] - * move location of user config directory to ~/.monkeysphere. - - -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 - -monkeysphere (0.12-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Improved output handling. New LOG_LEVEL variable. - - [ Daniel Kahn Gillmor ] - * debian/control: switched Homepage: and Vcs-Git: to canonicalized - upstream hostnames. - * updated documentation for new release. - * changed my associated e-mail address for this package. - - -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 - -monkeysphere (0.11-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * fix bug in trustdb update on add/revoke-hostname. - - [ Daniel Kahn Gillmor ] - * debian/control: added Build-Depends: git-core for the new packaging - format - * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched - GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly - if not found). - - -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 - -monkeysphere (0.10-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * brown paper bag release: invert test on calculated validity of keys. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 - -monkeysphere (0.9-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * implemented "monkeysphere-server extend-key" to adjust expiration - date of host key. - * removed "monkeysphere-server fingerprint". Use "monkeysphere-server - show-key" instead. - - [ Jameson Graef Rollins ] - * fixed bug in user id processing that prevented bad primary keys from - being properly removed. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 - -monkeysphere (0.8-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * debian/control: switched Vcs-Git to use "centralized" git repo instead - of my own. - * More monkeysphere-server diagnostics - * monkeysphere --gen-subkey now guesses what KeyID you meant. - * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey - works sensibly under X11 - - [ Jameson Graef Rollins ] - * fix another bug when known_hosts files are missing. - * sort processed keys so that "good" keys are processed after "bad" - keys. This will prevent malicious bad keys from causing good keys to - be removed from key files. - * enabled host key publication. - * added checking of gpg.conf for keyserver - * new functions to add/revoke host key user IDs - * improved list-certifiers function (now non-privileged) - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 - -monkeysphere (0.7-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * Added monkeysphere-server diagnostics subcommand. - * rebuilding package using Format: 3.0 (git) - - [ Jameson Graef Rollins ] - * fix how check for file modification is done. - * rework out user id processing is done to provide more verbose log - output. - * fix bug in monkeysphpere update-authorized_keys subcommand where - disallowed keys failed to be remove from authorized_keys file. - - -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 - -monkeysphere (0.6-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bug in return on error of ssh-proxycommand. - - [ Daniel Kahn Gillmor ] - * try socat if netcat is not available in proxycommand. - - -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 - -monkeysphere (0.5-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * updated READMEs to match current state of code - - [ Jameson Graef Rollins ] - * Tweak how empty authorized_user_ids and known_hosts files are handled. - * Do not fail when authorized_user_ids or known_hosts file is not found. - - -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 - -monkeysphere (0.4-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * New version. - * Fixed return code error in openpgp2ssh - - [ Jameson Graef Rollins ] - * Privilege separation: use monkeysphere user to handle maintenance of - the gnupg authentication keychain for server. - * Improved certifier key management. - * Fixed variable scoping and config file precedence. - * Add options for key generation and add-certifier functions. - * Fix return codes for known_host and authorized_keys updating - functions. - * Add write permission check on authorized_keys, known_hosts, and - authorized_user_ids files. - - -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 - -monkeysphere (0.3-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * new version. - - [ Jameson Graef Rollins ] - * Move files in /var/cache/monkeysphere and GNUPGHOME for server to - the more appropriate /var/lib/monkeysphere. - - -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 - -monkeysphere (0.2-2) experimental; urgency=low - - * added lockfile-progs dependency - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 - -monkeysphere (0.2-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * openpgp2ssh now supports specifying keys by full fingerprint. - - [ Jameson Graef Rollins ] - * Add AUTHORIZED_USER_IDS config variable for server, which defaults to - %h/.config/monkeysphere/authorized_user_ids, instead of - /etc/monkeysphere/authorized_user_ids. - * Remove {update,remove}-userids functions, since we decided they - weren't useful enough to be worth maintaining. - * Better handling of unknown users in server update-users - * Add file locking when modifying known_hosts or authorized_keys - * Better failure/prompting for gen-subkey - * Add ability to set any owner trust level for keys in server keychain. - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 - -monkeysphere (0.1-1) experimental; urgency=low - - * First release of debian package for monkeysphere. - * This is experimental -- please report bugs! - - -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 - diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 7f8f011..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -7 diff --git a/debian/control b/debian/control deleted file mode 100644 index 4c836b4..0000000 --- a/debian/control +++ /dev/null @@ -1,23 +0,0 @@ -Source: monkeysphere -Section: net -Priority: extra -Maintainer: Jameson Graef Rollins -Uploaders: Daniel Kahn Gillmor -Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) -Standards-Version: 3.8.0.1 -Homepage: http://web.monkeysphere.info/ -Vcs-Git: git://git.monkeysphere.info/monkeysphere -Dm-Upload-Allowed: yes - -Package: monkeysphere -Architecture: any -Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} -Recommends: netcat | socat, ssh-askpass -Enhances: openssh-client, openssh-server -Description: use the OpenPGP web of trust to verify ssh connections - SSH key-based authentication is tried-and-true, but it lacks a true - Public Key Infrastructure for key certification, revocation and - expiration. Monkeysphere is a framework that uses the OpenPGP web of - trust for these PKI functions. It can be used in both directions: - for users to get validated host keys, and for hosts to authenticate - users. diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 4c25286..0000000 --- a/debian/copyright +++ /dev/null @@ -1,24 +0,0 @@ -Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226 -Debianized-By: Daniel Kahn Gillmor -Debianized-Date: Fri Jun 13 10:19:16 EDT 2008 -Original-Source: http://web.monkeysphere.info/download - -Files: * -Copyright: Copyright 2008 Jameson Rollins , - Daniel Kahn Gillmor , - Jamie McClelland , - Micah Anderson , - Matthew Goins , - Mike Castleman , - Elliot Winard , - Ross Glover , - Greg Lyle - -License: GPL-3+ - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - . - On Debian systems, the complete text of the GNU General Public License - can be found in file "/usr/share/common-licenses/GPL". diff --git a/debian/monkeysphere.dirs b/debian/monkeysphere.dirs deleted file mode 100644 index 1f9e66b..0000000 --- a/debian/monkeysphere.dirs +++ /dev/null @@ -1,12 +0,0 @@ -var/lib/monkeysphere -var/lib/monkeysphere/authorized_keys -var/lib/monkeysphere/tmp -usr/bin -usr/sbin -usr/share -usr/share/monkeysphere -usr/share/man -usr/share/man/man1 -usr/share/man/man7 -usr/share/man/man8 -etc/monkeysphere diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst deleted file mode 100755 index 02d6304..0000000 --- a/debian/monkeysphere.postinst +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -e - -# postinst script for monkeysphere - -# Author: Jameson Rollins -# Copyright 2008 - -ETC="/etc/monkeysphere" -VARLIB="/var/lib/monkeysphere" - -if ! getent passwd monkeysphere >/dev/null ; then - echo "adding monkeysphere user..." - adduser --quiet --system --no-create-home --group \ - --home "$VARLIB" \ - --shell '/bin/bash' \ - --gecos 'monkeysphere authentication user,,,' \ - monkeysphere -fi - -# install host gnupg home directory -install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host -# link in the gpg.conf -ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf - -# install authentication gnupg home directory -install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication -# link in the gpg.conf -ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf diff --git a/debian/monkeysphere.postrm b/debian/monkeysphere.postrm deleted file mode 100755 index 8f87ed3..0000000 --- a/debian/monkeysphere.postrm +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -e - -# postrm script for monkeysphere - -# Author: Jameson Rollins -# Copyright 2008 - -case $1 in - purge) - rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true - echo "removing monkeysphere user..." - userdel monkeysphere > /dev/null || true - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian/monkeysphere.preinst b/debian/monkeysphere.preinst deleted file mode 100755 index 860286b..0000000 --- a/debian/monkeysphere.preinst +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -e - -# preinst script for monkeysphere - -# Author: Jameson Rollins -# Copyright 2008 - -ETC="/etc/monkeysphere" -VARLIB="/var/lib/monkeysphere" - -# move the gpg.conf files from the GNUPGHOMEs if they're there to -# /etc, where they will be linked back into the GNUPGHOMEs later -if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then - mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf - chown root:root "$ETC"/gpg-host.conf - ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf -fi -if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then - mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf - chown root:root "$ETC"/gpg-authentication.conf - ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf -fi diff --git a/debian/rules b/debian/rules deleted file mode 100755 index cbe925d..0000000 --- a/debian/rules +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/make -f -%: - dh $@ diff --git a/packaging/debian/changelog b/packaging/debian/changelog new file mode 120000 index 0000000..d9956db --- /dev/null +++ b/packaging/debian/changelog @@ -0,0 +1 @@ +../../website/changelog \ No newline at end of file diff --git a/packaging/debian/compat b/packaging/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/packaging/debian/compat @@ -0,0 +1 @@ +7 diff --git a/packaging/debian/control b/packaging/debian/control new file mode 100644 index 0000000..4c836b4 --- /dev/null +++ b/packaging/debian/control @@ -0,0 +1,23 @@ +Source: monkeysphere +Section: net +Priority: extra +Maintainer: Jameson Graef Rollins +Uploaders: Daniel Kahn Gillmor +Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) +Standards-Version: 3.8.0.1 +Homepage: http://web.monkeysphere.info/ +Vcs-Git: git://git.monkeysphere.info/monkeysphere +Dm-Upload-Allowed: yes + +Package: monkeysphere +Architecture: any +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} +Recommends: netcat | socat, ssh-askpass +Enhances: openssh-client, openssh-server +Description: use the OpenPGP web of trust to verify ssh connections + SSH key-based authentication is tried-and-true, but it lacks a true + Public Key Infrastructure for key certification, revocation and + expiration. Monkeysphere is a framework that uses the OpenPGP web of + trust for these PKI functions. It can be used in both directions: + for users to get validated host keys, and for hosts to authenticate + users. diff --git a/packaging/debian/copyright b/packaging/debian/copyright new file mode 100644 index 0000000..4c25286 --- /dev/null +++ b/packaging/debian/copyright @@ -0,0 +1,24 @@ +Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226 +Debianized-By: Daniel Kahn Gillmor +Debianized-Date: Fri Jun 13 10:19:16 EDT 2008 +Original-Source: http://web.monkeysphere.info/download + +Files: * +Copyright: Copyright 2008 Jameson Rollins , + Daniel Kahn Gillmor , + Jamie McClelland , + Micah Anderson , + Matthew Goins , + Mike Castleman , + Elliot Winard , + Ross Glover , + Greg Lyle + +License: GPL-3+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + On Debian systems, the complete text of the GNU General Public License + can be found in file "/usr/share/common-licenses/GPL". diff --git a/packaging/debian/monkeysphere.dirs b/packaging/debian/monkeysphere.dirs new file mode 100644 index 0000000..1f9e66b --- /dev/null +++ b/packaging/debian/monkeysphere.dirs @@ -0,0 +1,12 @@ +var/lib/monkeysphere +var/lib/monkeysphere/authorized_keys +var/lib/monkeysphere/tmp +usr/bin +usr/sbin +usr/share +usr/share/monkeysphere +usr/share/man +usr/share/man/man1 +usr/share/man/man7 +usr/share/man/man8 +etc/monkeysphere diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst new file mode 100755 index 0000000..02d6304 --- /dev/null +++ b/packaging/debian/monkeysphere.postinst @@ -0,0 +1,28 @@ +#!/bin/sh -e + +# postinst script for monkeysphere + +# Author: Jameson Rollins +# Copyright 2008 + +ETC="/etc/monkeysphere" +VARLIB="/var/lib/monkeysphere" + +if ! getent passwd monkeysphere >/dev/null ; then + echo "adding monkeysphere user..." + adduser --quiet --system --no-create-home --group \ + --home "$VARLIB" \ + --shell '/bin/bash' \ + --gecos 'monkeysphere authentication user,,,' \ + monkeysphere +fi + +# install host gnupg home directory +install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host +# link in the gpg.conf +ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf + +# install authentication gnupg home directory +install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication +# link in the gpg.conf +ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf diff --git a/packaging/debian/monkeysphere.postrm b/packaging/debian/monkeysphere.postrm new file mode 100755 index 0000000..8f87ed3 --- /dev/null +++ b/packaging/debian/monkeysphere.postrm @@ -0,0 +1,21 @@ +#!/bin/sh -e + +# postrm script for monkeysphere + +# Author: Jameson Rollins +# Copyright 2008 + +case $1 in + purge) + rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true + echo "removing monkeysphere user..." + userdel monkeysphere > /dev/null || true + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packaging/debian/monkeysphere.preinst b/packaging/debian/monkeysphere.preinst new file mode 100755 index 0000000..860286b --- /dev/null +++ b/packaging/debian/monkeysphere.preinst @@ -0,0 +1,22 @@ +#!/bin/sh -e + +# preinst script for monkeysphere + +# Author: Jameson Rollins +# Copyright 2008 + +ETC="/etc/monkeysphere" +VARLIB="/var/lib/monkeysphere" + +# move the gpg.conf files from the GNUPGHOMEs if they're there to +# /etc, where they will be linked back into the GNUPGHOMEs later +if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then + mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf + chown root:root "$ETC"/gpg-host.conf + ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf +fi +if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then + mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf + chown root:root "$ETC"/gpg-authentication.conf + ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf +fi diff --git a/packaging/debian/rules b/packaging/debian/rules new file mode 100755 index 0000000..cbe925d --- /dev/null +++ b/packaging/debian/rules @@ -0,0 +1,3 @@ +#!/usr/bin/make -f +%: + dh $@ diff --git a/website/changelog b/website/changelog new file mode 100644 index 0000000..994b991 --- /dev/null +++ b/website/changelog @@ -0,0 +1,276 @@ +monkeysphere (0.21-1) unstable; urgency=low + + * move debian packaging to packaging subdirectory. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 14:26:48 -0500 + +monkeysphere (0.20-1) unstable; urgency=low + + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. + * minor fussing with the test script to make it cleaner. + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 + +monkeysphere (0.19-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * simulating an X11 session in the test script. + * updated packaging so that symlinks to config files are correct. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 + +monkeysphere (0.18-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bugs in authorized_{user_ids,keys} file permission checking. + * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys + files. + * chown authorized_keys files to `whoami`, for compatibility with test + suite. + * major improvements to test suite, added more tests. + + [ Daniel Kahn Gillmor ] + * update make install to ensure placement of + /etc/monkeysphere/gnupg-{host,authentication}.conf + * choose either --quick-random or --debug-quick-random depending on + which gpg supports for the test suite. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 + +monkeysphere (0.17-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix some bugs in, and cleanup, authorized_keys file creation in + monkeysphere-server update-users. + * Move to using the empty string for not adding a user-controlled + authorized_keys file in the RAW_AUTHORIZED_KEYS variable. + + -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 + +monkeysphere (0.16-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better + portability. + * fixed busted lockfile arrangement, where empty file was being locked + * portability fixes in the way we use date, mktemp, hostname, su + * stop using /usr/bin/stat, since the syntax appears to be totally + unportable + * require GNU getopt, and test for getopt failures (look for getopt in + /usr/local/bin first, since that's where FreeBSD's GNU-compatible + getopt lives. + * monkeysphere-server diagnostics now counts problems and suggests a + re-run after they have been resolved. + * completed basic test suite: this can be run from the git sources or + the tarball with: cd tests && ./basic + + [ Jameson Graef Rollins ] + * Genericize fs location variables. + * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at + install. + + -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 + +monkeysphere (0.15-1) experimental; urgency=low + + * porting work and packaging simplification: clarifying makefiles, + pruning dependencies, etc. + * added tests to monkeysphere-server diagnostics + * moved monkeysphere(5) to section 7 of the manual + * now shipping TODO in /usr/share/doc/monkeysphere + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 + +monkeysphere (0.14-1) experimental; urgency=low + + * changing debian packaging back to format 1.0 so we get automatic + tarballs, and easier inclusion in other build networks. + * no other source changes. + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 + +monkeysphere (0.13-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. + * updated makefile to reflect the package building technique we've been + using for a month now. + + [ Jameson Graef Rollins ] + * move location of user config directory to ~/.monkeysphere. + + -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 + +monkeysphere (0.12-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Improved output handling. New LOG_LEVEL variable. + + [ Daniel Kahn Gillmor ] + * debian/control: switched Homepage: and Vcs-Git: to canonicalized + upstream hostnames. + * updated documentation for new release. + * changed my associated e-mail address for this package. + + -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 + +monkeysphere (0.11-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * fix bug in trustdb update on add/revoke-hostname. + + [ Daniel Kahn Gillmor ] + * debian/control: added Build-Depends: git-core for the new packaging + format + * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched + GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly + if not found). + + -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 + +monkeysphere (0.10-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * brown paper bag release: invert test on calculated validity of keys. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 + +monkeysphere (0.9-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * implemented "monkeysphere-server extend-key" to adjust expiration + date of host key. + * removed "monkeysphere-server fingerprint". Use "monkeysphere-server + show-key" instead. + + [ Jameson Graef Rollins ] + * fixed bug in user id processing that prevented bad primary keys from + being properly removed. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 + +monkeysphere (0.8-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * debian/control: switched Vcs-Git to use "centralized" git repo instead + of my own. + * More monkeysphere-server diagnostics + * monkeysphere --gen-subkey now guesses what KeyID you meant. + * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey + works sensibly under X11 + + [ Jameson Graef Rollins ] + * fix another bug when known_hosts files are missing. + * sort processed keys so that "good" keys are processed after "bad" + keys. This will prevent malicious bad keys from causing good keys to + be removed from key files. + * enabled host key publication. + * added checking of gpg.conf for keyserver + * new functions to add/revoke host key user IDs + * improved list-certifiers function (now non-privileged) + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 + +monkeysphere (0.7-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * Added monkeysphere-server diagnostics subcommand. + * rebuilding package using Format: 3.0 (git) + + [ Jameson Graef Rollins ] + * fix how check for file modification is done. + * rework out user id processing is done to provide more verbose log + output. + * fix bug in monkeysphpere update-authorized_keys subcommand where + disallowed keys failed to be remove from authorized_keys file. + + -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 + +monkeysphere (0.6-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bug in return on error of ssh-proxycommand. + + [ Daniel Kahn Gillmor ] + * try socat if netcat is not available in proxycommand. + + -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 + +monkeysphere (0.5-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * updated READMEs to match current state of code + + [ Jameson Graef Rollins ] + * Tweak how empty authorized_user_ids and known_hosts files are handled. + * Do not fail when authorized_user_ids or known_hosts file is not found. + + -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 + +monkeysphere (0.4-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * New version. + * Fixed return code error in openpgp2ssh + + [ Jameson Graef Rollins ] + * Privilege separation: use monkeysphere user to handle maintenance of + the gnupg authentication keychain for server. + * Improved certifier key management. + * Fixed variable scoping and config file precedence. + * Add options for key generation and add-certifier functions. + * Fix return codes for known_host and authorized_keys updating + functions. + * Add write permission check on authorized_keys, known_hosts, and + authorized_user_ids files. + + -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 + +monkeysphere (0.3-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * new version. + + [ Jameson Graef Rollins ] + * Move files in /var/cache/monkeysphere and GNUPGHOME for server to + the more appropriate /var/lib/monkeysphere. + + -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 + +monkeysphere (0.2-2) experimental; urgency=low + + * added lockfile-progs dependency + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 + +monkeysphere (0.2-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * openpgp2ssh now supports specifying keys by full fingerprint. + + [ Jameson Graef Rollins ] + * Add AUTHORIZED_USER_IDS config variable for server, which defaults to + %h/.config/monkeysphere/authorized_user_ids, instead of + /etc/monkeysphere/authorized_user_ids. + * Remove {update,remove}-userids functions, since we decided they + weren't useful enough to be worth maintaining. + * Better handling of unknown users in server update-users + * Add file locking when modifying known_hosts or authorized_keys + * Better failure/prompting for gen-subkey + * Add ability to set any owner trust level for keys in server keychain. + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 + +monkeysphere (0.1-1) experimental; urgency=low + + * First release of debian package for monkeysphere. + * This is experimental -- please report bugs! + + -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 + diff --git a/website/news/release-0.20-1.mdwn b/website/news/release-0.20-1.mdwn new file mode 100644 index 0000000..841369d --- /dev/null +++ b/website/news/release-0.20-1.mdwn @@ -0,0 +1,18 @@ +[[meta title="Monkeysphere 0.20-1 released!"]] + +Monkeysphere 0.20-1 has been released. + +Notes from the changelog: + +
+  [ Daniel Kahn Gillmor ]
+  * ensure that tempdirs are properly created, bail out otherwise instead
+    of stumbling ahead.
+  * minor fussing with the test script to make it cleaner.
+
+  [ Jameson Graef Rollins ]
+  * clean up Makefile to generate more elegant source tarballs.
+  * make myself the maintainer.
+
+ +[[Download]] it now! -- cgit v1.2.3