From 5fa86c5e80710f5a89c87be0b5d5b17d72e85c14 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 01:59:06 -0500 Subject: added new X session validation agent initialization script --- .../debian/70monkeysphere_use_validation_agent | 30 ++++++++++++++++++++++ packaging/debian/changelog | 5 +++- packaging/debian/control | 1 + 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 packaging/debian/70monkeysphere_use_validation_agent (limited to 'packaging') diff --git a/packaging/debian/70monkeysphere_use_validation_agent b/packaging/debian/70monkeysphere_use_validation_agent new file mode 100644 index 0000000..1390859 --- /dev/null +++ b/packaging/debian/70monkeysphere_use_validation_agent @@ -0,0 +1,30 @@ +# /etc/X11/Xsession.d/70monkeysphere_use_validation_agent + +# This is a script to be sourced by Xsession. It wraps the session +# startup argument with a monkeysphere-validation-agent nested +# process, if available and none already exist. + +# Enable this system-wide by adding a line to +# /etc/X11/Xsession.options that reads: +# use-monkeysphere-validation-agent + +# Note that there is some weird interaction between this and +# dbus-session at the moment: dbus-launch can start the msva just +# fine, but if msva tries to start dbus-launch, dbus-launch fails +# with: + +# Failed to waitpid() for babysitter intermediate process: No child processes + +# So this is placed at position 70 -- *before* the dbus Xsession +# startup script, which is at 75 as of 2010-03-12, when i wrote this. + +# Author: Daniel Kahn Gillmor + +STARTMSVA= +MSVAGENT=/usr/bin/monkeysphere-validation-agent + +if grep -qs ^use-monkeysphere-validation-agent "$OPTIONFILE"; then + if [ -x "$MSVAGENT" ] && [ -z "$MONKEYSPHERE_VALIDATION_AGENT_SOCKET" ]; then + STARTUP="$MSVAGENT $STARTUP" + fi +fi diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 10429fe..6152a6e 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -6,8 +6,11 @@ monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low [ Daniel Kahn Gillmor ] * bumped Standards-Version to 3.8.4 (no changes needed) * indicated bash dependency on version 3.2 or later (see MS #1687) + * including /etc/Xsession.d/70monkeysphere_use_validation_agent so that + administrators can start up a validation agent by default for each X + session by adding a single line to /etc/X11/Xsession.options. - -- Daniel Kahn Gillmor Thu, 18 Feb 2010 12:40:56 -0500 + -- Daniel Kahn Gillmor Fri, 12 Mar 2010 01:57:39 -0500 monkeysphere (0.28-1) unstable; urgency=low diff --git a/packaging/debian/control b/packaging/debian/control index 9a32642..6cd0143 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -28,6 +28,7 @@ Depends: openssh-client, adduser, ${misc:Depends} Recommends: netcat | socat, ssh-askpass, cron +Suggests: monkeysphere-validation-agent Enhances: openssh-client, openssh-server Description: leverage the OpenPGP web of trust for SSH and TLS authentication SSH key-based authentication is tried-and-true, but it lacks a true -- cgit v1.2.3 From 6a4e2466e6fb91d060c2d94717abd9922f624d35 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 02:25:07 -0500 Subject: initialize msva in Xsession based on monkeysphere.conf instead of /etc/X11/Xsession.d --- .../debian/70monkeysphere_use_validation_agent | 23 ++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'packaging') diff --git a/packaging/debian/70monkeysphere_use_validation_agent b/packaging/debian/70monkeysphere_use_validation_agent index 1390859..7c7a030 100644 --- a/packaging/debian/70monkeysphere_use_validation_agent +++ b/packaging/debian/70monkeysphere_use_validation_agent @@ -4,9 +4,9 @@ # startup argument with a monkeysphere-validation-agent nested # process, if available and none already exist. -# Enable this system-wide by adding a line to -# /etc/X11/Xsession.options that reads: -# use-monkeysphere-validation-agent +# Enable this system-wide by setting +# MONKEYSPHERE_USE_VALIDATION_AGENT=true in +# /etc/monkeysphere/monkeysphere.conf # Note that there is some weird interaction between this and # dbus-session at the moment: dbus-launch can start the msva just @@ -22,9 +22,16 @@ STARTMSVA= MSVAGENT=/usr/bin/monkeysphere-validation-agent - -if grep -qs ^use-monkeysphere-validation-agent "$OPTIONFILE"; then - if [ -x "$MSVAGENT" ] && [ -z "$MONKEYSPHERE_VALIDATION_AGENT_SOCKET" ]; then - STARTUP="$MSVAGENT $STARTUP" - fi +MSSYSCONFIG=/etc/monkeysphere/monkeysphere.conf +MSUSERCONFIG="$HOME/.monkeysphere/monkeysphere.conf" + +if [ -x "$MSVAGENT" ] ; then + USEMSVAGENT=$(sh -c " +. '$MSSYSCONFIG' 2>/dev/null +. '$MSUSERCONFIG' 2>/dev/null || : +printf '%s' "'"$MONKEYSPHERE_USE_VALIDATION_AGENT"') + + if [ "$USEMSVAGENT" == "true" ] ; then + STARTUP="$MSVAGENT $STARTUP" + fi fi -- cgit v1.2.3 From 93dd8e30ae877ac3ee2e73a8303e3e797e27b944 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 02:30:03 -0500 Subject: documenting USE_VALIDATION_AGENT in configuration --- etc/monkeysphere.conf | 4 ++++ packaging/debian/70monkeysphere_use_validation_agent | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'packaging') diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf index 53adf83..3a06e8a 100644 --- a/etc/monkeysphere.conf +++ b/etc/monkeysphere.conf @@ -36,3 +36,7 @@ # The path to the SSH authorized_keys file. #AUTHORIZED_KEYS=~/.ssh/authorized_keys + +# Set to true to enable validation agent during X session startup +# where available. +#USE_VALIDATION_AGENT=false diff --git a/packaging/debian/70monkeysphere_use_validation_agent b/packaging/debian/70monkeysphere_use_validation_agent index 7c7a030..1335458 100644 --- a/packaging/debian/70monkeysphere_use_validation_agent +++ b/packaging/debian/70monkeysphere_use_validation_agent @@ -26,10 +26,10 @@ MSSYSCONFIG=/etc/monkeysphere/monkeysphere.conf MSUSERCONFIG="$HOME/.monkeysphere/monkeysphere.conf" if [ -x "$MSVAGENT" ] ; then - USEMSVAGENT=$(sh -c " + USEMSVAGENT=$(sh -c "USE_VALIDATION_AGENT= . '$MSSYSCONFIG' 2>/dev/null . '$MSUSERCONFIG' 2>/dev/null || : -printf '%s' "'"$MONKEYSPHERE_USE_VALIDATION_AGENT"') +printf '%s' "'"$USE_VALIDATION_AGENT"') if [ "$USEMSVAGENT" == "true" ] ; then STARTUP="$MSVAGENT $STARTUP" -- cgit v1.2.3 From 78c1dbc047888e29daf42fe9a5ded7b91c3880e8 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 02:34:06 -0500 Subject: installing /etc/X11/Xsession.d/70monkeysphere_use_validation_agent --- packaging/debian/changelog | 4 ++-- packaging/debian/monkeysphere.dirs | 2 ++ packaging/debian/monkeysphere.install | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 packaging/debian/monkeysphere.install (limited to 'packaging') diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 6152a6e..d971ee6 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -7,8 +7,8 @@ monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low * bumped Standards-Version to 3.8.4 (no changes needed) * indicated bash dependency on version 3.2 or later (see MS #1687) * including /etc/Xsession.d/70monkeysphere_use_validation_agent so that - administrators can start up a validation agent by default for each X - session by adding a single line to /etc/X11/Xsession.options. + administrators and users can choose to start up a validation agent for + each X session using monkeysphere.conf -- Daniel Kahn Gillmor Fri, 12 Mar 2010 01:57:39 -0500 diff --git a/packaging/debian/monkeysphere.dirs b/packaging/debian/monkeysphere.dirs index e07fb2c..3e39efe 100644 --- a/packaging/debian/monkeysphere.dirs +++ b/packaging/debian/monkeysphere.dirs @@ -8,3 +8,5 @@ usr/share/man/man1 usr/share/man/man7 usr/share/man/man8 etc/monkeysphere +etc/X11 +etc/X11/Xsession.d diff --git a/packaging/debian/monkeysphere.install b/packaging/debian/monkeysphere.install new file mode 100644 index 0000000..8e5b3f4 --- /dev/null +++ b/packaging/debian/monkeysphere.install @@ -0,0 +1 @@ +debian/70monkeysphere_use_validation_agent etc/X11/Xsession.d -- cgit v1.2.3 From ab7d1c7f6c168b44e965cac34b550489e14580e9 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 16:47:58 -0500 Subject: renaming Xsession config file to match existing pattern (underscore only separates package from description) --- .../debian/70monkeysphere_use-validation-agent | 37 ++++++++++++++++++++++ .../debian/70monkeysphere_use_validation_agent | 37 ---------------------- packaging/debian/monkeysphere.install | 2 +- 3 files changed, 38 insertions(+), 38 deletions(-) create mode 100644 packaging/debian/70monkeysphere_use-validation-agent delete mode 100644 packaging/debian/70monkeysphere_use_validation_agent (limited to 'packaging') diff --git a/packaging/debian/70monkeysphere_use-validation-agent b/packaging/debian/70monkeysphere_use-validation-agent new file mode 100644 index 0000000..1335458 --- /dev/null +++ b/packaging/debian/70monkeysphere_use-validation-agent @@ -0,0 +1,37 @@ +# /etc/X11/Xsession.d/70monkeysphere_use_validation_agent + +# This is a script to be sourced by Xsession. It wraps the session +# startup argument with a monkeysphere-validation-agent nested +# process, if available and none already exist. + +# Enable this system-wide by setting +# MONKEYSPHERE_USE_VALIDATION_AGENT=true in +# /etc/monkeysphere/monkeysphere.conf + +# Note that there is some weird interaction between this and +# dbus-session at the moment: dbus-launch can start the msva just +# fine, but if msva tries to start dbus-launch, dbus-launch fails +# with: + +# Failed to waitpid() for babysitter intermediate process: No child processes + +# So this is placed at position 70 -- *before* the dbus Xsession +# startup script, which is at 75 as of 2010-03-12, when i wrote this. + +# Author: Daniel Kahn Gillmor + +STARTMSVA= +MSVAGENT=/usr/bin/monkeysphere-validation-agent +MSSYSCONFIG=/etc/monkeysphere/monkeysphere.conf +MSUSERCONFIG="$HOME/.monkeysphere/monkeysphere.conf" + +if [ -x "$MSVAGENT" ] ; then + USEMSVAGENT=$(sh -c "USE_VALIDATION_AGENT= +. '$MSSYSCONFIG' 2>/dev/null +. '$MSUSERCONFIG' 2>/dev/null || : +printf '%s' "'"$USE_VALIDATION_AGENT"') + + if [ "$USEMSVAGENT" == "true" ] ; then + STARTUP="$MSVAGENT $STARTUP" + fi +fi diff --git a/packaging/debian/70monkeysphere_use_validation_agent b/packaging/debian/70monkeysphere_use_validation_agent deleted file mode 100644 index 1335458..0000000 --- a/packaging/debian/70monkeysphere_use_validation_agent +++ /dev/null @@ -1,37 +0,0 @@ -# /etc/X11/Xsession.d/70monkeysphere_use_validation_agent - -# This is a script to be sourced by Xsession. It wraps the session -# startup argument with a monkeysphere-validation-agent nested -# process, if available and none already exist. - -# Enable this system-wide by setting -# MONKEYSPHERE_USE_VALIDATION_AGENT=true in -# /etc/monkeysphere/monkeysphere.conf - -# Note that there is some weird interaction between this and -# dbus-session at the moment: dbus-launch can start the msva just -# fine, but if msva tries to start dbus-launch, dbus-launch fails -# with: - -# Failed to waitpid() for babysitter intermediate process: No child processes - -# So this is placed at position 70 -- *before* the dbus Xsession -# startup script, which is at 75 as of 2010-03-12, when i wrote this. - -# Author: Daniel Kahn Gillmor - -STARTMSVA= -MSVAGENT=/usr/bin/monkeysphere-validation-agent -MSSYSCONFIG=/etc/monkeysphere/monkeysphere.conf -MSUSERCONFIG="$HOME/.monkeysphere/monkeysphere.conf" - -if [ -x "$MSVAGENT" ] ; then - USEMSVAGENT=$(sh -c "USE_VALIDATION_AGENT= -. '$MSSYSCONFIG' 2>/dev/null -. '$MSUSERCONFIG' 2>/dev/null || : -printf '%s' "'"$USE_VALIDATION_AGENT"') - - if [ "$USEMSVAGENT" == "true" ] ; then - STARTUP="$MSVAGENT $STARTUP" - fi -fi diff --git a/packaging/debian/monkeysphere.install b/packaging/debian/monkeysphere.install index 8e5b3f4..63a2dd7 100644 --- a/packaging/debian/monkeysphere.install +++ b/packaging/debian/monkeysphere.install @@ -1 +1 @@ -debian/70monkeysphere_use_validation_agent etc/X11/Xsession.d +debian/70monkeysphere_use-validation-agent etc/X11/Xsession.d -- cgit v1.2.3 From 6a7ea8d275687ae75c1e06e73934922ba63fe61a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 16:53:37 -0500 Subject: made Xsession script POSIX-compliant, simplified it --- packaging/debian/70monkeysphere_use-validation-agent | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'packaging') diff --git a/packaging/debian/70monkeysphere_use-validation-agent b/packaging/debian/70monkeysphere_use-validation-agent index 1335458..4723f5c 100644 --- a/packaging/debian/70monkeysphere_use-validation-agent +++ b/packaging/debian/70monkeysphere_use-validation-agent @@ -26,12 +26,12 @@ MSSYSCONFIG=/etc/monkeysphere/monkeysphere.conf MSUSERCONFIG="$HOME/.monkeysphere/monkeysphere.conf" if [ -x "$MSVAGENT" ] ; then - USEMSVAGENT=$(sh -c "USE_VALIDATION_AGENT= -. '$MSSYSCONFIG' 2>/dev/null -. '$MSUSERCONFIG' 2>/dev/null || : -printf '%s' "'"$USE_VALIDATION_AGENT"') + USEMSVAGENT=$(USE_VALIDATION_AGENT= +. "$MSSYSCONFIG" 2>/dev/null +. "$MSUSERCONFIG" 2>/dev/null || : +printf '%s' "$USE_VALIDATION_AGENT") - if [ "$USEMSVAGENT" == "true" ] ; then + if [ "$USEMSVAGENT" = "true" ] ; then STARTUP="$MSVAGENT $STARTUP" fi fi -- cgit v1.2.3 From 04793ed7a56034e5d8290385155e9960afda6a29 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 17:01:28 -0500 Subject: add note about dbus communication for msva --- packaging/debian/70monkeysphere_use-validation-agent | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'packaging') diff --git a/packaging/debian/70monkeysphere_use-validation-agent b/packaging/debian/70monkeysphere_use-validation-agent index 4723f5c..2f9a4bf 100644 --- a/packaging/debian/70monkeysphere_use-validation-agent +++ b/packaging/debian/70monkeysphere_use-validation-agent @@ -18,6 +18,10 @@ # So this is placed at position 70 -- *before* the dbus Xsession # startup script, which is at 75 as of 2010-03-12, when i wrote this. +# this is also good, because it means that the MSVA will learn about +# the dbus session parameters, in case we want the agent to use dbus +# to communicate with the user. + # Author: Daniel Kahn Gillmor STARTMSVA= -- cgit v1.2.3 From 8a85f739799a73c1f866a5aa6abee70b8bd029df Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 17:02:16 -0500 Subject: fixing comment in Xsession script --- packaging/debian/70monkeysphere_use-validation-agent | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packaging') diff --git a/packaging/debian/70monkeysphere_use-validation-agent b/packaging/debian/70monkeysphere_use-validation-agent index 2f9a4bf..d6758c8 100644 --- a/packaging/debian/70monkeysphere_use-validation-agent +++ b/packaging/debian/70monkeysphere_use-validation-agent @@ -1,4 +1,4 @@ -# /etc/X11/Xsession.d/70monkeysphere_use_validation_agent +# /etc/X11/Xsession.d/70monkeysphere_use-validation-agent # This is a script to be sourced by Xsession. It wraps the session # startup argument with a monkeysphere-validation-agent nested -- cgit v1.2.3 From 166f4db3b70b4eb491ea27bbb569dde098f6aa63 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 12 Mar 2010 17:06:39 -0500 Subject: further consolidating Xsession script --- packaging/debian/70monkeysphere_use-validation-agent | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'packaging') diff --git a/packaging/debian/70monkeysphere_use-validation-agent b/packaging/debian/70monkeysphere_use-validation-agent index d6758c8..c3135a8 100644 --- a/packaging/debian/70monkeysphere_use-validation-agent +++ b/packaging/debian/70monkeysphere_use-validation-agent @@ -24,18 +24,15 @@ # Author: Daniel Kahn Gillmor -STARTMSVA= MSVAGENT=/usr/bin/monkeysphere-validation-agent MSSYSCONFIG=/etc/monkeysphere/monkeysphere.conf MSUSERCONFIG="$HOME/.monkeysphere/monkeysphere.conf" if [ -x "$MSVAGENT" ] ; then - USEMSVAGENT=$(USE_VALIDATION_AGENT= + if [ "$(USE_VALIDATION_AGENT= . "$MSSYSCONFIG" 2>/dev/null . "$MSUSERCONFIG" 2>/dev/null || : -printf '%s' "$USE_VALIDATION_AGENT") - - if [ "$USEMSVAGENT" = "true" ] ; then +printf '%s' "$USE_VALIDATION_AGENT")" = "true" ] ; then STARTUP="$MSVAGENT $STARTUP" fi fi -- cgit v1.2.3