From 3f71bfc52f158a76755a7b75362b449439819fa7 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Wed, 18 Mar 2009 12:01:02 -0400
Subject: modify the ssh_proxycommand marginal ui output so that it better
 handles the case where the host can not be contacted.  the new system
 attempts to retrieve the host ssh key before any ui output is made. this
 should make things a little clearer in this corner case, and make things a
 little more flexible down the line.

---
 packaging/debian/changelog   |   4 +-
 src/share/m/ssh_proxycommand | 137 +++++++++++++++++++++++--------------------
 2 files changed, 76 insertions(+), 65 deletions(-)

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 70fef9f..16e7f21 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,11 +1,11 @@
 monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
 
   * New upstream release:
-    - fix the marginal ui output so that it's not prefixed by the LOG_PREFIX
+    - update/fix the marginal ui output
     - use msmktempdir everywhere (avoid unwrapped calls to mktemp for
       portability)
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 07 Mar 2009 12:28:13 -0500
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Wed, 18 Mar 2009 11:46:44 -0400
 
 monkeysphere (0.24-1) unstable; urgency=low
 
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index 7ab4bec..2078445 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -36,52 +36,55 @@ output_no_valid_key() {
 
     LOG_PREFIX=
 
-    cat <<EOF | log info
--------------------- Monkeysphere warning -------------------
-Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
-EOF
-
-    # retrieve the actual ssh key
-    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
-    # FIXME: should we do any checks for failed keyscans, eg. host not
-    # found?
+    # retrieve the ssh key being offered by the host
+    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \
+	| awk '{ print $2, $3 }')
 
     # get the gpg info for userid
     gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
 	--with-fingerprint --with-fingerprint \
 	="$userID" 2>/dev/null)
 
-    # find all 'pub' and 'sub' lines in the gpg output, which each
-    # represent a retrieved key for the user ID
-    echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
-    while IFS=: read -r type validity keyid uidfpr usage ; do
-	case $type in
-	    'pub'|'sub')
-		# get the ssh key of the gpg key
-		sshKeyGPG=$(gpg2ssh "$keyid")
-
-		# if one of keys found matches the one offered by the
-		# host, then output info
-		if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
-		    cat <<EOF | log info
+    # output header
+    cat <<EOF | log info
+-------------------- Monkeysphere warning -------------------
+Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
+EOF
+
+    # if the host key is retrieved from the host, check against known
+    # OpenPGP keys
+    if [ "$sshKeyOffered" ] ; then
+	# find all 'pub' and 'sub' lines in the gpg output, which each
+	# represent a retrieved key for the user ID
+	echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+	while IFS=: read -r type validity keyid uidfpr usage ; do
+	    case $type in
+		'pub'|'sub')
+		    # get the ssh key of the gpg key
+		    sshKeyGPG=$(gpg2ssh "$keyid")
+
+		    # if one of keys found matches the one offered by the
+		    # host, then output info
+		    if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+			cat <<EOF | log info
 An OpenPGP key matching the ssh key offered by the host was found:
 
 EOF
 
-		    sshKeyGPGFile=$(msmktempfile)
-		    printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
-		    sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
-			awk '{ print $2 }')
-		    rm -f "$sshKeyGPGFile"
+			sshKeyGPGFile=$(msmktempfile)
+			printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
+			sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
+			    awk '{ print $2 }')
+			rm -f "$sshKeyGPGFile"
 
-		    # get the sigs for the matching key
-		    gpgSigOut=$(gpg_user --check-sigs \
-			--list-options show-uid-validity \
-			"$keyid")
+			# get the sigs for the matching key
+			gpgSigOut=$(gpg_user --check-sigs \
+			    --list-options show-uid-validity \
+			    "$keyid")
 
-		    # output the sigs, but only those on the user ID
-		    # we are looking for
-		    echo "$gpgSigOut" | awk '
+			# output the sigs, but only those on the user ID
+			# we are looking for
+			echo "$gpgSigOut" | awk '
 {
 if (match($0,"^pub")) {	print; }
 if (match($0,"^uid")) { ok=0; }
@@ -89,50 +92,58 @@ if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
 if (ok) { if (match($0,"^sig")) { print; } }
 }
 ' | log info
-		    echo | log info
+			echo | log info
 
-		    # output the other user IDs for reference
-		    if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
-			cat <<EOF | log info
+			# output the other user IDs for reference
+			if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
+			    cat <<EOF | log info
 Other user IDs on this key:
 
 EOF
-			echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" | log info
-			echo | log info
-		    fi
+			    echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" | log info
+			    echo | log info
+			fi
 
-		    # output ssh fingerprint
-		    cat <<EOF | log info
+			# output ssh fingerprint
+			cat <<EOF | log info
 RSA key fingerprint is ${sshFingerprint}.
 EOF
 
-		    # this whole process is in a "while read"
-		    # subshell.  the only way to get information out
-		    # of the subshell is to change the return code.
-		    # therefore we return 1 here to indicate that a
-		    # matching gpg key was found for the ssh key
-		    # offered by the host
-		    return 1
-		fi
-		;;
-	esac
-    done || returnCode="$?"
-
-    # if no key match was made (and the "while read" subshell returned
-    # 1) output how many keys were found
-    if (( returnCode != 1 )) ; then
-	cat <<EOF | log info
+			# this whole process is in a "while read"
+			# subshell.  the only way to get information
+			# out of the subshell is to change the return
+			# code.  therefore we return 1 here to
+			# indicate that a matching gpg key was found
+			# for the ssh key offered by the host
+			return 1
+		    fi
+		    ;;
+	    esac
+	done || returnCode="$?"
+
+	# if no key match was made (and the "while read" subshell
+	# returned 1) output how many keys were found
+	if (( returnCode != 1 )) ; then
+	    cat <<EOF | log info
 None of the found keys matched the key offered by the host.
 Run the following command for more info about the found keys:
 gpg --check-sigs --list-options show-uid-validity =${userID}
 EOF
 
-	# FIXME: should we do anything extra here if the retrieved
-	# host key is actually in the known_hosts file and the ssh
-	# connection will succeed?  Should the user be warned?
-	# prompted?
+	    # FIXME: should we do anything extra here if the retrieved
+	    # host key is actually in the known_hosts file and the ssh
+	    # connection will succeed?  Should the user be warned?
+	    # prompted?
+	fi
+
+    # if host key could not be retrieved from the host, output message
+    else
+	cat <<EOF | log info
+Could not retrieve RSA host key from $HOST.
+EOF
     fi
 
+    # output footer
     cat <<EOF | log info
 -------------------- ssh continues below --------------------
 EOF
-- 
cgit v1.2.3


From 5c0fc74c2e459593fe4ae60e28741fb72a126349 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Wed, 18 Mar 2009 12:19:48 -0400
Subject: add news note about 0.24 in testing, and update download page.

---
 website/download.mdwn                             |  4 ++--
 website/news/0.24-accepted-in-Debian-testing.mdwn | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 website/news/0.24-accepted-in-Debian-testing.mdwn

diff --git a/website/download.mdwn b/website/download.mdwn
index 9fba263..1dd5366 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -18,8 +18,8 @@ Monkeysphere relies on:
 ## Debian ##
 
 If you are running a [Debian](http://www.debian.org/) system, the
-[monkeysphere is available in the Debian unstable ("sid")
-distribution](http://packages.debian.org/sid/monkeysphere).
+[monkeysphere is available in the Debian testing ("squeeze")
+distribution](http://packages.debian.org/testing/monkeysphere).
 
 You can also install the Monkeysphere directly from the Monkeysphere
 Debian archive.  You can add this archive to your system by putting
diff --git a/website/news/0.24-accepted-in-Debian-testing.mdwn b/website/news/0.24-accepted-in-Debian-testing.mdwn
new file mode 100644
index 0000000..4222493
--- /dev/null
+++ b/website/news/0.24-accepted-in-Debian-testing.mdwn
@@ -0,0 +1,10 @@
+[[meta title="Monkeysphere 0.24 accepted in Debian testing"]]
+
+[Monkeysphere 0.24 is now available in the Debian testing distribution
+("squeeze")](http://packages.debian.org/testing/monkeysphere).
+Monkeysphere 0.24 is our strongest release yet.  If you are running
+Debian testing, installing the monkeysphere is now very easy:
+
+       aptitude install monkeysphere
+
+See the [[download]] page for more information.
-- 
cgit v1.2.3


From 6e0ec7e644ce8459db587bd68536aecdb2107315 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Wed, 18 Mar 2009 12:35:55 -0400
Subject: small web tweak.

---
 website/download.mdwn | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/website/download.mdwn b/website/download.mdwn
index 1dd5366..09ffbf3 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -19,7 +19,10 @@ Monkeysphere relies on:
 
 If you are running a [Debian](http://www.debian.org/) system, the
 [monkeysphere is available in the Debian testing ("squeeze")
-distribution](http://packages.debian.org/testing/monkeysphere).
+distribution](http://packages.debian.org/testing/monkeysphere).  If
+you are running Debian testing, it is easy to install:
+
+    aptitude install monkeysphere
 
 You can also install the Monkeysphere directly from the Monkeysphere
 Debian archive.  You can add this archive to your system by putting
-- 
cgit v1.2.3


From 27ed87fbefd7eedac8381691e1a416a25716efc8 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Wed, 18 Mar 2009 12:59:50 -0400
Subject: Revert "small web tweak."

This reverts commit 6e0ec7e644ce8459db587bd68536aecdb2107315.
---
 website/download.mdwn | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/website/download.mdwn b/website/download.mdwn
index 09ffbf3..1dd5366 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -19,10 +19,7 @@ Monkeysphere relies on:
 
 If you are running a [Debian](http://www.debian.org/) system, the
 [monkeysphere is available in the Debian testing ("squeeze")
-distribution](http://packages.debian.org/testing/monkeysphere).  If
-you are running Debian testing, it is easy to install:
-
-    aptitude install monkeysphere
+distribution](http://packages.debian.org/testing/monkeysphere).
 
 You can also install the Monkeysphere directly from the Monkeysphere
 Debian archive.  You can add this archive to your system by putting
-- 
cgit v1.2.3


From e83246495fd806b1e6535ee5a4e5acbacb3c175a Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Wed, 18 Mar 2009 13:11:01 -0400
Subject: small web tweak

---
 website/download.mdwn | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/website/download.mdwn b/website/download.mdwn
index 1dd5366..b0c45b8 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -19,7 +19,11 @@ Monkeysphere relies on:
 
 If you are running a [Debian](http://www.debian.org/) system, the
 [monkeysphere is available in the Debian testing ("squeeze")
-distribution](http://packages.debian.org/testing/monkeysphere).
+distribution](http://packages.debian.org/testing/monkeysphere).  If
+you are running Debian testing, install the latest monkeysphere
+version:
+
+    aptitude install monkeysphere
 
 You can also install the Monkeysphere directly from the Monkeysphere
 Debian archive.  You can add this archive to your system by putting
-- 
cgit v1.2.3


From f57fcf0132eb921a0ee494cb14cca6a13c63c4c4 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 18 Mar 2009 14:31:43 -0400
Subject: remove some extraneous invocations of cat.

---
 src/share/m/gen_subkey       |  7 ++-----
 src/share/m/ssh_proxycommand | 14 +++++++-------
 src/share/mh/set_expire      |  2 +-
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey
index dbd9dd6..a0fa3ce 100644
--- a/src/share/m/gen_subkey
+++ b/src/share/m/gen_subkey
@@ -44,8 +44,7 @@ Type '$PGRM help' for usage."
     check_gpg_authentication_subkey "$keyID"
 
     # generate the list of commands that will be passed to edit-key
-    editCommands=$(cat <<EOF
-addkey
+    editCommands="addkey
 7
 S
 E
@@ -53,9 +52,7 @@ A
 Q
 $keyLength
 0
-save
-EOF
-)
+save"
 
     # setup the temp fifo dir for retrieving the key password
     log debug "creating password fifo..."
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index 2078445..77f9d24 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -46,7 +46,7 @@ output_no_valid_key() {
 	="$userID" 2>/dev/null)
 
     # output header
-    cat <<EOF | log info
+    log info <<EOF
 -------------------- Monkeysphere warning -------------------
 Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
 EOF
@@ -66,7 +66,7 @@ EOF
 		    # if one of keys found matches the one offered by the
 		    # host, then output info
 		    if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
-			cat <<EOF | log info
+			log info <<EOF
 An OpenPGP key matching the ssh key offered by the host was found:
 
 EOF
@@ -96,7 +96,7 @@ if (ok) { if (match($0,"^sig")) { print; } }
 
 			# output the other user IDs for reference
 			if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
-			    cat <<EOF | log info
+			    log info <<EOF
 Other user IDs on this key:
 
 EOF
@@ -105,7 +105,7 @@ EOF
 			fi
 
 			# output ssh fingerprint
-			cat <<EOF | log info
+			log info <<EOF
 RSA key fingerprint is ${sshFingerprint}.
 EOF
 
@@ -124,7 +124,7 @@ EOF
 	# if no key match was made (and the "while read" subshell
 	# returned 1) output how many keys were found
 	if (( returnCode != 1 )) ; then
-	    cat <<EOF | log info
+	    log info <<EOF
 None of the found keys matched the key offered by the host.
 Run the following command for more info about the found keys:
 gpg --check-sigs --list-options show-uid-validity =${userID}
@@ -138,13 +138,13 @@ EOF
 
     # if host key could not be retrieved from the host, output message
     else
-	cat <<EOF | log info
+	log info <<EOF
 Could not retrieve RSA host key from $HOST.
 EOF
     fi
 
     # output footer
-    cat <<EOF | log info
+    log info <<EOF
 -------------------- ssh continues below --------------------
 EOF
 }
diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire
index 63e5c55..a6bf1f1 100644
--- a/src/share/mh/set_expire
+++ b/src/share/mh/set_expire
@@ -40,7 +40,7 @@ EOF
 
 update_gpg_pub_file
 
-cat <<EOF | log info
+log info <<EOF
 NOTE: Host key expiration date adjusted, but not yet published.
 Run '$PGRM publish-key' to publish the new expiration date.
 EOF
-- 
cgit v1.2.3


From 45d416f40d4a300b71a83f67b1324dd8744d4b3a Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Sun, 22 Mar 2009 01:40:30 -0400
Subject: Start of macport packaging.

---
 packaging/macports/Portfile | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 packaging/macports/Portfile

diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile
new file mode 100644
index 0000000..f9cf7a5
--- /dev/null
+++ b/packaging/macports/Portfile
@@ -0,0 +1,40 @@
+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
+# $Id$
+
+PortSystem          1.0
+
+name                monkeysphere
+version             0.24
+categories          net
+maintainers         nomaintainer
+platforms           darwin
+description         use the OpenPGP web of trust to verify ssh connections
+
+long_description    SSH key-based authentication is tried-and-true, \
+                    but it lacks a true Public Key Infrastructure for \
+                    key certification, revocation and expiration. \
+                    Monkeysphere is a framework that uses the OpenPGP \
+                    web of trust for these PKI functions.  It can be \
+                    used in both directions: for users to get \
+                    validated host keys, and for hosts to authenticate \
+                    users.
+
+homepage            http://web.monkeysphere.info/
+master_sites        ???
+distname            ${name}_${version}
+worksrcdir          ${name}-${version}
+checksums           md5 8590532f4702fa44027a6a583657c9ef
+
+depends_run         bin:ssh:openssh \
+                    port:gnupg \
+                    port:perl5.10 \
+                    port:p5-crypt-rsa \
+                    port:p5-digest-sha1 \
+                    port:procmail
+
+build.target        build
+destroot.args       PREFIX=${destroot}${prefix} \
+                    CONFDIR=${destroot}${prefix}/etc/monkeysphere \
+                    DBDIR=${destroot}${prefix}/var/lib/monkeysphere \
+                    MANDIR=${destroot}${prefix}/share/man \
+                    DOCDIR=${destroot}${prefix}/share/doc/monkeysphere
-- 
cgit v1.2.3