From 9ea13e47f6d84b277eb819d41ece99c695aab407 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue, 10 Mar 2009 17:42:57 -0400
Subject: include changelog entry about mktemp portability update.

---
 packaging/debian/changelog | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'packaging/debian/changelog')

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 093c157..70fef9f 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -2,6 +2,8 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
 
   * New upstream release:
     - fix the marginal ui output so that it's not prefixed by the LOG_PREFIX
+    - use msmktempdir everywhere (avoid unwrapped calls to mktemp for
+      portability)
 
  -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 07 Mar 2009 12:28:13 -0500
 
-- 
cgit v1.2.3


From 3f71bfc52f158a76755a7b75362b449439819fa7 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Wed, 18 Mar 2009 12:01:02 -0400
Subject: modify the ssh_proxycommand marginal ui output so that it better
 handles the case where the host can not be contacted.  the new system
 attempts to retrieve the host ssh key before any ui output is made. this
 should make things a little clearer in this corner case, and make things a
 little more flexible down the line.

---
 packaging/debian/changelog   |   4 +-
 src/share/m/ssh_proxycommand | 137 +++++++++++++++++++++++--------------------
 2 files changed, 76 insertions(+), 65 deletions(-)

(limited to 'packaging/debian/changelog')

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 70fef9f..16e7f21 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,11 +1,11 @@
 monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
 
   * New upstream release:
-    - fix the marginal ui output so that it's not prefixed by the LOG_PREFIX
+    - update/fix the marginal ui output
     - use msmktempdir everywhere (avoid unwrapped calls to mktemp for
       portability)
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 07 Mar 2009 12:28:13 -0500
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Wed, 18 Mar 2009 11:46:44 -0400
 
 monkeysphere (0.24-1) unstable; urgency=low
 
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index 7ab4bec..2078445 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -36,52 +36,55 @@ output_no_valid_key() {
 
     LOG_PREFIX=
 
-    cat <<EOF | log info
--------------------- Monkeysphere warning -------------------
-Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
-EOF
-
-    # retrieve the actual ssh key
-    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
-    # FIXME: should we do any checks for failed keyscans, eg. host not
-    # found?
+    # retrieve the ssh key being offered by the host
+    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \
+	| awk '{ print $2, $3 }')
 
     # get the gpg info for userid
     gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
 	--with-fingerprint --with-fingerprint \
 	="$userID" 2>/dev/null)
 
-    # find all 'pub' and 'sub' lines in the gpg output, which each
-    # represent a retrieved key for the user ID
-    echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
-    while IFS=: read -r type validity keyid uidfpr usage ; do
-	case $type in
-	    'pub'|'sub')
-		# get the ssh key of the gpg key
-		sshKeyGPG=$(gpg2ssh "$keyid")
-
-		# if one of keys found matches the one offered by the
-		# host, then output info
-		if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
-		    cat <<EOF | log info
+    # output header
+    cat <<EOF | log info
+-------------------- Monkeysphere warning -------------------
+Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
+EOF
+
+    # if the host key is retrieved from the host, check against known
+    # OpenPGP keys
+    if [ "$sshKeyOffered" ] ; then
+	# find all 'pub' and 'sub' lines in the gpg output, which each
+	# represent a retrieved key for the user ID
+	echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+	while IFS=: read -r type validity keyid uidfpr usage ; do
+	    case $type in
+		'pub'|'sub')
+		    # get the ssh key of the gpg key
+		    sshKeyGPG=$(gpg2ssh "$keyid")
+
+		    # if one of keys found matches the one offered by the
+		    # host, then output info
+		    if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+			cat <<EOF | log info
 An OpenPGP key matching the ssh key offered by the host was found:
 
 EOF
 
-		    sshKeyGPGFile=$(msmktempfile)
-		    printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
-		    sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
-			awk '{ print $2 }')
-		    rm -f "$sshKeyGPGFile"
+			sshKeyGPGFile=$(msmktempfile)
+			printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
+			sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
+			    awk '{ print $2 }')
+			rm -f "$sshKeyGPGFile"
 
-		    # get the sigs for the matching key
-		    gpgSigOut=$(gpg_user --check-sigs \
-			--list-options show-uid-validity \
-			"$keyid")
+			# get the sigs for the matching key
+			gpgSigOut=$(gpg_user --check-sigs \
+			    --list-options show-uid-validity \
+			    "$keyid")
 
-		    # output the sigs, but only those on the user ID
-		    # we are looking for
-		    echo "$gpgSigOut" | awk '
+			# output the sigs, but only those on the user ID
+			# we are looking for
+			echo "$gpgSigOut" | awk '
 {
 if (match($0,"^pub")) {	print; }
 if (match($0,"^uid")) { ok=0; }
@@ -89,50 +92,58 @@ if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
 if (ok) { if (match($0,"^sig")) { print; } }
 }
 ' | log info
-		    echo | log info
+			echo | log info
 
-		    # output the other user IDs for reference
-		    if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
-			cat <<EOF | log info
+			# output the other user IDs for reference
+			if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
+			    cat <<EOF | log info
 Other user IDs on this key:
 
 EOF
-			echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" | log info
-			echo | log info
-		    fi
+			    echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" | log info
+			    echo | log info
+			fi
 
-		    # output ssh fingerprint
-		    cat <<EOF | log info
+			# output ssh fingerprint
+			cat <<EOF | log info
 RSA key fingerprint is ${sshFingerprint}.
 EOF
 
-		    # this whole process is in a "while read"
-		    # subshell.  the only way to get information out
-		    # of the subshell is to change the return code.
-		    # therefore we return 1 here to indicate that a
-		    # matching gpg key was found for the ssh key
-		    # offered by the host
-		    return 1
-		fi
-		;;
-	esac
-    done || returnCode="$?"
-
-    # if no key match was made (and the "while read" subshell returned
-    # 1) output how many keys were found
-    if (( returnCode != 1 )) ; then
-	cat <<EOF | log info
+			# this whole process is in a "while read"
+			# subshell.  the only way to get information
+			# out of the subshell is to change the return
+			# code.  therefore we return 1 here to
+			# indicate that a matching gpg key was found
+			# for the ssh key offered by the host
+			return 1
+		    fi
+		    ;;
+	    esac
+	done || returnCode="$?"
+
+	# if no key match was made (and the "while read" subshell
+	# returned 1) output how many keys were found
+	if (( returnCode != 1 )) ; then
+	    cat <<EOF | log info
 None of the found keys matched the key offered by the host.
 Run the following command for more info about the found keys:
 gpg --check-sigs --list-options show-uid-validity =${userID}
 EOF
 
-	# FIXME: should we do anything extra here if the retrieved
-	# host key is actually in the known_hosts file and the ssh
-	# connection will succeed?  Should the user be warned?
-	# prompted?
+	    # FIXME: should we do anything extra here if the retrieved
+	    # host key is actually in the known_hosts file and the ssh
+	    # connection will succeed?  Should the user be warned?
+	    # prompted?
+	fi
+
+    # if host key could not be retrieved from the host, output message
+    else
+	cat <<EOF | log info
+Could not retrieve RSA host key from $HOST.
+EOF
     fi
 
+    # output footer
     cat <<EOF | log info
 -------------------- ssh continues below --------------------
 EOF
-- 
cgit v1.2.3


From ebce95fb2c3f4975adf346899ce3b0ebbe9d2710 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 23 Mar 2009 16:52:53 -0400
Subject: updating debian/changelog

---
 packaging/debian/changelog | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'packaging/debian/changelog')

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 16e7f21..82ef1ae 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -4,6 +4,9 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
     - update/fix the marginal ui output
     - use msmktempdir everywhere (avoid unwrapped calls to mktemp for
       portability)
+    - clean out some redundant "cat"s
+    - fix monkeysphere update-known_hosts for sshd running on non-standard
+      ports
 
  -- Jameson Graef Rollins <jrollins@finestructure.net>  Wed, 18 Mar 2009 11:46:44 -0400
 
-- 
cgit v1.2.3