From a96625fb216143164f12191526939f4c0afcd5a9 Mon Sep 17 00:00:00 2001 From: mike castleman Date: Sat, 15 Nov 2008 18:23:14 -0500 Subject: rename --- website/bugs/useful-information.mdwn | 10 ---------- website/bugs/useful_information.mdwn | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 website/bugs/useful-information.mdwn create mode 100644 website/bugs/useful_information.mdwn (limited to 'website/bugs') diff --git a/website/bugs/useful-information.mdwn b/website/bugs/useful-information.mdwn deleted file mode 100644 index 0750354..0000000 --- a/website/bugs/useful-information.mdwn +++ /dev/null @@ -1,10 +0,0 @@ -I would like to know, at INFO (default) log level, when the -monkeyspehere makes a "real" modification to my known_hosts file; that -is, when it adds or deletes a key. - -Apparently this is hard because monkeysphere is currently configured to -delete all keys and then add good keys, so a key added for the first -time seems to the monkeysphere very similar to a key re-added ten -seconds after last login. - -Still, from a UI perspective, I want to know what monkeysphere is doing. diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn new file mode 100644 index 0000000..0750354 --- /dev/null +++ b/website/bugs/useful_information.mdwn @@ -0,0 +1,10 @@ +I would like to know, at INFO (default) log level, when the +monkeyspehere makes a "real" modification to my known_hosts file; that +is, when it adds or deletes a key. + +Apparently this is hard because monkeysphere is currently configured to +delete all keys and then add good keys, so a key added for the first +time seems to the monkeysphere very similar to a key re-added ten +seconds after last login. + +Still, from a UI perspective, I want to know what monkeysphere is doing. -- cgit v1.2.3 From 9751169042746ae5208edfb5c40ea62b30504735 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 17 Nov 2008 12:05:05 -0500 Subject: add comment to bug about notification of modifications to known_hosts file. --- website/bugs/useful_information.mdwn | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'website/bugs') diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn index 62094bb..dd0077a 100644 --- a/website/bugs/useful_information.mdwn +++ b/website/bugs/useful_information.mdwn @@ -1,5 +1,5 @@ I would like to know, at INFO (default) log level, when the -monkeyspehere makes a "real" modification to my known_hosts file; that +monkeyspehere makes a "real" modification to my known\_hosts file; that is, when it adds or deletes a key. Apparently this is hard because monkeysphere is currently configured to @@ -22,3 +22,19 @@ known_hosts file, i get the following to stderr: This doesn't fully close this bug, because we aren't notifying on key deletion, afaict. + +------ + +So current log level DEBUG will output a message if the known host +file has been modified. If the issue is that you want to know at the +default log level everytime the known\_hots file is modified, then we +should just move this message to INFO instead of debug, and then maybe +remove the message that I added above. I was under the impression +that the issue was more about notification that a *new* key was added +to the known\_hosts file, and therefore the new INFO message above +fixed that problem. Should we do this instead? + +In general, more verbose log levels *do* tell the user what the +monkeysphere is doing. Moving to DEBUG log level will tell you pretty +much everything that happens. I do *not* think that this should be +the default log level, though. -- cgit v1.2.3 From b8a60a2c3c6e66513c1e4b83b65a2f808c882843 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 18 Nov 2008 00:48:47 -0500 Subject: further commentary on proxy_command logging. --- website/bugs/useful_information.mdwn | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'website/bugs') diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn index dd0077a..025d678 100644 --- a/website/bugs/useful_information.mdwn +++ b/website/bugs/useful_information.mdwn @@ -38,3 +38,13 @@ In general, more verbose log levels *do* tell the user what the monkeysphere is doing. Moving to DEBUG log level will tell you pretty much everything that happens. I do *not* think that this should be the default log level, though. + +------ + +I wouldn't want to see an extremely verbose default log level. But i +do think that saying something like "key blah blah blah was stripped +from your known\_hosts file because it was expired" (for example) +would be useful. I think this case would occur infrequently enough +that it is worth reporting in the UI at the regular log level. + + --dkg -- cgit v1.2.3 From 7e0b85c35531d96ee4e2e06702fc53ae068ad23a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 30 Nov 2008 12:18:40 -0500 Subject: gave example on gpg multi-keyring bug. --- .../problems-with-root-owned-gpg-keyrings.mdwn | 97 ++++++++++++++++++++++ 1 file changed, 97 insertions(+) (limited to 'website/bugs') diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn index 65268c5..67bc9d2 100644 --- a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn +++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn @@ -22,3 +22,100 @@ be hiding a bug, rather than getting it fixed correctly. Are there other ways we can deal with this problem? --dkg + +Here is an example when using monkeysphere-server +add-identity-certifier on a host with a newly-installed monkeysphere +installaton. Note that running the same command a second time works +as expected: + + 0 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 + gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net + gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported + gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied + gpg: failed to rebuild keyring cache: file open error + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: next trustdb check due at 2009-03-30 + gpg: Total number processed: 1 + gpg: imported: 1 (RSA: 1) + Could not receive a key with this ID from the 'pool.sks-keyservers.net' keyserver. + 255 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 + gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net + gpg: key D21739E9: "Daniel Kahn Gillmor " not changed + gpg: Total number processed: 1 + gpg: unchanged: 1 + + key found: + pub 4096R/D21739E9 2007-06-02 [expires: 2012-05-31] + Key fingerprint = 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9 + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] [jpeg image of size 3515] + sub 2048R/4BFA08E4 2008-06-19 [expires: 2009-06-19] + sub 4096R/21484CFF 2007-06-02 [expires: 2012-05-31] + + Are you sure you want to add the above key as a + certifier of users on this system? (y/N) y + gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported + gpg: Total number processed: 1 + gpg: imported: 1 (RSA: 1) + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: next trustdb check due at 2009-03-30 + gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + + pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC + trust: unknown validity: unknown + [ unknown] (1). Daniel Kahn Gillmor + [ unknown] (2) Daniel Kahn Gillmor + [ unknown] (3) Daniel Kahn Gillmor + [ unknown] (4) Daniel Kahn Gillmor + [ unknown] (5) [jpeg image of size 3515] + + + pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC + trust: unknown validity: unknown + Primary key fingerprint: 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9 + + Daniel Kahn Gillmor + Daniel Kahn Gillmor + Daniel Kahn Gillmor + Daniel Kahn Gillmor + [jpeg image of size 3515] + + This key is due to expire on 2012-05-31. + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I trust marginally + 2 = I trust fully + + + Please enter the depth of this trust signature. + A depth greater than 1 allows the key you are signing to make + trust signatures on your behalf. + + + Please enter a domain to restrict this signature, or enter for none. + + + Are you sure that you want to sign this key with your + key "ssh://pip.fifthhorseman.net" (9B83C17D) + + The signature will be marked as non-exportable. + + + gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied + gpg: failed to rebuild keyring cache: file open error + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u + gpg: next trustdb check due at 2009-03-30 + + Identity certifier added. + 0 pip:~# -- cgit v1.2.3 From 2483b7de82423d6bf0dec774526a2ca9fef3d64d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 30 Nov 2008 23:27:36 -0500 Subject: add a couple of bugs about posix compliance and the use of getopts instead of getopt. --- src/common | 2 +- src/monkeysphere | 2 +- src/monkeysphere-server | 4 ++-- website/bugs/posix_compliance.mdwn | 9 +++++++++ website/bugs/use_getopts_instead_of_getopt.mdwn | 4 ++++ 5 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 website/bugs/posix_compliance.mdwn create mode 100644 website/bugs/use_getopts_instead_of_getopt.mdwn (limited to 'website/bugs') diff --git a/src/common b/src/common index 51b0470..f6000d3 100644 --- a/src/common +++ b/src/common @@ -147,7 +147,7 @@ advance_date() { local shortunits # try things the GNU way first - if date -d "$number $longunits" "$format" >&/dev/null ; then + if date -d "$number $longunits" "$format" >/dev/null 2>&1; then date -d "$number $longunits" "$format" else # otherwise, convert to (a limited version of) BSD date syntax: diff --git a/src/monkeysphere b/src/monkeysphere index 7e800cc..523ddfe 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -158,7 +158,7 @@ EOF log verbose "done." } -function subkey_to_ssh_agent() { +subkey_to_ssh_agent() { # try to add all authentication subkeys to the agent: local sshaddresponse diff --git a/src/monkeysphere-server b/src/monkeysphere-server index a73b253..c4f6985 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -866,9 +866,9 @@ add_certifier() { # export the key to the host keyring gpg_authentication "--export 0x${fingerprint}!" | gpg_host --import - if [ "$trust" == marginal ]; then + if [ "$trust" = marginal ]; then trustval=1 - elif [ "$trust" == full ]; then + elif [ "$trust" = full ]; then trustval=2 else failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." diff --git a/website/bugs/posix_compliance.mdwn b/website/bugs/posix_compliance.mdwn new file mode 100644 index 0000000..c2908ad --- /dev/null +++ b/website/bugs/posix_compliance.mdwn @@ -0,0 +1,9 @@ +It would be nice to make all of the Monkeysphere scripts POSIX +compliant, for portability and light-weightedness. Better POSIX +compliance would probably at least be better for compatibility with +o{ther,lder} versions of bash. Unfortunately there are quite a few +bashism at the moment, so this may not be trivial. For instance: + + servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l + 50 + servo:~/cmrg/monkeysphere/git 0$ diff --git a/website/bugs/use_getopts_instead_of_getopt.mdwn b/website/bugs/use_getopts_instead_of_getopt.mdwn new file mode 100644 index 0000000..db087b4 --- /dev/null +++ b/website/bugs/use_getopts_instead_of_getopt.mdwn @@ -0,0 +1,4 @@ +Since Monkeysphere is using bash, it would be nice to use the shell +build in getopts function, instead of the external getopt program. +This would reduce an external dependency, which would definitely be +better for portability. -- cgit v1.2.3