rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc
ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc
- ln -s ../COPYING ../etc ../Makefile ../man ../src monkeysphere-$(MONKEYSPHERE_VERSION)
+ ln -s ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION)
tar -ch monkeysphere-$(MONKEYSPHERE_VERSION) | gzip -n > monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz
rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
-monkeysphere (0.16~pre-1) UNRELEASED; urgency=low
+monkeysphere (0.16-1) experimental; urgency=low
[ Daniel Kahn Gillmor ]
* replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
getopt lives.
* monkeysphere-server diagnostics now counts problems and suggests a
re-run after they have been resolved.
+ * completed basic test suite: this can be run from the git sources or
+ the tarball with: cd tests && ./basic
[ Jameson Graef Rollins ]
* Genericize fs location variables.
* break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
install.
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Sat, 11 Oct 2008 14:27:17 -0400
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Oct 2008 03:06:18 -0400
monkeysphere (0.15-1) experimental; urgency=low
keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg
# PGP keyserver to use for PGP queries.
-keyserver hkp://pgp.mit.edu
+keyserver hkp://pool.sks-keyservers.net
# GPG list options. It is recommended that you have at least
# "show-uid-validity".
RUN_DEPENDS= base64:${PORTSDIR}/converters/base64 \
gpg:${PORTSDIR}/security/gnupg \
lockfile:${PORTSDIR}/mail/procmail \
- getopt:${PORTSDIR}/misc/getopt \
+ /usr/local/bin/getopt:${PORTSDIR}/misc/getopt \
bash:${PORTSDIR}/shells/bash
MAN1= monkeysphere.1 openpgp2ssh.1 monkeysphere-ssh-proxycommand.1
MAN8= monkeysphere-server.8
MANCOMPRESSED= yes
-MAKE_ARGS= ETCPREFIX=/usr/local MANPREFIX=/usr/local/man ETCSUFFIX=.sample
+MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample
# get rid of cruft after the patching:
post-patch:
-MD5 (monkeysphere_0.16~pre.orig.tar.gz) = c5c5211440e31d04df1f7904ec859fb9
-SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = 77faf81cc51dff754ecb7122de26818b908e06ab4e0bdbd0320346dde53612cd
-SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59253
+MD5 (monkeysphere_0.16~pre.orig.tar.gz) = 6e9489117794fa6afab8935b75cc5ccf
+SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = fceab7cc77d9755e6484895ede56701b298ce3649bfcd10288a12803a565b7e5
+SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59721
System-wide monkeysphere config file.
.TP
/var/lib/monkeysphere/authorized_keys/USER
-diff --git src/common src/common
-index c8a7db6..cb4f8e1 100644
---- src/common
-+++ src/common
+--- src/common.orig 2008-10-12 14:58:00.000000000 -0400
++++ src/common 2008-10-25 17:40:34.000000000 -0400
@@ -16,7 +16,7 @@
### COMMON VARIABLES
# managed directories
--ETC="/etc/monkeysphere"
-+ETC="/usr/local/etc/monkeysphere"
- export ETC
+-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
++SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/usr/local/etc/monkeysphere"}
+ export SYSCONFIGDIR
########################################################################
-diff --git src/monkeysphere src/monkeysphere
-index 512d608..44f2b17 100755
---- src/monkeysphere
-+++ src/monkeysphere
+--- src/monkeysphere.orig 2008-10-12 14:58:00.000000000 -0400
++++ src/monkeysphere 2008-10-25 17:41:41.000000000 -0400
@@ -13,7 +13,7 @@
########################################################################
PGRM=$(basename $0)
--SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"}
-+SHARE=${MONKEYSPHERE_SHARE:-"/usr/local/share/monkeysphere"}
- export SHARE
- . "${SHARE}/common" || exit 1
+-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
+ export SYSSHAREDIR
+ . "${SYSSHAREDIR}/common" || exit 1
-diff --git src/monkeysphere-server src/monkeysphere-server
-index 4cda008..e359be7 100755
---- src/monkeysphere-server
-+++ src/monkeysphere-server
+--- src/monkeysphere-server.orig 2008-10-25 14:17:50.000000000 -0400
++++ src/monkeysphere-server 2008-10-25 17:42:50.000000000 -0400
@@ -13,7 +13,7 @@
########################################################################
PGRM=$(basename $0)
--SHARE=${MONKEYSPHERE_SHARE:="/usr/share/monkeysphere"}
-+SHARE=${MONKEYSPHERE_SHARE:="/usr/local/share/monkeysphere"}
- export SHARE
- . "${SHARE}/common" || exit 1
+-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
+ export SYSSHAREDIR
+ . "${SYSSHAREDIR}/common" || exit 1
Monkeysphere authentication GNUPG home directory.
.SH AUTHOR
-diff --git src/monkeysphere-server src/monkeysphere-server
-index e590f3c..f46e8bb 100755
---- src/monkeysphere-server
-+++ src/monkeysphere-server
-@@ -17,7 +17,7 @@ SHARE=${MONKEYSPHERE_SHARE:="/usr/share/monkeysphere"}
- export SHARE
- . "${SHARE}/common" || exit 1
-
--VARLIB="/var/lib/monkeysphere"
-+VARLIB="/var/monkeysphere"
- export VARLIB
-
- # UTC date in ISO 8601 format if needed
diff --git doc/getting-started-admin.mdwn doc/getting-started-admin.mdwn
index 6c8ad53..67fdda1 100644
--- doc/getting-started-admin.mdwn
And then read the section below about how to ensure these files are
maintained. You'll need to restart `sshd` to have your changes take
+--- src/monkeysphere-server.orig 2008-10-25 18:01:19.000000000 -0400
++++ src/monkeysphere-server 2008-10-25 18:01:24.000000000 -0400
+@@ -17,7 +17,7 @@
+ export SYSSHAREDIR
+ . "${SYSSHAREDIR}/common" || exit 1
+
+-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
++SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/monkeysphere"}
+ export SYSDATADIR
+
+ # UTC date in ISO 8601 format if needed
+--- etc/gnupg-authentication.conf.orig 2008-10-25 18:02:58.000000000 -0400
++++ etc/gnupg-authentication.conf 2008-10-25 18:03:04.000000000 -0400
+@@ -4,8 +4,8 @@
+ # It is highly recommended that you
+ # DO NOT MODIFY
+ # these variables.
+-primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg
+-keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg
++primary-keyring /var/monkeysphere/gnupg-authentication/pubring.gpg
++keyring /var/monkeysphere/gnupg-host/pubring.gpg
+
+ # PGP keyserver to use for PGP queries.
+ keyserver hkp://pgp.mit.edu
@dirrm share/doc/monkeysphere
@dirrm share/monkeysphere
@dirrm etc/monkeysphere
-
EOF
}
+# function to run command as monkeysphere user
su_monkeysphere_user() {
- su "$MONKEYSPHERE_USER" -c "$@"
+ # if the current user is the monkeysphere user, then just eval
+ # command
+ if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then
+ eval "$@"
+
+ # otherwise su command as monkeysphere user
+ else
+ su "$MONKEYSPHERE_USER" -c "$@"
+ fi
}
# function to interact with the host gnupg keyring
# Tests to ensure that the monkeysphere is working
-# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-# Date: 2008-09-13 13:40:15-0400
+# Authors:
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright: 2008
+# License: GPL v3 or later
-# these tests might be best run under fakeroot, particularly the
-# "server-side" tests. Using fakeroot, they should be able to be run
+# these tests should all be able to
# as a non-privileged user.
-# NOTE: these tests have *not* themselves been tested yet
-# (2008-09-13). Please exercise with caution!
+# all subcommands in this script should complete without failure:
+set -e
-# these tests assume a commonly-trusted "Admin's key", a fake key
-# permanently stored in ./home/admin/.gnupg:
+# gpg command for test admin user
gpgadmin() {
- GNUPGHOME="$TESTDIR"/home/admin/.gnupg gpg "$@"
+ GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
}
+failed_cleanup() {
+# FIXME: can we be more verbose here?
+ echo 'FAILED!'
+ read -p "press enter to cleanup and remove tmp:"
+
+ cleanup
+}
# cleanup:
cleanup() {
- # FIXME: stop the sshd process
+ if ( ps "$SSHD_PID" >/dev/null ) ; then
+ echo "### stopping still-running sshd..."
+ kill "$SSHD_PID"
+ fi
- echo
- echo "-- removing temp dir..."
+ echo "### removing temp dir..."
rm -rf "$TEMPDIR"
- # FIXME: how should we clear out the temporary $VARLIB?
-
- # FIXME: clear out ssh client config file and known hosts.
+ wait
}
## setup trap
-#trap cleanup EXIT
+trap failed_cleanup EXIT
## set up some variables to ensure that we're operating strictly in
## the tests, not system-wide:
# make temp dir
TEMPDIR="$TESTDIR"/tmp
+if [ -e "$TEMPDIR" ] ; then
+ echo "tempdir '$TEMPDIR' already exists."
+ exit 1
+fi
mkdir "$TEMPDIR"
# Use the local copy of executables first, instead of system ones.
export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR"
export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src
export MONKEYSPHERE_MONKEYSPHERE_USER="$USER"
+export MONKEYSPHERE_CHECK_KEYSERVER=false
+
+SSHD_CONFIG="$TEMPDIR"/sshd_config
export SOCKET="$TEMPDIR"/ssh-socket
+# copy in admin and testuser home to tmp
+echo "### copying admin and testuser homes..."
+cp -a "$TESTDIR"/home/admin "$TEMPDIR"/
+cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
+
+cat <<EOF >> "$TEMPDIR"/testuser/.ssh/config
+UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts
+ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET
+EOF
+
+cat <<EOF >> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
+KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
+EOF
+
+# set up a simple default monkeysphere-server.conf
+cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf
+AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids"
+EOF
+
### SERVER TESTS
-# create the temp gnupghome directories
+# setup monkeysphere temp gnupghome directories
mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host
mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication
+mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys
+cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf
+primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg
+keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg
+EOF
# create a new host key
-echo "-- generating server key..."
-echo | monkeysphere-server gen-key --length 1024 --expire 0
+echo "### generating server key..."
+# add gpg.conf with quick-random
+echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
+echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost
+# remove the gpg.conf
+rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ )
# certify it with the "Admin's Key".
# (this would normally be done via keyservers)
-echo "-- certifying server key..."
+echo "### certifying server key..."
monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
-gpgadmin --sign-key "$HOSTKEYID"
+echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
# FIXME: how can we test publish-key without flooding junk into the
# keyservers?
-# indicate that the "Admin's" key is an identity certifier for the
-# host
-
-echo "-- adding admin as certifier..."
-monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg
+# add admin as identity certifier for testhost
+echo "### adding admin as certifier..."
+echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
+# initialize base sshd_config
+cp etc/ssh/sshd_config "$SSHD_CONFIG"
# write the sshd_config
-cat <<EOF > "$TEMPDIR"/sshd_config
+cat <<EOF >> "$SSHD_CONFIG"
HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
+AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
EOF
-# launch sshd with the new host key.
-echo "-- starting sshd..."
-socat EXEC:'/usr/sbin/sshd -f '"$TEMPDIR"/sshd_config' -i -d -d -d -D -e' "UNIX-LISTEN:${TEMPDIR/socket}" &
-
+# launch test sshd with the new host key.
+echo "### starting sshd..."
+socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
+export SSHD_PID=$!
### TESTUSER TESTS
-# copy testuser home directory into temp dir
-cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/
-
# generate an auth subkey for the test user
-echo "-- generating key for testuser..."
-MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \
- monkeysphere gen-subkey --expire 0
+echo "### generating key for testuser..."
+export GNUPGHOME="$TEMPDIR"/testuser/.gnupg
+export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass
+export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere
+
+monkeysphere gen-subkey --expire 0
+
+# add server key to testuser keychain
+echo "### export server key to testuser..."
+gpgadmin --armor --export "$HOSTKEYID" | gpg --import
+
+# teach the "server" about the testuser's key
+echo "### export testuser key to server..."
+gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import
+echo "### update server authorized_keys file for this testuser..."
+monkeysphere-server update-users "$USER"
-# connect to sample sshd host key, using monkeysphere to verify the
-# identity before connection.
+# connect to test sshd, using monkeysphere-ssh-proxycommand to verify
+# the identity before connection. This should work in both directions!
+echo "### testuser connecting to sshd socket..."
-## FIXME: implement!
+ssh-agent bash -c \
+ "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true"
-# create a new client side key, certify it with the "CA", use it to
-# log in.
+trap - EXIT
-## FIXME: implement!
+echo
+echo "Monkeysphere basic tests completed successfully!"
+echo
+cleanup
--- /dev/null
+# Base sshd_config for monkeysphere test
+
+# HostKey and AuthorizedKeysFile lines will be added dynamically
+# during test.
+
+# goal: minimal ssh configuration to do public key authentication.
+
+Protocol 2
+PubkeyAuthentication yes
+HostbasedAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+KerberosAuthentication no
+GSSAPIAuthentication no
+X11Forwarding no
+PrintMotd no
+PrintLastLog no
+TCPKeepAlive no
+AcceptEnv LANG LC_*
+UsePAM no
+UsePrivilegeSeparation no
+LogLevel DEBUG
--- /dev/null
+# command to avoid depleting the system entropy
+quick-random
+# other options
+verify-options show-uid-validity
+list-options show-uid-validity
--- /dev/null
+Monkeysphere Test Suite Test User (DO NOT USE!!!) <testuser@example.net>
--- /dev/null
+# monkeysphere config for testuser in monkeysphere test suite
+
+# KNOWN_HOSTS will be dynamically defined after creation.
--- /dev/null
+#!/usr/bin/env bash
+
+# phony/automatic askpass, to provide the passphrase for the
+# testuser's GPG key.
+
+echo abc123
--- /dev/null
+# ssh config file for testuser for monkeysphere test suite.
+Host *
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+RSAAuthentication no
+GSSAPIAuthentication no
+StrictHostKeyChecking yes
+LogLevel DEBUG
+
+# UserKnownHostsFile and ProxyCommand will be filled in dynamically.
--- /dev/null
+#!/usr/bin/env bash
+
+# simple socket-based proxy-command wrapper for testing monkeysphere.
+
+# pass this thing the host, the port, and the socket.
+
+monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \
+exec socat STDIO UNIX:"$3"
temprelease=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
trap "rm -f $temprelease" EXIT
set -e
-head -n$(( $(grep -n '^-----BEGIN PGP SIGNED MESSAGE-----$' website/download.mdwn | head -n1 | cut -f1 -d:) - 1 )) website/download.mdwn >$temprelease
+head -n$(( $(grep -n '^-----BEGIN PGP SIGNED MESSAGE-----$' website/download.mdwn | head -n1 | cut -f1 -d:) - 1 )) website/download.mdwn | \
+ sed -e 's|http://archive\.monkeysphere\.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_[[:digit:].]\+\.orig\.tar\.gz|http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_'"${VERSION%%-*}"'.orig.tar.gz|g' >$temprelease
checksums | gpg --no-tty --clearsign --default-key EB8AF314 >>$temprelease
cat utils/download.mdwn.footer >>$temprelease
mv "$temprelease" website/download.mdwn
--- /dev/null
+[[meta title="users with missing or empty authorized keys and User IDs should have MS-generated keys cleared" ]]
+
+I had a user who had a bunch of entries in
+`~/.monkeysphere/authorized_user_ids`, and a bunch of raw keys in
+`~/.ssh/authorized_keys`. My system's `monkeysphere-server` handled
+this situation appropriately, and populated
+`/var/lib/monkeysphere/authorized_keys/user` with the full set.
+
+Then i wanted to wipe out all key entries for that user. So i did:
+
+ mkdir ~user/backup
+ mv ~user/.ssh ~user/.monkeysphere ~user/backup
+ monkeysphere-server update-users user
+
+I expected this to either remove
+`/var/lib/monkeysphere/authorized_keys/user`, or truncate it to 0
+bytes. However, it just remained untouched, and the old keys
+persisted.
+
+This seems like a potential security problem.
But if you want a tarball of the most recent release, we publish those
too. The [latest
-tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.14.orig.tar.gz)
+tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.16.orig.tar.gz)
has these checksums:
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-checksums for the monkeysphere 0.15 release:
+checksums for the monkeysphere 0.16 release:
MD5:
-8be275e5b5119921a536d8a67d3bfe24 monkeysphere_0.15.orig.tar.gz
+4bc223e8004e0e374bd54f0315585c49 monkeysphere_0.16.orig.tar.gz
SHA1:
-65da0a047d935e856e2a0d7032dbbb339a3ce20a monkeysphere_0.15.orig.tar.gz
+82c78ea1aeecb3059a14af9dfab0f471ce315e38 monkeysphere_0.16.orig.tar.gz
SHA256:
-44f3feb6e9f6921d2ed0406af4e3862f67da9261c8f00c7ea37cfea5031cbc77 monkeysphere_0.15.orig.tar.gz
+f2dbd031315f99c82099a4a902f2240cca97536b035ef75872e72a65f324c9d7 monkeysphere_0.16.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-iQIVAwUBSMG2fxjmZ/HrivMUAQJ40RAAjb4Rh9qJQztp+tAOxpvXKmItRTFyBTeB
-QQWjl/gNSWbAOvZX9t+F63P8Dp/ET9XoE2iXUnClvCtkkKvwbKISHyM4C9tgu0z9
-Yggb6lFPt/Qz2fD/HTMxkeN+n0p/FVjLW9WlLPyKF++u/o8JelyuiXocHORzjtc/
-9HyQfdbZuUPA16ZsAb9D66aIC2pWR21EiXHj95EvUkm6AO53Sy9G5gzzveflRrLm
-UdrcwCnbXiZklbs9wXxeZTa4qLAhv31RmkCzbE3/lNwFSBfzFFfi2HXZqQdRmIgu
-xuV/wmi8xgxUbv7dbB7yhhqwFmRnzeuV3rvuvSdjqGjFu6R0fqorIOtLtBkG1m0Q
-RP5gs5mU+DreYkdeLWpFFFVjaJkz0cNUcnT22EJ5JgfeH3fkoAPpjlUMvgh8apGq
-CbtqmBfYVOLyifiwptCSwlQvfY2guBVmsW+C60g78vMlCa0Tezp79I5H1KdsXKlY
-cw1eLt3HhEy39yojmcD5EI293tfWTIYvULXvMIZjqEFnkFvoAogtinfd8fDoH15j
-8yqXOUfkuuSeGmPReyiZZkbBTMXOdM6JsXmjEMI5T9dnZcC0CClnDGfcxE2UfPQZ
-v9tneWXZzFmnWaAqH+T+SJJ4gpMhD+i0vXgQ7xOhUUCF+tiY8Qh1eltR2Kf+VeYW
-d+MRglTs/Z4=
-=AmW6
+iQIVAwUBSQQdZRjmZ/HrivMUAQJaIA/6AnZG0yYJJ+0C4S0McnBnLMyiA4zQzVsH
+5J9dAYO771h0TZnlre1NZdgiP37YiPA1et24O/S7da0Ud/CND+V7CGrsxPzsfEbP
+xTPVDST2BgvnDo9LYN4Q9h7QD4lOiGjhoJM6PN/R6Zo2OGiw+yZ8RP+BW5AxW21e
+3AnasZ2XLEmwqI0AMl9OWsLk4NzeS7t+ycWjwJKINOk/5ghzlOR0Use/mRyTHvzy
+GhMjrLoqtgHo85pAfAWT7LkwTt+FDVRzLZl2shzJszewvPFva+z2A8kvuY+vAzUw
+CSvIAC5MSrheFUg1JC+6efVbUTgn3RZj+zn7CxyttVuRzjyrnY2WkiMOT5mKuZCg
+LR42FEXnDCNHjreVLB6PoU1bOseohRbfK2yN+oDSoXmO4GoKetokGEWU/S+pi/gq
+dhjyMZUYv1pgE9Vtz3ps0vVC4e8D/i39qEm7JB2AWPWU4jGX5cLCeEkrfXGsGWyu
+OxGGywarXfNp83R62QTh2cPZlkACj3IwoYgZ2h8r98ikyJlQE0Y7V8uHKsx1DMJX
+JBemkEVW5P7pZiRS7X2zqLGIDNwqBKNRnjZ7bAhqThJXpCBWNuZ+DjGY743BBddr
+RAfQUvdjbSEOD78NMh6pLLg3iYJA902EVXZX8Q8JQnjg5GlUrB2yS5uz82dwjbpx
+dy0gzEhr4DA=
+=DY0y
-----END PGP SIGNATURE-----
</pre>
--- /dev/null
+[[meta title="Monkeysphere 0.16-1 released!"]]
+
+# Monkeysphere 0.16-1 released! #
+
+Monkeysphere 0.16-1 has been released.
+
+Notes from the changelog:
+
+<pre>
+ [ Daniel Kahn Gillmor ]
+ * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
+ portability.
+ * fixed busted lockfile arrangement, where empty file was being locked
+ * portability fixes in the way we use date, mktemp, hostname, su
+ * stop using /usr/bin/stat, since the syntax appears to be totally
+ unportable
+ * require GNU getopt, and test for getopt failures (look for getopt in
+ /usr/local/bin first, since that's where FreeBSD's GNU-compatible
+ getopt lives.
+ * monkeysphere-server diagnostics now counts problems and suggests a
+ re-run after they have been resolved.
+ * completed basic test suite: this can be run from the git sources or
+ the tarball with: cd tests && ./basic
+
+ [ Jameson Graef Rollins ]
+ * Genericize fs location variables.
+ * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
+ install.
+</pre>
+
+[[Download]] it now!