From 691e5d2ec8efeb4d77b17b1ad852fdbec31ce136 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 16 Dec 2008 22:00:36 -0500 Subject: get rid of getopts. add checks for root user, and better checking of presence of host key. --- packaging/debian/changelog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'packaging') diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 2aaa9ca..55f0aaf 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -3,8 +3,10 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low * New upstream release: - added better checks for the existence of a host private key for functions that require it to be there. + - add checks for root users, for functions where it is required. + - get rid of getopts. - -- Jameson Graef Rollins Sun, 30 Nov 2008 17:14:50 -0500 + -- Jameson Graef Rollins Tue, 16 Dec 2008 15:26:53 -0500 monkeysphere (0.22-1) unstable; urgency=low -- cgit v1.2.3 From 99f417023913543e1cc758d3bf08216ef9a1694a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 26 Dec 2008 18:05:48 -0500 Subject: updating freebsd port information for version 0.22 --- packaging/freebsd/security/monkeysphere/Makefile | 2 +- packaging/freebsd/security/monkeysphere/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'packaging') diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile index 976f543..24f9b2b 100644 --- a/packaging/freebsd/security/monkeysphere/Makefile +++ b/packaging/freebsd/security/monkeysphere/Makefile @@ -6,7 +6,7 @@ # PORTNAME= monkeysphere -PORTVERSION= 0.22~pre +PORTVERSION= 0.22 CATEGORIES= security MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ # hack for debian orig tarballs diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo index 51edfbe..d6c6e5e 100644 --- a/packaging/freebsd/security/monkeysphere/distinfo +++ b/packaging/freebsd/security/monkeysphere/distinfo @@ -1,3 +1,3 @@ -MD5 (monkeysphere_0.22~pre.orig.tar.gz) = fd19f09ed9a720f673d74c9cb58e9d6d -SHA256 (monkeysphere_0.22~pre.orig.tar.gz) = 337c7fdb93b697fba5a9e35cdff2b5faf0e4914fd8beab7994b456d58d19abb6 -SIZE (monkeysphere_0.22~pre.orig.tar.gz) = 69345 +MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6 +SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24 +SIZE (monkeysphere_0.22.orig.tar.gz) = 70245 -- cgit v1.2.3 From 4b5f62d5cdb596ce85539766ae3ff491b1b14b46 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 26 Dec 2008 18:33:04 -0500 Subject: updating freebsd patch to allow monkeysphere-ssh-proxycommand to work (path updates). --- .../freebsd/security/monkeysphere/files/patch-sharelocation | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'packaging') diff --git a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation index 99c9604..e41c479 100644 --- a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation @@ -20,3 +20,14 @@ export SYSSHAREDIR . "${SYSSHAREDIR}/common" || exit 1 +--- src/monkeysphere-ssh-proxycommand.orig ++++ src/monkeysphere-ssh-proxycommand +@@ -16,7 +16,7 @@ + ######################################################################## + PGRM=$(basename $0) + +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + -- cgit v1.2.3 From 8e582f8c7cabe19275bc71d6093c9d07bf38b3f9 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 28 Dec 2008 17:09:44 -0500 Subject: added version output option --- Makefile | 1 + packaging/debian/changelog | 3 ++- src/common | 3 +++ src/monkeysphere | 5 +++++ src/monkeysphere-server | 5 +++++ 5 files changed, 16 insertions(+), 1 deletion(-) (limited to 'packaging') diff --git a/Makefile b/Makefile index 7493b1f..e40c4b1 100755 --- a/Makefile +++ b/Makefile @@ -29,6 +29,7 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz + sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 55f0aaf..45deaab 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -5,8 +5,9 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low functions that require it to be there. - add checks for root users, for functions where it is required. - get rid of getopts. + - added version output option - -- Jameson Graef Rollins Tue, 16 Dec 2008 15:26:53 -0500 + -- Jameson Graef Rollins Sun, 28 Dec 2008 15:54:21 -0500 monkeysphere (0.22-1) unstable; urgency=low diff --git a/src/common b/src/common index f6000d3..eb3a083 100644 --- a/src/common +++ b/src/common @@ -19,6 +19,9 @@ SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} export SYSCONFIGDIR +# monkeysphere version +VERSION=__VERSION__ + ######################################################################## ### UTILITY FUNCTIONS diff --git a/src/monkeysphere b/src/monkeysphere index c003706..98531d2 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -45,6 +45,7 @@ subcommands: --length (-l) BITS key length in bits (2048) --expire (-e) EXPIRE date to expire subkey-to-ssh-agent (s) store authentication subkey in ssh-agent + version (v) show version number help (h,?) this help EOF @@ -365,6 +366,10 @@ case $COMMAND in subkey_to_ssh_agent "$@" ;; + 'version'|'v') + echo "$VERSION" + ;; + '--help'|'help'|'-h'|'h'|'?') usage ;; diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 7d7578d..ba3fa8d 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -66,6 +66,7 @@ subcommands: gpg-authentication-cmd CMD gnupg-authentication command + version (v) show version number help (h,?) this help EOF @@ -1066,6 +1067,10 @@ case $COMMAND in gpg_authentication_cmd "$@" ;; + 'version'|'v') + echo "$VERSION" + ;; + '--help'|'help'|'-h'|'h'|'?') usage ;; -- cgit v1.2.3 From 47ab7d6bcb9922a984f103a9385f068e0fb3c4bc Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 30 Dec 2008 20:22:22 -0500 Subject: clean up option parsing and key checking in gen_key function, including adding checking for validity of existing authentication subkeys. --- packaging/debian/changelog | 4 ++- src/monkeysphere | 84 ++++++++++++++++++++++++++++------------------ 2 files changed, 54 insertions(+), 34 deletions(-) (limited to 'packaging') diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 45deaab..a282c58 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -6,8 +6,10 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low - add checks for root users, for functions where it is required. - get rid of getopts. - added version output option + - check that existing authentication keys are valid in gen_key + function. - -- Jameson Graef Rollins Sun, 28 Dec 2008 15:54:21 -0500 + -- Jameson Graef Rollins Tue, 30 Dec 2008 20:21:16 -0500 monkeysphere (0.22-1) unstable; urgency=low diff --git a/src/monkeysphere b/src/monkeysphere index 98531d2..5444cb0 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -84,42 +84,59 @@ Type '$PGRM help' for usage." esac done - if [ -z "$1" ] ; then - # find all secret keys - keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u) - # if multiple sec keys exist, fail - if (( $(echo "$keyID" | wc -l) > 1 )) ; then - echo "Multiple secret keys found:" - echo "$keyID" + case "$#" in + 0) + gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') + ;; + 1) + gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure + ;; + *) + failure "You must specify only a single primary key ID." + ;; + esac + + # check that only a single secret key was found + case $(echo "$gpgSecOut" | grep -c '^sec:') in + 0) + failure "No secret keys found. Create an OpenPGP key with the following command: + gpg --gen-key" + ;; + 1) + keyID=$(echo "$gpgSecOut" | cut -d: -f5) + ;; + *) + echo "Multiple primary secret keys found:" + echo "$gpgSecOut" | cut -d: -f5 failure "Please specify which primary key to use." + ;; + esac + + # check that a valid authentication key does not already exist + IFS=$'\n' + for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do + type=$(echo "$line" | cut -d: -f1) + validity=$(echo "$line" | cut -d: -f2) + usage=$(echo "$line" | cut -d: -f12) + + # look at keys only + if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then + continue fi - else - keyID="$1" - fi - if [ -z "$keyID" ] ; then - failure "You have no secret key available. You should create an OpenPGP -key before joining the monkeysphere. You can do this with: - gpg --gen-key" - fi - - # get key output, and fail if not found - gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \ - "$keyID") || failure - - # fail if multiple sec lines are returned, which means the id - # given is not unique - if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then - failure "Key ID '$keyID' is not unique." - fi - - # prompt if an authentication subkey already exists - if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then - echo "An authentication subkey already exists for key '$keyID'." - read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "aborting." + # check for authentication capability + if ! check_capability "$usage" 'a' ; then + continue fi - fi + # if authentication key is valid, prompt to continue + if [ "$validity" = 'u' ] ; then + echo "A valid authentication key already exists for primary key '$keyID'." + read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + break + fi + done # set subkey defaults # prompt about key expiration if not specified @@ -144,6 +161,7 @@ EOF (umask 077 && mkfifo "$fifoDir/pass") echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + # FIXME: this needs to fail more gracefully if the passphrase is incorrect passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" rm -rf "$fifoDir" -- cgit v1.2.3