From 12dfa2eccb5489021507bf40447c4495decd9fd0 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 26 Oct 2008 20:17:13 -0400 Subject: [PATCH] Removed the gnutls component from our APT repo, since gnutls 2.6 is now in debian/unstable. Documented the changes, and changed the warning message that monkeysphere emits too. --- repo/conf/distributions | 8 ++++---- src/monkeysphere | 2 +- website/getting-started-user.mdwn | 19 +++++++------------ .../news/gnutls-2.6-enables-monkeysphere.mdwn | 19 +++++++++++++++++++ .../news/modified-gnutls-2.4.x-available.mdwn | 10 ++++++++++ 5 files changed, 41 insertions(+), 17 deletions(-) create mode 100644 website/news/gnutls-2.6-enables-monkeysphere.mdwn diff --git a/repo/conf/distributions b/repo/conf/distributions index 5ed1ab7..c97310e 100644 --- a/repo/conf/distributions +++ b/repo/conf/distributions @@ -1,10 +1,10 @@ -Origin: The MonkeySphere Project -Label: MonkeySphere/Debian +Origin: The Monkeysphere Project +Label: Monkeysphere/Debian Suite: experimental Codename: experimental Architectures: i386 powerpc amd64 arm source -Components: monkeysphere gnutls -Description: Packages implementing the monkeysphere for debian +Components: monkeysphere +Description: Packages implementing the Monkeysphere for debian SignWith: 2E8DD26C53F1197DDF403E6118E667F1EB8AF314 DscIndices: Sources Release . .gz DebIndices: Packages Release . .gz diff --git a/src/monkeysphere b/src/monkeysphere index 1db4f20..dd689b5 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -172,7 +172,7 @@ function subkey_to_ssh_agent() { if ! test_gnu_dummy_s2k_extension ; then failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys. -You may want to consider patching or upgrading. +You may want to consider patching or upgrading to GnuTLS 2.6 or later. For more details, see: http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html" diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn index 5241667..e0a2dab 100644 --- a/website/getting-started-user.mdwn +++ b/website/getting-started-user.mdwn @@ -87,21 +87,16 @@ Using your OpenPGP authentication key for SSH Once you have created an OpenPGP authentication subkey, you will need to feed it to your ssh agent. -Currently (2008-08-23), gnutls does not support this operation. In order -to take this step, you will need to upgrade to a patched version of -gnutls. You can easily upgrade a Debian system by adding the following -to `/etc/apt/sources.list.d/monkeysphere.list`: - - deb http://archive.monkeysphere.info/debian experimental gnutls - deb-src http://archive.monkeysphere.info/debian experimental gnutls - -Next, run `aptitude update; aptitude install libgnutls26`. - -With the patched gnutls installed, you can feed your authentication -subkey to your ssh agent by running: +The GnuTLS library supports this operation as of version 2.6, but +earlier versions do not. With a recent version of GnuTLS installed, +you can feed your authentication subkey to your ssh agent by running: $ monkeysphere subkey-to-ssh-agent +If you can't (or don't want to) upgrade to GnuTLS 2.6 or later, there +are patches for GnuTLS 2.4 available in [the Monkeysphere git +repo](/community). + FIXME: using the key with a single ssh connection? Establish trust diff --git a/website/news/gnutls-2.6-enables-monkeysphere.mdwn b/website/news/gnutls-2.6-enables-monkeysphere.mdwn new file mode 100644 index 0000000..b7894c5 --- /dev/null +++ b/website/news/gnutls-2.6-enables-monkeysphere.mdwn @@ -0,0 +1,19 @@ +[[meta title="GnuTLS 2.6.x enables Monkeysphere to read authentication subkeys"]] + +We [announced earlier](/news/modified-gnutls-2.4.x-available) that the +Monkeysphere project was providing patched versions of GnuTLS to +support one piece of Monkeysphere functionality. Fortunately, those +patches are no longer needed, because as of [version +2.6](http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3135), +GnuTLS contains the necessary functionality natively. + +Therefore, our project will no longer provide patched copies of +GnuTLS, though we will continue to keep the patch alive in in [our git +repository](/community) until GnuTLS 2.6 has been more widely adopted. + +If you were pulling patched versions of GnuTLS 2.4 from the +Monkeysphere archive, you may prefer to pull GnuTLS 2.6 from [debian's +experimental archive](http://wiki.debian.org/DebianExperimental) (at +least until it GnuTLS 2.6 drops into unstable, which should happen +shortly after the release of +[lenny](http://wiki.debian.org/DebianLenny). diff --git a/website/news/modified-gnutls-2.4.x-available.mdwn b/website/news/modified-gnutls-2.4.x-available.mdwn index 44e08d0..36cfbfc 100644 --- a/website/news/modified-gnutls-2.4.x-available.mdwn +++ b/website/news/modified-gnutls-2.4.x-available.mdwn @@ -1,5 +1,15 @@ [[meta title="Modified GnuTLS 2.4.x available"]] +----- + +**2008-10-25 UPDATE:** [GnuTLS 2.6 has been released, and it contains the +functionality we needed](/news/gnutls-2.6-enables-monkeysphere). +Please upgrade to GnuTLS 2.6 if you need Monkeysphere to deal with +passphrase-protected authentication subkeys. The information on this +page is now of historical interest only. + +----- + The MonkeySphere project is now making available a patched version of [GnuTLS](http://gnutls.org/) version 2.4.x, which enhances the utility of the `monkeysphere` package by enabling it to read authentication -- 2.26.2