From 150008da442a4a95672356c2148884223dea68d7 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 29 Oct 2008 14:22:32 -0400 Subject: fix small bug in the packaging about man7 directory installation. --- debian/monkeysphere.dirs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/monkeysphere.dirs b/debian/monkeysphere.dirs index cfafe15..1f9e66b 100644 --- a/debian/monkeysphere.dirs +++ b/debian/monkeysphere.dirs @@ -7,6 +7,6 @@ usr/share usr/share/monkeysphere usr/share/man usr/share/man/man1 -usr/share/man/man5 +usr/share/man/man7 usr/share/man/man8 etc/monkeysphere -- cgit v1.2.3 From 82c1c7ca35e781cad5e6f4cb8dcc04de3c814214 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 29 Oct 2008 14:42:28 -0400 Subject: link "why" web page to the alternate PKI discussion. --- website/why.mdwn | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/why.mdwn b/website/why.mdwn index 3d67d32..5c060a5 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -137,6 +137,9 @@ than the current infrastructure allows, and is more meaningful to actual humans using these tools than some message like "Certified by GloboTrust". +You may also be interested in [some thoughts about alternate PKIs for +SSH](/similar). + ## Philosophy ## Humans (and -- cgit v1.2.3 From f0fb1dbb0d7f13060ebdc7aada7d64105453eae4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 29 Oct 2008 18:19:35 -0400 Subject: added latest george updates to changelog. --- doc/george/changelog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/george/changelog b/doc/george/changelog index 74daf17..83d6843 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -7,6 +7,11 @@ * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-10-29 - dkg + * aptitude update && aptitude full-upgrade + * brought monkeysphere up to 0.19-1 + * removed tasksel + 2008-10-25 - dkg * aptitude update && aptitude full-upgrade * brought monkeysphere up to 0.16-1 -- cgit v1.2.3 From 56ba9a2e10b757bf7a31ba190b14ee38ed511461 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 29 Oct 2008 23:48:16 -0400 Subject: fix my email address in debian/control. --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index efd734b..ccc3ad2 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: monkeysphere Section: net Priority: extra Maintainer: Daniel Kahn Gillmor -Uploaders: Jameson Graef Rollins +Uploaders: Jameson Graef Rollins Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) Standards-Version: 3.8.0.1 Homepage: http://web.monkeysphere.info/ -- cgit v1.2.3 From e9a874c9ee4c634d574ada757ad1e8c721b890f8 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 12:04:02 -0400 Subject: asking reprepro to keep older unreferenced files around in the archive. This should help our porters, so that they can have a canonical place to download tarballs from even if a new version has been released. --- repo/conf/options | 1 + 1 file changed, 1 insertion(+) diff --git a/repo/conf/options b/repo/conf/options index c00ee94..6de6cad 100644 --- a/repo/conf/options +++ b/repo/conf/options @@ -1 +1,2 @@ verbose +keepunreferencedfiles -- cgit v1.2.3 From 2ae935a6dbd973730cd6e6aeb5cc5bbfc54949b5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 12:10:27 -0400 Subject: add checks to make sure that the test suite will be able to run. --- tests/basic | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/basic b/tests/basic index d735578..8e7f88a 100755 --- a/tests/basic +++ b/tests/basic @@ -14,6 +14,13 @@ # all subcommands in this script should complete without failure: set -e +## make sure that the right tools are installed to run the test. the +## test has *more* requirements than plain ol' monkeysphere: + +[ -x $(which socat) ] || { echo "You must have socat installed to run this test." && exit 1 } + +## FIXME: other checks? + # gpg command for test admin user gpgadmin() { GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" -- cgit v1.2.3 From 3763a9e47383e1e3c801726c151a3e10fd8ee859 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 12:11:08 -0400 Subject: fixing stupid typo. --- tests/basic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index 8e7f88a..fd1bfb0 100755 --- a/tests/basic +++ b/tests/basic @@ -17,7 +17,7 @@ set -e ## make sure that the right tools are installed to run the test. the ## test has *more* requirements than plain ol' monkeysphere: -[ -x $(which socat) ] || { echo "You must have socat installed to run this test." && exit 1 } +[ -x $(which socat) ] || { echo "You must have socat installed to run this test." && exit 1; } ## FIXME: other checks? -- cgit v1.2.3 From b5f5c450f620ea647a72a533e844fb110a5d91df Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 12:14:26 -0400 Subject: fixing check for test suite. --- tests/basic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index fd1bfb0..289a1b7 100755 --- a/tests/basic +++ b/tests/basic @@ -17,7 +17,7 @@ set -e ## make sure that the right tools are installed to run the test. the ## test has *more* requirements than plain ol' monkeysphere: -[ -x $(which socat) ] || { echo "You must have socat installed to run this test." && exit 1; } +which socat || { echo "You must have socat installed to run this test." ; exit 1; } ## FIXME: other checks? -- cgit v1.2.3 From 6f85cad586d60a3f3356f46febf48c9352870de9 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 30 Oct 2008 14:59:07 -0400 Subject: Couple of small fixes to makefile. --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index dfeb3f1..9c07f0d 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ tarball: clean mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) - tar -ch monkeysphere-$(MONKEYSPHERE_VERSION) | gzip -n > monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz + tar -ch --exclude='*~' monkeysphere-$(MONKEYSPHERE_VERSION) | gzip -n > monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) debian-package: tarball @@ -62,4 +62,4 @@ installman: releasenote: ./utils/build-releasenote -.PHONY: all clean tarball debian-package install releasenote +.PHONY: all tarball debian-package freebsd-distinfo clean install installman releasenote -- cgit v1.2.3 From e3030c0ed18988ff646fd8dc004797de09b39360 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 15:04:24 -0400 Subject: updating debian/changelog as we start work on version 0.20. --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index a7514a3..fa905d3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +monkeysphere (0.20-1) UNRELEASED; urgency=low + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + + -- Daniel Kahn Gillmor Thu, 30 Oct 2008 15:03:23 -0400 + monkeysphere (0.19-1) experimental; urgency=low [ Daniel Kahn Gillmor ] -- cgit v1.2.3 From 7d0fbea0f456bdc0c69f5bca44be173a3c0afb23 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 30 Oct 2008 15:29:07 -0400 Subject: small change to cleanup website release note. --- utils/releasenote.header | 2 -- 1 file changed, 2 deletions(-) diff --git a/utils/releasenote.header b/utils/releasenote.header index 1dbc5b9..cf08728 100644 --- a/utils/releasenote.header +++ b/utils/releasenote.header @@ -1,7 +1,5 @@ [[meta title="Monkeysphere __VERSION__ released!"]] -# Monkeysphere __VERSION__ released! # - Monkeysphere __VERSION__ has been released. Notes from the changelog: -- cgit v1.2.3 From 0f5a4178cd4e59fc6495288dbc3dab6a1b7e0186 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 15:42:02 -0400 Subject: fixing freebsd patch to match current shipped config file. --- packaging/freebsd/files/patch-etclocation | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/freebsd/files/patch-etclocation b/packaging/freebsd/files/patch-etclocation index 0100a9c..2ab3ac0 100644 --- a/packaging/freebsd/files/patch-etclocation +++ b/packaging/freebsd/files/patch-etclocation @@ -6,8 +6,8 @@ index c001f2d..d33fd36 100644 # authorized_keys file. '%h' will be replaced by the home directory # of the user, and %u will be replaced by the username of the user. # For purely admin-controlled authorized_user_ids, you might put them --# in /etc/monkeysphere/authorized_user_ids/%u -+# in /usr/local/etc/monkeysphere/authorized_user_ids/%u +-# in /etc/monkeysphere/authorized_user_ids/%u, for instance. ++# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance. #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" # Whether to add user controlled authorized_keys file to -- cgit v1.2.3 From 992e7de99fdacfe913338bc995efba36854ee6a2 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 15:54:03 -0400 Subject: do more testing to make sure that mktemp calls do not fail. --- debian/changelog | 4 ++++ src/monkeysphere-server | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index fa905d3..300175d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,10 @@ monkeysphere (0.20-1) UNRELEASED; urgency=low [ Jameson Graef Rollins ] * clean up Makefile to generate more elegant source tarballs. + + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. -- Daniel Kahn Gillmor Thu, 30 Oct 2008 15:03:23 -0400 diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 5f0cb73..e78903b 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -134,7 +134,7 @@ show_server_key() { # dumping to a file named ' ' so that the ssh-keygen output # doesn't claim any potentially bogus hostname(s): - tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ " echo -n "ssh fingerprint: " (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }') @@ -180,7 +180,7 @@ update_users() { log verbose "----- user: $uname -----" # make temporary directory - TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) + TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" # trap to delete temporary directory on exit trap "rm -rf $TMPLOC" EXIT -- cgit v1.2.3 From 7b8af9a915f776e436d8d7bb97d64d9979793220 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 15:54:31 -0400 Subject: build out directories for the monkeysphere that should be created on package installation. --- packaging/freebsd/pkg-install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install index d7e4dbe..731667c 100755 --- a/packaging/freebsd/pkg-install +++ b/packaging/freebsd/pkg-install @@ -65,6 +65,8 @@ POST-INSTALL) install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf + install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys + chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf monkeysphere-server diagnostics -- cgit v1.2.3 From b2d9fe7ea412078a6e27f55bc0746451bf18f90f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 15:57:06 -0400 Subject: freebsd packaging: leave gnupg-authentication.conf with superuser ownership. it should not need to be owned by monkeysphere. --- packaging/freebsd/pkg-install | 2 -- 1 file changed, 2 deletions(-) diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install index 731667c..70d37b5 100755 --- a/packaging/freebsd/pkg-install +++ b/packaging/freebsd/pkg-install @@ -67,8 +67,6 @@ POST-INSTALL) install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys - chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf - monkeysphere-server diagnostics ;; esac -- cgit v1.2.3 From 846174da30ba5e96c6537a1a5c88666b3120177b Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 17:25:40 -0400 Subject: reorganizing FreeBSD port to make it clearer where it in /usr/ports and to make it easier to rebuild the port --- packaging/freebsd/Makefile | 56 -------------- packaging/freebsd/distinfo | 3 - packaging/freebsd/files/patch-etclocation | 54 ------------- packaging/freebsd/files/patch-sharelocation | 22 ------ packaging/freebsd/files/patch-varlocation | 90 ---------------------- packaging/freebsd/pkg-deinstall | 29 ------- packaging/freebsd/pkg-descr | 7 -- packaging/freebsd/pkg-install | 72 ----------------- packaging/freebsd/pkg-plist | 18 ----- packaging/freebsd/security/monkeysphere/Makefile | 56 ++++++++++++++ packaging/freebsd/security/monkeysphere/distinfo | 3 + .../security/monkeysphere/files/patch-etclocation | 54 +++++++++++++ .../monkeysphere/files/patch-sharelocation | 22 ++++++ .../security/monkeysphere/files/patch-varlocation | 90 ++++++++++++++++++++++ .../freebsd/security/monkeysphere/pkg-deinstall | 29 +++++++ packaging/freebsd/security/monkeysphere/pkg-descr | 7 ++ .../freebsd/security/monkeysphere/pkg-install | 72 +++++++++++++++++ packaging/freebsd/security/monkeysphere/pkg-plist | 18 +++++ 18 files changed, 351 insertions(+), 351 deletions(-) delete mode 100644 packaging/freebsd/Makefile delete mode 100644 packaging/freebsd/distinfo delete mode 100644 packaging/freebsd/files/patch-etclocation delete mode 100644 packaging/freebsd/files/patch-sharelocation delete mode 100644 packaging/freebsd/files/patch-varlocation delete mode 100755 packaging/freebsd/pkg-deinstall delete mode 100644 packaging/freebsd/pkg-descr delete mode 100755 packaging/freebsd/pkg-install delete mode 100644 packaging/freebsd/pkg-plist create mode 100644 packaging/freebsd/security/monkeysphere/Makefile create mode 100644 packaging/freebsd/security/monkeysphere/distinfo create mode 100644 packaging/freebsd/security/monkeysphere/files/patch-etclocation create mode 100644 packaging/freebsd/security/monkeysphere/files/patch-sharelocation create mode 100644 packaging/freebsd/security/monkeysphere/files/patch-varlocation create mode 100755 packaging/freebsd/security/monkeysphere/pkg-deinstall create mode 100644 packaging/freebsd/security/monkeysphere/pkg-descr create mode 100755 packaging/freebsd/security/monkeysphere/pkg-install create mode 100644 packaging/freebsd/security/monkeysphere/pkg-plist diff --git a/packaging/freebsd/Makefile b/packaging/freebsd/Makefile deleted file mode 100644 index 984bc87..0000000 --- a/packaging/freebsd/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# New ports collection makefile for: monkeysphere -# Date created: 2008-09-11 23:38:27-0400 -# Whom: Daniel Kahn Gillmor -# -# $FreeBSD$ -# - -PORTNAME= monkeysphere -PORTVERSION= 0.19 -CATEGORIES= security -MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ -# hack for debian orig tarballs -DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz - -MAINTAINER= dkg@fifthhorseman.net -COMMENT= use the OpenPGP web of trust to verify ssh connections - -LIB_DEPENDS= gnutls.26:${PORTSDIR}/security/gnutls -RUN_DEPENDS= base64:${PORTSDIR}/converters/base64 \ - gpg:${PORTSDIR}/security/gnupg1 \ - lockfile:${PORTSDIR}/mail/procmail \ - /usr/local/bin/getopt:${PORTSDIR}/misc/getopt \ - bash:${PORTSDIR}/shells/bash - -MAN1= monkeysphere.1 openpgp2ssh.1 monkeysphere-ssh-proxycommand.1 -MAN7= monkeysphere.7 -MAN8= monkeysphere-server.8 -MANCOMPRESSED= yes - -MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample - -# get rid of cruft after the patching: -post-patch: - find . -iname '*.orig' -delete - -post-install: - @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-host.conf ]; then \ - ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-host.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-host.conf ; \ - fi - @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ]; then \ - ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ; \ - fi - @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere.conf ]; then \ - ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere.conf ; \ - fi - @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ]; then \ - ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ; \ - fi -.if !defined(PACKAGE_BUILDING) - @${SETENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL -.endif - -post-deinstall: - @${SETENV} ${SH} ${PKGDEINSTALL} ${PKGNAME} POST-DEINSTALL - -.include diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo deleted file mode 100644 index 86aecd1..0000000 --- a/packaging/freebsd/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e -SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522 -SIZE (monkeysphere_0.19.orig.tar.gz) = 68335 diff --git a/packaging/freebsd/files/patch-etclocation b/packaging/freebsd/files/patch-etclocation deleted file mode 100644 index 2ab3ac0..0000000 --- a/packaging/freebsd/files/patch-etclocation +++ /dev/null @@ -1,54 +0,0 @@ -diff --git etc/monkeysphere-server.conf etc/monkeysphere-server.conf -index c001f2d..d33fd36 100644 ---- etc/monkeysphere-server.conf -+++ etc/monkeysphere-server.conf -@@ -17,7 +17,7 @@ - # authorized_keys file. '%h' will be replaced by the home directory - # of the user, and %u will be replaced by the username of the user. - # For purely admin-controlled authorized_user_ids, you might put them --# in /etc/monkeysphere/authorized_user_ids/%u, for instance. -+# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance. - #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" - - # Whether to add user controlled authorized_keys file to -diff --git man/man1/monkeysphere.1 man/man1/monkeysphere.1 -index 3ece735..09320d2 100644 ---- man/man1/monkeysphere.1 -+++ man/man1/monkeysphere.1 -@@ -111,7 +111,7 @@ Path to ssh authorized_keys file (~/.ssh/authorized_keys). - ~/.monkeysphere/monkeysphere.conf - User monkeysphere config file. - .TP --/etc/monkeysphere/monkeysphere.conf -+/usr/local/etc/monkeysphere/monkeysphere.conf - System-wide monkeysphere config file. - .TP - ~/.monkeysphere/authorized_user_ids -diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 -index f207e2c..360408e 100644 ---- man/man8/monkeysphere-server.8 -+++ man/man8/monkeysphere-server.8 -@@ -203,10 +203,10 @@ User to control authentication keychain (monkeysphere). - .SH FILES - - .TP --/etc/monkeysphere/monkeysphere-server.conf -+/usr/local/etc/monkeysphere/monkeysphere-server.conf - System monkeysphere-server config file. - .TP --/etc/monkeysphere/monkeysphere.conf -+/usr/local/etc/monkeysphere/monkeysphere.conf - System-wide monkeysphere config file. - .TP - /var/lib/monkeysphere/authorized_keys/USER ---- src/common.orig 2008-10-12 14:58:00.000000000 -0400 -+++ src/common 2008-10-25 17:40:34.000000000 -0400 -@@ -16,7 +16,7 @@ - ### COMMON VARIABLES - - # managed directories --SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} -+SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/usr/local/etc/monkeysphere"} - export SYSCONFIGDIR - - ######################################################################## diff --git a/packaging/freebsd/files/patch-sharelocation b/packaging/freebsd/files/patch-sharelocation deleted file mode 100644 index 99c9604..0000000 --- a/packaging/freebsd/files/patch-sharelocation +++ /dev/null @@ -1,22 +0,0 @@ ---- src/monkeysphere.orig 2008-10-12 14:58:00.000000000 -0400 -+++ src/monkeysphere 2008-10-25 17:41:41.000000000 -0400 -@@ -13,7 +13,7 @@ - ######################################################################## - PGRM=$(basename $0) - --SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} -+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} - export SYSSHAREDIR - . "${SYSSHAREDIR}/common" || exit 1 - ---- src/monkeysphere-server.orig 2008-10-25 14:17:50.000000000 -0400 -+++ src/monkeysphere-server 2008-10-25 17:42:50.000000000 -0400 -@@ -13,7 +13,7 @@ - ######################################################################## - PGRM=$(basename $0) - --SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} -+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} - export SYSSHAREDIR - . "${SYSSHAREDIR}/common" || exit 1 - diff --git a/packaging/freebsd/files/patch-varlocation b/packaging/freebsd/files/patch-varlocation deleted file mode 100644 index c4d8dcd..0000000 --- a/packaging/freebsd/files/patch-varlocation +++ /dev/null @@ -1,90 +0,0 @@ -diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 -index f207e2c..29c7b6a 100644 ---- man/man8/monkeysphere-server.8 -+++ man/man8/monkeysphere-server.8 -@@ -128,7 +128,7 @@ command to push the key to a keyserver. You must also modify the - sshd_config on the server to tell sshd where the new server host key - is located: - --HostKey /var/lib/monkeysphere/ssh_host_rsa_key -+HostKey /var/monkeysphere/ssh_host_rsa_key - - In order for users logging into the system to be able to verify the - host via the monkeysphere, at least one person (e.g. a server admin) -@@ -170,7 +170,7 @@ users. You must also tell sshd to look at the monkeysphere-generated - authorized_keys file for user authentication by setting the following - in the sshd_config: - --AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u -+AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u - - It is recommended to add "monkeysphere-server update-users" to a - system crontab, so that user keys are kept up-to-date, and key -@@ -209,17 +209,17 @@ System monkeysphere-server config file. - /etc/monkeysphere/monkeysphere.conf - System-wide monkeysphere config file. - .TP --/var/lib/monkeysphere/authorized_keys/USER -+/var/monkeysphere/authorized_keys/USER - Monkeysphere-generated user authorized_keys files. - .TP --/var/lib/monkeysphere/ssh_host_rsa_key -+/var/monkeysphere/ssh_host_rsa_key - Copy of the host's private key in ssh format, suitable for use by - sshd. - .TP --/var/lib/monkeysphere/gnupg-host -+/var/monkeysphere/gnupg-host - Monkeysphere host GNUPG home directory. - .TP --/var/lib/monkeysphere/gnupg-authentication -+/var/monkeysphere/gnupg-authentication - Monkeysphere authentication GNUPG home directory. - - .SH AUTHOR -diff --git doc/getting-started-admin.mdwn doc/getting-started-admin.mdwn -index 6c8ad53..67fdda1 100644 ---- doc/getting-started-admin.mdwn -+++ doc/getting-started-admin.mdwn -@@ -30,7 +30,7 @@ To use the newly-generated host key for ssh connections, put the - following line in `/etc/ssh/sshd_config` (be sure to remove references - to any other keys): - -- HostKey /var/lib/monkeysphere/ssh_host_rsa_key -+ HostKey /var/monkeysphere/ssh_host_rsa_key - - FIXME: should we just suggest symlinks in the filesystem here instead? - -@@ -40,7 +40,7 @@ To enable users to use the monkeysphere to authenticate using the - OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again, - making sure that no other AuthorizedKeysFile directive exists): - -- AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u -+ AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u - - And then read the section below about how to ensure these files are - maintained. You'll need to restart `sshd` to have your changes take ---- src/monkeysphere-server.orig 2008-10-25 18:01:19.000000000 -0400 -+++ src/monkeysphere-server 2008-10-25 18:01:24.000000000 -0400 -@@ -17,7 +17,7 @@ - export SYSSHAREDIR - . "${SYSSHAREDIR}/common" || exit 1 - --SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} -+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/monkeysphere"} - export SYSDATADIR - - # UTC date in ISO 8601 format if needed ---- etc/gnupg-authentication.conf.orig 2008-10-25 18:02:58.000000000 -0400 -+++ etc/gnupg-authentication.conf 2008-10-25 18:03:04.000000000 -0400 -@@ -4,8 +4,8 @@ - # It is highly recommended that you - # DO NOT MODIFY - # these variables. --primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg --keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg -+primary-keyring /var/monkeysphere/gnupg-authentication/pubring.gpg -+keyring /var/monkeysphere/gnupg-host/pubring.gpg - - # PGP keyserver to use for PGP queries. - keyserver hkp://pgp.mit.edu diff --git a/packaging/freebsd/pkg-deinstall b/packaging/freebsd/pkg-deinstall deleted file mode 100755 index 3000878..0000000 --- a/packaging/freebsd/pkg-deinstall +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -# a package removal script for monkeysphere (borrowing from -# monkeysphere's debian/monkeysphere.postrm) - -# Author: Daniel Kahn Gillmor -# Copyright 2008 - -# FIXME: is /var/lib/monkeysphere the right place for this stuff on -# FreeBSD? -VARLIB="/var/monkeysphere" - - -case $2 in -POST-DEINSTALL) - USER=monkeysphere -# FIXME: This doesn't do anything! Under what circumstances do we -# want to actually automatically purge all of /var/monkeysphere? - -# (note: FreeBSD does not seem to want the package-specific user to be -# purged at package removal) - if pw user show "${USER}" 2>/dev/null >/dev/null; then - echo "Warning: If you will *NOT* use this package anymore, please remove the monkeysphere user manually." - fi - if [ -d "$VARLIB" ] ; then - echo "Warning: You may want to remove monkeysphere's cached authentication data and keyrings in $VARLIB" - fi -;; -esac diff --git a/packaging/freebsd/pkg-descr b/packaging/freebsd/pkg-descr deleted file mode 100644 index 9adc44f..0000000 --- a/packaging/freebsd/pkg-descr +++ /dev/null @@ -1,7 +0,0 @@ -SSH key-based authentication is tried-and-true, but it lacks a true -Public Key Infrastructure for key certification, revocation and -expiration. Monkeysphere is a framework that uses the OpenPGP web of -trust for these PKI functions. It can be used in both directions: for -users to get validated host keys, and for hosts to authenticate users. - -WWW: http://web.monkeysphere.info/ diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install deleted file mode 100755 index 70d37b5..0000000 --- a/packaging/freebsd/pkg-install +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh - -# an installation script for monkeysphere (borrowing liberally from -# postgresql and mysql pkg-install scripts, and from monkeysphere's -# debian/monkeysphere.postinst) - -# Author: Daniel Kahn Gillmor -# Copyright 2008 - -# FIXME: is /var/lib/monkeysphere the right place for this stuff on -# FreeBSD? - -# PostgreSQL puts its data in /usr/local/pgsql/data - -# MySQL puts its data in /var/db/mysql - -VARLIB="/var/monkeysphere" -ETCDIR="/usr/local/etc/monkeysphere" - -case $2 in -POST-INSTALL) - USER=monkeysphere - GROUP=${USER} - UID=641 - GID=${UID} - SHELL=/usr/local/bin/bash - - if pw group show "${GROUP}" >/dev/null 2>&1; then - echo "You already have a group \"${GROUP}\", so I will use it." - else - if pw groupadd ${GROUP} -g ${GID}; then - echo "Added group \"${GROUP}\"." - else - echo "Adding group \"${GROUP}\" failed..." - exit 1 - fi - fi - - if pw user show "${USER}" >/dev/null 2>&1; then - oldshell=`pw user show "${USER}" 2>/dev/null | cut -f10 -d:` - if [ x"$oldshell" != x"$SHELL" ]; then - echo "You already have a \"${USER}\" user, but its shell is '$oldshell'." - echo "This package requires that \"${USER}\"'s shell be '$SHELL'." - echo "You should fix this by hand and then re-install the package." - echo " hint: pw usermod '$USER' -s '$SHELL'" - exit 1 - fi - echo "You already have a user \"${USER}\" with the proper shell, so I will use it." - else - if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ - -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,," - then - echo "Added user \"${USER}\"." - else - echo "Adding user \"${USER}\" failed..." - exit 1 - fi - fi - - ## set up the cache directories, and link them to the config files: - - install -d -o root -g monkeysphere -m 750 "$VARLIB"/gnupg-host - ln -sf "$ETCDIR"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf - - install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication - ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf - - install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys - - monkeysphere-server diagnostics - ;; -esac diff --git a/packaging/freebsd/pkg-plist b/packaging/freebsd/pkg-plist deleted file mode 100644 index 04a704a..0000000 --- a/packaging/freebsd/pkg-plist +++ /dev/null @@ -1,18 +0,0 @@ -sbin/monkeysphere-server -share/doc/monkeysphere/TODO -share/doc/monkeysphere/MonkeySpec -share/doc/monkeysphere/getting-started-user.mdwn -share/doc/monkeysphere/getting-started-admin.mdwn -bin/openpgp2ssh -bin/monkeysphere-ssh-proxycommand -bin/monkeysphere -share/monkeysphere/common -@unexec if cmp -s %D/etc/monkeysphere/monkeysphere.conf.sample %D/etc/monkeysphere/monkeysphere.conf; then rm -f %D/etc/monkeysphere/monkeysphere.conf; fi -etc/monkeysphere/monkeysphere.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/monkeysphere.conf ] ; then cp -p %D/%F %B/monkeysphere.conf; fi -@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi -etc/monkeysphere/monkeysphere-server.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi -@dirrm share/doc/monkeysphere -@dirrm share/monkeysphere -@dirrm etc/monkeysphere diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile new file mode 100644 index 0000000..984bc87 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/Makefile @@ -0,0 +1,56 @@ +# New ports collection makefile for: monkeysphere +# Date created: 2008-09-11 23:38:27-0400 +# Whom: Daniel Kahn Gillmor +# +# $FreeBSD$ +# + +PORTNAME= monkeysphere +PORTVERSION= 0.19 +CATEGORIES= security +MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ +# hack for debian orig tarballs +DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz + +MAINTAINER= dkg@fifthhorseman.net +COMMENT= use the OpenPGP web of trust to verify ssh connections + +LIB_DEPENDS= gnutls.26:${PORTSDIR}/security/gnutls +RUN_DEPENDS= base64:${PORTSDIR}/converters/base64 \ + gpg:${PORTSDIR}/security/gnupg1 \ + lockfile:${PORTSDIR}/mail/procmail \ + /usr/local/bin/getopt:${PORTSDIR}/misc/getopt \ + bash:${PORTSDIR}/shells/bash + +MAN1= monkeysphere.1 openpgp2ssh.1 monkeysphere-ssh-proxycommand.1 +MAN7= monkeysphere.7 +MAN8= monkeysphere-server.8 +MANCOMPRESSED= yes + +MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample + +# get rid of cruft after the patching: +post-patch: + find . -iname '*.orig' -delete + +post-install: + @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-host.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-host.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-host.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ; \ + fi +.if !defined(PACKAGE_BUILDING) + @${SETENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL +.endif + +post-deinstall: + @${SETENV} ${SH} ${PKGDEINSTALL} ${PKGNAME} POST-DEINSTALL + +.include diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo new file mode 100644 index 0000000..86aecd1 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/distinfo @@ -0,0 +1,3 @@ +MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e +SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522 +SIZE (monkeysphere_0.19.orig.tar.gz) = 68335 diff --git a/packaging/freebsd/security/monkeysphere/files/patch-etclocation b/packaging/freebsd/security/monkeysphere/files/patch-etclocation new file mode 100644 index 0000000..2ab3ac0 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-etclocation @@ -0,0 +1,54 @@ +diff --git etc/monkeysphere-server.conf etc/monkeysphere-server.conf +index c001f2d..d33fd36 100644 +--- etc/monkeysphere-server.conf ++++ etc/monkeysphere-server.conf +@@ -17,7 +17,7 @@ + # authorized_keys file. '%h' will be replaced by the home directory + # of the user, and %u will be replaced by the username of the user. + # For purely admin-controlled authorized_user_ids, you might put them +-# in /etc/monkeysphere/authorized_user_ids/%u, for instance. ++# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance. + #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" + + # Whether to add user controlled authorized_keys file to +diff --git man/man1/monkeysphere.1 man/man1/monkeysphere.1 +index 3ece735..09320d2 100644 +--- man/man1/monkeysphere.1 ++++ man/man1/monkeysphere.1 +@@ -111,7 +111,7 @@ Path to ssh authorized_keys file (~/.ssh/authorized_keys). + ~/.monkeysphere/monkeysphere.conf + User monkeysphere config file. + .TP +-/etc/monkeysphere/monkeysphere.conf ++/usr/local/etc/monkeysphere/monkeysphere.conf + System-wide monkeysphere config file. + .TP + ~/.monkeysphere/authorized_user_ids +diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 +index f207e2c..360408e 100644 +--- man/man8/monkeysphere-server.8 ++++ man/man8/monkeysphere-server.8 +@@ -203,10 +203,10 @@ User to control authentication keychain (monkeysphere). + .SH FILES + + .TP +-/etc/monkeysphere/monkeysphere-server.conf ++/usr/local/etc/monkeysphere/monkeysphere-server.conf + System monkeysphere-server config file. + .TP +-/etc/monkeysphere/monkeysphere.conf ++/usr/local/etc/monkeysphere/monkeysphere.conf + System-wide monkeysphere config file. + .TP + /var/lib/monkeysphere/authorized_keys/USER +--- src/common.orig 2008-10-12 14:58:00.000000000 -0400 ++++ src/common 2008-10-25 17:40:34.000000000 -0400 +@@ -16,7 +16,7 @@ + ### COMMON VARIABLES + + # managed directories +-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} ++SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/usr/local/etc/monkeysphere"} + export SYSCONFIGDIR + + ######################################################################## diff --git a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation new file mode 100644 index 0000000..99c9604 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation @@ -0,0 +1,22 @@ +--- src/monkeysphere.orig 2008-10-12 14:58:00.000000000 -0400 ++++ src/monkeysphere 2008-10-25 17:41:41.000000000 -0400 +@@ -13,7 +13,7 @@ + ######################################################################## + PGRM=$(basename $0) + +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + +--- src/monkeysphere-server.orig 2008-10-25 14:17:50.000000000 -0400 ++++ src/monkeysphere-server 2008-10-25 17:42:50.000000000 -0400 +@@ -13,7 +13,7 @@ + ######################################################################## + PGRM=$(basename $0) + +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + diff --git a/packaging/freebsd/security/monkeysphere/files/patch-varlocation b/packaging/freebsd/security/monkeysphere/files/patch-varlocation new file mode 100644 index 0000000..c4d8dcd --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-varlocation @@ -0,0 +1,90 @@ +diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 +index f207e2c..29c7b6a 100644 +--- man/man8/monkeysphere-server.8 ++++ man/man8/monkeysphere-server.8 +@@ -128,7 +128,7 @@ command to push the key to a keyserver. You must also modify the + sshd_config on the server to tell sshd where the new server host key + is located: + +-HostKey /var/lib/monkeysphere/ssh_host_rsa_key ++HostKey /var/monkeysphere/ssh_host_rsa_key + + In order for users logging into the system to be able to verify the + host via the monkeysphere, at least one person (e.g. a server admin) +@@ -170,7 +170,7 @@ users. You must also tell sshd to look at the monkeysphere-generated + authorized_keys file for user authentication by setting the following + in the sshd_config: + +-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u ++AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u + + It is recommended to add "monkeysphere-server update-users" to a + system crontab, so that user keys are kept up-to-date, and key +@@ -209,17 +209,17 @@ System monkeysphere-server config file. + /etc/monkeysphere/monkeysphere.conf + System-wide monkeysphere config file. + .TP +-/var/lib/monkeysphere/authorized_keys/USER ++/var/monkeysphere/authorized_keys/USER + Monkeysphere-generated user authorized_keys files. + .TP +-/var/lib/monkeysphere/ssh_host_rsa_key ++/var/monkeysphere/ssh_host_rsa_key + Copy of the host's private key in ssh format, suitable for use by + sshd. + .TP +-/var/lib/monkeysphere/gnupg-host ++/var/monkeysphere/gnupg-host + Monkeysphere host GNUPG home directory. + .TP +-/var/lib/monkeysphere/gnupg-authentication ++/var/monkeysphere/gnupg-authentication + Monkeysphere authentication GNUPG home directory. + + .SH AUTHOR +diff --git doc/getting-started-admin.mdwn doc/getting-started-admin.mdwn +index 6c8ad53..67fdda1 100644 +--- doc/getting-started-admin.mdwn ++++ doc/getting-started-admin.mdwn +@@ -30,7 +30,7 @@ To use the newly-generated host key for ssh connections, put the + following line in `/etc/ssh/sshd_config` (be sure to remove references + to any other keys): + +- HostKey /var/lib/monkeysphere/ssh_host_rsa_key ++ HostKey /var/monkeysphere/ssh_host_rsa_key + + FIXME: should we just suggest symlinks in the filesystem here instead? + +@@ -40,7 +40,7 @@ To enable users to use the monkeysphere to authenticate using the + OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again, + making sure that no other AuthorizedKeysFile directive exists): + +- AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u ++ AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u + + And then read the section below about how to ensure these files are + maintained. You'll need to restart `sshd` to have your changes take +--- src/monkeysphere-server.orig 2008-10-25 18:01:19.000000000 -0400 ++++ src/monkeysphere-server 2008-10-25 18:01:24.000000000 -0400 +@@ -17,7 +17,7 @@ + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + +-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} ++SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/monkeysphere"} + export SYSDATADIR + + # UTC date in ISO 8601 format if needed +--- etc/gnupg-authentication.conf.orig 2008-10-25 18:02:58.000000000 -0400 ++++ etc/gnupg-authentication.conf 2008-10-25 18:03:04.000000000 -0400 +@@ -4,8 +4,8 @@ + # It is highly recommended that you + # DO NOT MODIFY + # these variables. +-primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg +-keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg ++primary-keyring /var/monkeysphere/gnupg-authentication/pubring.gpg ++keyring /var/monkeysphere/gnupg-host/pubring.gpg + + # PGP keyserver to use for PGP queries. + keyserver hkp://pgp.mit.edu diff --git a/packaging/freebsd/security/monkeysphere/pkg-deinstall b/packaging/freebsd/security/monkeysphere/pkg-deinstall new file mode 100755 index 0000000..3000878 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-deinstall @@ -0,0 +1,29 @@ +#!/bin/sh + +# a package removal script for monkeysphere (borrowing from +# monkeysphere's debian/monkeysphere.postrm) + +# Author: Daniel Kahn Gillmor +# Copyright 2008 + +# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FreeBSD? +VARLIB="/var/monkeysphere" + + +case $2 in +POST-DEINSTALL) + USER=monkeysphere +# FIXME: This doesn't do anything! Under what circumstances do we +# want to actually automatically purge all of /var/monkeysphere? + +# (note: FreeBSD does not seem to want the package-specific user to be +# purged at package removal) + if pw user show "${USER}" 2>/dev/null >/dev/null; then + echo "Warning: If you will *NOT* use this package anymore, please remove the monkeysphere user manually." + fi + if [ -d "$VARLIB" ] ; then + echo "Warning: You may want to remove monkeysphere's cached authentication data and keyrings in $VARLIB" + fi +;; +esac diff --git a/packaging/freebsd/security/monkeysphere/pkg-descr b/packaging/freebsd/security/monkeysphere/pkg-descr new file mode 100644 index 0000000..9adc44f --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-descr @@ -0,0 +1,7 @@ +SSH key-based authentication is tried-and-true, but it lacks a true +Public Key Infrastructure for key certification, revocation and +expiration. Monkeysphere is a framework that uses the OpenPGP web of +trust for these PKI functions. It can be used in both directions: for +users to get validated host keys, and for hosts to authenticate users. + +WWW: http://web.monkeysphere.info/ diff --git a/packaging/freebsd/security/monkeysphere/pkg-install b/packaging/freebsd/security/monkeysphere/pkg-install new file mode 100755 index 0000000..70d37b5 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-install @@ -0,0 +1,72 @@ +#!/bin/sh + +# an installation script for monkeysphere (borrowing liberally from +# postgresql and mysql pkg-install scripts, and from monkeysphere's +# debian/monkeysphere.postinst) + +# Author: Daniel Kahn Gillmor +# Copyright 2008 + +# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FreeBSD? + +# PostgreSQL puts its data in /usr/local/pgsql/data + +# MySQL puts its data in /var/db/mysql + +VARLIB="/var/monkeysphere" +ETCDIR="/usr/local/etc/monkeysphere" + +case $2 in +POST-INSTALL) + USER=monkeysphere + GROUP=${USER} + UID=641 + GID=${UID} + SHELL=/usr/local/bin/bash + + if pw group show "${GROUP}" >/dev/null 2>&1; then + echo "You already have a group \"${GROUP}\", so I will use it." + else + if pw groupadd ${GROUP} -g ${GID}; then + echo "Added group \"${GROUP}\"." + else + echo "Adding group \"${GROUP}\" failed..." + exit 1 + fi + fi + + if pw user show "${USER}" >/dev/null 2>&1; then + oldshell=`pw user show "${USER}" 2>/dev/null | cut -f10 -d:` + if [ x"$oldshell" != x"$SHELL" ]; then + echo "You already have a \"${USER}\" user, but its shell is '$oldshell'." + echo "This package requires that \"${USER}\"'s shell be '$SHELL'." + echo "You should fix this by hand and then re-install the package." + echo " hint: pw usermod '$USER' -s '$SHELL'" + exit 1 + fi + echo "You already have a user \"${USER}\" with the proper shell, so I will use it." + else + if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ + -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,," + then + echo "Added user \"${USER}\"." + else + echo "Adding user \"${USER}\" failed..." + exit 1 + fi + fi + + ## set up the cache directories, and link them to the config files: + + install -d -o root -g monkeysphere -m 750 "$VARLIB"/gnupg-host + ln -sf "$ETCDIR"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf + + install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication + ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf + + install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys + + monkeysphere-server diagnostics + ;; +esac diff --git a/packaging/freebsd/security/monkeysphere/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist new file mode 100644 index 0000000..04a704a --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-plist @@ -0,0 +1,18 @@ +sbin/monkeysphere-server +share/doc/monkeysphere/TODO +share/doc/monkeysphere/MonkeySpec +share/doc/monkeysphere/getting-started-user.mdwn +share/doc/monkeysphere/getting-started-admin.mdwn +bin/openpgp2ssh +bin/monkeysphere-ssh-proxycommand +bin/monkeysphere +share/monkeysphere/common +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere.conf.sample %D/etc/monkeysphere/monkeysphere.conf; then rm -f %D/etc/monkeysphere/monkeysphere.conf; fi +etc/monkeysphere/monkeysphere.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere.conf ] ; then cp -p %D/%F %B/monkeysphere.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi +etc/monkeysphere/monkeysphere-server.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi +@dirrm share/doc/monkeysphere +@dirrm share/monkeysphere +@dirrm etc/monkeysphere -- cgit v1.2.3 From b57e121a2e1ec7a315c4ba456fafea8c6f9ed33a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 17:27:10 -0400 Subject: make build-freebsd-distinfo match the changed location of the packaging. --- utils/build-freebsd-distinfo | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/build-freebsd-distinfo b/utils/build-freebsd-distinfo index 5d4a2e8..a333ba7 100755 --- a/utils/build-freebsd-distinfo +++ b/utils/build-freebsd-distinfo @@ -6,6 +6,6 @@ VERSION=`head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` echo "MD5 (monkeysphere_${VERSION}.orig.tar.gz) =" $(md5sum "monkeysphere_${VERSION}.orig.tar.gz" | cut -f1 -d\ ) echo "SHA256 (monkeysphere_${VERSION}.orig.tar.gz) =" $(sha256sum "monkeysphere_${VERSION}.orig.tar.gz" | cut -f1 -d\ ) echo "SIZE (monkeysphere_${VERSION}.orig.tar.gz) =" $(stat -c %s "monkeysphere_${VERSION}.orig.tar.gz") -} > packaging/freebsd/distinfo +} > packaging/freebsd/security/monkeysphere/distinfo -sed -i~ 's/^PORTVERSION=.*$/PORTVERSION= '"${VERSION}"/ packaging/freebsd/Makefile +sed -i~ 's/^PORTVERSION=.*$/PORTVERSION= '"${VERSION}"/ packaging/freebsd/security/monkeysphere/Makefile -- cgit v1.2.3 From 7555df09b96f9ab87305a70abb4e077d9254082f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 17:50:34 -0400 Subject: store gnutls patch for fully-enabling the monkeysphere on FreeBSD 7.1, which ships with GnuTLS 2.4.1 --- ...patch-lib__opencdk__opencdk__use-GNU-dummy.diff | 144 +++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff diff --git a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff new file mode 100644 index 0000000..2450bc3 --- /dev/null +++ b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff @@ -0,0 +1,144 @@ +--- ./lib/opencdk/opencdk.h.orig 2008-06-30 16:45:51.000000000 -0400 ++++ ./lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400 +@@ -214,7 +214,11 @@ + enum cdk_s2k_type_t { + CDK_S2K_SIMPLE = 0, + CDK_S2K_SALTED = 1, +- CDK_S2K_ITERSALTED = 3 ++ CDK_S2K_ITERSALTED = 3, ++ CDK_S2K_GNU_EXT = 101 ++ /* GNU S2K extensions: refer to DETAILS from GnuPG: ++ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG ++ */ + }; + + +--- ./lib/opencdk/read-packet.c.orig 2008-06-30 16:45:51.000000000 -0400 ++++ ./lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400 +@@ -78,10 +78,35 @@ + } + + +-static int ++/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */ ++static cdk_error_t + read_s2k (cdk_stream_t inp, cdk_s2k_t s2k) + { +- return CDK_Not_Implemented; ++ size_t nread; ++ ++ s2k->mode = cdk_stream_getc (inp); ++ s2k->hash_algo = cdk_stream_getc (inp); ++ if (s2k->mode == CDK_S2K_SIMPLE) ++ return 0; ++ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) ++ { ++ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) ++ return CDK_Inv_Packet; ++ if (nread != DIM (s2k->salt)) ++ return CDK_Inv_Packet; ++ ++ if (s2k->mode == CDK_S2K_ITERSALTED) ++ s2k->count = cdk_stream_getc (inp); ++ } ++ else if (s2k->mode == CDK_S2K_GNU_EXT) ++ { ++ /* GNU extensions to the S2K : read DETAILS from gnupg */ ++ return 0; ++ } ++ else ++ return CDK_Not_Implemented; ++ ++ return 0; + } + + +@@ -194,6 +219,7 @@ + static cdk_error_t + read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske) + { ++ cdk_error_t ret; + cdk_s2k_t s2k; + size_t minlen; + size_t nread, nleft; +@@ -213,7 +239,9 @@ + return CDK_Out_Of_Core; + + ske->cipher_algo = cdk_stream_getc (inp); +- s2k->mode = cdk_stream_getc (inp); ++ ret = read_s2k(inp, s2k); ++ if (ret != 0) ++ return ret; + switch (s2k->mode) + { + case CDK_S2K_SIMPLE : minlen = 0; break; +@@ -225,18 +253,6 @@ + return CDK_Inv_Packet; + } + +- s2k->hash_algo = cdk_stream_getc (inp); +- if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) +- { +- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) +- return CDK_Inv_Packet; +- if (nread != DIM (s2k->salt)) +- return CDK_Inv_Packet; +- +- if (s2k->mode == CDK_S2K_ITERSALTED) +- s2k->count = cdk_stream_getc (inp); +- } +- + ske->seskeylen = pktlen - 4 - minlen; + /* We check if there is an encrypted session key and if it fits into + the buffer. The maximal key length is 256-bit. */ +@@ -421,14 +437,19 @@ + rc = read_s2k (inp, sk->protect.s2k); + if (rc) + return rc; +- sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); +- if (!sk->protect.ivlen) +- return CDK_Inv_Packet; +- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); +- if (rc) +- return rc; +- if (nread != sk->protect.ivlen) +- return CDK_Inv_Packet; ++ /* refer to --export-secret-subkeys in gpg(1) */ ++ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) ++ sk->protect.ivlen = 0; ++ else { ++ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); ++ if (!sk->protect.ivlen) ++ return CDK_Inv_Packet; ++ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); ++ if (rc) ++ return rc; ++ if (nread != sk->protect.ivlen) ++ return CDK_Inv_Packet; ++ } + } + else + sk->protect.algo = sk->s2k_usage; +@@ -476,6 +497,22 @@ + return CDK_Out_Of_Core; + if (stream_read (inp, sk->encdata, sk->enclen, &nread)) + return CDK_Inv_Packet; ++ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */ ++ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) { ++ unsigned char gnumode; ++ if ((sk->enclen < strlen("GNU") + 1) || ++ (0 != memcmp("GNU", sk->encdata, strlen("GNU")))) ++ return CDK_Inv_Packet; ++ gnumode = sk->encdata[strlen("GNU")]; ++ /* we only handle gnu-dummy (mode 1). ++ mode 2 should refer to external smart cards. ++ */ ++ if (gnumode != 1) ++ return CDK_Inv_Packet; ++ /* gnu-dummy should have no more data */ ++ if (sk->enclen != strlen("GNU") + 1) ++ return CDK_Inv_Packet; ++ } + nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); + if (!nskey) + return CDK_Inv_Algo; -- cgit v1.2.3 From dbd07cf1282c4831f605924e9b13d34278db7f86 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 30 Oct 2008 18:04:43 -0400 Subject: announce FreeBSD port! --- website/news/FreeBSD-port-available.mdwn | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 website/news/FreeBSD-port-available.mdwn diff --git a/website/news/FreeBSD-port-available.mdwn b/website/news/FreeBSD-port-available.mdwn new file mode 100644 index 0000000..a03af4e --- /dev/null +++ b/website/news/FreeBSD-port-available.mdwn @@ -0,0 +1,31 @@ +[[meta title="FreeBSD port available"]] + +There is now a FreeBSD port available for the Monkeysphere. + +It has been built and tested (so far) on a FreeBSD 7.1 AMD64 system, +installed from the [BETA2 +ISOs](ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/7.1/). Many +thanks to [Anarcat](http://anarcat.ath.cx/pgp) for his work in pulling +this port together! + +While the monkeysphere is not officially included in the ports tree +yet, [a problem +report](http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/128406) has +been submitted, and the package itself is functional. + +The latest version of the ports directory can be found in [the git +repository](/community) under +`packaging/freebsd/security/monkeysphere`. Please [let us +know](/community) if you encounter any problems with it on a FreeBSD +system. + +If you have git installed on your FreeBSD system, you should be able +to build the latest port with: + + git clone git://git.monkeysphere.info/monkeysphere + cp -a monkeysphere/packaging/freebsd/security/monkeysphere /usr/ports/security + cd /usr/ports/security/monkeysphere + make && make install + +Happy Hacking! + -- cgit v1.2.3