From 6576cb269138c36728bb75d3b7242e34aee8a07d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 18:20:40 -0400 Subject: re-wording intro paragraphs, to make them shorter and sweeter. --- website/index.mdwn | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/website/index.mdwn b/website/index.mdwn index 5b757fa..81da609 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,15 +1,17 @@ [[!template id="nav"]] -The Monkeysphere project's goal is to extend the web of trust model -and other features of OpenPGP to other areas of the Internet to help -us securely identify each other while we work online. - -Specifically, monkeysphere is a framework to leverage the OpenPGP web -of trust for OpenSSH authentication. In other words, it allows you to -use your OpenPGP keys when using secure shell to both identify -yourself and the servers you administer or connect to. OpenPGP keys -are tracked via GnuPG, and managed in the `known_hosts` and -`authorized_keys` files used by OpenSSH for connection authentication. +The Monkeysphere project's goal is to extend OpenPGP's web of trust to +many areas of the Internet to help us securely identify each other +while we work online. + +Specifically, monkeysphere currently offers a framework to leverage +the OpenPGP web of trust for OpenSSH authentication. + +In other words, it allows you to use your OpenPGP keys when using +secure shell to both identify yourself and the servers you administer +or connect to. OpenPGP keys are tracked via GnuPG, and managed in the +`known_hosts` and `authorized_keys` files used by OpenSSH for +connection authentication. ## Conceptual overview ## -- cgit v1.2.3 From c09ac0eb561a67c152c63c7de635040713e13b09 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 2 Sep 2008 15:39:34 -0700 Subject: created new VERBOSE log level, and moved most INFO stuff to that level. --- src/common | 24 ++++++++++++------------ src/monkeysphere | 4 ++-- src/monkeysphere-server | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/common b/src/common index 3b3b7a5..c70ba64 100644 --- a/src/common +++ b/src/common @@ -42,7 +42,7 @@ log() { # list in decreasing verbosity (all caps). # separate with $IFS explicitly, since we do some fancy footwork # elsewhere. - alllevels="DEBUG${IFS}INFO${IFS}ERROR" + alllevels="DEBUG${IFS}VERBOSE${IFS}INFO${IFS}ERROR" # translate lowers to uppers in global log level LOG_LEVEL=$(echo "$LOG_LEVEL" | tr "[:lower:]" "[:upper:]") @@ -413,7 +413,7 @@ gpg_fetch_userid() { userID="$1" - log info " checking keyserver $KEYSERVER... " + log verbose " checking keyserver $KEYSERVER... " echo 1,2,3,4,5 | \ gpg --quiet --batch --with-colons \ --command-fd 0 --keyserver "$KEYSERVER" \ @@ -485,7 +485,7 @@ process_user_id() { # if the gpg query return code is not 0, return 1 if [ "$?" -ne 0 ] ; then - log info " no primary keys found." + log verbose " no primary keys found." return 1 fi @@ -502,7 +502,7 @@ process_user_id() { lastKeyOK= fingerprint= - log info " primary key found: $keyid" + log verbose " primary key found: $keyid" # if overall key is not valid, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then @@ -551,7 +551,7 @@ process_user_id() { # output a line for the primary key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log info " * acceptable primary key." + log verbose " * acceptable primary key." if [ -z "$sshKey" ] ; then log error " ! primary key could not be translated (not RSA or DSA?)." else @@ -607,7 +607,7 @@ process_user_id() { # output a line for the sub key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log info " * acceptable sub key." + log verbose " * acceptable sub key." if [ -z "$sshKey" ] ; then log error " ! sub key could not be translated (not RSA or DSA?)." else @@ -642,7 +642,7 @@ process_host_known_hosts() { host="$1" userID="ssh://${host}" - log info "processing: $host" + log verbose "processing: $host" nKeys=0 nKeysOK=0 @@ -743,7 +743,7 @@ update_known_hosts() { # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then - log info "known_hosts file updated." + log verbose "known_hosts file updated." fi # if an acceptable host was found, return 0 @@ -766,7 +766,7 @@ update_known_hosts() { process_known_hosts() { local hosts - log info "processing known_hosts file..." + log verbose "processing known_hosts file..." hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') @@ -791,7 +791,7 @@ process_uid_authorized_keys() { userID="$1" - log info "processing: $userID" + log verbose "processing: $userID" nKeys=0 nKeysOK=0 @@ -886,7 +886,7 @@ update_authorized_keys() { # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then - log info "authorized_keys file updated." + log verbose "authorized_keys file updated." fi # if an acceptable id was found, return 0 @@ -913,7 +913,7 @@ process_authorized_user_ids() { authorizedUserIDs="$1" - log info "processing authorized_user_ids file..." + log verbose "processing authorized_user_ids file..." if ! meat "$authorizedUserIDs" > /dev/null ; then log error "no user IDs to process." diff --git a/src/monkeysphere b/src/monkeysphere index b0003fc..92beafd 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -146,7 +146,7 @@ save EOF ) - log info "generating subkey..." + log verbose "generating subkey..." fifoDir=$(mktemp -d) (umask 077 && mkfifo "$fifoDir/pass") echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & @@ -155,7 +155,7 @@ EOF rm -rf "$fifoDir" wait - log info "done." + log verbose "done." } function subkey_to_ssh_agent() { diff --git a/src/monkeysphere-server b/src/monkeysphere-server index ad94786..084e0d5 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -157,7 +157,7 @@ update_users() { for uname in $unames ; do # check all specified users exist if ! getent passwd "$uname" >/dev/null ; then - log info "----- unknown user '$uname' -----" + log verbose "----- unknown user '$uname' -----" continue fi @@ -173,17 +173,17 @@ update_users() { fi fi - log info "----- user: $uname -----" + log verbose "----- user: $uname -----" # exit if the authorized_user_ids file is empty if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then - log error "Improper permissions on authorized_user_ids file path." + log error "Improper permissions on path '$AUTHORIZED_USER_IDS'." continue fi # check permissions on the authorized_keys file path if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then - log error "Improper permissions on authorized_keys file path path." + log error "Improper permissions on path '$RAW_AUTHORIZED_KEYS'." continue fi @@ -227,7 +227,7 @@ update_users() { # add user-controlled authorized_keys file path if specified if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then - log info "adding raw authorized_keys file... " + log verbose "adding raw authorized_keys file... " cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" fi @@ -346,7 +346,7 @@ EOF EOF ) - log info "generating server key..." + log verbose "generating server key..." echo "$keyParameters" | gpg_host --batch --gen-key # output the server fingerprint @@ -356,7 +356,7 @@ EOF fingerprint=$(fingerprint_server_key) # export host ownertrust to authentication keyring - log info "setting ultimate owner trust for server key..." + log verbose "setting ultimate owner trust for server key..." echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" # translate the private key to ssh format, and export to a file -- cgit v1.2.3 From 5475afc7f89d75e9b17394f1dec530acfed29bcc Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 18:41:29 -0400 Subject: comment on passphrase-less key bug. --- .../bugs/handle-passphrase-locked-secret-keys.mdwn | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn index bc2a64c..f66bd41 100644 --- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn +++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn @@ -1,4 +1,4 @@ -[[meta title="MonkeySphere needs to be able to cleanly export passphrase-locked secret keys from the GPG keyring"]] +[[meta title="MonkeySphere can't deal with passphrase-locked primary keys]] At the moment, the only tool we have to export passphrase-locked secret keys from the GPG keyring is `gpg` itself (and `gpg2`, which @@ -100,6 +100,18 @@ Other alternatives? Can this bug be closed? dkg [reported in a comment for a related bug](/bugs/install-seckey2sshagent-in-usr-bin/): - Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent - subcommand, which works cleanly in the presence of a - functionally-patched GnuTLS. + Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent + subcommand, which works cleanly in the presence of a + functionally-patched GnuTLS. + +-------- + +Even with the patched GnuTLS, monkeysphere currently can't currently +deal with passphrase-locked primary keys. I've changed the title of +this bug, but i'd like to keep it open until we are able to deal with +that. The other comments here seem still quite relevant to that +need. + +I've changed the title of this bug to reflect the narrowed scope. + + --dkg -- cgit v1.2.3 From dafe14353c11938dd6a7f0fc33cfe150dd8157d9 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 18:46:36 -0400 Subject: closing test server request, since no one has stepped up to volunteer to maintain account generation, etc. --- website/bugs/setup-test-server-for-public.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/website/bugs/setup-test-server-for-public.mdwn b/website/bugs/setup-test-server-for-public.mdwn index c926dc6..4c76be1 100644 --- a/website/bugs/setup-test-server-for-public.mdwn +++ b/website/bugs/setup-test-server-for-public.mdwn @@ -75,3 +75,10 @@ and I'm not really willing to maintain it myself, but if someone else wants to handle that, that would be fine with me. -- jgr + +--- + +i'm not really willing to maintain anything extra either, so i'm +[closing this ticket as completed](/bugs/done). + +--dkg -- cgit v1.2.3 From 451f5499c39a406fbd12871bc46d692d528d3e5f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 18:49:53 -0400 Subject: monkeysphere-server update-users on a bad name should warrant an error. --- src/monkeysphere-server | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 084e0d5..4c7df19 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -157,7 +157,7 @@ update_users() { for uname in $unames ; do # check all specified users exist if ! getent passwd "$uname" >/dev/null ; then - log verbose "----- unknown user '$uname' -----" + log error "----- unknown user '$uname' -----" continue fi -- cgit v1.2.3 From e987c4c4cd94fea8b44b39f800ecd2a94712f7d0 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 18:51:49 -0400 Subject: fixing typo --- website/bugs/handle-passphrase-locked-secret-keys.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn index f66bd41..b58650e 100644 --- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn +++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn @@ -1,4 +1,4 @@ -[[meta title="MonkeySphere can't deal with passphrase-locked primary keys]] +[[meta title="MonkeySphere can't deal with passphrase-locked primary keys"]] At the moment, the only tool we have to export passphrase-locked secret keys from the GPG keyring is `gpg` itself (and `gpg2`, which -- cgit v1.2.3 From 5863b0ab999a356b149edd57e80283c79b8e53d6 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 18:53:27 -0400 Subject: fixing broken link syntax --- website/bugs/setup-test-server-for-public.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/bugs/setup-test-server-for-public.mdwn b/website/bugs/setup-test-server-for-public.mdwn index 4c76be1..5b05759 100644 --- a/website/bugs/setup-test-server-for-public.mdwn +++ b/website/bugs/setup-test-server-for-public.mdwn @@ -79,6 +79,6 @@ wants to handle that, that would be fine with me. --- i'm not really willing to maintain anything extra either, so i'm -[closing this ticket as completed](/bugs/done). +closing this ticket as [[bugs/done]]. --dkg -- cgit v1.2.3 From 19a3c7a4398b9dc38cdadc929466384d476e4e1f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:00:12 -0400 Subject: update documentation. --- debian/changelog | 2 +- man/man1/monkeysphere-ssh-proxycommand.1 | 5 ----- man/man1/monkeysphere.1 | 4 ++-- man/man8/monkeysphere-server.8 | 4 ++-- 4 files changed, 5 insertions(+), 10 deletions(-) diff --git a/debian/changelog b/debian/changelog index 1cc1dd8..92c56ea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,7 +4,7 @@ monkeysphere (0.12-1) UNRELEASED; urgency=low * debian/control: switched Homepage: and Vcs-Git: to canonicalized upstream hostnames. - -- Jameson Graef Rollins Mon, 01 Sep 2008 23:55:56 -0700 + -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 monkeysphere (0.11-1) experimental; urgency=low diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index c3c7993..9aad232 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -54,11 +54,6 @@ will be properly checked. All environment variables defined in monkeysphere(1) can also be used for the proxy command, with one note: -.TP -MONKEYSPHERE_LOG_LEVEL -Set the log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing -order of verbosity. - .TP MONKEYSPHERE_CHECK_KEYSERVER Setting this variable (to `true' or `false') will override the policy diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 26327f4..5ed2153 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -84,8 +84,8 @@ The following environment variables will override those specified in the monkeysphere.conf configuration file (defaults in parentheses): .TP MONKEYSPHERE_LOG_LEVEL -Set the log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing -order of verbosity. +Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in +increasing order of verbosity. .TP MONKEYSPHERE_GNUPGHOME, GNUPGHOME GnuPG home directory (~/.gnupg). diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index b63f659..4848625 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -183,8 +183,8 @@ the monkeysphere-server.conf configuration file (defaults in parentheses): .TP MONKEYSPHERE_LOG_LEVEL -Set the log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing -order of verbosity. +Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in +increasing order of verbosity. .TP MONKEYSPHERE_KEYSERVER OpenPGP keyserver to use (subkeys.pgp.net). -- cgit v1.2.3 From e883a0593667b94cabdbb12773f5c52b46c3aeba Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:02:55 -0400 Subject: checking a keyserver should warn at level INFO, since it is a potential information leak. --- debian/changelog | 4 ++++ src/common | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 92c56ea..efb4a9c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,12 @@ monkeysphere (0.12-1) UNRELEASED; urgency=low + [ Jameson Graef Rollins ] * Improved output handling. New LOG_LEVEL variable. + + [ Daniel Kahn Gillmor ] * debian/control: switched Homepage: and Vcs-Git: to canonicalized upstream hostnames. + * updated documentation for new release. -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 diff --git a/src/common b/src/common index c70ba64..7768335 100644 --- a/src/common +++ b/src/common @@ -413,7 +413,7 @@ gpg_fetch_userid() { userID="$1" - log verbose " checking keyserver $KEYSERVER... " + log info " checking keyserver $KEYSERVER... " echo 1,2,3,4,5 | \ gpg --quiet --batch --with-colons \ --command-fd 0 --keyserver "$KEYSERVER" \ -- cgit v1.2.3 From aefec8e2f77cf0bba2ea971607c1882925a197e2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 2 Sep 2008 16:10:39 -0700 Subject: some cleanup to the proxycommand. --- src/monkeysphere-ssh-proxycommand | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index cc81020..c37d754 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -13,10 +13,6 @@ # established. Can be added to ~/.ssh/config as follows: # ProxyCommand monkeysphere-ssh-proxycommand %h %p -######################################################################## -SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"} -. "${SHARE}/common" || exit 1 - ######################################################################## usage() { @@ -38,8 +34,6 @@ fi HOST="$1" PORT="$2" -MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"} - if [ -z "$HOST" ] ; then echo "Host not specified." >&2 usage @@ -57,6 +51,12 @@ else fi URI="ssh://${HOSTP}" +# specify keyserver checking. the behavior of this proxy command is +# intentially different than that of running monkeyesphere normally, +# and keychecking is intentially done unders certain circumstances. +# This can be overridden by setting the MONKEYSPHERE_CHECK_KEYSERVER +# variable on the command line. + # if the host is in the gpg keyring... if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then # do not check the keyserver @@ -81,7 +81,7 @@ else CHECK_KEYSERVER="true" fi fi - +# set and export the variable for use by monkeysphere MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"} export MONKEYSPHERE_CHECK_KEYSERVER -- cgit v1.2.3 From 330858652a77a354ba8c3420f8c40bdb6818b295 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:17:41 -0400 Subject: trying to change the way docs are handled. --- debian/monkeysphere.docs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/monkeysphere.docs b/debian/monkeysphere.docs index 595e6c8..7aa920a 100644 --- a/debian/monkeysphere.docs +++ b/debian/monkeysphere.docs @@ -1,3 +1,3 @@ -doc/README -doc/README.admin +website/getting-started-user.mdwn README +website/getting-started-admin.mdwn README.admin doc/MonkeySpec -- cgit v1.2.3 From c6d49deb59c0d73a7fb459250aea974b0b01836f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:24:38 -0400 Subject: shipping getting-started docs directly; nevermind about calling them README. --- debian/monkeysphere.docs | 4 ++-- doc/README | 1 - doc/README.admin | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) delete mode 120000 doc/README delete mode 120000 doc/README.admin diff --git a/debian/monkeysphere.docs b/debian/monkeysphere.docs index 7aa920a..b677881 100644 --- a/debian/monkeysphere.docs +++ b/debian/monkeysphere.docs @@ -1,3 +1,3 @@ -website/getting-started-user.mdwn README -website/getting-started-admin.mdwn README.admin +website/getting-started-user.mdwn +website/getting-started-admin.mdwn doc/MonkeySpec diff --git a/doc/README b/doc/README deleted file mode 120000 index f6ea1dd..0000000 --- a/doc/README +++ /dev/null @@ -1 +0,0 @@ -../website/getting-started-user.mdwn \ No newline at end of file diff --git a/doc/README.admin b/doc/README.admin deleted file mode 120000 index dea47b6..0000000 --- a/doc/README.admin +++ /dev/null @@ -1 +0,0 @@ -../website/getting-started-admin.mdwn \ No newline at end of file -- cgit v1.2.3 From f7299a7f2111f1dfd2b1b277150a725d03ba4bcc Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:28:25 -0400 Subject: shipping getting-started docs in the release tarball; nevermind about calling them README. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index aaf9d65..1e0b649 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ keytrans: release: clean rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc - ln -s ../../doc/README ../../doc/README.admin ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc + ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../COPYING ../etc ../Makefile ../man ../src monkeysphere-$(MONKEYSPHERE_VERSION) tar -ch monkeysphere-$(MONKEYSPHERE_VERSION) | gzip -n > monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) -- cgit v1.2.3 From 4dfcb19ae2fed99d83e3e96a1a0aeafb7d06da61 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:36:18 -0400 Subject: stripped down, cleaned up MonkeySpec. --- doc/MonkeySpec | 154 ++++++++++++++------------------------------------------- 1 file changed, 37 insertions(+), 117 deletions(-) diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 54aaa72..66f44b0 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -1,59 +1,23 @@ THE MONKEYSPHERE ================ -AGENDA -====== -[x] clowning -[ ] work -[x] jrollins will talk and gesture - in progress - -MONKEYNAMES -=========== - -rhesus, marmoset, howler, langur, tamarin, barbary - -COMPONENTS -========== - -(names in "" are code names until we think of better ones.) - -common components ------------------ -* "rhesus": update known_hosts/authorized_keys files: - - be responsible for removing keys from the file as key revocation - happens - - be responsible for updating a key in the file where there is a key - replacement - - must result in a file that is parsable by the existing ssh client - without errors - - manual management must be allowed without stomping on it - - provide a simple, intelligible, clear policy for key acceptance - -* "langur": policy-editor for viewing/editing policies - -* gpg2ssh: utility to convert gpg keys to ssh - known_hosts/authorized_keys lines - -* ssh2gpg: create openpgp keypair from ssh keypair +Monkeysphere is authentication layer that allows the sysadmin to +perform authorization on OpenPGP user identities instead of on keys. +It also allows end users to authenticate/identify the ssh server they +are connecting to by checking the sysadmin's certification. -server-side components ----------------------- -* "howler": server gpg maintainer - - generate gpg keys for the server - - publish server gpg keys - - give owner trust to keys for user authentication +* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH +* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without + modifying the openpgp spec, gpg or openssh +* DESIGN GOALS - authentication, use the existing generic OpenSSH + client, the admin can make it default, although end-user should be + decide to use monkeysphere or not +* DESIGN GOAL - use of monkeysphere should not radically change + connecting-to-server experience -* "tamarin": concept - how to trigger or schedule rhesus at admin defined - points (e.g. via cron or during ssh connections). +Host identity piece of monkeysphere could be used without buying into +the user authentication component. -client-side components ----------------------- -* "marmoset": concept - how to trigger rhesus during attempt to initiate - connection to server - - runs on connection to a certain host - - triggers update to known_hosts file then makes connection - - proxy-command | pre-hook script | wrapper script - - (ssh_config "LocalCommand" is only run *after* connection) USE CASE ======== @@ -69,93 +33,49 @@ their personal gpg keys to the web of trust, and being good friends, have both signed each other's keys and marked each others keys with "full" ownertrust. -When Alice set up mangabey initially, she used howler to publish a gpg -key for the machine with the special userid of -"ssh://mangabey.example.org". She also signed mangabey's gpg key and -published this certification to commonly-used keyservers. Alice also -configured mangabey to treat her own key with full ownertrust (could -this be done as part of the howler invocation?) +When Alice set up mangabey initially, she published an OpenPGP key for +the machine with the special userid of "ssh://mangabey.example.org". +She also signed mangabey's OpenPGP key and published this +certification to commonly-used keyservers. Alice also configured +mangabey to treat her own key with full ownertrust, so that it knows +how to identify connecting users. Now, Alice creates a user account "bob" on mangabey, and puts Bob's userid ("Bob ") in the authorized_user_ids file for -user bob on mangabey. tamarin triggers on mangabey either by a -cronjob or an inotify hook, and invokes rhesus for the "bob" account. -rhesus automatically takes each userid in bob's authorized_user_ids -file, and looks on a keyserver to find all public keys associated with -that user ID, with the goal of populating the authorized_keys file for -bob@mangabey. +user bob on mangabey. The monkeysphere automatically (via cron or +inotify hook) takes each userid in bob's authorized_user_ids file, and +looks on a keyserver to find all public keys associated with that user +ID, with the goal of populating the authorized_keys file for +bob@mangabey. In particular: for each key found, the server evaluates the calculated validity of the specified user ID based on the ownertrust rules it has configured ("trust alice's certifications fully", in this example). For each key for which the user ID in question is fully-valid, it extracts all DSA- or RSA-based primary or secondary keys marked with -usage flags for encrypted communications and authentication, and -converts these gpg public keys into ssh public keys. Finally, rhesus -inserts these calculated public keys into the authorized_keys file for -bob. +the authentication usage flag, and converts these OpenPGP public keys +into ssh public keys. These keys are automatically placed into the +authorized_keys file for bob. Bob now attempts to connect, by firing up a terminal and invoking: "ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client notices that mangabey.example.org isn't already available in bob's -known_hosts file, and triggers rhesus (on Bob's computer) to fetch the -key for mangabey, with the goal of populating Bob's local known_hosts +known_hosts file, and fetches the host key for mangabey from the +public keyservers, with the goal of populating Bob's local known_hosts file. -In particular: rhesus queries its configured keyservers to find all -public keys with User ID ssh://mangabey.example.org. For each public -key found, rhesus checks the relevant User ID's validity, converts any -"encrypted comms, authentication" gpg public keys into ssh public keys -if the User ID validity is acceptable, and finally insert those keys -into Bob's known_hosts file. +In particular: the monkeysphere queries its configured keyservers to +find all public keys with User ID ssh://mangabey.example.org. For +each public key found, it checks the relevant User ID's validity, +converts any authentication-capable OpenPGP public keys into ssh +public keys if the User ID validity is acceptable, and finally insert +those keys into Bob's known_hosts file. On Bob's side, since mangabey's key had "full" validity (it was signed -by Alice whom he fully trusts), Bob's ssh client deems mangabey +by Alice, whom he fully trusts), Bob's ssh client deems mangabey "known" and no further host key checking is required. On mangabey's side, since Bob's key has "full" validity (it had been signed by Alice, mangabey's trusted administrator), Bob is authenticated and therefore authorized to log into his account. -NOTES -===== - -* Daniel and Elliot lie. -* We will use a distributed VCS, each developer will create their own - git repository and publish it publicly for others to pull from, mail - out -* public project page doesn't perhaps make sense yet -* approximate goal - using the web of trust to authenticate ppl for - SSH -* outline of various components of monkeysphere -* M: what does it mean to be in the monkeysphere? not necessarily a - great coder. -* J: interested in seeing project happen, not in actually doing it. - anybody can contribute as much as they want. -* J: if we put the structure in place to work on monkeysphere then we - don't have to do anything -* D: we are not creating -* understand gpg's keyring better, understanding tools better, - building scripts -* Some debian packages allow automated configuration of config files. - -* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH -* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without - modifying either openpgp and openssh -* DESIGN GOALS - authentication, use the existing generic OpenSSH - client, the admin can make it default, although end-user should be - decide to use monkeysphere or not -* DESIGN GOAL - use of monkeysphere should not radically change - connecting-to-server experience -* GOAL - pick a monkey-related name for each component - -Host identity piece of monkeysphere could be used without buying into -the authorization component. - -Monkeysphere is authentication layer that allows the sysadmin to -perform authorization on user identities instead of on keys, it -additionally allows the sysadmin also to authenticate the server to -the end-user. - -see doc/git-init for more detail on how to pull from the distributed -repositories. -- cgit v1.2.3 From fcfb94ec8b3195a107627fecb3765a4b825db5d3 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:45:14 -0400 Subject: editing comments in monkeysphere-ssh-proxycommand. --- src/monkeysphere-ssh-proxycommand | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index c37d754..a7b87ca 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -52,10 +52,10 @@ fi URI="ssh://${HOSTP}" # specify keyserver checking. the behavior of this proxy command is -# intentially different than that of running monkeyesphere normally, -# and keychecking is intentially done unders certain circumstances. -# This can be overridden by setting the MONKEYSPHERE_CHECK_KEYSERVER -# variable on the command line. +# intentionally different than that of running monkeyesphere normally, +# and keyserver checking is intentionally done under certain +# circumstances. This can be overridden by setting the +# MONKEYSPHERE_CHECK_KEYSERVER environment variable. # if the host is in the gpg keyring... if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then -- cgit v1.2.3 From 020a863f3a3c9dc54bfab487b25b92ab2a18f891 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 19:51:53 -0400 Subject: changing e-mail address for dkg. --- debian/changelog | 1 + debian/control | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index efb4a9c..8d33273 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,7 @@ monkeysphere (0.12-1) UNRELEASED; urgency=low * debian/control: switched Homepage: and Vcs-Git: to canonicalized upstream hostnames. * updated documentation for new release. + * changed my associated e-mail address for this package. -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 diff --git a/debian/control b/debian/control index ca07a5d..50bc1f1 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: monkeysphere Section: net Priority: extra -Maintainer: Daniel Kahn Gillmor +Maintainer: Daniel Kahn Gillmor Uploaders: Jameson Rollins Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0), git-core Standards-Version: 3.8.0.1 -- cgit v1.2.3 From ca7568cbe62bef653cf39106248cddd0a4b1296f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 2 Sep 2008 16:57:22 -0700 Subject: tweaks to the man pages. --- man/man1/monkeysphere-ssh-proxycommand.1 | 2 +- man/man1/monkeysphere.1 | 4 ++-- man/man8/monkeysphere-server.8 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index 9aad232..41b2e40 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -37,7 +37,7 @@ connection to the host itself. .SH KEYSERVER CHECKING The proxy command has a fairly nuanced policy for when keyservers are -queried when processing host. If the host userID is not found in +queried when processing a host. If the host userID is not found in either the user's keyring or in the known_hosts file, then the keyserver is queried for the host userID. If the host userID is found in the user's keyring, then the keyserver is not checked. This diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 5ed2153..b0c896f 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -84,8 +84,8 @@ The following environment variables will override those specified in the monkeysphere.conf configuration file (defaults in parentheses): .TP MONKEYSPHERE_LOG_LEVEL -Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in -increasing order of verbosity. +Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, +in increasing order of verbosity. .TP MONKEYSPHERE_GNUPGHOME, GNUPGHOME GnuPG home directory (~/.gnupg). diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 4848625..25dfac7 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -183,7 +183,7 @@ the monkeysphere-server.conf configuration file (defaults in parentheses): .TP MONKEYSPHERE_LOG_LEVEL -Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in +Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in increasing order of verbosity. .TP MONKEYSPHERE_KEYSERVER -- cgit v1.2.3 From 1af50725c81108849fc677a412f3b5ee131fc935 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 20:12:06 -0400 Subject: preparing for 0.12-1 release. --- debian/changelog | 2 +- website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn | 4 ++++ website/news/release-0.12-1.mdwn | 9 +++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 website/news/release-0.12-1.mdwn diff --git a/debian/changelog b/debian/changelog index 8d33273..85cb655 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.12-1) UNRELEASED; urgency=low +monkeysphere (0.12-1) experimental; urgency=low [ Jameson Graef Rollins ] * Improved output handling. New LOG_LEVEL variable. diff --git a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn index 4070d0a..b814d35 100644 --- a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn +++ b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn @@ -245,3 +245,7 @@ I'll leave the bug open for a bit until it get more tested and 0.12 gets pushed out. -- BJ + +--- + +I think this is [[/bugs/done]] as of version 0.12-1. diff --git a/website/news/release-0.12-1.mdwn b/website/news/release-0.12-1.mdwn new file mode 100644 index 0000000..ed1ecbb --- /dev/null +++ b/website/news/release-0.12-1.mdwn @@ -0,0 +1,9 @@ +[[meta title="MonkeySphere 0.12-1 released!"]] + +# MonkeySphere 0.12-1 released! # + +MonkeySphere 0.12-1 has been released. This release includes +documentation updates, and a re-organized logging subsystem with +various levels of verbosity, modeled after LogLevel in OpenSSH. + +[[download]] it now! -- cgit v1.2.3 From d4dc8a9e491063144a8f4f845f5d05140ce19ed6 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 20:19:13 -0400 Subject: updating documentation about the archive, including other developer signatures on the archive signing key. --- website/archive-key.mdwn | 25 +++++++++++++++++++------ website/news/apt-repo-moved.mdwn | 7 +++++++ 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/website/archive-key.mdwn b/website/archive-key.mdwn index 898c7e5..ea44457 100644 --- a/website/archive-key.mdwn +++ b/website/archive-key.mdwn @@ -70,8 +70,21 @@ ly087Guvw8G8TdQcubteFYQDIxIc2atZkjEn3oCjtZgk8mdDlCjLQYgHV1/o+eWd S31RCBx16I7tJya0fwJJRC7qZWf7hrPdi7eqcecqyr26X5upV+Irjv5qYu/6HAGb 59W6n+8KTfMxEMaBQI6qZXxhaBr3HzEaSrz7jtkl+xxym2TGkbarXcm7e7MP66Hu GD5UCC3svhAAxKXf4K/8v7WhwBpekF9mXtgpq72Du2JG9q+OAWhxzZXbZku+RY7T -a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVd -=Xex0 +a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVdiEYEEBEC +AAYFAki9wXQACgkQ9n4qXRzy1ioXYwCgmzCV+o+Ai0gNx0pt9shofcjfJoAAoInV +mhn36lBeDh/E6cigrUlkdDGWiQIcBBABAgAGBQJIvdcSAAoJEO00zqvie6q8sB4Q +AKDLTKqtiONf4FkMCZFcMxQyiALcy76zTW9L2oK90zKRhKSt5RPnVmDVyiinBcRJ +h0lEkpxoqSrs+0XvASWC3RzWLEbW6XXsuHO1RXFsC3FNbe0HkHenirenFkitPMDX +Q5gHmCJ6yiq2ssuzXAG9vZ4HjkUINBgkeMASiTRC7o0we7jFSRzOTCs4WWdsavrx +7bhCadeC35ISldTSo6nOP3laPctPcLD83cJszzQyHr/LjF6KYr6n85NAwIt/oxHh +EUxmezx+lMwWHdr9TQzXzU8cxLSBZ+c+PuZ/NuHz9fOv87eaFDNEqKli9zhzh4eA +EMeiWKQXHYlmEUUWnZoea46jdjBrvHphogqlCjzMDHtg/pWOsYrGeXjjZ352SGN4 +vyinkdxwUppGQATz55WyiWIzCY1Kt7lqaQHfAM1NgVdoCQ0stlulIO4LVepHRiAY +HO4EPeQO6pVGGHWCzJyEcMcaBsYGpr9DndSNd66O+Gyeq8QobKnvTH25kwVt/8t1 +9nS+7NLwBrqXCISeDrOQYq5XeCdvpAuJy4CEN5muQWRdUPekE2dh7qcVUdROepq0 +1wMemkmgTLlA0Md7ZdZqsllKhVQ7/HOFzshEaj/VcFrQshuIAjDZFN/OrGLX/NcL +tcaBmD9lZSQ3CyxnBUTeMdJCOLOK050jNvsEsM89FL+g +=bJWl -----END PGP PUBLIC KEY BLOCK----- @@ -94,17 +107,17 @@ tag `$TAG` on architecture `$ARCH`, do: git clone git://git.monkeysphere.info/monkeysphere cd monkeysphere - git tag -v $TAG - git checkout $TAG + git tag -v "$TAG" + git checkout "$TAG" debuild -uc -us cd repo - reprepro -C monkeysphere include experimental ../$TAG_$ARCH.changes + reprepro -C monkeysphere include experimental "../$TAG_$ARCH.changes" When you get a binary package built from a separate architecture `$NEWARCH` that you want to include with the archive, do: cd repo - reprepro -C monkeysphere includedeb experimental ../$TAG_$NEWARCH.deb + reprepro -C monkeysphere includedeb experimental "../$TAG_$NEWARCH.deb" To publish the archive, make sure you have access to `archivemaster@george.riseup.net`, and then do: diff --git a/website/news/apt-repo-moved.mdwn b/website/news/apt-repo-moved.mdwn index 8f0bf81..501cc23 100644 --- a/website/news/apt-repo-moved.mdwn +++ b/website/news/apt-repo-moved.mdwn @@ -5,4 +5,11 @@ The monkeysphere APT repository has been moved from `http://archive.monkeysphere.info/debian`. You'll probably want to update your `sources.list` to match the [official lines](/download). +The monkeysphere APT repository is also using [a new archive signing +key](/archive-key): + + pub 4096R/EB8AF314 2008-09-02 [expires: 2009-09-02] + Key fingerprint = 2E8D D26C 53F1 197D DF40 3E61 18E6 67F1 EB8A F314 + uid [ full ] Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian) + Apologies for any confusion or hassle this causes! -- cgit v1.2.3 From f4e9793240c11fbbd699b697370281f20bd7a89d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 21:23:27 -0400 Subject: more work on the text of the web site homepage. --- website/index.mdwn | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/website/index.mdwn b/website/index.mdwn index 81da609..a3329d4 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,17 +1,20 @@ [[!template id="nav"]] +[[toc ]] + The Monkeysphere project's goal is to extend OpenPGP's web of trust to -many areas of the Internet to help us securely identify each other +new areas of the Internet to help us securely identify each other while we work online. Specifically, monkeysphere currently offers a framework to leverage the OpenPGP web of trust for OpenSSH authentication. -In other words, it allows you to use your OpenPGP keys when using -secure shell to both identify yourself and the servers you administer -or connect to. OpenPGP keys are tracked via GnuPG, and managed in the -`known_hosts` and `authorized_keys` files used by OpenSSH for -connection authentication. +In other words, it allows you to use secure shell as you normally do, +but to identify yourself and the servers you administer or connect to +with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and +monkeysphere manages the `known_hosts` and `authorized_keys` files +used by OpenSSH for authentication, checking them for cryptographic +validity. ## Conceptual overview ## -- cgit v1.2.3 From 0352609ba566585484da022b6512520629b9981f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 21:24:33 -0400 Subject: tuning how monkeysphere looks for secret keys. --- src/monkeysphere | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/monkeysphere b/src/monkeysphere index 92beafd..471da20 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -93,7 +93,7 @@ gen_subkey(){ if [ -z "$1" ] ; then # find all secret keys - keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) + keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u) # if multiple sec keys exist, fail if (( $(echo "$keyID" | wc -l) > 1 )) ; then echo "Multiple secret keys found:" @@ -115,7 +115,7 @@ key before joining the monkeysphere. You can do this with: # fail if multiple sec lines are returned, which means the id # given is not unique - if [ $(echo "$gpgOut" | grep '^sec:' | wc -l) -gt '1' ] ; then + if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then failure "Key ID '$keyID' is not unique." fi -- cgit v1.2.3 From 3e5c5b55e5a38f18bea91a7f4dee552d90c789eb Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 21:29:33 -0400 Subject: debian/changelog: set up new entry. --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 85cb655..206ddd7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +monkeysphere (0.13~pre-1) UNRELEASED; urgency=low + + [ Daniel Kahn Gillmor ] + * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. + + -- Daniel Kahn Gillmor Tue, 02 Sep 2008 21:28:51 -0400 + monkeysphere (0.12-1) experimental; urgency=low [ Jameson Graef Rollins ] -- cgit v1.2.3 From 9aede4dcee92408206dd81866f314ef0611c4188 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 21:52:35 -0400 Subject: copied in templates/page.tmpl from ikiwiki upstream. --- ikiwiki/templates/page.tmpl | 119 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 ikiwiki/templates/page.tmpl diff --git a/ikiwiki/templates/page.tmpl b/ikiwiki/templates/page.tmpl new file mode 100644 index 0000000..166f3c5 --- /dev/null +++ b/ikiwiki/templates/page.tmpl @@ -0,0 +1,119 @@ + + + + +<TMPL_VAR TITLE> + + + + + + + + + + + + + +
+ + +/ + + + + + + +
+ + +
+ +
+ + + + + + +
+ +
+ + + + + -- cgit v1.2.3 From ecb82853038ec53c3da7fda81e9216eb72c38b5b Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 2 Sep 2008 21:53:06 -0400 Subject: testing changes to ikiwiki/templates/page.tmpl --- ikiwiki/templates/page.tmpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ikiwiki/templates/page.tmpl b/ikiwiki/templates/page.tmpl index 166f3c5..554d299 100644 --- a/ikiwiki/templates/page.tmpl +++ b/ikiwiki/templates/page.tmpl @@ -51,6 +51,10 @@ +
+Monkeys! +
+