From 2fea7c86ef761141f00145702568ea2e3b86cd6b Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 20:50:00 -0400
Subject: documenting problems with the tarball generation process.

---
 website/bugs/make-tarball-is-not-idempotent.mdwn | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 website/bugs/make-tarball-is-not-idempotent.mdwn

(limited to 'website')

diff --git a/website/bugs/make-tarball-is-not-idempotent.mdwn b/website/bugs/make-tarball-is-not-idempotent.mdwn
new file mode 100644
index 0000000..57012cb
--- /dev/null
+++ b/website/bugs/make-tarball-is-not-idempotent.mdwn
@@ -0,0 +1,12 @@
+[[ meta title="make tarball is not idempotent" ]]
+
+The current monkeysphere Makefile has a "tarball" target, which
+produces the "upstream tarball".  Unfortunately, it is not idempotent.
+That is, if you run it twice in a row (without changing any other
+source), the second .orig.tar.gz file is bytewise different from the
+first.
+
+We should fix this so that the tarball generated is the same at least
+as long as no local file has been touched.
+
+--dkg
-- 
cgit v1.2.3


From ac01e1d823ae8eb4353a50e40e8c8bceeaff227d Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 21:04:45 -0400
Subject: fixing titles in my recent bugs.

---
 website/bugs/make-tarball-is-not-idempotent.mdwn           | 2 +-
 website/bugs/postinst-clobbers-gpg.conf-settings.mdwn      | 2 +-
 website/bugs/setup-subcommand-for-monkeysphere-server.mdwn | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'website')

diff --git a/website/bugs/make-tarball-is-not-idempotent.mdwn b/website/bugs/make-tarball-is-not-idempotent.mdwn
index 57012cb..03779c5 100644
--- a/website/bugs/make-tarball-is-not-idempotent.mdwn
+++ b/website/bugs/make-tarball-is-not-idempotent.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="make tarball is not idempotent" ]]
+[[meta title="make tarball is not idempotent" ]]
 
 The current monkeysphere Makefile has a "tarball" target, which
 produces the "upstream tarball".  Unfortunately, it is not idempotent.
diff --git a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
index 8f518c1..e58b9c7 100644
--- a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
+++ b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]]
+[[meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]]
 
 Do we want to allow the system administrator to make adjustments to
 the `gpg.conf` config files found in `/var/lib/monkeysphere`?  At the
diff --git a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
index 614e471..c491f8b 100644
--- a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
+++ b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="proposed new monkeysphere-server subcommand: setup" ]]
+[[meta title="proposed new monkeysphere-server subcommand: setup" ]]
 
 What if everything that's done in the package post-installation
 scripts (aside from maybe the creation of the monkeysphere user
-- 
cgit v1.2.3


From e98366cd478343b9c39ced4984874cd611ccb4ad Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 21:30:26 -0400
Subject: adding initial testsuite (totally unfinished!), bug report about
 genericizing filesystem locations.

---
 tests/basic                                        | 78 ++++++++++++++++++++++
 ...ericize-filesystem-locations-for-testsuite.mdwn | 28 ++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 tests/basic
 create mode 100644 website/bugs/genericize-filesystem-locations-for-testsuite.mdwn

(limited to 'website')

diff --git a/tests/basic b/tests/basic
new file mode 100644
index 0000000..7d354f9
--- /dev/null
+++ b/tests/basic
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Tests to ensure that the monkeysphere is working
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Date: 2008-09-13 13:40:15-0400
+
+# these tests might be best run under fakeroot, particularly the
+# "server-side" tests.  Using fakeroot, they should be able to be run
+# as a non-privileged user.
+
+# NOTE: these tests have *not* themselves been tested yet
+# (2008-09-13).  Please exercise with caution!
+
+# these tests assume a commonly-trusted "Admin's key", a fake key
+# permanently stored in ./admin:
+
+gpgadmin() {
+    GNUPGHOME=./admin gpg "$@"
+}
+
+
+# cleanup:
+
+cleanup() {
+    rm -f ./ssh-socket
+
+    # FIXME: how should we clear out the temporary $VARLIB?
+
+    # FIXME: clear out ssh client config file and known hosts.
+}
+
+## set up some variables to ensure that we're operating strictly in
+## the tests, not system-wide:
+
+# FIXME: can we override $VARLIB ?
+# FIXME: can we override $ETC ?
+
+# Use the local copy of executables first, instead of system ones.
+# This should help us test without installing.
+export PATH=$(pwd)/../src:$(pwd)/../src/keytrans:$PATH
+export MONKEYSPHERE_SHARE=$(pwd)/../src
+
+# create a new host key, certify it with the "Admin's Key".
+
+echo | monkeysphere-server gen-key --expire 2d
+
+HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\  )
+
+monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
+
+gpgadmin --sign-key "$HOSTKEYID"
+
+# FIXME: how can we test publish-key without flooding junk into the
+# keyservers?
+
+# indicate that the "Admin's" key is an identity certifier for the
+# host
+
+monkeysphere-server add-identity-certifier ./admin/pubkey.gpg
+
+# launch sshd with the new host key.
+
+mkfifo ./ssh-socket
+
+sshd -f ./sshd_config -i <>./ssh-socket
+
+# connect to sample sshd host key, using monkeysphere to verify the
+# identity before connection.
+
+## FIXME: implement!
+
+# create a new client side key, certify it with the "CA", use it to
+# log in.
+
+## FIXME: implement!
+
+
diff --git a/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn
new file mode 100644
index 0000000..1d70313
--- /dev/null
+++ b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn
@@ -0,0 +1,28 @@
+[[meta title="genericize all filesystem locations to enable test suite:" ]]
+
+I'm in the process of writing a testsuite for the monkeysphere so that
+we can verify that it actually performs all the basic expected duties
+properly.
+
+It occurs to me that lines like these:
+
+    ETC="/etc/monkeysphere"
+    VARLIB="/var/lib/monkeysphere"
+
+Actually make it very difficult to generically test the tool without
+it being installed system-wide.
+
+Is there any reason that we should not allow these directories to be
+overridden with environment variables in the same way that
+`/usr/share/monkeysphere/share` is handled?
+
+    SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"}
+
+I guess i'm proposing something like:
+
+    SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+    SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+
+Thoughts?
+
+--dkg
-- 
cgit v1.2.3


From 86d072e02c75f1c0e84d4f5c51c2e034fa84de21 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 21:41:18 -0400
Subject: documenting trouble with two keyring arrangement.

---
 .../problems-with-root-owned-gpg-keyrings.mdwn     | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 website/bugs/problems-with-root-owned-gpg-keyrings.mdwn

(limited to 'website')

diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
new file mode 100644
index 0000000..65268c5
--- /dev/null
+++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
@@ -0,0 +1,24 @@
+[[meta title="Problems with root-owned gpg keyrings"]]
+
+`/var/lib/monkeysphere/gnupg-host/` is root-owned, and the public
+keyring in that directory is controlled by the superuser.
+
+We currently expect the `monkeysphere` user to read from (but not
+write to) that keyring.  But using a keyring in a directory that you
+don't control appears to trigger [a subtle bug in
+gpg](http://bugs.debian.org/361539) that has been unresolved for quite
+a long time.
+
+With some of the new error checking i'm doing in
+`monkeysphere-server`, typical operations that involve both keyrings
+as the non-privileged user can fail with an error message like:
+
+    gpg: failed to rebuild keyring cache: file open error
+
+Running the relevant operation a second time as the same user usually
+lets things go through without a failure, but this seems like it would
+be hiding a bug, rather than getting it fixed correctly.
+
+Are there other ways we can deal with this problem?
+
+--dkg
-- 
cgit v1.2.3