From 25140cd5da6cbf097fedde6634eef11c2bc0f0fe Mon Sep 17 00:00:00 2001 From: Suno Ano Date: Tue, 24 Mar 2009 23:37:12 +0100 Subject: started a README Signed-off-by: Suno Ano --- README | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 0000000..809abb6 --- /dev/null +++ b/README @@ -0,0 +1,15 @@ +The Monkeysphere Project +------------------------ + +The Monkeysphere project's goal is to extend OpenPGP's web of trust to +new areas of the Internet to help us securely identify each other +while we work online. + +Specifically, monkeysphere currently offers a framework to leverage +the OpenPGP web of trust for OpenSSH authentication. + +In other words, it allows you to use secure shell as you normally do, +but to identify yourself and the servers you administer or connect to +with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and +monkeysphere manages the known_hosts and authorized_keys files used by +OpenSSH for authentication, checking them for cryptographic validity. -- cgit v1.2.3 From c77f491ca9c98623a7af4a958d653d527b53eaac Mon Sep 17 00:00:00 2001 From: Suno Ano Date: Wed, 25 Mar 2009 00:22:22 +0100 Subject: added some dummy comment to .gitignore Signed-off-by: Suno Ano --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 8316a5c..f6c2acf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +#adding a comment just for testing ... *~ *.[ao] repo/db -- cgit v1.2.3 From ed615ab0a3f06f102661eae5d399f206bc6afeff Mon Sep 17 00:00:00 2001 From: Suno Ano Date: Wed, 25 Mar 2009 00:56:56 +0100 Subject: removed dummy comment to .gitignore again Signed-off-by: Suno Ano --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index f6c2acf..8316a5c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -#adding a comment just for testing ... *~ *.[ao] repo/db -- cgit v1.2.3 From 0fded72147e60d7193c393e6de68493258501e7a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 27 Mar 2009 18:02:49 -0400 Subject: trying to make m gen-subkey more responsive in the face of errors, and clearer to the user about what is going on. --- src/share/common | 2 ++ src/share/m/gen_subkey | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/share/common b/src/share/common index d6e4949..c8d44f6 100644 --- a/src/share/common +++ b/src/share/common @@ -304,6 +304,8 @@ passphrase_prompt() { local PASS if [ "$DISPLAY" ] && which "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then + printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info + printf '(with prompt "%s")\n' "$prompt" | log debug "${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo" else read -s -p "$prompt" PASS diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index a0fa3ce..05004f6 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -57,14 +57,16 @@ save" # setup the temp fifo dir for retrieving the key password log debug "creating password fifo..." fifoDir=$(msmktempdir) - trap "rm -rf $fifoDir" EXIT (umask 077 && mkfifo "$fifoDir/pass") - log verbose "generating subkey..." + # FIXME: are we adequately cleaning up any trailing gpg process here? + trap "rm -rf $fifoDir; kill %% || true" EXIT echo "$editCommands" | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + log debug "Prompting for passphrase" # FIXME: this needs to fail more gracefully if the passphrase is incorrect passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + log info "Generating subkey. This may take a long time..." trap - EXIT rm -rf "$fifoDir" -- cgit v1.2.3 From 05dc5dce0339471fa544b431aa361d2b1f4c5786 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 4 Apr 2009 20:30:57 -0700 Subject: some updates to the macports package. actually installs things properly now, but there are still some run-time issues to sort out. --- packaging/macports/Portfile | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index 99d0d69..9680b4e 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -2,14 +2,11 @@ # $Id$ PortSystem 1.0 - name monkeysphere version 0.24 -categories net +categories net security maintainers nomaintainer -platforms darwin description use the OpenPGP web of trust to verify ssh connections - long_description SSH key-based authentication is tried-and-true, \ but it lacks a true Public Key Infrastructure for \ key certification, revocation and expiration. \ @@ -18,12 +15,8 @@ long_description SSH key-based authentication is tried-and-true, \ used in both directions: for users to get \ validated host keys, and for hosts to authenticate \ users. - homepage http://web.monkeysphere.info/ -master_sites http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ -distname ${name}_${version} -worksrcdir ${name}-${version} -checksums md5 8590532f4702fa44027a6a583657c9ef +platforms darwin depends_run bin:ssh:openssh \ port:gnupg \ @@ -32,9 +25,11 @@ depends_run bin:ssh:openssh \ port:p5-digest-sha1 \ port:procmail -build.target build -destroot.args PREFIX=${destroot}${prefix} \ - CONFDIR=${destroot}${prefix}/etc/monkeysphere \ - DBDIR=${destroot}${prefix}/var/lib/monkeysphere \ - MANDIR=${destroot}${prefix}/share/man \ - DOCDIR=${destroot}${prefix}/share/doc/monkeysphere +master_sites http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ +distname ${name}_${version} +extract.suffix .orig.tar.gz +worksrcdir ${name}-${version} +checksums md5 8590532f4702fa44027a6a583657c9ef +use_configure no +destroot.destdir DESTDIR=${destroot}${prefix} +destroot.args PREFIX= -- cgit v1.2.3 From 1682f86cc61aa8ba57e1897d3968c5620e8dc278 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 4 Apr 2009 23:08:06 -0700 Subject: add proxycommand --no-connect option to monkeysphere usage --- src/monkeysphere | 1 + 1 file changed, 1 insertion(+) diff --git a/src/monkeysphere b/src/monkeysphere index fbc05b4..147c179 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -48,6 +48,7 @@ subcommands: gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand + --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent version (v) show version number help (h,?) this help -- cgit v1.2.3 From 0e2af948ab640cd4865d41951c7b8c2a35437f59 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 4 Apr 2009 23:37:15 -0700 Subject: macports: attempt at something that would 'patch' in the correct SYS..DIR variables --- packaging/macports/Makefile | 23 +++++++++++++++++++++++ packaging/macports/Portfile | 17 +++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 packaging/macports/Makefile diff --git a/packaging/macports/Makefile b/packaging/macports/Makefile new file mode 100644 index 0000000..10d9547 --- /dev/null +++ b/packaging/macports/Makefile @@ -0,0 +1,23 @@ +# use proper system paths for MacPorts instead of Debian's: +post-patch: + @${REINPLACE_CMD} -e 's|/etc/monkeysphere|'$(SYSETCDIR)'|g' \ + ${WRKSRC}/src/share/defaultenv \ + ${WRKSRC}/src/transitions/0.23 \ + ${WRKSRC}/man/man1/monkeysphere.1 \ + ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ + ${WRKSRC}/man/man8/monkeysphere-host.8 \ + ${WRKSRC}/etc/monkeysphere-authentication.conf + @${REINPLACE_CMD} -e 's|/var/lib/monkeysphere|'$(SYSDATADIR)'|g' \ + ${WRKSRC}/src/transitions/0.23 \ + ${WRKSRC}/man/man1/monkeysphere.1 \ + ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ + ${WRKSRC}/man/man8/monkeysphere-host.8 \ + ${WRKSRC}/src/monkeysphere-host \ + ${WRKSRC}/src/monkeysphere-authentication \ + ${WRKSRC}/doc/getting-started-admin.mdwn + @${REINPLACE_CMD} -e 's|/usr/share/monkeysphere|'$(SYSSHAREDIR)'|g' \ + ${WRKSRC}/src/monkeysphere-host \ + ${WRKSRC}/src/monkeysphere-authentication \ + ${WRKSRC}/src/monkeysphere + # and clean up cruft from the sed replacements: + ${FIND} ${WRKSRC} -name '*.bak' -delete diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index 9680b4e..e6176d0 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -30,6 +30,23 @@ distname ${name}_${version} extract.suffix .orig.tar.gz worksrcdir ${name}-${version} checksums md5 8590532f4702fa44027a6a583657c9ef + +patch.dir ${worksrcpath} +patch.cmd make +patch.args -f Makefile \ + WRKSRC=${worksrcpath} \ + SYSETCDIR=${destroot}${prefix}/etc/monkeysphere \ + SYSDATADIR=${destroot}${prefix}/var/db/monkeysphere \ + SYSSHAREDIR=${destroot}${prefix}/share/monkeysphere \ + post-patch + use_configure no + destroot.destdir DESTDIR=${destroot}${prefix} destroot.args PREFIX= + +# variant to use the port version of bash, which may be much newer +# than the one provided by the system +variant port-bash description {use port version of Bash} { + depends_run-append port:bash +} -- cgit v1.2.3 From 1687f57fcfb41453539313d66b8b01bd073c4577 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 11:37:07 -0700 Subject: macports: better way to swap SYSDATADIR --- packaging/macports/Makefile | 23 ----------------------- packaging/macports/Portfile | 32 +++++++++++++++++++++++--------- 2 files changed, 23 insertions(+), 32 deletions(-) delete mode 100644 packaging/macports/Makefile diff --git a/packaging/macports/Makefile b/packaging/macports/Makefile deleted file mode 100644 index 10d9547..0000000 --- a/packaging/macports/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -# use proper system paths for MacPorts instead of Debian's: -post-patch: - @${REINPLACE_CMD} -e 's|/etc/monkeysphere|'$(SYSETCDIR)'|g' \ - ${WRKSRC}/src/share/defaultenv \ - ${WRKSRC}/src/transitions/0.23 \ - ${WRKSRC}/man/man1/monkeysphere.1 \ - ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ - ${WRKSRC}/man/man8/monkeysphere-host.8 \ - ${WRKSRC}/etc/monkeysphere-authentication.conf - @${REINPLACE_CMD} -e 's|/var/lib/monkeysphere|'$(SYSDATADIR)'|g' \ - ${WRKSRC}/src/transitions/0.23 \ - ${WRKSRC}/man/man1/monkeysphere.1 \ - ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ - ${WRKSRC}/man/man8/monkeysphere-host.8 \ - ${WRKSRC}/src/monkeysphere-host \ - ${WRKSRC}/src/monkeysphere-authentication \ - ${WRKSRC}/doc/getting-started-admin.mdwn - @${REINPLACE_CMD} -e 's|/usr/share/monkeysphere|'$(SYSSHAREDIR)'|g' \ - ${WRKSRC}/src/monkeysphere-host \ - ${WRKSRC}/src/monkeysphere-authentication \ - ${WRKSRC}/src/monkeysphere - # and clean up cruft from the sed replacements: - ${FIND} ${WRKSRC} -name '*.bak' -delete diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index e6176d0..290edfd 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -31,17 +31,31 @@ extract.suffix .orig.tar.gz worksrcdir ${name}-${version} checksums md5 8590532f4702fa44027a6a583657c9ef -patch.dir ${worksrcpath} -patch.cmd make -patch.args -f Makefile \ - WRKSRC=${worksrcpath} \ - SYSETCDIR=${destroot}${prefix}/etc/monkeysphere \ - SYSDATADIR=${destroot}${prefix}/var/db/monkeysphere \ - SYSSHAREDIR=${destroot}${prefix}/share/monkeysphere \ - post-patch - use_configure no +post-build { + exec sed -i .tmp -e "s|/etc/monkeysphere|${prefix}/etc/monkeysphere|g" \ + ${worksrcpath}/src/share/defaultenv \ + ${worksrcpath}/src/transitions/0.23 \ + ${worksrcpath}/man/man1/monkeysphere.1 \ + ${worksrcpath}/man/man8/monkeysphere-authentication.8 \ + ${worksrcpath}/man/man8/monkeysphere-host.8 \ + ${worksrcpath}/etc/monkeysphere-authentication.conf + exec sed -i .tmp -e "s|/var/lib/monkeysphere|${prefix}/var/db/monkeysphere|g" \ + ${worksrcpath}/src/transitions/0.23 \ + ${worksrcpath}/man/man1/monkeysphere.1 \ + ${worksrcpath}/man/man8/monkeysphere-authentication.8 \ + ${worksrcpath}/man/man8/monkeysphere-host.8 \ + ${worksrcpath}/src/monkeysphere-host \ + ${worksrcpath}/src/monkeysphere-authentication \ + ${worksrcpath}/doc/getting-started-admin.mdwn + exec sed -i .tmp -e "s|/usr/share/monkeysphere|${prefix}/share/monkeysphere|g" \ + ${worksrcpath}/src/monkeysphere-host \ + ${worksrcpath}/src/monkeysphere-authentication \ + ${worksrcpath}/src/monkeysphere + exec find ${worksrcpath} -name *.tmp -delete +} + destroot.destdir DESTDIR=${destroot}${prefix} destroot.args PREFIX= -- cgit v1.2.3 From c0724b8e7aefd9ced1740a970941928f5b168b2b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 15:05:36 -0700 Subject: some small compatibility changes: - fix file_hash function to use md5 or md5sum, for Darwin compatibility - use build-in 'type' instead of 'which', which for some reason doesn't behave on Darwin - clean up some redirection calls. --- src/share/common | 26 ++++++++++++++++---------- src/share/m/ssh_proxycommand | 6 +++--- src/share/m/subkey_to_ssh_agent | 2 +- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/share/common b/src/share/common index c8d44f6..04fe4fe 100644 --- a/src/share/common +++ b/src/share/common @@ -147,8 +147,8 @@ lock() { local action="$1" local file="$2" - if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then - if ! ( which lockfile >/dev/null ); then + if ! ( type lockfile-create &>/dev/null ) ; then + if ! ( type lockfile &>/dev/null ); then failure "Neither lockfile-create nor lockfile are in the path!" fi use_lockfileprogs= @@ -197,7 +197,7 @@ advance_date() { local shortunits # try things the GNU way first - if date -d "$number $longunits" "$format" >/dev/null 2>&1; then + if date -d "$number $longunits" "$format" &>/dev/null; then date -d "$number $longunits" "$format" else # otherwise, convert to (a limited version of) BSD date syntax: @@ -252,7 +252,13 @@ check_capability() { # hash of a file file_hash() { - md5sum "$1" 2> /dev/null + if type md5sum &>/dev/null ; then + md5sum "$1" + elif type lockfile &>/dev/null ; then + md5 "$1" + else + failure "Neither md5sum nor md5 are in the path!" + fi } # convert escaped characters in pipeline from gpg output back into @@ -303,7 +309,7 @@ passphrase_prompt() { local fifo="$2" local PASS - if [ "$DISPLAY" ] && which "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then + if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info printf '(with prompt "%s")\n' "$prompt" | log debug "${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo" @@ -333,7 +339,7 @@ remove_line() { fi # if the string is in the file... - if grep -q -F "$string" "$file" 2> /dev/null ; then + if grep -q -F "$string" "$file" 2>/dev/null ; then tempfile=$(mktemp "${file}.XXXXXXX") || \ failure "Unable to make temp file '${file}.XXXXXXX'" @@ -460,7 +466,7 @@ gpg2ssh() { keyID="$1" - gpg --export "$keyID" | openpgp2ssh "$keyID" 2> /dev/null + gpg --export "$keyID" | openpgp2ssh "$keyID" 2>/dev/null } # output known_hosts line from ssh key @@ -551,7 +557,7 @@ gpg_fetch_userid() { echo 1,2,3,4,5 | \ gpg --quiet --batch --with-colons \ --command-fd 0 --keyserver "$KEYSERVER" \ - --search ="$userID" > /dev/null 2>&1 + --search ="$userID" &>/dev/null returnCode="$?" return "$returnCode" @@ -811,7 +817,7 @@ process_host_known_hosts() { # hash from stdin to stdout tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) ssh2known_hosts "$host" "$sshKey" > "$tmpfile" - ssh-keygen -H -f "$tmpfile" 2> /dev/null + ssh-keygen -H -f "$tmpfile" 2>/dev/null cat "$tmpfile" >> "$KNOWN_HOSTS" rm -f "$tmpfile" "${tmpfile}.old" else @@ -1093,7 +1099,7 @@ process_authorized_user_ids() { # check permissions on the authorized_user_ids file path check_key_file_permissions $(whoami) "$authorizedUserIDs" || failure - if ! meat "$authorizedUserIDs" > /dev/null ; then + if ! meat "$authorizedUserIDs" >/dev/null ; then log debug " no user IDs to process." return fi diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 77f9d24..74b0f85 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -186,7 +186,7 @@ URI="ssh://${HOSTP}" # CHECK_KEYSERVER variable in the monkeysphere.conf file. # if the host is in the gpg keyring... -if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then +if gpg_user --list-key ="${URI}" &>/dev/null ; then # do not check the keyserver CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} @@ -253,9 +253,9 @@ esac # exec a netcat passthrough to host for the ssh connection if [ -z "$NO_CONNECT" ] ; then - if (which nc 2>/dev/null >/dev/null); then + if (type nc &>/dev/null); then exec nc "$HOST" "$PORT" - elif (which socat 2>/dev/null >/dev/null); then + elif (type socat &>/dev/null); then exec socat STDIO "TCP:$HOST:$PORT" else echo "Neither netcat nor socat found -- could not complete monkeysphere-ssh-proxycommand connection to $HOST:$PORT" >&2 diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index aa647a6..edc177b 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -27,7 +27,7 @@ subkey_to_ssh_agent() { local kname # if there's no agent running, don't bother: - if [ -z "$SSH_AUTH_SOCK" ] || ! which ssh-add >/dev/null ; then + if [ -z "$SSH_AUTH_SOCK" ] || ! type ssh-add >/dev/null ; then failure "No ssh-agent available." fi -- cgit v1.2.3 From 12f30bbed9bb66ea561298259e42a198195235fc Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 17:59:08 -0700 Subject: use /usr/bin/env to call perl in keytrans shebang. --- src/share/keytrans | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/keytrans b/src/share/keytrans index 8b2e2ea..d9830f4 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w -T +#!/usr/bin/env perl -w -T # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between -- cgit v1.2.3 From ae60b830b1a1354acd458a1cf593bd92bd8e8a00 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 19:38:35 -0700 Subject: undo perl shebang line change i just made, since the '-w -T' options don't seem to work with /usr/bin/env --- src/share/keytrans | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/keytrans b/src/share/keytrans index d9830f4..8b2e2ea 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -1,4 +1,4 @@ -#!/usr/bin/env perl -w -T +#!/usr/bin/perl -w -T # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between -- cgit v1.2.3 From 6d274a5eadc7bcf543b87945472f910e2a6a67c7 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 19:40:33 -0700 Subject: macports: fix perl dependencies, and add socat dependency --- packaging/macports/Portfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index 290edfd..36c3635 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -21,9 +21,11 @@ platforms darwin depends_run bin:ssh:openssh \ port:gnupg \ port:perl5.10 \ - port:p5-crypt-rsa \ + port:p5-crypt-openssl-rsa \ + port:p5-crypt-openssl-bignum \ port:p5-digest-sha1 \ - port:procmail + port:procmail \ + port:socat master_sites http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ distname ${name}_${version} -- cgit v1.2.3 From 792b299e0850dfa3ab1072760f9e82febd81c366 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 19:41:13 -0700 Subject: fix typo in check_key_file_permissions function --- src/share/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/common b/src/share/common index 04fe4fe..1ce07fc 100644 --- a/src/share/common +++ b/src/share/common @@ -445,7 +445,7 @@ check_key_file_permissions() { # return 2 if path has group or other writability if is_write "$gAccess" || is_write "$oAccess" ; then log error "improper group or other writability on path '$path':" - log error " group: $gAccess, other: $oAcess" + log error " group: $gAccess, other: $oAccess" return 2 fi -- cgit v1.2.3 From 1e1718518b06adcf4df593e8b2c095e1e3ae44fb Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 23:02:22 -0700 Subject: remove the gnutls patch from the repo, since it's included in gnutls 2.6, we don't even use gnutls anymore, and it's cluter in the repo root --- .../gnutls/22_functional_s2k_with_GNU_dummy.diff | 146 --------------------- patches/gnutls/build | 36 ----- website/news/gnutls-2.6-enables-monkeysphere.mdwn | 11 ++ 3 files changed, 11 insertions(+), 182 deletions(-) delete mode 100644 patches/gnutls/22_functional_s2k_with_GNU_dummy.diff delete mode 100755 patches/gnutls/build diff --git a/patches/gnutls/22_functional_s2k_with_GNU_dummy.diff b/patches/gnutls/22_functional_s2k_with_GNU_dummy.diff deleted file mode 100644 index 2d7e35d..0000000 --- a/patches/gnutls/22_functional_s2k_with_GNU_dummy.diff +++ /dev/null @@ -1,146 +0,0 @@ -diff -ruN gnutls26-2.4.1.orig/lib/opencdk/opencdk.h gnutls26-2.4.1/lib/opencdk/opencdk.h ---- gnutls26-2.4.1.orig/lib/opencdk/opencdk.h 2008-06-30 16:45:51.000000000 -0400 -+++ gnutls26-2.4.1/lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400 -@@ -214,7 +214,11 @@ - enum cdk_s2k_type_t { - CDK_S2K_SIMPLE = 0, - CDK_S2K_SALTED = 1, -- CDK_S2K_ITERSALTED = 3 -+ CDK_S2K_ITERSALTED = 3, -+ CDK_S2K_GNU_EXT = 101 -+ /* GNU S2K extensions: refer to DETAILS from GnuPG: -+ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG -+ */ - }; - - -diff -ruN gnutls26-2.4.1.orig/lib/opencdk/read-packet.c gnutls26-2.4.1/lib/opencdk/read-packet.c ---- gnutls26-2.4.1.orig/lib/opencdk/read-packet.c 2008-06-30 16:45:51.000000000 -0400 -+++ gnutls26-2.4.1/lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400 -@@ -78,10 +78,35 @@ - } - - --static int -+/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */ -+static cdk_error_t - read_s2k (cdk_stream_t inp, cdk_s2k_t s2k) - { -- return CDK_Not_Implemented; -+ size_t nread; -+ -+ s2k->mode = cdk_stream_getc (inp); -+ s2k->hash_algo = cdk_stream_getc (inp); -+ if (s2k->mode == CDK_S2K_SIMPLE) -+ return 0; -+ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) -+ { -+ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) -+ return CDK_Inv_Packet; -+ if (nread != DIM (s2k->salt)) -+ return CDK_Inv_Packet; -+ -+ if (s2k->mode == CDK_S2K_ITERSALTED) -+ s2k->count = cdk_stream_getc (inp); -+ } -+ else if (s2k->mode == CDK_S2K_GNU_EXT) -+ { -+ /* GNU extensions to the S2K : read DETAILS from gnupg */ -+ return 0; -+ } -+ else -+ return CDK_Not_Implemented; -+ -+ return 0; - } - - -@@ -194,6 +219,7 @@ - static cdk_error_t - read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske) - { -+ cdk_error_t ret; - cdk_s2k_t s2k; - size_t minlen; - size_t nread, nleft; -@@ -213,7 +239,9 @@ - return CDK_Out_Of_Core; - - ske->cipher_algo = cdk_stream_getc (inp); -- s2k->mode = cdk_stream_getc (inp); -+ ret = read_s2k(inp, s2k); -+ if (ret != 0) -+ return ret; - switch (s2k->mode) - { - case CDK_S2K_SIMPLE : minlen = 0; break; -@@ -225,18 +253,6 @@ - return CDK_Inv_Packet; - } - -- s2k->hash_algo = cdk_stream_getc (inp); -- if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) -- { -- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) -- return CDK_Inv_Packet; -- if (nread != DIM (s2k->salt)) -- return CDK_Inv_Packet; -- -- if (s2k->mode == CDK_S2K_ITERSALTED) -- s2k->count = cdk_stream_getc (inp); -- } -- - ske->seskeylen = pktlen - 4 - minlen; - /* We check if there is an encrypted session key and if it fits into - the buffer. The maximal key length is 256-bit. */ -@@ -421,14 +437,19 @@ - rc = read_s2k (inp, sk->protect.s2k); - if (rc) - return rc; -- sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); -- if (!sk->protect.ivlen) -- return CDK_Inv_Packet; -- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); -- if (rc) -- return rc; -- if (nread != sk->protect.ivlen) -- return CDK_Inv_Packet; -+ /* refer to --export-secret-subkeys in gpg(1) */ -+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) -+ sk->protect.ivlen = 0; -+ else { -+ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); -+ if (!sk->protect.ivlen) -+ return CDK_Inv_Packet; -+ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); -+ if (rc) -+ return rc; -+ if (nread != sk->protect.ivlen) -+ return CDK_Inv_Packet; -+ } - } - else - sk->protect.algo = sk->s2k_usage; -@@ -476,6 +497,22 @@ - return CDK_Out_Of_Core; - if (stream_read (inp, sk->encdata, sk->enclen, &nread)) - return CDK_Inv_Packet; -+ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */ -+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) { -+ unsigned char gnumode; -+ if ((sk->enclen < strlen("GNU") + 1) || -+ (0 != memcmp("GNU", sk->encdata, strlen("GNU")))) -+ return CDK_Inv_Packet; -+ gnumode = sk->encdata[strlen("GNU")]; -+ /* we only handle gnu-dummy (mode 1). -+ mode 2 should refer to external smart cards. -+ */ -+ if (gnumode != 1) -+ return CDK_Inv_Packet; -+ /* gnu-dummy should have no more data */ -+ if (sk->enclen != strlen("GNU") + 1) -+ return CDK_Inv_Packet; -+ } - nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); - if (!nskey) - return CDK_Inv_Algo; diff --git a/patches/gnutls/build b/patches/gnutls/build deleted file mode 100755 index b42832a..0000000 --- a/patches/gnutls/build +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -e - -# build a patched version of GnuTLS version 2.4.x, including the -# ability to parse and accept the GNU S2K extension known as -# "gnu-dummy" (which doesn't have any secret key data at all) - -# Note: you probably want to prepare your build system in the -# following way: - -# apt-get build-dep libgnutls26 -# aptitude install devscripts fakeroot - -# Author: Daniel Kahn Gillmor -# Date: 2008-08-22 00:11:05-0400 - -# Note: please run this from the current directory, so it can find and -# transfer the patch it needs. - -set -e - -if ! dpkg -l devscripts fakeroot >/dev/null ; then - exit 1 -fi - -workingdir=$(mktemp -d -p .) - -(cd "$workingdir" && apt-get source libgnutls26) - -cp ./*.diff "$workingdir/gnutls26-2.4".*/debian/patches/ - -cd "$workingdir/gnutls26-2.4".* -dch --local .s2kext --distribution experimental 'added patch to handle GNU extensions to S2K' -debuild -uc -us -sa - -echo now you should: -echo reprepro -C gnutls include experimental "$workingdir/"*.changes diff --git a/website/news/gnutls-2.6-enables-monkeysphere.mdwn b/website/news/gnutls-2.6-enables-monkeysphere.mdwn index b7894c5..6de2f6a 100644 --- a/website/news/gnutls-2.6-enables-monkeysphere.mdwn +++ b/website/news/gnutls-2.6-enables-monkeysphere.mdwn @@ -1,5 +1,16 @@ [[meta title="GnuTLS 2.6.x enables Monkeysphere to read authentication subkeys"]] +----- + +**2009-04-05 UPDATE:** Since Monkeysphere no longer depends on GnuTLS +at all ([moved to using Perl for key +translation](news/release-0.24-1)), and GnuTLS 2.6 is now available in +Debian testing, we have removed the GnuTLS patches from the repostiory +(although they will continue to be available in the history, or +course). + +----- + We [announced earlier](/news/modified-gnutls-2.4.x-available) that the Monkeysphere project was providing patched versions of GnuTLS to support one piece of Monkeysphere functionality. Fortunately, those -- cgit v1.2.3 From 06d5d37ffe25f4f66b58bbf1e4e51fa276ba4996 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 23:37:34 -0700 Subject: couple of modifications to the test: - unset MONKEYSPHERE_SUBKEYS_FOR_AGENT, since it will confuse the test into trying to add the user's key to the agent. - use cpio to copy a full directory tree, instead of cp -a, since cp on Darwin doesn't understand the -a option. --- tests/basic | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index 7277168..f38c9ac 100755 --- a/tests/basic +++ b/tests/basic @@ -129,6 +129,10 @@ export MONKEYSPHERE_LOG_LEVEL=DEBUG export MONKEYSPHERE_CORE_KEYLENGTH=1024 export MONKEYSPHERE_PROMPT=false +# unset SUBKEYS_FOR_AGENT variable which, if set, would confuse the +# into trying to use the user's key, instead of the testuser's key +unset MONKEYSPHERE_SUBKEYS_FOR_AGENT + export SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket @@ -146,7 +150,8 @@ export DISPLAY=monkeys echo echo "##################################################" echo "### configuring testuser home..." -cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ +(cd "$TESTDIR"/home && find testuser | cpio -pdu "$TEMPDIR") + # set up environment for testuser export TESTHOME="$TEMPDIR"/testuser export GNUPGHOME="$TESTHOME"/.gnupg @@ -166,7 +171,7 @@ get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf echo echo "##################################################" echo "### configuring admin home..." -cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ +(cd "$TESTDIR"/home && find admin | cpio -pdu "$TEMPDIR") # set up sshd echo -- cgit v1.2.3 From cb31db06f2432e5701eb2478b1cffac9e7c168d4 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 23:54:07 -0700 Subject: macports: move to just perl5 dependency (which for now is 5.8). --- packaging/macports/Portfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index 36c3635..0c440b6 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -20,7 +20,7 @@ platforms darwin depends_run bin:ssh:openssh \ port:gnupg \ - port:perl5.10 \ + port:perl5 \ port:p5-crypt-openssl-rsa \ port:p5-crypt-openssl-bignum \ port:p5-digest-sha1 \ -- cgit v1.2.3 From 8a10cedafffa08873508598c9bff0c12e1c5d278 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 6 Apr 2009 21:04:31 -0400 Subject: actually check for md5 in the path within file_hash() --- src/share/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/common b/src/share/common index 1ce07fc..ac0b5d6 100644 --- a/src/share/common +++ b/src/share/common @@ -254,7 +254,7 @@ check_capability() { file_hash() { if type md5sum &>/dev/null ; then md5sum "$1" - elif type lockfile &>/dev/null ; then + elif type md5 &>/dev/null ; then md5 "$1" else failure "Neither md5sum nor md5 are in the path!" -- cgit v1.2.3 From 5df09d935f33477cdd9763c0e9c1ba7c8073aea0 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 6 Apr 2009 21:09:12 -0400 Subject: more portable perl-based simple_checksum; i think this is correct, but i welcome any pointers about what i might be getting wrong. --- src/share/keytrans | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/share/keytrans b/src/share/keytrans index 8b2e2ea..e6777ff 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -195,11 +195,11 @@ my $keyserver_prefs = { nomodify => 0x80 ########### Math/Utility Functions ############## -# see the bottom of page 43 of RFC 4880 +# see the bottom of page 44 of RFC 4880 (http://tools.ietf.org/html/rfc4880#page-44) sub simple_checksum { my $bytes = shift; - return unpack("%32W*",$bytes) % 65536; + return unpack("%16C*",$bytes); } # calculate the multiplicative inverse of a mod b this is euclid's -- cgit v1.2.3 From c8719b2f757364178ecbe621b027765c8ce58ef4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 6 Apr 2009 22:32:56 -0400 Subject: replacing head -c with dd (for portability reasons, see #673) --- src/share/ma/setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index b453f3c..4c87009 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -57,9 +57,9 @@ EOF if [ -z "$CORE_FPR" ] ; then log info "setting up Monkeysphere authentication trust core..." - local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 Date: Mon, 6 Apr 2009 19:52:34 -0700 Subject: remove -w from keytrans shebang line, since it's redundant with 'use warnings' --- src/share/keytrans | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/keytrans b/src/share/keytrans index e6777ff..f9288fa 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w -T +#!/usr/bin/perl -T # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between -- cgit v1.2.3 From 9c49dffef9a4802004cc1216559bf5847e68a16b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 19:53:56 -0700 Subject: macports: add a hook to replace the keytrans shebang line with one that use /usr/bin/env. this removes the -T taint checking option, so we need to make sure this is ok, but this is the only way to get keytrans to work with the correct macports version of perl --- packaging/macports/Portfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index 0c440b6..7d87a93 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -36,6 +36,7 @@ checksums md5 8590532f4702fa44027a6a583657c9ef use_configure no post-build { + # update paths to SYS*DIRs exec sed -i .tmp -e "s|/etc/monkeysphere|${prefix}/etc/monkeysphere|g" \ ${worksrcpath}/src/share/defaultenv \ ${worksrcpath}/src/transitions/0.23 \ @@ -55,6 +56,12 @@ post-build { ${worksrcpath}/src/monkeysphere-host \ ${worksrcpath}/src/monkeysphere-authentication \ ${worksrcpath}/src/monkeysphere + + # fix perl shebang line + exec sed -i .tmp -e "s|#!/usr/bin/perl -T|#!/usr/bin/env perl|g" \ + ${worksrcpath}/src/share/keytrans + + # remove leftover sed cruft exec find ${worksrcpath} -name *.tmp -delete } -- cgit v1.2.3 From a258aafebeb35fec82eecc0bdf3a5d474301fb81 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 21:13:00 -0700 Subject: macports: improve perl shebang line modification for keytrans --- packaging/macports/Portfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index 7d87a93..dd6d58b 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -57,8 +57,8 @@ post-build { ${worksrcpath}/src/monkeysphere-authentication \ ${worksrcpath}/src/monkeysphere - # fix perl shebang line - exec sed -i .tmp -e "s|#!/usr/bin/perl -T|#!/usr/bin/env perl|g" \ + # fix perl shebang line to point to macports perl install + exec sed -i .tmp -e "s|^#!/usr/bin/perl -T$|#!/opt/local/bin/perl -T|" \ ${worksrcpath}/src/share/keytrans # remove leftover sed cruft -- cgit v1.2.3 From 80d903a7cacc0c5c60adfb86067e7c348f83e4c2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 21:36:31 -0700 Subject: macports: remove socat from the run depends, since it's not actually a run dependency. --- packaging/macports/Portfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index dd6d58b..d73a656 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -24,8 +24,7 @@ depends_run bin:ssh:openssh \ port:p5-crypt-openssl-rsa \ port:p5-crypt-openssl-bignum \ port:p5-digest-sha1 \ - port:procmail \ - port:socat + port:procmail master_sites http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ distname ${name}_${version} -- cgit v1.2.3 From 436fa72417f0d086347bcaa7256d5f83296bc6d6 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 21:59:59 -0700 Subject: add new util script to update the macports Portfile --- packaging/macports/Portfile | 4 ++-- utils/build-macports-portfile | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100755 utils/build-macports-portfile diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index d73a656..fd2eafe 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -3,7 +3,7 @@ PortSystem 1.0 name monkeysphere -version 0.24 +version 0.25 categories net security maintainers nomaintainer description use the OpenPGP web of trust to verify ssh connections @@ -30,7 +30,7 @@ master_sites http://archive.monkeysphere.info/debian/pool/monkeysphere/m/ distname ${name}_${version} extract.suffix .orig.tar.gz worksrcdir ${name}-${version} -checksums md5 8590532f4702fa44027a6a583657c9ef +checksums md5 3ac1918eee99725869e65f3f5a24fe17 use_configure no diff --git a/utils/build-macports-portfile b/utils/build-macports-portfile new file mode 100755 index 0000000..c5e6a48 --- /dev/null +++ b/utils/build-macports-portfile @@ -0,0 +1,9 @@ +#!/bin/bash -e + +PORTFILE="packaging/macports/Portfile" + +VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +MD5=`md5sum monkeysphere_${VERSION}.orig.tar.gz | awk '{ print $1 }'` + +sed -i~ 's/^version.*$/version '"$VERSION"/ "$PORTFILE" +sed -i~ 's/^checksums.*$/checksums md5 '"$MD5"/ "$PORTFILE" -- cgit v1.2.3 From bae0c4c8f0a7fddfc80ce2fc397d8eb5e215fe11 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 22:04:32 -0700 Subject: add macports portfile update target to makefile --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 9873d32..58ef332 100755 --- a/Makefile +++ b/Makefile @@ -37,6 +37,9 @@ debian-package: tarball freebsd-distinfo: ./utils/build-freebsd-distinfo +macports-portfile: + ./utils/build-macports-portfile + clean: # clean up old monkeysphere packages lying around as well. rm -f monkeysphere_* -- cgit v1.2.3 From ba5ecb7a3f10b916369ae05c8a751c861915da1d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 22:06:29 -0700 Subject: revert macports back to state for 0.24, until 0.25 is actually released --- packaging/macports/Portfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile index fd2eafe..d73a656 100644 --- a/packaging/macports/Portfile +++ b/packaging/macports/Portfile @@ -3,7 +3,7 @@ PortSystem 1.0 name monkeysphere -version 0.25 +version 0.24 categories net security maintainers nomaintainer description use the OpenPGP web of trust to verify ssh connections @@ -30,7 +30,7 @@ master_sites http://archive.monkeysphere.info/debian/pool/monkeysphere/m/ distname ${name}_${version} extract.suffix .orig.tar.gz worksrcdir ${name}-${version} -checksums md5 3ac1918eee99725869e65f3f5a24fe17 +checksums md5 8590532f4702fa44027a6a583657c9ef use_configure no -- cgit v1.2.3 From 802c21de824309c1e704f172b12bf46bf5d86e7c Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 22:22:53 -0700 Subject: update debian packaging Standards-Version to 3.8.1 --- packaging/debian/changelog | 4 +++- packaging/debian/control | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 82ef1ae..9d404a8 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -7,8 +7,10 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low - clean out some redundant "cat"s - fix monkeysphere update-known_hosts for sshd running on non-standard ports + - some portability improvements + * update Standard-Version to 3.8.1 - -- Jameson Graef Rollins Wed, 18 Mar 2009 11:46:44 -0400 + -- Jameson Graef Rollins Mon, 06 Apr 2009 22:20:55 -0700 monkeysphere (0.24-1) unstable; urgency=low diff --git a/packaging/debian/control b/packaging/debian/control index 616a95a..3601c10 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -4,7 +4,7 @@ Priority: extra Maintainer: Jameson Graef Rollins Uploaders: Daniel Kahn Gillmor Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail -Standards-Version: 3.8.0.1 +Standards-Version: 3.8.1 Homepage: http://web.monkeysphere.info/ Vcs-Git: git://git.monkeysphere.info/monkeysphere Dm-Upload-Allowed: yes -- cgit v1.2.3 From c514677a32ef4a3264898a389902ac973ebc3507 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 22:40:08 -0700 Subject: Add two new compatibility functions: - list_user to list all users on the system - get_homedir to return the path to a users home directory These functions should provide compatibility on linux, FreeBSD and Darwin systems. --- src/share/common | 19 ++++++++++++++++++- src/share/ma/update_users | 2 +- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/share/common b/src/share/common index ac0b5d6..f954bb9 100644 --- a/src/share/common +++ b/src/share/common @@ -390,7 +390,7 @@ translate_ssh_variables() { path="$2" # get the user's home directory - userHome=$(getent passwd "$uname" | cut -d: -f6) + userHome=$(get_homedir "$uname") # translate '%u' to user name path=${path/\%u/"$uname"} @@ -458,6 +458,23 @@ check_key_file_permissions() { fi } +# return a list of all users on the system +list_users() { + if type getent &>/dev/null ; then + # for linux and FreeBSD systems + getent passwd | cut -d: -f1 + elif type dscl &>/dev/null ; then + # for Darwin systems + dscl localhost -list /Search/Users + fi +} + +# return the path to the home directory of a user +get_homedir() { + local uname=${1:-`whoami`} + eval "echo ~${uname}" +} + ### CONVERSION UTILITIES # output the ssh key for a given key ID diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 3a5c006..c5c74cf 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -24,7 +24,7 @@ if [ "$1" ] ; then unames="$@" else # or just look at all users if none specified - unames=$(getent passwd | cut -d: -f1) + unames=$(list_users) fi # set mode -- cgit v1.2.3 From c2a85da2be8f884cb7e96f05d8a37dcb6ddd80b5 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 22:53:04 -0700 Subject: add else failure to list_users function --- src/share/common | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/share/common b/src/share/common index f954bb9..11e7969 100644 --- a/src/share/common +++ b/src/share/common @@ -466,6 +466,8 @@ list_users() { elif type dscl &>/dev/null ; then # for Darwin systems dscl localhost -list /Search/Users + else + failure "Neither getent or dscl is in the path! Could not determine list of users." fi } -- cgit v1.2.3 From 00ff70f6038a20c09968bc7b1cd2309916e178a8 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 23:31:09 -0700 Subject: make test prompt for shell on failure enbabled by default, and turned off with env variable MONKEYSPHERE_TEST_NO_EXAMINE --- Makefile | 2 +- tests/common | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 58ef332..5f87a16 100755 --- a/Makefile +++ b/Makefile @@ -81,6 +81,6 @@ releasenote: ./utils/build-releasenote test: - ./tests/basic + MONKEYSPHERE_TEST_NO_EXAMINE=true ./tests/basic .PHONY: all tarball debian-package freebsd-distinfo clean install installman releasenote test diff --git a/tests/common b/tests/common index e53c31e..a000c56 100644 --- a/tests/common +++ b/tests/common @@ -3,7 +3,7 @@ failed_cleanup() { # FIXME: can we be more verbose here? echo 'FAILED!' - if [ "$MONKEYSPHERE_TEST_ALLOW_EXAMINATION" = prompt ] ; then + if [ -z "$MONKEYSPHERE_TEST_NO_EXAMINE" ] ; then read -p "press enter to cleanup and remove tmp (or type bash for a subshell to examine): " XX if [ "$XX" = bash ] ; then echo "Entering subshell..." -- cgit v1.2.3 From eb6efe735e1dbd7f5826998e3f88b6cc99c64d54 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 7 Apr 2009 02:41:01 -0400 Subject: additional notes to release manager about keeping track of non-debian ports. --- utils/build-releasenote | 2 ++ utils/preparing-release | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/utils/build-releasenote b/utils/build-releasenote index b25a87c..1dee649 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -39,3 +39,5 @@ set +e git add website/download.mdwn gpg --verify website/download.mdwn + +printf "please remember to add the new version to the bugtracker:\n https://labs.riseup.net/code/projects/settings/monkeysphere\n" diff --git a/utils/preparing-release b/utils/preparing-release index dd9d224..90dc200 100644 --- a/utils/preparing-release +++ b/utils/preparing-release @@ -14,3 +14,16 @@ * create debian-specific version tag: git tag -s -m 'Tagging Monkeysphere $whatever-1' monkeysphere_$whatever-1 + + * update FreeBSD and Macports info: + + make freebsd-distinfo + make macports-portsfile + + (probably should consider tagging these ports as well to make them + easy to recover) + + * remember to add the new version (n + 1) to the bugtracker if it's + not already: + + https://labs.riseup.net/code/projects/settings/monkeysphere -- cgit v1.2.3