Jameson Graef Rollins [Sun, 1 Mar 2009 20:48:21 +0000 (15:48 -0500)]
Jameson Graef Rollins [Sun, 1 Mar 2009 20:31:03 +0000 (15:31 -0500)]
use 'which' instead of 'type' in postrm, so lintian doesn't complain.
Jameson Graef Rollins [Sun, 1 Mar 2009 20:27:36 +0000 (15:27 -0500)]
explicity set the USER variable, since it's needed for checking file permissions. add/modify some debug messages.
Jameson Graef Rollins [Sun, 1 Mar 2009 19:53:37 +0000 (14:53 -0500)]
break out default variables into their own file: defaultenv
this allows the common file to be sourced without reseting variables
to their defaults, which was causing a problem with
su_monkeysphere_user.
also added some more debug messages.
Daniel Kahn Gillmor [Sun, 1 Mar 2009 19:02:35 +0000 (14:02 -0500)]
normalizing failure invocations in check_gpg_sec_key_id().
Daniel Kahn Gillmor [Sun, 1 Mar 2009 18:54:25 +0000 (13:54 -0500)]
fix openpgp2ssh man page to reflect new implementation.
Daniel Kahn Gillmor [Sun, 1 Mar 2009 18:49:37 +0000 (13:49 -0500)]
Merge commit 'jrollins/master'
Daniel Kahn Gillmor [Sun, 1 Mar 2009 18:40:12 +0000 (13:40 -0500)]
updating header comments in keytrans now that it serves two purposes.
Jameson Graef Rollins [Sun, 1 Mar 2009 18:34:01 +0000 (13:34 -0500)]
fix two bugs in monkeysphere:check_gpg_sec_key_id that were causing gen_subkey to fail
Daniel Kahn Gillmor [Sun, 1 Mar 2009 18:20:32 +0000 (13:20 -0500)]
debian packaging overhaul.
Daniel Kahn Gillmor [Sun, 1 Mar 2009 18:20:07 +0000 (13:20 -0500)]
added "test" target for make
Daniel Kahn Gillmor [Sun, 1 Mar 2009 18:19:37 +0000 (13:19 -0500)]
tests no longer prompt for bash for inspection unless MONKEYSPHERE_TEST_ALLOW_EXAMINATION=prompt (makes running them in an automated environment cleaner). prune extra PATH in tests
Daniel Kahn Gillmor [Sun, 1 Mar 2009 17:12:18 +0000 (12:12 -0500)]
removed base64 invocation in favor of perl to reduce dependency spread.
Daniel Kahn Gillmor [Sun, 1 Mar 2009 16:45:38 +0000 (11:45 -0500)]
transition to the perl-based keytrans implementation.
Daniel Kahn Gillmor [Sun, 1 Mar 2009 09:03:57 +0000 (04:03 -0500)]
removed test_gnu_dummy_s2k_extension(); no longer necessary
Daniel Kahn Gillmor [Sun, 1 Mar 2009 08:24:20 +0000 (03:24 -0500)]
fix rounding issue. Thanks, Richard K Darst!
Jameson Graef Rollins [Sun, 1 Mar 2009 01:56:18 +0000 (20:56 -0500)]
openpgp2ssh in ms-host show-key function takes the host gpg key from the temporary gpghome, instead of from the saved ssh_host_key_rsa.pub.gpg key file.
Jameson Graef Rollins [Sun, 1 Mar 2009 01:37:45 +0000 (20:37 -0500)]
Merge commit 'dkg/master'
Daniel Kahn Gillmor [Sun, 1 Mar 2009 01:36:46 +0000 (20:36 -0500)]
test for presence of User ID in pem2openpgp.
Daniel Kahn Gillmor [Sun, 1 Mar 2009 01:27:30 +0000 (20:27 -0500)]
outputting secret key material now with perl-only openpgp2ssh.
Jameson Graef Rollins [Sun, 1 Mar 2009 00:48:14 +0000 (19:48 -0500)]
Merge commit 'dkg/master'
Daniel Kahn Gillmor [Sat, 28 Feb 2009 23:54:38 +0000 (18:54 -0500)]
further perl-only openpgp2ssh work. public keys are now translated.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 22:55:40 +0000 (17:55 -0500)]
calculating and emitting key fingerprints in openpgp2ssh rewrite.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 22:17:13 +0000 (17:17 -0500)]
successfully parsing out the packets in pem2openpgp keytrans operation.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 20:55:10 +0000 (15:55 -0500)]
start to make an openpgp2ssh implementation within pem2openpgp.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 19:22:22 +0000 (14:22 -0500)]
make pem2openpgp closer to a generic keytrans so that we can reuse it for the openpgp2ssh replacement.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 19:08:41 +0000 (14:08 -0500)]
rewrite stdin slurping to match example in perldoc -f unpack.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 19:00:07 +0000 (14:00 -0500)]
functionalize the bulk of pem2openpgp.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 18:30:29 +0000 (13:30 -0500)]
made transitions/0.23 a little bit more resilient; made it so that running again after a failure is not fooled by the previous failure into thinking that the transition is done.
Daniel Kahn Gillmor [Sat, 28 Feb 2009 18:13:14 +0000 (13:13 -0500)]
Merge commit 'jrollins/master'
Jameson Graef Rollins [Sat, 28 Feb 2009 18:11:31 +0000 (13:11 -0500)]
Merge commit 'dkg/master'
Jameson Graef Rollins [Sat, 28 Feb 2009 18:07:36 +0000 (13:07 -0500)]
work on maintainer scripts:
- remove preinst and prerm because they were empty
- put everything in postint into 'config' argument, since that's
really what it is
- make sure deletion of monkeysphere user is correct, based on what we
found here: http://wiki.debian.org/AccountHandlingInMaintainerScripts
Daniel Kahn Gillmor [Sat, 28 Feb 2009 17:46:51 +0000 (12:46 -0500)]
transition script should ensure that the (old, deprecated) monkeysphere-server.conf gets renamed to monkeysphere-authentication.conf
Daniel Kahn Gillmor [Sat, 28 Feb 2009 02:33:08 +0000 (21:33 -0500)]
wrote a first pass at explaining the concept of identity certifiers
Jameson Graef Rollins [Thu, 26 Feb 2009 03:52:18 +0000 (22:52 -0500)]
remove left over references to expert subcommand in man pages.
Daniel Kahn Gillmor [Mon, 23 Feb 2009 01:28:38 +0000 (20:28 -0500)]
made patches/gnutls/build set -e
Daniel Kahn Gillmor [Sun, 22 Feb 2009 22:56:30 +0000 (17:56 -0500)]
egrep -q terminates at the first match. m-a list-identity-certifiers chokes if it cannot write to stdout. Because we are setting pipefail, this causes the pipeline checking for any certifiers to return untrue. solution? do not use -q, and send the output to /dev/null
Daniel Kahn Gillmor [Sun, 22 Feb 2009 22:10:31 +0000 (17:10 -0500)]
really really fix m-a diagnostics checking of identity certifiers.
Jameson Graef Rollins [Sun, 22 Feb 2009 17:16:32 +0000 (12:16 -0500)]
fix some return code setting stuf that was no longer being used, and change name of return code variable in update_users, since all-caps variables should be reserved for global vars.
Jameson Graef Rollins [Sun, 22 Feb 2009 17:07:34 +0000 (12:07 -0500)]
Fix how version number is saved/retrieved. Version is now stored in
VERSION file, which is created in the tarball target. This is then
installed at /usr/share/monkeysphere/VERSION, and cat'ed when the
version number is requested by the front-end ui. No more manual
setting of version number required (to avoid future problems, aka
"0.23.1"). This system is also more flexible, as the VERSION file
could potentially hold more info than just the release number.
Jameson Graef Rollins [Sun, 22 Feb 2009 15:32:23 +0000 (10:32 -0500)]
modified /etc/crontab on george to run monkeysphere-authentication instead of monkeysphere-server. was I the only one getting frequent emails from george about this?
Daniel Kahn Gillmor [Sun, 22 Feb 2009 01:39:05 +0000 (20:39 -0500)]
notes about disastrous george upgrade.
Daniel Kahn Gillmor [Sun, 22 Feb 2009 01:34:26 +0000 (20:34 -0500)]
reverse sense of test for valid identity certifiers in m-a diagnostics.
Daniel Kahn Gillmor [Sun, 22 Feb 2009 01:33:01 +0000 (20:33 -0500)]
added some FIXMEs to transitions/0.23, concerning host keys that were originally created with an expiration date.
Daniel Kahn Gillmor [Sun, 22 Feb 2009 01:31:16 +0000 (20:31 -0500)]
fix syntax error in m-a diagnostics.
Daniel Kahn Gillmor [Sun, 22 Feb 2009 00:49:53 +0000 (19:49 -0500)]
writing down some notes for future releases.
Daniel Kahn Gillmor [Sat, 21 Feb 2009 23:28:20 +0000 (18:28 -0500)]
preparing for stupid brown paper bag 0.23.1 release.
Daniel Kahn Gillmor [Sat, 21 Feb 2009 23:06:45 +0000 (18:06 -0500)]
fixing stupid internal version number synchronization.
Daniel Kahn Gillmor [Sat, 21 Feb 2009 22:57:44 +0000 (17:57 -0500)]
updating release notes for 0.23
Daniel Kahn Gillmor [Sat, 21 Feb 2009 22:51:35 +0000 (17:51 -0500)]
updating the changelog.
Daniel Kahn Gillmor [Sat, 21 Feb 2009 22:34:15 +0000 (17:34 -0500)]
adjusting extraction of revokers.
Jameson Graef Rollins [Sat, 21 Feb 2009 22:30:54 +0000 (17:30 -0500)]
make show-key so that it works even if there are no revokers.
Jameson Graef Rollins [Sat, 21 Feb 2009 22:25:26 +0000 (17:25 -0500)]
Merge commit 'dkg/master'
Jameson Graef Rollins [Sat, 21 Feb 2009 22:25:11 +0000 (17:25 -0500)]
extend show-key to show fingerprints of revokers as well.
Daniel Kahn Gillmor [Sat, 21 Feb 2009 22:24:25 +0000 (17:24 -0500)]
fixing up some documentation, including version notes in getting started.
Jameson Graef Rollins [Sat, 21 Feb 2009 22:12:49 +0000 (17:12 -0500)]
add FIXME to show key about how it should show revokers as well.
Jameson Graef Rollins [Sat, 21 Feb 2009 22:12:33 +0000 (17:12 -0500)]
fix bug in ssh connection test
Daniel Kahn Gillmor [Sat, 21 Feb 2009 22:06:47 +0000 (17:06 -0500)]
correct return codes for monkeysphere subkey-to-ssh-agent
Jameson Graef Rollins [Sat, 21 Feb 2009 21:48:43 +0000 (16:48 -0500)]
Merge commit 'dkg/master'
Jameson Graef Rollins [Sat, 21 Feb 2009 21:48:30 +0000 (16:48 -0500)]
make sure all prompt messages are going to stderr
Daniel Kahn Gillmor [Sat, 21 Feb 2009 21:31:21 +0000 (16:31 -0500)]
making entry into subshell after failed test run more explicit (thanks for the suggestion, Ross!)
Jameson Graef Rollins [Sat, 21 Feb 2009 21:30:50 +0000 (16:30 -0500)]
Merge commit 'dkg/master'
Jameson Graef Rollins [Sat, 21 Feb 2009 21:30:15 +0000 (16:30 -0500)]
cleanup of how ssh_test return code is captured in tests/basic
Jameson Graef Rollins [Sat, 21 Feb 2009 21:29:35 +0000 (16:29 -0500)]
fix output formatting for cases where multiple fingerprints are found, in functions that are doing that sort of thing
Daniel Kahn Gillmor [Sat, 21 Feb 2009 21:17:46 +0000 (16:17 -0500)]
added new explicit checks for relevant perl modules in tests/basic.
Jameson Graef Rollins [Sat, 21 Feb 2009 21:17:20 +0000 (16:17 -0500)]
Merge commit 'dkg/master'
Jameson Graef Rollins [Sat, 21 Feb 2009 21:16:58 +0000 (16:16 -0500)]
add tests to add_revoker and add_certifier that more than one key was not found when adding by using key ID.
Daniel Kahn Gillmor [Sat, 21 Feb 2009 21:14:38 +0000 (16:14 -0500)]
un-fix non-typo in ssh_proxycommand. (my mistake!)
Daniel Kahn Gillmor [Sat, 21 Feb 2009 21:11:07 +0000 (16:11 -0500)]
fixing typo in ssh_proxycommand.
Daniel Kahn Gillmor [Sat, 21 Feb 2009 21:09:08 +0000 (16:09 -0500)]
merged jrollins/master
Jameson Graef Rollins [Sat, 21 Feb 2009 20:39:44 +0000 (15:39 -0500)]
fix return in subkey_to_ssh_agent, so that it returns, instead of exits
Jameson Graef Rollins [Sat, 21 Feb 2009 20:37:30 +0000 (15:37 -0500)]
import-key now requires a hostname be specified, and no longer does
any hostname guessing. this is so that we don't have to worry about
prompting the user when guessing the hostname. also updated
documentation.
Jameson Graef Rollins [Sat, 21 Feb 2009 20:10:57 +0000 (15:10 -0500)]
remove 'return' line from monkeysphere that was errantly not removed in the previous commit.
Jameson Graef Rollins [Sat, 21 Feb 2009 19:57:41 +0000 (14:57 -0500)]
make sure we're explicitly capturing return codes in places where they are tested, in case things are being run set -e
Jameson Graef Rollins [Sat, 21 Feb 2009 19:52:53 +0000 (14:52 -0500)]
update TODO
Daniel Kahn Gillmor [Sat, 21 Feb 2009 19:50:18 +0000 (14:50 -0500)]
Merge commit 'jrollins/master'
Daniel Kahn Gillmor [Sat, 21 Feb 2009 19:49:54 +0000 (14:49 -0500)]
tweaking m-h getting started docs.
Jameson Graef Rollins [Sat, 21 Feb 2009 19:45:14 +0000 (14:45 -0500)]
fix failure message in import_key
Jameson Graef Rollins [Sat, 21 Feb 2009 18:08:55 +0000 (13:08 -0500)]
added note about specifying a hostname for import-key in the admin
getting started page.
Jameson Graef Rollins [Sat, 21 Feb 2009 18:07:31 +0000 (13:07 -0500)]
some small tweaks to the test:
- force all output to go to stdout, so it's more easily grep'able
- add "no-tty" to the gpgadmin function so that the gpg output goes to
the right place
- some small output formating improvements.
Jameson Graef Rollins [Fri, 20 Feb 2009 23:09:37 +0000 (18:09 -0500)]
Add "true" to prerm script so that lintian will stop complaining that
the script is empty.
also small doc tweaks.
Jameson Graef Rollins [Fri, 20 Feb 2009 20:39:07 +0000 (15:39 -0500)]
Merge commit 'dkg/master'
Daniel Kahn Gillmor [Fri, 20 Feb 2009 20:29:34 +0000 (15:29 -0500)]
more wordsmithing.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 20:25:14 +0000 (15:25 -0500)]
documentation tuning.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 20:23:38 +0000 (15:23 -0500)]
documentation overhaul for users just getting started.
Jameson Graef Rollins [Fri, 20 Feb 2009 19:26:15 +0000 (14:26 -0500)]
tweak/cleanup some of the prompts.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 18:22:09 +0000 (13:22 -0500)]
readability revision for getting-started-admin.mdwn
Daniel Kahn Gillmor [Fri, 20 Feb 2009 18:19:46 +0000 (13:19 -0500)]
tuning some diagnostic text.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 17:42:24 +0000 (12:42 -0500)]
clean up 0.23 changelog entry
Daniel Kahn Gillmor [Fri, 20 Feb 2009 17:33:14 +0000 (12:33 -0500)]
tune automated revocation certificate description; add FIXME to allow it to be set explicitly.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 17:27:01 +0000 (12:27 -0500)]
monkeysphere-host revoke-key should now be capable of publishing the
revocation certificate to the keyservers directly, should the admin
want that.
It can also run without prompting, if MONKEYSPHERE_PROMPT=false. In
the no-prompts case, it never publishes to the keyserver, it indicates
that the key was compromised, and it writes a boilerplate description
to make it easy to identify this kind of certificate.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 06:39:29 +0000 (01:39 -0500)]
trivial implementation of monkeysphere-host revoke-key: just prints ascii-armored revocation certificate to stdout, and admin is expected to know what to do with it.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 06:02:06 +0000 (01:02 -0500)]
clarify revoke_hostname warning
Daniel Kahn Gillmor [Fri, 20 Feb 2009 05:50:46 +0000 (00:50 -0500)]
document why monkeysphere import-subkey is not yet working.
Jameson Graef Rollins [Fri, 20 Feb 2009 05:38:59 +0000 (00:38 -0500)]
explicitly set GNUPGHOME in su_monkeysphere_user calls to gpg in add_revoker, to avoid any confusion about having GNUPGHOME as a tempdir exported to the environment.
Jameson Graef Rollins [Fri, 20 Feb 2009 05:23:35 +0000 (00:23 -0500)]
stupid bug fix
Jameson Graef Rollins [Fri, 20 Feb 2009 05:09:20 +0000 (00:09 -0500)]
add_revoker fully working. also cleanup of add_certifier.
add_revoker and add_certifier to many similar procedures, so I'm
trying to keep them in sync as I figure out the right way to handle
things.
Daniel Kahn Gillmor [Fri, 20 Feb 2009 03:42:43 +0000 (22:42 -0500)]
Merge commit 'jrollins/master'
Daniel Kahn Gillmor [Fri, 20 Feb 2009 03:40:02 +0000 (22:40 -0500)]
correcting ssh_proxycommand output.
Jameson Graef Rollins [Fri, 20 Feb 2009 03:39:00 +0000 (22:39 -0500)]
remove import_subkey from monkeysphere usage and man page until we get
a chance to fully implement it.