1 ******************************************************************************
5 ******************************************************************************
6 * Please add new entries in reverse chronological order whenever you make *
7 * changes to this system (first command at top, last at bottom) *
8 ******************************************************************************
10 * set up /srv/xul-ext to publish our .xpi files (modified
11 /etc/mathopd.conf to publish it via
12 http://archive.monkeysphere.info and serve .xpi files with the
16 * setup /srv/micah.monkeysphere.info
17 * replaced /etc/mathopd.conf virtual for daniel with one for me
18 * removed /srv/daniel.monkeysphere.info - not used
21 * Adding self to webmaster's authorized_user_ids
22 * updating ikiwiki to use the version from lenny backports
23 * changing the ikiwki markup to be appropriate for version 3.2xxx
26 * add lenny-backports repo.
27 * remove monkeysphere repo.
28 * aptitude update && aptitude full-upgrade (including monkeysphere
29 0.28-1~bpo50+1, and backported gpg)
32 * aptitude update && aptitude full-upgrade (including monkeysphere
36 * upgrade nginx in response to DSA-1920-1
39 * aptitude update && aptitude full-upgrade (bunch of lenny
40 updates, plus ikiwiki security upgrade)
43 * apt-get update && dist-upgrade (a bunch of stuff (monkeysphere,
44 screen, gnupg, dash, onak, git-core...)
45 * extended host key by 3 months
48 * aptitude update && aptitude full-upgrade (git-core DSA)
51 * aptitude update && aptitude full-upgrade
52 * (checked and found that monkeysphere version 0.24-1 is already
53 installed; don't know how that happened, coulda been me, just
54 sloppy about not noting it in the changelog)
55 * extended host key by 4 months
58 * fixed /etc/crontab line for update-users (was trying to run
59 monkeysphere-server instead of monkeysphere-authentication).
62 * upgraded to the latest versions of packages for lenny.
63 * upgraded george to monkeysphere 0.23.1. the transition upgrade
64 failed due to the way that gpg exports self-signatures secret
65 keys; it only exports the first self-sig for each user id, even if
66 that one is expired. Then any subsequent import fails, even if
67 the target import keyring knows about some valid self-signatures.
68 * i man-handled the upgrade into place so that george doesn't just
69 fail on us, but this is a pretty major bug in the transition process.
72 * applied diff represented in commit
73 f75a5747a8b99e04c02c475791c476f1fbd2b674 to change log level for
74 unacceptable untranslatable keys.
77 * Replaced nullmailer with postfix, nullmailer doesn't handle aliases
78 and insisted either on constantly respooling mail when there was no
82 * Configured /etc/aliases to have root go to mjgoins, micah, dkg, jrollins
83 * Configured /etc/nullmailer/remotes to have mail.riseup.net so remote delivery will work
84 * Removed the hundreds of queued cron emails that had resulted in 30gig of mail.err logs
85 * Rotated the giant logs out
88 * extended the expiration date for george's key three months into
90 * aptitude update && aptitude full-upgrade (brings monkeysphere to
94 * aptitude update && aptitude full-upgrade
95 * brought monkeysphere up to 0.19-1
99 * aptitude update && aptitude full-upgrade
100 * brought monkeysphere up to 0.16-1
101 * repointed keyserver usage to pool.sks-keyservers.net
104 * added two mime-type declarations in /etc/mathopd.conf so .debs
105 and .tar.gz files come out reasonably; restarted mathopd for the
107 * built monkeyshell (from src/monkeyshell) and installed as
108 /usr/local/bin/monkeyshell, added to /etc/shells.
109 * created new account "monkey" which has monkeyshell as the shell
110 for non-privileged test access. To let someone test this out,
111 make sure they're well-connected to george's web of trust, and
112 then add their User ID to
113 ~monkey/.monkeysphere/authorized_user_ids
114 * more mime types for mathopd: image/png image/x-icon
117 * migrated /home/*/.config/monkeysphere/authorized_user_ids to new
118 agreed location: /home/*/.monkeysphere/authorized_user_ids and created
119 a symlink in the original location for transition purposes. Also,
120 did /root's as well. I used this hackish mechanism:
121 $ for user in `find . -wholename './*/.config/monkeysphere/authorized_user_ids' \
122 | cut -d/ -f2`; do mkdir -v ${user}/.monkeysphere; chown ${user}:${user} \
123 ${user}/.monkeysphere; mv -v ${user}/.config/monkeysphere/authorized_user_ids \
124 ${user}/.monkeysphere; ln -s /home/${user}/.monkeysphere/authorized_user_ids \
125 ${user}/.config/monkeysphere/authorized_user_ids; done
128 * added the monkeysphere archive repository signing key
129 * aptitude update && aptitude full-upgrade (brings in monkeysphere 0.13-1)
130 * cleaned up /etc/skel to reflect correct location of the
131 monkeysphere config directory.
132 * micah moved all the existing config stuff over, and left
133 symlinks so people aren't disoriented.
136 * set up http://dkg.monkeysphere.info so that i could play around
138 * moved apt repository over to http://archive.monkeysphere.info/
139 * aptitude update && aptitude dist-upgrade
140 * canonicalizing hostname for normal web access to
141 http://web.monkeysphere.info
144 * aptitude update && aptitude full-upgrade
145 * added account 'daniel' for Dan Scott, and set him up with a way
146 to publish to http://daniel.monkeysphere.info
149 * aptitude update && aptitude dist-upgrade: this includes
150 monkeysphere 0.11-1 and OpenSSH 5.1p1-2
153 * moved monkeysphere apt repo entry to
154 /etc/apt/sources.list.d/monkeysphere.list
155 * aptitude update && aptitude full-upgrade (including monkeysphere
157 * switched george's monkeysphere-server preferred keyserver to
158 monkeysphere.info for the moment. Both pgp.mit.edu and
159 subkeys.pgp.net are sluggish right now :/
161 2008-08-16 - jrollins
162 * removed stale branches from jrollins from the master repo
163 * aptitude update && aptitude full-upgrade
164 * restarted services to clear up dependencies on old libraries
167 * aptitude update && aptitude full-upgrade
168 * restarted services to clear up dependencies on old libraries
171 * aptitude update && aptitude dist-upgrade
172 * removed debian's experimental from the sources.list
173 * removed experimental stanza from /etc/apt/preferences (now the
174 monkeysphere packages should upgrade automatically)
175 * upgraded to monkeysphere 0.7-1
177 * set up a public git daemon service to serve git repos from
178 george, using runit. (root-served repos are served from
179 /srv/git, but ~USER/public_git is supported as well, if anyone
180 wants to use that for publication).
183 * aptitude update && aptitude dist-upgrade
185 * added my User ID to ~webmaster/.config/monkeysphere/authorized_user_ids
187 2008-08-02 - jrollins
188 * aptitude update && aptitude dist-upgrade
189 * restarted cron, nullmailer, sshd
190 * aptitude install git-core ikiwiki
193 * created a bare repo at ~webmaster/monkeysphere.git. I then
194 pushed into this repo from my working directory on servo to verify
195 that it was accepting.
196 * cloned above repo at ~webmaster/monkeysphere
197 * created ~webmaster/ikiwiki.setup
198 * ikiwiki --setup ikiwiki.setup
199 * linked post-receive to new post-commit hook in monkeysphere.git
200 * changed default keyserver to be pgp.mit.edu (subkeys.pgp.net
202 * updated /etc/skel with ssh and monkeysphere stuff
203 * made authorzied_user_ids file for webmaster and ran
204 "monkeysphere-server u webmaster".
207 * added monkeysphere apt repository to /etc/apt/sources.list
208 * added dkg's key to apt's list of trusted keys.
209 * ran aptitude dist-upgrade
210 * upgraded to monkeysphere 0.2-1
211 * moved authorized_user_ids files into users' home directories.
212 * installed lockfile-progs
215 * installed screen (mjgoins and i were collaborating)
218 * Restored /etc/init.d/ssh to original package state and changed
219 /etc/default/ssh to have 'unset SSHD_OOM_ADJUST' instead.
222 * Commented out the 'export SSHD_OOM_ADJUST=-17' from the
223 /etc/init.d/ssh initscript, and the 'SSHD_OOM_ADJUST=-17' from
224 /etc/default/ssh in order to make this error go away:
225 "error writing /proc/self/oom_adj: Operation not permitted"
226 (c.f. Debian #487325)
229 * touched /etc/environment to get rid of some spurious auth.log
231 * turned up sshd's LogLevel from INFO to DEBUG
234 * installed rsync (for maintaining a public apt repo)
236 * configured mathopd to listen on port 80, serving /srv/www as /
237 and /srv/apt as /debian. We've got nothing in /srv/www at the
240 * installed lsof and psmisc as sysadmin utilities. sorry for the
243 * installed strace to try to figure out why onak is segfaulting.
246 * removed etch sources, switched "testing" to "lenny", added
247 lenny/updates, removed all contrib and non-free.
249 * removed testing pin in /etc/apt/preferences
252 * reset emacs22 to emacs22-nox (avoiding dependencies)
254 * removed sysklog and klogd because of errors restarting klogd.
255 Installed syslog-ng in their stead, which still gives errors
256 related to /proc/kmsg unreadability, but the install completes :/
259 * juggled pinning: experimental: 1, unstable: 2
260 * added mathopd onak, tweaked /etc/mathopd.conf and /etc/onak.conf
262 * installed monkeysphere v0.1-1, changed host key, published
263 them via the local keyserver (see host-key-publication)
265 * added local unprivileged user accounts for everyone listed in
266 /usr/share/doc/monkeysphere/copyright
268 * configured authorized_user_ids for every user account based on
269 my best guess at their OpenPGP User ID (see
270 user-id-configuration).
272 * set up a cronjob (in /etc/crontab) to run "monkeysphere-server
273 update-users" at 26 minutes past the hour.
275 2008-06-18 - jrollins
276 * installed less, emacs;
277 * aptitude update && aptitude dist-upgrade
280 * debootstrap'd debian etch install
281 * installed /etc/apt/sources.list with local proxy sources for etch,
282 testing, unstable, backports and volatile
283 * configured /etc/apt/preferences and apt.conf.d/local-conf to
284 pin etch, but make testing, sid and backports available
285 * added backports.org apt-key
286 * installed openssh-server and openssh-client packages
287 * added dkg, jrollins, mjgoins ssh public_keys to /root/.ssh/authorized_keys