From 0141efcc55977e8f61bc7ccb31539e99d3ba3d49 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 2 Nov 2008 19:47:09 -0500 Subject: work on website, cleaning up download page --- website/doc.mdwn | 12 ++++-------- website/download.mdwn | 40 +++++++++++++++++++++++++++++----------- website/technical-details.mdwn | 5 +++++ 3 files changed, 38 insertions(+), 19 deletions(-) create mode 100644 website/technical-details.mdwn diff --git a/website/doc.mdwn b/website/doc.mdwn index 56498e8..b60cf28 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -2,20 +2,16 @@ # Documentation # -## Dependencies ## - -Monkeysphere relies on: - - * [GnuTLS](http://gnutls.org/) version 2.4.0 or later - * [OpenSSH](http://openssh.com/) - * [GnuPG](http://gnupg.org/) - ## Getting started ## * [Downloading and installing](/download) * Getting started as a [user](/getting-started-user) * Getting started as a [server admin](/getting-started-admin) + +## Under the hood ## + * [Developing the monkeysphere](/community) + * [Technical details](/technical-details) ## References ## diff --git a/website/download.mdwn b/website/download.mdwn index 5551b52..384a03c 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -2,10 +2,25 @@ # Downloading and Installing # +Once you've installed the packages, please see the [documentation +page](/doc) to read up on how to get started [as a regular +user](/getting-started-user) or [as a systems +administrator](/getting-started-admin). + +## Dependencies ## + +Monkeysphere relies on: + + * [GnuTLS](http://gnutls.org/) + * version 2.4 or later for general use + * [version 2.6 or later](/news/gnutls-2.6-enables-monkeysphere) to use the `monkeysphere subkey-to-ssh-agent` subcommand. + * [OpenSSH](http://openssh.com/) + * [GnuPG](http://gnupg.org/) + ## Debian ## -If you are running a Debian system, you can install Monkeysphere -by following these directions: +If you are running a [Debian](http://www.debian.org/) system, you can +install Monkeysphere by following these directions: You can add this repo to your system by putting the following lines in `/etc/apt/sources.list.d/monkeysphere.list`: @@ -14,23 +29,20 @@ You can add this repo to your system by putting the following lines in deb-src http://archive.monkeysphere.info/debian experimental monkeysphere The repository is currently signed by [The Monkeysphere archive -signing key](/archive-key), key id EB8AF314 (fingerprint: `2E8D -D26C 53F1 197D DF40 3E61 18E6 67F1 EB8A F314`). To cryptographically +signing key](/archive-key), key id EB8AF314 (fingerprint: `2E8D D26C +53F1 197D DF40 3E61 18E6 67F1 EB8A F314`). To cryptographically verify the packages, you'll want to [add this key to your apt configuration after verifying its integrity](http://wiki.debian.org/SecureApt). To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will -also need [version 2.6 of GnuTLS](/news/gnutls-2.6-enables-monkeysphere), -which is available in Debian experimental. - -Once you've installed the packages, you might want to read up on how -to get started [as a regular user](/getting-started-user) or [as a -systems administrator](/getting-started-admin). +also need [version 2.6 of +GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is available in +Debian experimental. ## FreeBSD ## -There is [now a FreeBSD port available](/news/FreeBSD-port-available/) +There is [now a FreeBSD port available](/news/FreeBSD-port-available) for the Monkeysphere. While the monkeysphere is not officially included in the ports tree @@ -52,6 +64,12 @@ port with: cd /usr/ports/security/monkeysphere make && make install +To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will +also need [version 2.6 of +GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is [slated to be +available after the 7.1 ports slush is +over](http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127330). + ## Source ## For those that would like to download the source directly, [the source diff --git a/website/technical-details.mdwn b/website/technical-details.mdwn new file mode 100644 index 0000000..b4decce --- /dev/null +++ b/website/technical-details.mdwn @@ -0,0 +1,5 @@ +[[meta title="Technical Details"]] + +# Technical Details # + +Under construction. -- cgit v1.2.3 From 8ba61926bbe8609c4e5a9c9e5e0b12644880de92 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 3 Nov 2008 00:36:10 -0500 Subject: set the bash pipefail option in the test script to return the error code of the first failed function in a pipe. also add some new web pages that need to be filled out. --- tests/basic | 1 + website/features.mdwn | 4 ++++ website/technical-details.mdwn | 23 +++++++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 website/features.mdwn diff --git a/tests/basic b/tests/basic index 289a1b7..d863886 100755 --- a/tests/basic +++ b/tests/basic @@ -13,6 +13,7 @@ # all subcommands in this script should complete without failure: set -e +set -o pipefail ## make sure that the right tools are installed to run the test. the ## test has *more* requirements than plain ol' monkeysphere: diff --git a/website/features.mdwn b/website/features.mdwn new file mode 100644 index 0000000..1aabda1 --- /dev/null +++ b/website/features.mdwn @@ -0,0 +1,4 @@ +[[meta title="Features"]] + +# Features # + diff --git a/website/technical-details.mdwn b/website/technical-details.mdwn index b4decce..902e356 100644 --- a/website/technical-details.mdwn +++ b/website/technical-details.mdwn @@ -3,3 +3,26 @@ # Technical Details # Under construction. + +## Host key verification ## + +When an ssh connection is initiated, the ssh client checks that the +host key presented by the server matches one found in the connecting +user's `known_hosts` file. If so, the ssh client allows the +connection to continue. If not, the client asks the user if they +would like to accept the host key for future session by asking the +user to verify the host key's fingerprint. + +### Adding a server to the monkeysphere ### + +Servers are "monkeysphere enabled" by generating an OpenPGP +authentication key for the server, translating the key into on ssh +key, and publishing the host key to the Web of Trust. + +### Verifying a host key ### + +## User authentication ## + +### Adding an individual to the monkeysphere ### + +### Verifying a user key ### -- cgit v1.2.3 From 19dda210d51a9787f7f3cd8fea1f59220bb83859 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 4 Nov 2008 12:44:11 -0500 Subject: very minor changes to test script --- tests/basic | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index d863886..c38a74b 100755 --- a/tests/basic +++ b/tests/basic @@ -13,11 +13,11 @@ # all subcommands in this script should complete without failure: set -e +# piped commands should return the code of the first non-zero return set -o pipefail ## make sure that the right tools are installed to run the test. the ## test has *more* requirements than plain ol' monkeysphere: - which socat || { echo "You must have socat installed to run this test." ; exit 1; } ## FIXME: other checks? @@ -121,7 +121,6 @@ export MONKEYSPHERE_LOG_LEVEL=DEBUG export SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket -export SSHD_PID= # Make sure $DISPLAY is set to convince ssh and monkeysphere to fall # back on $SSH_ASKPASS. Make sure it's not set to the current actual -- cgit v1.2.3 From f05d8f446617a5ee6438232ab16c4619c160ae0e Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 5 Nov 2008 16:21:18 -0500 Subject: small fix to broken web link. --- website/getting-started-user.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn index 66378dc..5dcb0d6 100644 --- a/website/getting-started-user.mdwn +++ b/website/getting-started-user.mdwn @@ -24,7 +24,7 @@ Install the monkeysphere software on your system ------------------------------------------------ If you haven't installed monkeysphere yet, you will need to [download -and install] (/download) before continuing. +and install](/download) before continuing. Make sure that you have the GnuTLS library version 2.6 or later installed on your system. If you can't (or don't want to) upgrade to -- cgit v1.2.3 From 7836f86d02a15f25941c098b065989678bfe72a2 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 9 Nov 2008 17:45:48 -0500 Subject: include the gnupg config files in FreeBSD port. --- packaging/freebsd/security/monkeysphere/pkg-plist | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packaging/freebsd/security/monkeysphere/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist index 04a704a..9d9d40a 100644 --- a/packaging/freebsd/security/monkeysphere/pkg-plist +++ b/packaging/freebsd/security/monkeysphere/pkg-plist @@ -13,6 +13,12 @@ etc/monkeysphere/monkeysphere.conf.sample @unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi etc/monkeysphere/monkeysphere-server.conf.sample @exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/gnupg-host.conf.sample %D/etc/monkeysphere/gnupg-host.conf; then rm -f %D/etc/monkeysphere/gnupg-host.conf; fi +etc/monkeysphere/gnupg-host.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/gnupg-host.conf ] ; then cp -p %D/%F %B/gnupg-host.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/gnupg-authentication.conf.sample %D/etc/monkeysphere/gnupg-authentication.conf; then rm -f %D/etc/monkeysphere/gnupg-authentication.conf; fi +etc/monkeysphere/gnupg-authentication.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/gnupg-authentication.conf ] ; then cp -p %D/%F %B/gnupg-authentication.conf; fi @dirrm share/doc/monkeysphere @dirrm share/monkeysphere @dirrm etc/monkeysphere -- cgit v1.2.3 From 60bb324da7c83092c354a7bb4f66116fddd3790a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 9 Nov 2008 18:08:23 -0500 Subject: tests/basic ensure that any lingering sshd process will get killed off. --- tests/basic | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/basic b/tests/basic index c38a74b..5ba7a25 100755 --- a/tests/basic +++ b/tests/basic @@ -54,6 +54,7 @@ ssh_test() { # kill the sshd process if it's still running kill "$SSHD_PID" + SSHD_PID= set -e @@ -87,9 +88,16 @@ cleanup() { echo "### removing temp dir..." rm -rf "$TEMPDIR" + if [ "$SSHD_PID" ] ; then + echo "### killing off lingering sshd..." + kill "$SSHD_PID" + fi + wait } +SSHD_PID= + ## setup trap trap failed_cleanup EXIT -- cgit v1.2.3 From bdce00fa9b87a303e7b3a52589b4799b6e9a405d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 9 Nov 2008 18:10:18 -0500 Subject: update changelog to reflect test tweaking. --- debian/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 300175d..580312d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,8 +6,9 @@ monkeysphere (0.20-1) UNRELEASED; urgency=low [ Daniel Kahn Gillmor ] * ensure that tempdirs are properly created, bail out otherwise instead of stumbling ahead. + * minor fussing with the test script to make it cleaner. - -- Daniel Kahn Gillmor Thu, 30 Oct 2008 15:03:23 -0400 + -- Daniel Kahn Gillmor Sun, 09 Nov 2008 18:09:40 -0500 monkeysphere (0.19-1) experimental; urgency=low -- cgit v1.2.3 From a4f2e6c3e7086504d7b982971bb7584e411caf4d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 10 Nov 2008 11:15:11 -0500 Subject: add shebang and copyright to makefile. --- Makefile | 7 +++++++ 1 file changed, 7 insertions(+) mode change 100644 => 100755 Makefile diff --git a/Makefile b/Makefile old mode 100644 new mode 100755 index 9c07f0d..7db645a --- a/Makefile +++ b/Makefile @@ -1,3 +1,10 @@ +#!/usr/bin/make -f + +# Makefile for monkeysphere + +# (c) 2008 Daniel Kahn Gillmor +# Licensed under GPL v3 or later + MONKEYSPHERE_VERSION = `head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` # these defaults are for debian. porters should probably adjust them -- cgit v1.2.3 From fdc8f9de7c8d9cc77eddbd5eac8de04e66d16589 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 13:08:12 -0500 Subject: changed myself to be maintainer. --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index ccc3ad2..4c836b4 100644 --- a/debian/control +++ b/debian/control @@ -1,8 +1,8 @@ Source: monkeysphere Section: net Priority: extra -Maintainer: Daniel Kahn Gillmor -Uploaders: Jameson Graef Rollins +Maintainer: Jameson Graef Rollins +Uploaders: Daniel Kahn Gillmor Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) Standards-Version: 3.8.0.1 Homepage: http://web.monkeysphere.info/ -- cgit v1.2.3 From 8181382eb56607ee13d0eb7848487ac685c5f6cd Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 13:17:31 -0500 Subject: update changelog --- debian/changelog | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 580312d..15ef710 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,15 @@ monkeysphere (0.20-1) UNRELEASED; urgency=low - [ Jameson Graef Rollins ] - * clean up Makefile to generate more elegant source tarballs. - [ Daniel Kahn Gillmor ] * ensure that tempdirs are properly created, bail out otherwise instead of stumbling ahead. * minor fussing with the test script to make it cleaner. - -- Daniel Kahn Gillmor Sun, 09 Nov 2008 18:09:40 -0500 + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 monkeysphere (0.19-1) experimental; urgency=low -- cgit v1.2.3 From d6298194a23adc09731b34568455a3598b29bea1 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 13:35:09 -0500 Subject: change distribution to unstable in changelog. --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 15ef710..6988e89 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.20-1) UNRELEASED; urgency=low +monkeysphere (0.20-1) unstable; urgency=low [ Daniel Kahn Gillmor ] * ensure that tempdirs are properly created, bail out otherwise instead -- cgit v1.2.3 From acac70fac9fabf81ed09b505129221545f7c0728 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 15 Nov 2008 14:22:34 -0500 Subject: release notes for 0.20. --- website/download.mdwn | 36 ++++++++++++++++++------------------ website/news/release-0.20-1.mdwn | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+), 18 deletions(-) create mode 100644 website/news/release-0.20-1.mdwn diff --git a/website/download.mdwn b/website/download.mdwn index 1a0f26e..b73beba 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -75,38 +75,38 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.19.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.20.orig.tar.gz) is also available, and has these checksums: 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-checksums for the monkeysphere 0.19 release:
+checksums for the monkeysphere 0.20 release:
 
 MD5:
-64c643dd0ab642bbc8814aec1718000e  monkeysphere_0.19.orig.tar.gz
+2503b0e83cab1dff339f73a2734ac185  monkeysphere_0.20.orig.tar.gz
 
 SHA1:
-ea3c263b084d2c0b7922cd96677be192201700e4  monkeysphere_0.19.orig.tar.gz
+8775a3569f2ac3a3e7977441b93c431677f44435  monkeysphere_0.20.orig.tar.gz
 
 SHA256:
-321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522  monkeysphere_0.19.orig.tar.gz
+c8e0e2a2ad26b7690147eabb69e2cffaa1d8c114d3c6878e2f05a5f21387c0dd  monkeysphere_0.20.orig.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iQIVAwUBSQgMCRjmZ/HrivMUAQI2Jg//bZoSxx0Nor6uBikRGHQny8LzgUT/0kpv
-xg0eRmL9kQwhGis/sdOiJ9cHykJ1ukhRiIZGfxPBdxiQbWGs9nM6147TGIDgqx6D
-yYIW41dvzTRB0TwjNd7g1q6MaSiDNuU/6dD+ooM3/IiR8PDR7X8we0WhSM63KD+v
-HeMsN51UMhBfeaZ06fxrjYoJCvnp0YNYJpLuvtd5tzxqJCJA2Vh5VqJMbMP/MtbY
-zM/zuNXRI1mJnQZeU++IaAnimX7c7SsGjLaloZG8mapYqqY0tKJ5Yod6aeloq+i5
-wI4gZuuPcgAntD6cnPaqB1ni/d71yywme5F75zpezXGzKzDSh1J5oE6akjMi2lJE
-DSOKp7zb7TvDwXxCl+vOVod81F260gPhonlTsD/LpBfPGPBdWlWP+fFchb9N/a2u
-weCMhUYX1u8Jg/bHIycjoQjPEgZwCkJT9RKF1NTLyWvb4P4a3sPe+fauCMZFbTQ/
-3EYPRBY+PfIDO09XswdB5O3gq6B33ChyWJpdwlXEEHMcFt1FuezuP0avVM9/3ZNp
-MkqalDrUEd65X8o+CE3KjFxjMceVdda9mz2netnoHrFMW6X3mFqE2fTldgHi1mCT
-hMCqpPzY04+HOHYZ0GapR3pvedd4dwhkNYrdpckp+nJMTRfexEPH/NXDVNH/mxKg
-jLoIos0SaiY=
-=VUsz
+iQIVAwUBSR8fFhjmZ/HrivMUAQLMDA/+OYFSqeEilDu+Tw8H4KNUWG6Li5IXf7Yc
+G3FGMueN0ILnnEF4F3XBz4zd0Km1qi5v4dFsLUGtqbd7uUOPXa24G6+T6srRh90x
+6vKcOuPmQeaHZaVwHeliA32yLa5Oh1TuSKZ9imDzqmcbYDW5ekKKNv07dEuS8pbt
+DkJ6XXnPC2Pe1W9jUFsfOQJn797ZjbPxyu1uops2CZTo04nS4pWvVjwiwiNNbzjt
+kknsFObcv9TfbtHQNoMKI7IEjp2TuGT5Au6y0U0mQZnJ3O7VjGZkS0noq4dxIIyN
+vApChk69J8fixQD+DDo9ewBUS+hWkpaJxQyDWrpE8kAlT/jEG89PEpUZtO6E3MlP
+4eHX8keI45+RkthE2uQDQjtAObIn7+RI+LOzTmwPP8WqP71IVeCmhtofKhDO6rIS
+1wOx8JEoW3UbFujsoXmwNdJj9M9TLo0NSbDXsg++3HSivA9AFmAvZWYhQ1nIfOFq
+poK2CXCk2qfRMowhPC4MeBahaErdlvZM/t72zGwtfgS4fmU4nk6Z0QD7ImfBOelo
+kTPw3V7n8rM6cAtdI86d0oYVsEFmqkJH6ih/fBHad8hGniwNeZG9ipeSZUEyvrMg
+u5Y6fMRkUPpikIEchRNUph39NVIKt8YqeiQyrp8t6xSHQucz74uBPOFMaS2VUifH
+oijtS4Im4IA=
+=UeKa
 -----END PGP SIGNATURE-----
diff --git a/website/news/release-0.20-1.mdwn b/website/news/release-0.20-1.mdwn new file mode 100644 index 0000000..841369d --- /dev/null +++ b/website/news/release-0.20-1.mdwn @@ -0,0 +1,18 @@ +[[meta title="Monkeysphere 0.20-1 released!"]] + +Monkeysphere 0.20-1 has been released. + +Notes from the changelog: + +
+  [ Daniel Kahn Gillmor ]
+  * ensure that tempdirs are properly created, bail out otherwise instead
+    of stumbling ahead.
+  * minor fussing with the test script to make it cleaner.
+
+  [ Jameson Graef Rollins ]
+  * clean up Makefile to generate more elegant source tarballs.
+  * make myself the maintainer.
+
+ +[[Download]] it now! -- cgit v1.2.3 From 3726f3dd674e74258c5f47b00f3f6f15f4037175 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 14:43:22 -0500 Subject: move debian packaging to the packaging/ subdirectory. --- COPYING | 6 +- Makefile | 4 +- changelog | 1 + debian/changelog | 270 -------------------------------- debian/compat | 1 - debian/control | 23 --- debian/copyright | 24 --- debian/monkeysphere.dirs | 12 -- debian/monkeysphere.postinst | 28 ---- debian/monkeysphere.postrm | 21 --- debian/monkeysphere.preinst | 22 --- debian/rules | 3 - packaging/debian/changelog | 1 + packaging/debian/compat | 1 + packaging/debian/control | 23 +++ packaging/debian/copyright | 24 +++ packaging/debian/monkeysphere.dirs | 12 ++ packaging/debian/monkeysphere.postinst | 28 ++++ packaging/debian/monkeysphere.postrm | 21 +++ packaging/debian/monkeysphere.preinst | 22 +++ packaging/debian/rules | 3 + website/changelog | 276 +++++++++++++++++++++++++++++++++ website/news/release-0.20-1.mdwn | 18 +++ 23 files changed, 435 insertions(+), 409 deletions(-) create mode 120000 changelog delete mode 100644 debian/changelog delete mode 100644 debian/compat delete mode 100644 debian/control delete mode 100644 debian/copyright delete mode 100644 debian/monkeysphere.dirs delete mode 100755 debian/monkeysphere.postinst delete mode 100755 debian/monkeysphere.postrm delete mode 100755 debian/monkeysphere.preinst delete mode 100755 debian/rules create mode 120000 packaging/debian/changelog create mode 100644 packaging/debian/compat create mode 100644 packaging/debian/control create mode 100644 packaging/debian/copyright create mode 100644 packaging/debian/monkeysphere.dirs create mode 100755 packaging/debian/monkeysphere.postinst create mode 100755 packaging/debian/monkeysphere.postrm create mode 100755 packaging/debian/monkeysphere.preinst create mode 100755 packaging/debian/rules create mode 100644 website/changelog create mode 100644 website/news/release-0.20-1.mdwn diff --git a/COPYING b/COPYING index fefe9ab..070c992 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -MonkeySphere is a system to use the OpenPGP web-of-trust to +Monkeysphere is a system to use the OpenPGP web-of-trust to authenticate and encrypt ssh connections. It is free software, developed by: @@ -12,12 +12,12 @@ It is free software, developed by: Ross Glover Greg Lyle -MonkeySphere is distributed in the hope that it will be useful, but +Monkeysphere is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -MonkeySphere Copyright 2007, and are all released under the GPL, +Monkeysphere Copyright 2007, and are all released under the GPL, version 3 or later. diff --git a/Makefile b/Makefile index 7db645a..7493b1f 100755 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ # (c) 2008 Daniel Kahn Gillmor # Licensed under GPL v3 or later -MONKEYSPHERE_VERSION = `head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` # these defaults are for debian. porters should probably adjust them # before calling make install @@ -29,7 +29,7 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz - cp -a debian monkeysphere-$(MONKEYSPHERE_VERSION) + cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) diff --git a/changelog b/changelog new file mode 120000 index 0000000..b9a9e21 --- /dev/null +++ b/changelog @@ -0,0 +1 @@ +website/changelog \ No newline at end of file diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index 6988e89..0000000 --- a/debian/changelog +++ /dev/null @@ -1,270 +0,0 @@ -monkeysphere (0.20-1) unstable; urgency=low - - [ Daniel Kahn Gillmor ] - * ensure that tempdirs are properly created, bail out otherwise instead - of stumbling ahead. - * minor fussing with the test script to make it cleaner. - - [ Jameson Graef Rollins ] - * clean up Makefile to generate more elegant source tarballs. - * make myself the maintainer. - - -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 - -monkeysphere (0.19-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * simulating an X11 session in the test script. - * updated packaging so that symlinks to config files are correct. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 - -monkeysphere (0.18-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bugs in authorized_{user_ids,keys} file permission checking. - * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys - files. - * chown authorized_keys files to `whoami`, for compatibility with test - suite. - * major improvements to test suite, added more tests. - - [ Daniel Kahn Gillmor ] - * update make install to ensure placement of - /etc/monkeysphere/gnupg-{host,authentication}.conf - * choose either --quick-random or --debug-quick-random depending on - which gpg supports for the test suite. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 - -monkeysphere (0.17-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix some bugs in, and cleanup, authorized_keys file creation in - monkeysphere-server update-users. - * Move to using the empty string for not adding a user-controlled - authorized_keys file in the RAW_AUTHORIZED_KEYS variable. - - -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 - -monkeysphere (0.16-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better - portability. - * fixed busted lockfile arrangement, where empty file was being locked - * portability fixes in the way we use date, mktemp, hostname, su - * stop using /usr/bin/stat, since the syntax appears to be totally - unportable - * require GNU getopt, and test for getopt failures (look for getopt in - /usr/local/bin first, since that's where FreeBSD's GNU-compatible - getopt lives. - * monkeysphere-server diagnostics now counts problems and suggests a - re-run after they have been resolved. - * completed basic test suite: this can be run from the git sources or - the tarball with: cd tests && ./basic - - [ Jameson Graef Rollins ] - * Genericize fs location variables. - * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at - install. - - -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 - -monkeysphere (0.15-1) experimental; urgency=low - - * porting work and packaging simplification: clarifying makefiles, - pruning dependencies, etc. - * added tests to monkeysphere-server diagnostics - * moved monkeysphere(5) to section 7 of the manual - * now shipping TODO in /usr/share/doc/monkeysphere - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 - -monkeysphere (0.14-1) experimental; urgency=low - - * changing debian packaging back to format 1.0 so we get automatic - tarballs, and easier inclusion in other build networks. - * no other source changes. - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 - -monkeysphere (0.13-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. - * updated makefile to reflect the package building technique we've been - using for a month now. - - [ Jameson Graef Rollins ] - * move location of user config directory to ~/.monkeysphere. - - -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 - -monkeysphere (0.12-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Improved output handling. New LOG_LEVEL variable. - - [ Daniel Kahn Gillmor ] - * debian/control: switched Homepage: and Vcs-Git: to canonicalized - upstream hostnames. - * updated documentation for new release. - * changed my associated e-mail address for this package. - - -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 - -monkeysphere (0.11-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * fix bug in trustdb update on add/revoke-hostname. - - [ Daniel Kahn Gillmor ] - * debian/control: added Build-Depends: git-core for the new packaging - format - * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched - GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly - if not found). - - -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 - -monkeysphere (0.10-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * brown paper bag release: invert test on calculated validity of keys. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 - -monkeysphere (0.9-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * implemented "monkeysphere-server extend-key" to adjust expiration - date of host key. - * removed "monkeysphere-server fingerprint". Use "monkeysphere-server - show-key" instead. - - [ Jameson Graef Rollins ] - * fixed bug in user id processing that prevented bad primary keys from - being properly removed. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 - -monkeysphere (0.8-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * debian/control: switched Vcs-Git to use "centralized" git repo instead - of my own. - * More monkeysphere-server diagnostics - * monkeysphere --gen-subkey now guesses what KeyID you meant. - * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey - works sensibly under X11 - - [ Jameson Graef Rollins ] - * fix another bug when known_hosts files are missing. - * sort processed keys so that "good" keys are processed after "bad" - keys. This will prevent malicious bad keys from causing good keys to - be removed from key files. - * enabled host key publication. - * added checking of gpg.conf for keyserver - * new functions to add/revoke host key user IDs - * improved list-certifiers function (now non-privileged) - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 - -monkeysphere (0.7-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * Added monkeysphere-server diagnostics subcommand. - * rebuilding package using Format: 3.0 (git) - - [ Jameson Graef Rollins ] - * fix how check for file modification is done. - * rework out user id processing is done to provide more verbose log - output. - * fix bug in monkeysphpere update-authorized_keys subcommand where - disallowed keys failed to be remove from authorized_keys file. - - -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 - -monkeysphere (0.6-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bug in return on error of ssh-proxycommand. - - [ Daniel Kahn Gillmor ] - * try socat if netcat is not available in proxycommand. - - -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 - -monkeysphere (0.5-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * updated READMEs to match current state of code - - [ Jameson Graef Rollins ] - * Tweak how empty authorized_user_ids and known_hosts files are handled. - * Do not fail when authorized_user_ids or known_hosts file is not found. - - -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 - -monkeysphere (0.4-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * New version. - * Fixed return code error in openpgp2ssh - - [ Jameson Graef Rollins ] - * Privilege separation: use monkeysphere user to handle maintenance of - the gnupg authentication keychain for server. - * Improved certifier key management. - * Fixed variable scoping and config file precedence. - * Add options for key generation and add-certifier functions. - * Fix return codes for known_host and authorized_keys updating - functions. - * Add write permission check on authorized_keys, known_hosts, and - authorized_user_ids files. - - -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 - -monkeysphere (0.3-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * new version. - - [ Jameson Graef Rollins ] - * Move files in /var/cache/monkeysphere and GNUPGHOME for server to - the more appropriate /var/lib/monkeysphere. - - -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 - -monkeysphere (0.2-2) experimental; urgency=low - - * added lockfile-progs dependency - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 - -monkeysphere (0.2-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * openpgp2ssh now supports specifying keys by full fingerprint. - - [ Jameson Graef Rollins ] - * Add AUTHORIZED_USER_IDS config variable for server, which defaults to - %h/.config/monkeysphere/authorized_user_ids, instead of - /etc/monkeysphere/authorized_user_ids. - * Remove {update,remove}-userids functions, since we decided they - weren't useful enough to be worth maintaining. - * Better handling of unknown users in server update-users - * Add file locking when modifying known_hosts or authorized_keys - * Better failure/prompting for gen-subkey - * Add ability to set any owner trust level for keys in server keychain. - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 - -monkeysphere (0.1-1) experimental; urgency=low - - * First release of debian package for monkeysphere. - * This is experimental -- please report bugs! - - -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 - diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 7f8f011..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -7 diff --git a/debian/control b/debian/control deleted file mode 100644 index 4c836b4..0000000 --- a/debian/control +++ /dev/null @@ -1,23 +0,0 @@ -Source: monkeysphere -Section: net -Priority: extra -Maintainer: Jameson Graef Rollins -Uploaders: Daniel Kahn Gillmor -Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) -Standards-Version: 3.8.0.1 -Homepage: http://web.monkeysphere.info/ -Vcs-Git: git://git.monkeysphere.info/monkeysphere -Dm-Upload-Allowed: yes - -Package: monkeysphere -Architecture: any -Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} -Recommends: netcat | socat, ssh-askpass -Enhances: openssh-client, openssh-server -Description: use the OpenPGP web of trust to verify ssh connections - SSH key-based authentication is tried-and-true, but it lacks a true - Public Key Infrastructure for key certification, revocation and - expiration. Monkeysphere is a framework that uses the OpenPGP web of - trust for these PKI functions. It can be used in both directions: - for users to get validated host keys, and for hosts to authenticate - users. diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 4c25286..0000000 --- a/debian/copyright +++ /dev/null @@ -1,24 +0,0 @@ -Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226 -Debianized-By: Daniel Kahn Gillmor -Debianized-Date: Fri Jun 13 10:19:16 EDT 2008 -Original-Source: http://web.monkeysphere.info/download - -Files: * -Copyright: Copyright 2008 Jameson Rollins , - Daniel Kahn Gillmor , - Jamie McClelland , - Micah Anderson , - Matthew Goins , - Mike Castleman , - Elliot Winard , - Ross Glover , - Greg Lyle - -License: GPL-3+ - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - . - On Debian systems, the complete text of the GNU General Public License - can be found in file "/usr/share/common-licenses/GPL". diff --git a/debian/monkeysphere.dirs b/debian/monkeysphere.dirs deleted file mode 100644 index 1f9e66b..0000000 --- a/debian/monkeysphere.dirs +++ /dev/null @@ -1,12 +0,0 @@ -var/lib/monkeysphere -var/lib/monkeysphere/authorized_keys -var/lib/monkeysphere/tmp -usr/bin -usr/sbin -usr/share -usr/share/monkeysphere -usr/share/man -usr/share/man/man1 -usr/share/man/man7 -usr/share/man/man8 -etc/monkeysphere diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst deleted file mode 100755 index 02d6304..0000000 --- a/debian/monkeysphere.postinst +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -e - -# postinst script for monkeysphere - -# Author: Jameson Rollins -# Copyright 2008 - -ETC="/etc/monkeysphere" -VARLIB="/var/lib/monkeysphere" - -if ! getent passwd monkeysphere >/dev/null ; then - echo "adding monkeysphere user..." - adduser --quiet --system --no-create-home --group \ - --home "$VARLIB" \ - --shell '/bin/bash' \ - --gecos 'monkeysphere authentication user,,,' \ - monkeysphere -fi - -# install host gnupg home directory -install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host -# link in the gpg.conf -ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf - -# install authentication gnupg home directory -install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication -# link in the gpg.conf -ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf diff --git a/debian/monkeysphere.postrm b/debian/monkeysphere.postrm deleted file mode 100755 index 8f87ed3..0000000 --- a/debian/monkeysphere.postrm +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -e - -# postrm script for monkeysphere - -# Author: Jameson Rollins -# Copyright 2008 - -case $1 in - purge) - rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true - echo "removing monkeysphere user..." - userdel monkeysphere > /dev/null || true - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian/monkeysphere.preinst b/debian/monkeysphere.preinst deleted file mode 100755 index 860286b..0000000 --- a/debian/monkeysphere.preinst +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -e - -# preinst script for monkeysphere - -# Author: Jameson Rollins -# Copyright 2008 - -ETC="/etc/monkeysphere" -VARLIB="/var/lib/monkeysphere" - -# move the gpg.conf files from the GNUPGHOMEs if they're there to -# /etc, where they will be linked back into the GNUPGHOMEs later -if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then - mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf - chown root:root "$ETC"/gpg-host.conf - ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf -fi -if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then - mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf - chown root:root "$ETC"/gpg-authentication.conf - ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf -fi diff --git a/debian/rules b/debian/rules deleted file mode 100755 index cbe925d..0000000 --- a/debian/rules +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/make -f -%: - dh $@ diff --git a/packaging/debian/changelog b/packaging/debian/changelog new file mode 120000 index 0000000..d9956db --- /dev/null +++ b/packaging/debian/changelog @@ -0,0 +1 @@ +../../website/changelog \ No newline at end of file diff --git a/packaging/debian/compat b/packaging/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/packaging/debian/compat @@ -0,0 +1 @@ +7 diff --git a/packaging/debian/control b/packaging/debian/control new file mode 100644 index 0000000..4c836b4 --- /dev/null +++ b/packaging/debian/control @@ -0,0 +1,23 @@ +Source: monkeysphere +Section: net +Priority: extra +Maintainer: Jameson Graef Rollins +Uploaders: Daniel Kahn Gillmor +Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) +Standards-Version: 3.8.0.1 +Homepage: http://web.monkeysphere.info/ +Vcs-Git: git://git.monkeysphere.info/monkeysphere +Dm-Upload-Allowed: yes + +Package: monkeysphere +Architecture: any +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} +Recommends: netcat | socat, ssh-askpass +Enhances: openssh-client, openssh-server +Description: use the OpenPGP web of trust to verify ssh connections + SSH key-based authentication is tried-and-true, but it lacks a true + Public Key Infrastructure for key certification, revocation and + expiration. Monkeysphere is a framework that uses the OpenPGP web of + trust for these PKI functions. It can be used in both directions: + for users to get validated host keys, and for hosts to authenticate + users. diff --git a/packaging/debian/copyright b/packaging/debian/copyright new file mode 100644 index 0000000..4c25286 --- /dev/null +++ b/packaging/debian/copyright @@ -0,0 +1,24 @@ +Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226 +Debianized-By: Daniel Kahn Gillmor +Debianized-Date: Fri Jun 13 10:19:16 EDT 2008 +Original-Source: http://web.monkeysphere.info/download + +Files: * +Copyright: Copyright 2008 Jameson Rollins , + Daniel Kahn Gillmor , + Jamie McClelland , + Micah Anderson , + Matthew Goins , + Mike Castleman , + Elliot Winard , + Ross Glover , + Greg Lyle + +License: GPL-3+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + On Debian systems, the complete text of the GNU General Public License + can be found in file "/usr/share/common-licenses/GPL". diff --git a/packaging/debian/monkeysphere.dirs b/packaging/debian/monkeysphere.dirs new file mode 100644 index 0000000..1f9e66b --- /dev/null +++ b/packaging/debian/monkeysphere.dirs @@ -0,0 +1,12 @@ +var/lib/monkeysphere +var/lib/monkeysphere/authorized_keys +var/lib/monkeysphere/tmp +usr/bin +usr/sbin +usr/share +usr/share/monkeysphere +usr/share/man +usr/share/man/man1 +usr/share/man/man7 +usr/share/man/man8 +etc/monkeysphere diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst new file mode 100755 index 0000000..02d6304 --- /dev/null +++ b/packaging/debian/monkeysphere.postinst @@ -0,0 +1,28 @@ +#!/bin/sh -e + +# postinst script for monkeysphere + +# Author: Jameson Rollins +# Copyright 2008 + +ETC="/etc/monkeysphere" +VARLIB="/var/lib/monkeysphere" + +if ! getent passwd monkeysphere >/dev/null ; then + echo "adding monkeysphere user..." + adduser --quiet --system --no-create-home --group \ + --home "$VARLIB" \ + --shell '/bin/bash' \ + --gecos 'monkeysphere authentication user,,,' \ + monkeysphere +fi + +# install host gnupg home directory +install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host +# link in the gpg.conf +ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf + +# install authentication gnupg home directory +install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication +# link in the gpg.conf +ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf diff --git a/packaging/debian/monkeysphere.postrm b/packaging/debian/monkeysphere.postrm new file mode 100755 index 0000000..8f87ed3 --- /dev/null +++ b/packaging/debian/monkeysphere.postrm @@ -0,0 +1,21 @@ +#!/bin/sh -e + +# postrm script for monkeysphere + +# Author: Jameson Rollins +# Copyright 2008 + +case $1 in + purge) + rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true + echo "removing monkeysphere user..." + userdel monkeysphere > /dev/null || true + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packaging/debian/monkeysphere.preinst b/packaging/debian/monkeysphere.preinst new file mode 100755 index 0000000..860286b --- /dev/null +++ b/packaging/debian/monkeysphere.preinst @@ -0,0 +1,22 @@ +#!/bin/sh -e + +# preinst script for monkeysphere + +# Author: Jameson Rollins +# Copyright 2008 + +ETC="/etc/monkeysphere" +VARLIB="/var/lib/monkeysphere" + +# move the gpg.conf files from the GNUPGHOMEs if they're there to +# /etc, where they will be linked back into the GNUPGHOMEs later +if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then + mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf + chown root:root "$ETC"/gpg-host.conf + ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf +fi +if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then + mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf + chown root:root "$ETC"/gpg-authentication.conf + ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf +fi diff --git a/packaging/debian/rules b/packaging/debian/rules new file mode 100755 index 0000000..cbe925d --- /dev/null +++ b/packaging/debian/rules @@ -0,0 +1,3 @@ +#!/usr/bin/make -f +%: + dh $@ diff --git a/website/changelog b/website/changelog new file mode 100644 index 0000000..994b991 --- /dev/null +++ b/website/changelog @@ -0,0 +1,276 @@ +monkeysphere (0.21-1) unstable; urgency=low + + * move debian packaging to packaging subdirectory. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 14:26:48 -0500 + +monkeysphere (0.20-1) unstable; urgency=low + + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. + * minor fussing with the test script to make it cleaner. + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 + +monkeysphere (0.19-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * simulating an X11 session in the test script. + * updated packaging so that symlinks to config files are correct. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 + +monkeysphere (0.18-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bugs in authorized_{user_ids,keys} file permission checking. + * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys + files. + * chown authorized_keys files to `whoami`, for compatibility with test + suite. + * major improvements to test suite, added more tests. + + [ Daniel Kahn Gillmor ] + * update make install to ensure placement of + /etc/monkeysphere/gnupg-{host,authentication}.conf + * choose either --quick-random or --debug-quick-random depending on + which gpg supports for the test suite. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 + +monkeysphere (0.17-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix some bugs in, and cleanup, authorized_keys file creation in + monkeysphere-server update-users. + * Move to using the empty string for not adding a user-controlled + authorized_keys file in the RAW_AUTHORIZED_KEYS variable. + + -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 + +monkeysphere (0.16-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better + portability. + * fixed busted lockfile arrangement, where empty file was being locked + * portability fixes in the way we use date, mktemp, hostname, su + * stop using /usr/bin/stat, since the syntax appears to be totally + unportable + * require GNU getopt, and test for getopt failures (look for getopt in + /usr/local/bin first, since that's where FreeBSD's GNU-compatible + getopt lives. + * monkeysphere-server diagnostics now counts problems and suggests a + re-run after they have been resolved. + * completed basic test suite: this can be run from the git sources or + the tarball with: cd tests && ./basic + + [ Jameson Graef Rollins ] + * Genericize fs location variables. + * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at + install. + + -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 + +monkeysphere (0.15-1) experimental; urgency=low + + * porting work and packaging simplification: clarifying makefiles, + pruning dependencies, etc. + * added tests to monkeysphere-server diagnostics + * moved monkeysphere(5) to section 7 of the manual + * now shipping TODO in /usr/share/doc/monkeysphere + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 + +monkeysphere (0.14-1) experimental; urgency=low + + * changing debian packaging back to format 1.0 so we get automatic + tarballs, and easier inclusion in other build networks. + * no other source changes. + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 + +monkeysphere (0.13-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. + * updated makefile to reflect the package building technique we've been + using for a month now. + + [ Jameson Graef Rollins ] + * move location of user config directory to ~/.monkeysphere. + + -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 + +monkeysphere (0.12-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Improved output handling. New LOG_LEVEL variable. + + [ Daniel Kahn Gillmor ] + * debian/control: switched Homepage: and Vcs-Git: to canonicalized + upstream hostnames. + * updated documentation for new release. + * changed my associated e-mail address for this package. + + -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 + +monkeysphere (0.11-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * fix bug in trustdb update on add/revoke-hostname. + + [ Daniel Kahn Gillmor ] + * debian/control: added Build-Depends: git-core for the new packaging + format + * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched + GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly + if not found). + + -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 + +monkeysphere (0.10-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * brown paper bag release: invert test on calculated validity of keys. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 + +monkeysphere (0.9-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * implemented "monkeysphere-server extend-key" to adjust expiration + date of host key. + * removed "monkeysphere-server fingerprint". Use "monkeysphere-server + show-key" instead. + + [ Jameson Graef Rollins ] + * fixed bug in user id processing that prevented bad primary keys from + being properly removed. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 + +monkeysphere (0.8-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * debian/control: switched Vcs-Git to use "centralized" git repo instead + of my own. + * More monkeysphere-server diagnostics + * monkeysphere --gen-subkey now guesses what KeyID you meant. + * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey + works sensibly under X11 + + [ Jameson Graef Rollins ] + * fix another bug when known_hosts files are missing. + * sort processed keys so that "good" keys are processed after "bad" + keys. This will prevent malicious bad keys from causing good keys to + be removed from key files. + * enabled host key publication. + * added checking of gpg.conf for keyserver + * new functions to add/revoke host key user IDs + * improved list-certifiers function (now non-privileged) + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 + +monkeysphere (0.7-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * Added monkeysphere-server diagnostics subcommand. + * rebuilding package using Format: 3.0 (git) + + [ Jameson Graef Rollins ] + * fix how check for file modification is done. + * rework out user id processing is done to provide more verbose log + output. + * fix bug in monkeysphpere update-authorized_keys subcommand where + disallowed keys failed to be remove from authorized_keys file. + + -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 + +monkeysphere (0.6-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bug in return on error of ssh-proxycommand. + + [ Daniel Kahn Gillmor ] + * try socat if netcat is not available in proxycommand. + + -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 + +monkeysphere (0.5-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * updated READMEs to match current state of code + + [ Jameson Graef Rollins ] + * Tweak how empty authorized_user_ids and known_hosts files are handled. + * Do not fail when authorized_user_ids or known_hosts file is not found. + + -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 + +monkeysphere (0.4-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * New version. + * Fixed return code error in openpgp2ssh + + [ Jameson Graef Rollins ] + * Privilege separation: use monkeysphere user to handle maintenance of + the gnupg authentication keychain for server. + * Improved certifier key management. + * Fixed variable scoping and config file precedence. + * Add options for key generation and add-certifier functions. + * Fix return codes for known_host and authorized_keys updating + functions. + * Add write permission check on authorized_keys, known_hosts, and + authorized_user_ids files. + + -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 + +monkeysphere (0.3-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * new version. + + [ Jameson Graef Rollins ] + * Move files in /var/cache/monkeysphere and GNUPGHOME for server to + the more appropriate /var/lib/monkeysphere. + + -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 + +monkeysphere (0.2-2) experimental; urgency=low + + * added lockfile-progs dependency + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 + +monkeysphere (0.2-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * openpgp2ssh now supports specifying keys by full fingerprint. + + [ Jameson Graef Rollins ] + * Add AUTHORIZED_USER_IDS config variable for server, which defaults to + %h/.config/monkeysphere/authorized_user_ids, instead of + /etc/monkeysphere/authorized_user_ids. + * Remove {update,remove}-userids functions, since we decided they + weren't useful enough to be worth maintaining. + * Better handling of unknown users in server update-users + * Add file locking when modifying known_hosts or authorized_keys + * Better failure/prompting for gen-subkey + * Add ability to set any owner trust level for keys in server keychain. + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 + +monkeysphere (0.1-1) experimental; urgency=low + + * First release of debian package for monkeysphere. + * This is experimental -- please report bugs! + + -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 + diff --git a/website/news/release-0.20-1.mdwn b/website/news/release-0.20-1.mdwn new file mode 100644 index 0000000..841369d --- /dev/null +++ b/website/news/release-0.20-1.mdwn @@ -0,0 +1,18 @@ +[[meta title="Monkeysphere 0.20-1 released!"]] + +Monkeysphere 0.20-1 has been released. + +Notes from the changelog: + +
+  [ Daniel Kahn Gillmor ]
+  * ensure that tempdirs are properly created, bail out otherwise instead
+    of stumbling ahead.
+  * minor fussing with the test script to make it cleaner.
+
+  [ Jameson Graef Rollins ]
+  * clean up Makefile to generate more elegant source tarballs.
+  * make myself the maintainer.
+
+ +[[Download]] it now! -- cgit v1.2.3 From 8195dad4f5f2bb47d423cef587357979365e10b4 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 15:57:04 -0500 Subject: add prerm script, and add debhelper lines to other install scripts. --- packaging/debian/changelog | 279 ++++++++++++++++++++++++++++++++- packaging/debian/monkeysphere.postinst | 7 + packaging/debian/monkeysphere.preinst | 7 + packaging/debian/monkeysphere.prerm | 18 +++ website/changelog | 276 -------------------------------- 5 files changed, 310 insertions(+), 277 deletions(-) mode change 120000 => 100644 packaging/debian/changelog create mode 100755 packaging/debian/monkeysphere.prerm delete mode 100644 website/changelog diff --git a/packaging/debian/changelog b/packaging/debian/changelog deleted file mode 120000 index d9956db..0000000 --- a/packaging/debian/changelog +++ /dev/null @@ -1 +0,0 @@ -../../website/changelog \ No newline at end of file diff --git a/packaging/debian/changelog b/packaging/debian/changelog new file mode 100644 index 0000000..8c42032 --- /dev/null +++ b/packaging/debian/changelog @@ -0,0 +1,278 @@ +monkeysphere (0.21-1) unstable; urgency=low + + * move debian packaging to packaging subdirectory. + * add debian prerm script, and add debhelper lines to other install + scripts. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 15:48:54 -0500 + +monkeysphere (0.20-1) unstable; urgency=low + + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. + * minor fussing with the test script to make it cleaner. + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 + +monkeysphere (0.19-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * simulating an X11 session in the test script. + * updated packaging so that symlinks to config files are correct. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 + +monkeysphere (0.18-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bugs in authorized_{user_ids,keys} file permission checking. + * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys + files. + * chown authorized_keys files to `whoami`, for compatibility with test + suite. + * major improvements to test suite, added more tests. + + [ Daniel Kahn Gillmor ] + * update make install to ensure placement of + /etc/monkeysphere/gnupg-{host,authentication}.conf + * choose either --quick-random or --debug-quick-random depending on + which gpg supports for the test suite. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 + +monkeysphere (0.17-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix some bugs in, and cleanup, authorized_keys file creation in + monkeysphere-server update-users. + * Move to using the empty string for not adding a user-controlled + authorized_keys file in the RAW_AUTHORIZED_KEYS variable. + + -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 + +monkeysphere (0.16-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better + portability. + * fixed busted lockfile arrangement, where empty file was being locked + * portability fixes in the way we use date, mktemp, hostname, su + * stop using /usr/bin/stat, since the syntax appears to be totally + unportable + * require GNU getopt, and test for getopt failures (look for getopt in + /usr/local/bin first, since that's where FreeBSD's GNU-compatible + getopt lives. + * monkeysphere-server diagnostics now counts problems and suggests a + re-run after they have been resolved. + * completed basic test suite: this can be run from the git sources or + the tarball with: cd tests && ./basic + + [ Jameson Graef Rollins ] + * Genericize fs location variables. + * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at + install. + + -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 + +monkeysphere (0.15-1) experimental; urgency=low + + * porting work and packaging simplification: clarifying makefiles, + pruning dependencies, etc. + * added tests to monkeysphere-server diagnostics + * moved monkeysphere(5) to section 7 of the manual + * now shipping TODO in /usr/share/doc/monkeysphere + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 + +monkeysphere (0.14-1) experimental; urgency=low + + * changing debian packaging back to format 1.0 so we get automatic + tarballs, and easier inclusion in other build networks. + * no other source changes. + + -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 + +monkeysphere (0.13-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. + * updated makefile to reflect the package building technique we've been + using for a month now. + + [ Jameson Graef Rollins ] + * move location of user config directory to ~/.monkeysphere. + + -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 + +monkeysphere (0.12-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Improved output handling. New LOG_LEVEL variable. + + [ Daniel Kahn Gillmor ] + * debian/control: switched Homepage: and Vcs-Git: to canonicalized + upstream hostnames. + * updated documentation for new release. + * changed my associated e-mail address for this package. + + -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 + +monkeysphere (0.11-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * fix bug in trustdb update on add/revoke-hostname. + + [ Daniel Kahn Gillmor ] + * debian/control: added Build-Depends: git-core for the new packaging + format + * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched + GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly + if not found). + + -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 + +monkeysphere (0.10-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * brown paper bag release: invert test on calculated validity of keys. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 + +monkeysphere (0.9-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * implemented "monkeysphere-server extend-key" to adjust expiration + date of host key. + * removed "monkeysphere-server fingerprint". Use "monkeysphere-server + show-key" instead. + + [ Jameson Graef Rollins ] + * fixed bug in user id processing that prevented bad primary keys from + being properly removed. + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 + +monkeysphere (0.8-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * debian/control: switched Vcs-Git to use "centralized" git repo instead + of my own. + * More monkeysphere-server diagnostics + * monkeysphere --gen-subkey now guesses what KeyID you meant. + * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey + works sensibly under X11 + + [ Jameson Graef Rollins ] + * fix another bug when known_hosts files are missing. + * sort processed keys so that "good" keys are processed after "bad" + keys. This will prevent malicious bad keys from causing good keys to + be removed from key files. + * enabled host key publication. + * added checking of gpg.conf for keyserver + * new functions to add/revoke host key user IDs + * improved list-certifiers function (now non-privileged) + + -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 + +monkeysphere (0.7-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * Added monkeysphere-server diagnostics subcommand. + * rebuilding package using Format: 3.0 (git) + + [ Jameson Graef Rollins ] + * fix how check for file modification is done. + * rework out user id processing is done to provide more verbose log + output. + * fix bug in monkeysphpere update-authorized_keys subcommand where + disallowed keys failed to be remove from authorized_keys file. + + -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 + +monkeysphere (0.6-1) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bug in return on error of ssh-proxycommand. + + [ Daniel Kahn Gillmor ] + * try socat if netcat is not available in proxycommand. + + -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 + +monkeysphere (0.5-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * updated READMEs to match current state of code + + [ Jameson Graef Rollins ] + * Tweak how empty authorized_user_ids and known_hosts files are handled. + * Do not fail when authorized_user_ids or known_hosts file is not found. + + -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 + +monkeysphere (0.4-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * New version. + * Fixed return code error in openpgp2ssh + + [ Jameson Graef Rollins ] + * Privilege separation: use monkeysphere user to handle maintenance of + the gnupg authentication keychain for server. + * Improved certifier key management. + * Fixed variable scoping and config file precedence. + * Add options for key generation and add-certifier functions. + * Fix return codes for known_host and authorized_keys updating + functions. + * Add write permission check on authorized_keys, known_hosts, and + authorized_user_ids files. + + -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 + +monkeysphere (0.3-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * new version. + + [ Jameson Graef Rollins ] + * Move files in /var/cache/monkeysphere and GNUPGHOME for server to + the more appropriate /var/lib/monkeysphere. + + -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 + +monkeysphere (0.2-2) experimental; urgency=low + + * added lockfile-progs dependency + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 + +monkeysphere (0.2-1) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * openpgp2ssh now supports specifying keys by full fingerprint. + + [ Jameson Graef Rollins ] + * Add AUTHORIZED_USER_IDS config variable for server, which defaults to + %h/.config/monkeysphere/authorized_user_ids, instead of + /etc/monkeysphere/authorized_user_ids. + * Remove {update,remove}-userids functions, since we decided they + weren't useful enough to be worth maintaining. + * Better handling of unknown users in server update-users + * Add file locking when modifying known_hosts or authorized_keys + * Better failure/prompting for gen-subkey + * Add ability to set any owner trust level for keys in server keychain. + + -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 + +monkeysphere (0.1-1) experimental; urgency=low + + * First release of debian package for monkeysphere. + * This is experimental -- please report bugs! + + -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 + diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst index 02d6304..8f1fe77 100755 --- a/packaging/debian/monkeysphere.postinst +++ b/packaging/debian/monkeysphere.postinst @@ -26,3 +26,10 @@ ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication # link in the gpg.conf ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packaging/debian/monkeysphere.preinst b/packaging/debian/monkeysphere.preinst index 860286b..528da84 100755 --- a/packaging/debian/monkeysphere.preinst +++ b/packaging/debian/monkeysphere.preinst @@ -20,3 +20,10 @@ if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authenti chown root:root "$ETC"/gpg-authentication.conf ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packaging/debian/monkeysphere.prerm b/packaging/debian/monkeysphere.prerm new file mode 100755 index 0000000..433a0aa --- /dev/null +++ b/packaging/debian/monkeysphere.prerm @@ -0,0 +1,18 @@ +#!/bin/sh -e + +# prerm script for monkeysphere + +# Author: Jameson Rollins +# Copyright 2008 + +VARLIB="/var/lib/monkeysphere" + +rm -f "$VARLIB"/gnupg-host/gpg.conf +rm -f "$VARLIB"/gnupg-authentication/gpg.conf + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/website/changelog b/website/changelog deleted file mode 100644 index 994b991..0000000 --- a/website/changelog +++ /dev/null @@ -1,276 +0,0 @@ -monkeysphere (0.21-1) unstable; urgency=low - - * move debian packaging to packaging subdirectory. - - -- Jameson Graef Rollins Sat, 15 Nov 2008 14:26:48 -0500 - -monkeysphere (0.20-1) unstable; urgency=low - - [ Daniel Kahn Gillmor ] - * ensure that tempdirs are properly created, bail out otherwise instead - of stumbling ahead. - * minor fussing with the test script to make it cleaner. - - [ Jameson Graef Rollins ] - * clean up Makefile to generate more elegant source tarballs. - * make myself the maintainer. - - -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 - -monkeysphere (0.19-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * simulating an X11 session in the test script. - * updated packaging so that symlinks to config files are correct. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 - -monkeysphere (0.18-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bugs in authorized_{user_ids,keys} file permission checking. - * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys - files. - * chown authorized_keys files to `whoami`, for compatibility with test - suite. - * major improvements to test suite, added more tests. - - [ Daniel Kahn Gillmor ] - * update make install to ensure placement of - /etc/monkeysphere/gnupg-{host,authentication}.conf - * choose either --quick-random or --debug-quick-random depending on - which gpg supports for the test suite. - - -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 - -monkeysphere (0.17-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix some bugs in, and cleanup, authorized_keys file creation in - monkeysphere-server update-users. - * Move to using the empty string for not adding a user-controlled - authorized_keys file in the RAW_AUTHORIZED_KEYS variable. - - -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 - -monkeysphere (0.16-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better - portability. - * fixed busted lockfile arrangement, where empty file was being locked - * portability fixes in the way we use date, mktemp, hostname, su - * stop using /usr/bin/stat, since the syntax appears to be totally - unportable - * require GNU getopt, and test for getopt failures (look for getopt in - /usr/local/bin first, since that's where FreeBSD's GNU-compatible - getopt lives. - * monkeysphere-server diagnostics now counts problems and suggests a - re-run after they have been resolved. - * completed basic test suite: this can be run from the git sources or - the tarball with: cd tests && ./basic - - [ Jameson Graef Rollins ] - * Genericize fs location variables. - * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at - install. - - -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 - -monkeysphere (0.15-1) experimental; urgency=low - - * porting work and packaging simplification: clarifying makefiles, - pruning dependencies, etc. - * added tests to monkeysphere-server diagnostics - * moved monkeysphere(5) to section 7 of the manual - * now shipping TODO in /usr/share/doc/monkeysphere - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 - -monkeysphere (0.14-1) experimental; urgency=low - - * changing debian packaging back to format 1.0 so we get automatic - tarballs, and easier inclusion in other build networks. - * no other source changes. - - -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 - -monkeysphere (0.13-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. - * updated makefile to reflect the package building technique we've been - using for a month now. - - [ Jameson Graef Rollins ] - * move location of user config directory to ~/.monkeysphere. - - -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 - -monkeysphere (0.12-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Improved output handling. New LOG_LEVEL variable. - - [ Daniel Kahn Gillmor ] - * debian/control: switched Homepage: and Vcs-Git: to canonicalized - upstream hostnames. - * updated documentation for new release. - * changed my associated e-mail address for this package. - - -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 - -monkeysphere (0.11-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * fix bug in trustdb update on add/revoke-hostname. - - [ Daniel Kahn Gillmor ] - * debian/control: added Build-Depends: git-core for the new packaging - format - * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched - GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly - if not found). - - -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 - -monkeysphere (0.10-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * brown paper bag release: invert test on calculated validity of keys. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 - -monkeysphere (0.9-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * implemented "monkeysphere-server extend-key" to adjust expiration - date of host key. - * removed "monkeysphere-server fingerprint". Use "monkeysphere-server - show-key" instead. - - [ Jameson Graef Rollins ] - * fixed bug in user id processing that prevented bad primary keys from - being properly removed. - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 - -monkeysphere (0.8-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * debian/control: switched Vcs-Git to use "centralized" git repo instead - of my own. - * More monkeysphere-server diagnostics - * monkeysphere --gen-subkey now guesses what KeyID you meant. - * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey - works sensibly under X11 - - [ Jameson Graef Rollins ] - * fix another bug when known_hosts files are missing. - * sort processed keys so that "good" keys are processed after "bad" - keys. This will prevent malicious bad keys from causing good keys to - be removed from key files. - * enabled host key publication. - * added checking of gpg.conf for keyserver - * new functions to add/revoke host key user IDs - * improved list-certifiers function (now non-privileged) - - -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 - -monkeysphere (0.7-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * Added monkeysphere-server diagnostics subcommand. - * rebuilding package using Format: 3.0 (git) - - [ Jameson Graef Rollins ] - * fix how check for file modification is done. - * rework out user id processing is done to provide more verbose log - output. - * fix bug in monkeysphpere update-authorized_keys subcommand where - disallowed keys failed to be remove from authorized_keys file. - - -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 - -monkeysphere (0.6-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bug in return on error of ssh-proxycommand. - - [ Daniel Kahn Gillmor ] - * try socat if netcat is not available in proxycommand. - - -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 - -monkeysphere (0.5-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * updated READMEs to match current state of code - - [ Jameson Graef Rollins ] - * Tweak how empty authorized_user_ids and known_hosts files are handled. - * Do not fail when authorized_user_ids or known_hosts file is not found. - - -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 - -monkeysphere (0.4-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * New version. - * Fixed return code error in openpgp2ssh - - [ Jameson Graef Rollins ] - * Privilege separation: use monkeysphere user to handle maintenance of - the gnupg authentication keychain for server. - * Improved certifier key management. - * Fixed variable scoping and config file precedence. - * Add options for key generation and add-certifier functions. - * Fix return codes for known_host and authorized_keys updating - functions. - * Add write permission check on authorized_keys, known_hosts, and - authorized_user_ids files. - - -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 - -monkeysphere (0.3-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * new version. - - [ Jameson Graef Rollins ] - * Move files in /var/cache/monkeysphere and GNUPGHOME for server to - the more appropriate /var/lib/monkeysphere. - - -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 - -monkeysphere (0.2-2) experimental; urgency=low - - * added lockfile-progs dependency - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 - -monkeysphere (0.2-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * openpgp2ssh now supports specifying keys by full fingerprint. - - [ Jameson Graef Rollins ] - * Add AUTHORIZED_USER_IDS config variable for server, which defaults to - %h/.config/monkeysphere/authorized_user_ids, instead of - /etc/monkeysphere/authorized_user_ids. - * Remove {update,remove}-userids functions, since we decided they - weren't useful enough to be worth maintaining. - * Better handling of unknown users in server update-users - * Add file locking when modifying known_hosts or authorized_keys - * Better failure/prompting for gen-subkey - * Add ability to set any owner trust level for keys in server keychain. - - -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 - -monkeysphere (0.1-1) experimental; urgency=low - - * First release of debian package for monkeysphere. - * This is experimental -- please report bugs! - - -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400 - -- cgit v1.2.3 From a79d359aac1e52cbdb462a07cbfc07bd27276133 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 16:17:15 -0500 Subject: add close ITP bug to changelog --- packaging/debian/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 8c42032..e53439e 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -3,8 +3,9 @@ monkeysphere (0.21-1) unstable; urgency=low * move debian packaging to packaging subdirectory. * add debian prerm script, and add debhelper lines to other install scripts. + * upload to Debian (Closes: #505806) - -- Jameson Graef Rollins Sat, 15 Nov 2008 15:48:54 -0500 + -- Jameson Graef Rollins Sat, 15 Nov 2008 16:14:27 -0500 monkeysphere (0.20-1) unstable; urgency=low -- cgit v1.2.3 From 80453e14e8c10071d9025c49b49e9feb3ed0f26c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 15 Nov 2008 16:21:23 -0500 Subject: reformat changelog --- packaging/debian/changelog | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index e53439e..bed79ea 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,9 +1,10 @@ monkeysphere (0.21-1) unstable; urgency=low - * move debian packaging to packaging subdirectory. - * add debian prerm script, and add debhelper lines to other install + * New upstream release: + - move debian packaging to packaging subdirectory. + * Add debian prerm script, and add debhelper lines to other install scripts. - * upload to Debian (Closes: #505806) + * Initial release to Debian (Closes: #505806) -- Jameson Graef Rollins Sat, 15 Nov 2008 16:14:27 -0500 -- cgit v1.2.3 From 0d90d120ef7e53091ce536f1a63538e3c98fb132 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 15 Nov 2008 16:29:44 -0500 Subject: updating release notes for 0.21, updating build scripts. --- utils/build-freebsd-distinfo | 2 +- utils/build-releasenote | 2 +- website/download.mdwn | 36 ++++++++++++++++++------------------ website/news/release-0.21-1.mdwn | 10 ++++++++++ 4 files changed, 30 insertions(+), 20 deletions(-) create mode 100644 website/news/release-0.21-1.mdwn diff --git a/utils/build-freebsd-distinfo b/utils/build-freebsd-distinfo index a333ba7..53fcd69 100755 --- a/utils/build-freebsd-distinfo +++ b/utils/build-freebsd-distinfo @@ -1,6 +1,6 @@ #!/bin/bash -VERSION=`head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` { echo "MD5 (monkeysphere_${VERSION}.orig.tar.gz) =" $(md5sum "monkeysphere_${VERSION}.orig.tar.gz" | cut -f1 -d\ ) diff --git a/utils/build-releasenote b/utils/build-releasenote index f7561da..522917c 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -1,6 +1,6 @@ #!/bin/bash -VERSION=`head -n1 debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` +VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` { sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header diff --git a/website/download.mdwn b/website/download.mdwn index b73beba..e67d0dc 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -75,38 +75,38 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.20.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_.orig.tar.gz) is also available, and has these checksums: 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-checksums for the monkeysphere 0.20 release:
+checksums for the monkeysphere 0.21 release:
 
 MD5:
-2503b0e83cab1dff339f73a2734ac185  monkeysphere_0.20.orig.tar.gz
+15fe181983565aca0fbe4c41f9f6752e  monkeysphere_0.21.orig.tar.gz
 
 SHA1:
-8775a3569f2ac3a3e7977441b93c431677f44435  monkeysphere_0.20.orig.tar.gz
+27e915a45cdbe50a139ed4f4b13746b17c165b0f  monkeysphere_0.21.orig.tar.gz
 
 SHA256:
-c8e0e2a2ad26b7690147eabb69e2cffaa1d8c114d3c6878e2f05a5f21387c0dd  monkeysphere_0.20.orig.tar.gz
+1535c3f722f5f5c1646a4981efef4a262ac7b23bf4b980c9aee11af2600eedc2  monkeysphere_0.21.orig.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iQIVAwUBSR8fFhjmZ/HrivMUAQLMDA/+OYFSqeEilDu+Tw8H4KNUWG6Li5IXf7Yc
-G3FGMueN0ILnnEF4F3XBz4zd0Km1qi5v4dFsLUGtqbd7uUOPXa24G6+T6srRh90x
-6vKcOuPmQeaHZaVwHeliA32yLa5Oh1TuSKZ9imDzqmcbYDW5ekKKNv07dEuS8pbt
-DkJ6XXnPC2Pe1W9jUFsfOQJn797ZjbPxyu1uops2CZTo04nS4pWvVjwiwiNNbzjt
-kknsFObcv9TfbtHQNoMKI7IEjp2TuGT5Au6y0U0mQZnJ3O7VjGZkS0noq4dxIIyN
-vApChk69J8fixQD+DDo9ewBUS+hWkpaJxQyDWrpE8kAlT/jEG89PEpUZtO6E3MlP
-4eHX8keI45+RkthE2uQDQjtAObIn7+RI+LOzTmwPP8WqP71IVeCmhtofKhDO6rIS
-1wOx8JEoW3UbFujsoXmwNdJj9M9TLo0NSbDXsg++3HSivA9AFmAvZWYhQ1nIfOFq
-poK2CXCk2qfRMowhPC4MeBahaErdlvZM/t72zGwtfgS4fmU4nk6Z0QD7ImfBOelo
-kTPw3V7n8rM6cAtdI86d0oYVsEFmqkJH6ih/fBHad8hGniwNeZG9ipeSZUEyvrMg
-u5Y6fMRkUPpikIEchRNUph39NVIKt8YqeiQyrp8t6xSHQucz74uBPOFMaS2VUifH
-oijtS4Im4IA=
-=UeKa
+iQIVAwUBSR8+7BjmZ/HrivMUAQLeKg/+JT4LCXBR/06p/w2KBd1MKqch5Qf2ryIo
+mxCTWtZRgVQSeOFUJ5SXX+Tfs7VZfkV5HuahUH3NmGC6EMhYyB2olwBOOoIAqEKw
+1zVyn49bowCee+gTc3QHyT0Eqgt2ARtzl3/VrHkiw2MaJN3IZXseovyL8ksnEu+u
+s8fq26imtBrrucIxp4ZtHUw/h/YrJohHcJ8QQN5/UWFLug4C4aRFmnzL+oCySxAa
+0au/zFxxRZE5pMhLUvRwwCwPFx2CGBz6y9lAOiDPhhUqh+Bf7JKWJzk35Dj5Tm+2
+lCIzYtfpBkuF9ehCrm8WYF5aFg+gto8Bc6IJci9J6h2npBYIG0IbWOknMZz3+Ti2
+c3EltlJjK0LKEHujDYjf9tkNAxbBdtlYuw8x925ILeK7n8xX0Jr1TDzPyAIYaogv
+IVqsgnvQ489K8k06173kyrPaetyvOlU3bN1zcPdqTyCD6+eBbeCeKXO4324C8iMF
+rQPW4HScOdIidqFuzHyIT7PoY4DwWMgeAVymRSEufifvRcdCvQdlC4MaxxVf5I8A
+ATkD3CrY+5NZeERAGbmlu7Uz+sUk5tLUH0Q2qvjZUIQRctfr4BMheuBubsLR9yP3
+FZ4Q4kl34eU/WU7NtTmIFy7gDhLSIoeQINfYZlNEXQ7Y/RZUOEwoPI/spAXgw6De
+Xpsw0wPZtcM=
+=JDaA
 -----END PGP SIGNATURE-----
diff --git a/website/news/release-0.21-1.mdwn b/website/news/release-0.21-1.mdwn new file mode 100644 index 0000000..e807775 --- /dev/null +++ b/website/news/release-0.21-1.mdwn @@ -0,0 +1,10 @@ +[[meta title="Monkeysphere 0.21-1 released!"]] + +Monkeysphere 0.21-1 has been released. + +Notes from the changelog: + +
+
+ +[[Download]] it now! -- cgit v1.2.3 From 12d5b6a10438b5933193b079bb52b2438150ddcb Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 15 Nov 2008 16:38:07 -0500 Subject: make sure we clean up /var/lib/monkeysphere during prerm. --- packaging/debian/changelog | 6 ++++++ packaging/debian/monkeysphere.prerm | 2 ++ 2 files changed, 8 insertions(+) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index bed79ea..62f021e 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,3 +1,9 @@ +monkeysphere (0.21-2) unstable; urgency=low + + * actually rmdir /var/lib/monkeysphere-* during prerm if possible. + + -- Daniel Kahn Gillmor Sat, 15 Nov 2008 16:36:57 -0500 + monkeysphere (0.21-1) unstable; urgency=low * New upstream release: diff --git a/packaging/debian/monkeysphere.prerm b/packaging/debian/monkeysphere.prerm index 433a0aa..948bfee 100755 --- a/packaging/debian/monkeysphere.prerm +++ b/packaging/debian/monkeysphere.prerm @@ -9,6 +9,8 @@ VARLIB="/var/lib/monkeysphere" rm -f "$VARLIB"/gnupg-host/gpg.conf rm -f "$VARLIB"/gnupg-authentication/gpg.conf +rmdir --ignore-fail-on-non-empty "$VARLIB"/monkeysphere/gnupg-host || true +rmdir --ignore-fail-on-non-empty "$VARLIB"/monkeysphere/gnupg-authentication || true # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. -- cgit v1.2.3 From 786ca25009a33e3cd26281dafb6b4e8c7f22634f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 15 Nov 2008 16:47:17 -0500 Subject: really fixing prerm --- packaging/debian/monkeysphere.prerm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/debian/monkeysphere.prerm b/packaging/debian/monkeysphere.prerm index 948bfee..05b29e6 100755 --- a/packaging/debian/monkeysphere.prerm +++ b/packaging/debian/monkeysphere.prerm @@ -9,8 +9,8 @@ VARLIB="/var/lib/monkeysphere" rm -f "$VARLIB"/gnupg-host/gpg.conf rm -f "$VARLIB"/gnupg-authentication/gpg.conf -rmdir --ignore-fail-on-non-empty "$VARLIB"/monkeysphere/gnupg-host || true -rmdir --ignore-fail-on-non-empty "$VARLIB"/monkeysphere/gnupg-authentication || true +rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-host || true +rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-authentication || true # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. -- cgit v1.2.3 From 6f58fa33e52e45d25e2221fbd7c8179c688061b4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 15 Nov 2008 16:49:28 -0500 Subject: debian packaging: removing unnecessary error masking in {pre,post}rm --- packaging/debian/monkeysphere.postrm | 2 +- packaging/debian/monkeysphere.prerm | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packaging/debian/monkeysphere.postrm b/packaging/debian/monkeysphere.postrm index 8f87ed3..ffb6b6e 100755 --- a/packaging/debian/monkeysphere.postrm +++ b/packaging/debian/monkeysphere.postrm @@ -7,7 +7,7 @@ case $1 in purge) - rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true + rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere echo "removing monkeysphere user..." userdel monkeysphere > /dev/null || true ;; diff --git a/packaging/debian/monkeysphere.prerm b/packaging/debian/monkeysphere.prerm index 05b29e6..00523a1 100755 --- a/packaging/debian/monkeysphere.prerm +++ b/packaging/debian/monkeysphere.prerm @@ -9,8 +9,8 @@ VARLIB="/var/lib/monkeysphere" rm -f "$VARLIB"/gnupg-host/gpg.conf rm -f "$VARLIB"/gnupg-authentication/gpg.conf -rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-host || true -rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-authentication || true +rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-host +rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-authentication # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. -- cgit v1.2.3 From 7156551783709dd6e7faa82de3f302a47758dbda Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 15 Nov 2008 16:54:26 -0500 Subject: do not fail in postrm if /var/lib/monkeysphere is already wiped. --- packaging/debian/monkeysphere.postrm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/debian/monkeysphere.postrm b/packaging/debian/monkeysphere.postrm index ffb6b6e..8f87ed3 100755 --- a/packaging/debian/monkeysphere.postrm +++ b/packaging/debian/monkeysphere.postrm @@ -7,7 +7,7 @@ case $1 in purge) - rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere + rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true echo "removing monkeysphere user..." userdel monkeysphere > /dev/null || true ;; -- cgit v1.2.3 From 522b1ad1c3f043802e35af319a323bf96ff3676e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 15 Nov 2008 17:02:33 -0500 Subject: /var/lib/monkeysphere will get taken care of by debhelper appropriately. Leave it alone. --- packaging/debian/monkeysphere.postrm | 1 - 1 file changed, 1 deletion(-) diff --git a/packaging/debian/monkeysphere.postrm b/packaging/debian/monkeysphere.postrm index 8f87ed3..7c0fede 100755 --- a/packaging/debian/monkeysphere.postrm +++ b/packaging/debian/monkeysphere.postrm @@ -7,7 +7,6 @@ case $1 in purge) - rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true echo "removing monkeysphere user..." userdel monkeysphere > /dev/null || true ;; -- cgit v1.2.3 From a6cade3c083ecb296588529ffd1bdc35b8a6586f Mon Sep 17 00:00:00 2001 From: mike castleman Date: Sat, 15 Nov 2008 17:21:54 -0500 Subject: fix my email address --- COPYING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/COPYING b/COPYING index 070c992..c4aa418 100644 --- a/COPYING +++ b/COPYING @@ -7,7 +7,7 @@ It is free software, developed by: Jamie McClelland Micah Anderson Matthew Goins - Mike Castleman + Mike Castleman Elliot Winard Ross Glover Greg Lyle -- cgit v1.2.3 From 20fa2bf388d33f42446c191b1c9a18a828cdca23 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 15 Nov 2008 18:01:49 -0500 Subject: add a directory and a changlog for the zimmerman keyserver (including some changes) --- doc/zimmerman/changelog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 doc/zimmerman/changelog diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog new file mode 100644 index 0000000..2033cd5 --- /dev/null +++ b/doc/zimmerman/changelog @@ -0,0 +1,15 @@ +****************************************************************************** +* * +* zimmerman system log * +* * +****************************************************************************** +* Please add new entries in reverse chronological order whenever you make * +* changes to this system (first command at top, last at bottom) * +****************************************************************************** + +2008-11-15 - micah + * aptitude update && aptitude full-upgrade + * aptitude install sks + * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ + http://nynex.net/keydump/ -e robots=off + -- cgit v1.2.3 From 91f3af2bbc51a1ff185365968790c8fdcab7097f Mon Sep 17 00:00:00 2001 From: mike castleman Date: Sat, 15 Nov 2008 18:03:34 -0500 Subject: new bug: useful information --- website/bugs/useful-information.mdwn | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 website/bugs/useful-information.mdwn diff --git a/website/bugs/useful-information.mdwn b/website/bugs/useful-information.mdwn new file mode 100644 index 0000000..0750354 --- /dev/null +++ b/website/bugs/useful-information.mdwn @@ -0,0 +1,10 @@ +I would like to know, at INFO (default) log level, when the +monkeyspehere makes a "real" modification to my known_hosts file; that +is, when it adds or deletes a key. + +Apparently this is hard because monkeysphere is currently configured to +delete all keys and then add good keys, so a key added for the first +time seems to the monkeysphere very similar to a key re-added ten +seconds after last login. + +Still, from a UI perspective, I want to know what monkeysphere is doing. -- cgit v1.2.3 From a889bad4f15b45b0b98fa7335129c66519eeb336 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Sat, 15 Nov 2008 18:06:31 -0500 Subject: reporting changes around mail configuration of zimmermann. --- doc/zimmerman/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog index 2033cd5..e119e23 100644 --- a/doc/zimmerman/changelog +++ b/doc/zimmerman/changelog @@ -13,3 +13,6 @@ * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ http://nynex.net/keydump/ -e robots=off +2008-11-15 - jamie + * aptitude install esmtp-run mailx + * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org -- cgit v1.2.3 From cdfb653480aa9b14deffd54ea7f497c27d5abdb4 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 15 Nov 2008 18:13:07 -0500 Subject: add the new monkeysphere package to zimmerman --- doc/zimmerman/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog index 2033cd5..a92198c 100644 --- a/doc/zimmerman/changelog +++ b/doc/zimmerman/changelog @@ -12,4 +12,5 @@ * aptitude install sks * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ http://nynex.net/keydump/ -e robots=off + * install monkeysphere 0.21-2 package -- cgit v1.2.3 From f5d87b83453aa7888f64b72a74fb16b9d3b65c4a Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 18:45:25 -0500 Subject: remove pruning of the ssh fingerprint output in monkeysphere-server show-key function. the extra info (key length and type) are useful to have. --- src/monkeysphere-server | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index e78903b..0815b32 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -137,7 +137,7 @@ show_server_key() { tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ " echo -n "ssh fingerprint: " - (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }') + (cd "$tmpkey" && ssh-keygen -l -f ' ' rm -rf "$tmpkey" echo -n "OpenPGP fingerprint: " echo "$fingerprint" -- cgit v1.2.3 From a4983d24c8e79729deaa02602b742eace6d09f86 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 15 Nov 2008 18:55:42 -0500 Subject: change from using a filename that is a just a space to an actual temporary file --- src/monkeysphere-server | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index e78903b..5edaa4f 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -134,10 +134,10 @@ show_server_key() { # dumping to a file named ' ' so that the ssh-keygen output # doesn't claim any potentially bogus hostname(s): - tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" - gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ " + tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey" echo -n "ssh fingerprint: " - (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }') + ssh-keygen -l -f $tmpkey | awk '{ print $1, $2, $4 }' rm -rf "$tmpkey" echo -n "OpenPGP fingerprint: " echo "$fingerprint" -- cgit v1.2.3 From 2459fa3ea277d7b9289945748619eab1e3441e5c Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 15 Nov 2008 20:49:27 -0500 Subject: Added info log output when a new key is added to known_hosts file. --- packaging/debian/changelog | 7 +++++++ src/common | 11 +++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 62f021e..f1db037 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,3 +1,10 @@ +monkeysphere (0.22-1) UNRELEASED; urgency=low + + * New upstream release: + - Added info log output when a new key is added to known_hosts file. + + -- Jameson Graef Rollins Sat, 15 Nov 2008 20:49:13 -0500 + monkeysphere (0.21-2) unstable; urgency=low * actually rmdir /var/lib/monkeysphere-* during prerm if possible. diff --git a/src/common b/src/common index 297e7f3..efee9bd 100644 --- a/src/common +++ b/src/common @@ -742,6 +742,7 @@ process_user_id() { process_host_known_hosts() { local host local userID + local noKey= local nKeys local nKeysOK local ok @@ -768,8 +769,9 @@ process_host_known_hosts() { continue fi - # remove the old host key line, and note if removed - remove_line "$KNOWN_HOSTS" "$sshKey" + # remove any old host key line, and note if removed nothing is + # removed + remove_line "$KNOWN_HOSTS" "$sshKey" || noKey=true # if key OK, add new host line if [ "$ok" -eq '0' ] ; then @@ -788,6 +790,11 @@ process_host_known_hosts() { else ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS" fi + + # log if this is a new key to the known_hosts file + if [ "$noKey" ] ; then + log info "* new key for $host added to known_hosts file." + fi fi done -- cgit v1.2.3 From 5c769e797dc0b867db7d6e19eaf9ca493dc87091 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 16 Nov 2008 00:14:15 -0500 Subject: fix tarball download link --- website/download.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/download.mdwn b/website/download.mdwn index e67d0dc..6d5a73f 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -75,7 +75,7 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz) is also available, and has these checksums: 
-- 
cgit v1.2.3


From d068b7c722211adf7d830b1c1b4ce9693eafbe4f Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Sun, 16 Nov 2008 00:57:27 -0500
Subject: m-s s: avoid failures when $TMPDIR has a space in it. (output might
 still be a bit garbled)

---
 src/monkeysphere-server | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 5edaa4f..665d916 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -137,7 +137,7 @@ show_server_key() {
     tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
     gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey"
     echo -n "ssh fingerprint: "
-    ssh-keygen -l -f $tmpkey | awk '{ print $1, $2, $4 }'
+    ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }'
     rm -rf "$tmpkey"
     echo -n "OpenPGP fingerprint: "
     echo "$fingerprint"
-- 
cgit v1.2.3


From 9eed0790573d3f1f21707151ede87f8339dbecc0 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Sun, 16 Nov 2008 01:28:19 -0500
Subject: exporting SSH host public key (two variants: one traditional ssh, the
 other OpenPGP) during m-s gen-key

---
 src/monkeysphere-server | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 665d916..bb26c04 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -399,7 +399,11 @@ EOF
     (umask 077 && \
 	gpg_host --export-secret-key "$fingerprint" | \
 	openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-    log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
+    log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
+    gpg_authentication --export-options export-minimal --export "0x${fingerprint}!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+    log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
 }
 
 # extend the lifetime of a host key:
-- 
cgit v1.2.3


From c9efd3d44010262946d518dc712edba733697b34 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Sun, 16 Nov 2008 02:04:56 -0500
Subject: update debian/changelog.

---
 packaging/debian/changelog | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index f1db037..c2c4241 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,8 +1,16 @@
 monkeysphere (0.22-1) UNRELEASED; urgency=low
 
   * New upstream release:
+  [ Jameson Rollins ]
+
     - Added info log output when a new key is added to known_hosts file.
 
+  [ Daniel Kahn Gillmor ]
+
+    - automatically output two copies of the host's public key: one
+    standard ssh public key file, and the other a minimal OpenPGP key with
+    just the latest valid self-sig.
+
  -- Jameson Graef Rollins   Sat, 15 Nov 2008 20:49:13 -0500
 
 monkeysphere (0.21-2) unstable; urgency=low
-- 
cgit v1.2.3


From 11e3f75a105d37cc113abe8f19e29ed1d9d90155 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Sun, 16 Nov 2008 02:33:42 -0500
Subject: making the "upstream version" end in ~pre so that test packages
 created before the release will upgrade properly when the official 0.22 gets
 released.

---
 packaging/debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index c2c4241..1aee7d1 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,4 +1,4 @@
-monkeysphere (0.22-1) UNRELEASED; urgency=low
+monkeysphere (0.22~pre-1) UNRELEASED; urgency=low
 
   * New upstream release:
   [ Jameson Rollins ]
-- 
cgit v1.2.3


From d056cc64effacd7936fddb6e696957868fff7eed Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor 
Date: Sun, 16 Nov 2008 02:39:51 -0500
Subject: feedback on useful-information bug.

---
 website/bugs/useful-information.mdwn | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/website/bugs/useful-information.mdwn b/website/bugs/useful-information.mdwn
index 0750354..62094bb 100644
--- a/website/bugs/useful-information.mdwn
+++ b/website/bugs/useful-information.mdwn
@@ -8,3 +8,17 @@ time seems to the monkeysphere very similar to a key re-added ten
 seconds after last login.
 
 Still, from a UI perspective, I want to know what monkeysphere is doing.
+
+------
+
+It looks like jrollins committed a change for reporting at INFO level
+when a host key gets added by the monkeysphere:
+2459fa3ea277d7b9289945748619eab1e3441e5c
+
+When i connect to a host whose key is not already present in my
+known_hosts file, i get the following to stderr:
+
+    ms: * new key for squeak.fifthhorseman.net added to known_hosts file.
+
+This doesn't fully close this bug, because we aren't notifying on key
+deletion, afaict.
-- 
cgit v1.2.3


From dd002c89fc4dccabc16d488a15a40cc88383605f Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins 
Date: Sun, 16 Nov 2008 03:17:36 -0500
Subject: added some useful output to the ssh-proxycommand for "marginal" cases
 where keys are found for host but do not have full validity.  this uses
 ssh-keyscan to pull the key for the host in question, check this key against
 the keys against those found via gpg, and output some useful information
 about the one that matches.

---
 changelog                         |  2 +-
 packaging/debian/changelog        |  6 ++-
 src/monkeysphere-server           |  2 +-
 src/monkeysphere-ssh-proxycommand | 98 ++++++++++++++++++++++++++++++++++++++-
 4 files changed, 102 insertions(+), 6 deletions(-)

diff --git a/changelog b/changelog
index b9a9e21..4264fa4 120000
--- a/changelog
+++ b/changelog
@@ -1 +1 @@
-website/changelog
\ No newline at end of file
+packaging/debian/changelog
\ No newline at end of file
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index f1db037..e8ea1a9 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,9 +1,11 @@
 monkeysphere (0.22-1) UNRELEASED; urgency=low
 
   * New upstream release:
-    - Added info log output when a new key is added to known_hosts file.
+    - added info log output when a new key is added to known_hosts file.
+    - added some useful output to the ssh-proxycommand for "marginal"
+      cases where keys are found for host but do not have full validity.
 
- -- Jameson Graef Rollins   Sat, 15 Nov 2008 20:49:13 -0500
+ -- Jameson Graef Rollins   Sun, 16 Nov 2008 03:17:16 -0500
 
 monkeysphere (0.21-2) unstable; urgency=low
 
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 5edaa4f..665d916 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -137,7 +137,7 @@ show_server_key() {
     tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
     gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey"
     echo -n "ssh fingerprint: "
-    ssh-keygen -l -f $tmpkey | awk '{ print $1, $2, $4 }'
+    ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }'
     rm -rf "$tmpkey"
     echo -n "OpenPGP fingerprint: "
     echo "$fingerprint"
diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index 6276092..b039844 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -13,14 +13,84 @@
 # established.  Can be added to ~/.ssh/config as follows:
 #  ProxyCommand monkeysphere-ssh-proxycommand %h %p
 
+########################################################################
+PGRM=$(basename $0)
+
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/common" || exit 1
+
+########################################################################
+# FUNCTIONS
 ########################################################################
 
 usage() {
-cat <&2
+    cat <&2
 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
 EOF
 }
 
+log() {
+    echo "$@" >&2
+}
+
+output_no_valid_key() {
+    local sshKeyOffered
+    local userID
+    local type
+    local validity
+    local keyid
+    local uidfpr
+    local usage
+    local sshKeyGPG
+    local sshFingerprint
+
+    log "OpenPGP keys with*out* full validity found for this host:"
+    log
+
+    # retrieve the actual ssh key
+    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+
+    userID="ssh://${HOSTP}"
+
+    # output gpg info for (exact) userid and store
+    gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+	--with-fingerprint --with-fingerprint \
+	="$userID" 2>/dev/null)
+
+    # loop over all lines in the gpg output and process.
+    echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+    while IFS=: read -r type validity keyid uidfpr usage ; do
+	case $type in
+	    'pub'|'sub')
+		# get the ssh key of the gpg key
+		sshKeyGPG=$(gpg2ssh "$keyid")
+
+		# if one of keys found matches the one offered by the
+		# host, then output info
+		if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+
+		    # get the fingerprint of the ssh key
+		    tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+		    echo "$sshKeyGPG" > "$tmpkey"
+		    sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | awk '{ print $2 }')
+		    rm -rf "$tmpkey"
+
+		    # output gpg info
+		    gpg --check-sigs \
+			--list-options show-uid-validity \
+			"$keyid" >&2
+
+		    # output ssh fingerprint
+		    log "RSA key fingerprint is ${sshFingerprint}."
+		    log "Falling through to standard ssh host checking."
+		    log
+		fi
+		;;
+	esac
+    done
+}
+
 ########################################################################
 
 # export the monkeysphere log level
@@ -35,7 +105,7 @@ HOST="$1"
 PORT="$2"
 
 if [ -z "$HOST" ] ; then
-    echo "Host not specified." >&2
+    log "Host not specified."
     usage
     exit 255
 fi
@@ -88,6 +158,30 @@ export MONKEYSPHERE_CHECK_KEYSERVER
 # update the known_hosts file for the host
 monkeysphere update-known_hosts "$HOSTP"
 
+# output on depending on the return of the update-known_hosts
+# subcommand, which is (ultimately) the return code of the
+# update_known_hosts function in common
+case $? in
+    0)
+	# acceptable host key found so continue to ssh
+	true
+	;;
+    1)
+	# no hosts at all found so also continue (drop through to
+	# regular ssh host verification)
+	true
+	;;
+    2)
+	# at least one *bad* host key (and no good host keys) was
+	# found, so output some usefull information
+	output_no_valid_key
+	;;
+    *)
+	# anything else drop through
+	true
+	;;
+esac
+
 # exec a netcat passthrough to host for the ssh connection
 if [ -z "$NO_CONNECT" ] ; then
     if (which nc 2>/dev/null >/dev/null); then
-- 
cgit v1.2.3