From: Jamie McClelland Date: Sat, 6 Sep 2008 06:59:12 +0000 (-0400) Subject: Merge commit 'dkg/master' X-Git-Tag: monkeysphere_0.16-1~87 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=2c6c9e84ef5417987d90d45d28be6894df5afe35;hp=98253f5bca3f6745ab74a2d0e39109f32e7b173c;p=monkeysphere.git Merge commit 'dkg/master' --- diff --git a/Makefile b/Makefile index 765c3e9..defd15a 100644 --- a/Makefile +++ b/Makefile @@ -45,4 +45,7 @@ install: all install man/man8/* $(DESTDIR)$(PREFIX)/share/man/man8 install -m 0644 etc/* $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere -.PHONY: all clean tarball debian-package install +releasenote: + ./utils/build-releasenote + +.PHONY: all clean tarball debian-package install releasenote diff --git a/debian/changelog b/debian/changelog index d032017..6acb8e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.15~pre-1) UNRELEASED; urgency=low +monkeysphere (0.15-1) experimental; urgency=low * porting work and packaging simplification: clarifying makefiles, pruning dependencies, etc. diff --git a/debian/control b/debian/control index ef62798..8f5aeef 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), lockfile-progs, adduser, ${shlibs:Depends} +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} Recommends: netcat | socat, ssh-askpass Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections diff --git a/src/common b/src/common index 2b05c3c..25f7e4e 100644 --- a/src/common +++ b/src/common @@ -91,6 +91,49 @@ cutline() { head --line="$1" "$2" | tail -1 } +# this is a wrapper for doing lock functions. +# +# it lets us depend on either lockfile-progs (preferred) or procmail's +# lockfile, and should +lock() { + local use_lockfileprogs=true + local action="$1" + local file="$file" + + if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then + if ! ( which lockfile >/dev/null ); then + failure "Neither lockfile-create nor lockfile are in the path!" + fi + use_lockfileprogs= + fi + + case "$action" in + create) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-create "$file" || failure "unable to lock '$file'" + else + lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" + fi + ;; + touch) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-touch --oneshot "$file" + else + : Nothing to do here + fi + ;; + remove) + if [ -n "$use_lockfileprogs" ] ; then + lockfile-remove "$file" + else + rm -f "${file}.lock" + fi + ;; + *) + failure "bad argument for lock subfunction '$action'" + esac +} + # check that characters are in a string (in an AND fashion). # used for checking key capability # check_capability capability a [b...] @@ -724,11 +767,10 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $KNOWN_HOSTS" EXIT - - # create a lockfile on known_hosts - lockfile-create "$KNOWN_HOSTS" + # create a lockfile on known_hosts: + lock create "$KNOWN_HOSTS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT # note pre update file checksum fileCheck="$(file_hash "$KNOWN_HOSTS")" @@ -747,11 +789,12 @@ update_known_hosts() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$KNOWN_HOSTS" + lock touch "$KNOWN_HOSTS" done - # remove the lockfile - lockfile-remove "$KNOWN_HOSTS" + # remove the lockfile and the trap + lock remove "$KNOWN_HOSTS" + trap - EXIT # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then @@ -862,11 +905,10 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 - # set the trap to remove any lockfiles on exit - trap "lockfile-remove $AUTHORIZED_KEYS" EXIT - # create a lockfile on authorized_keys - lockfile-create "$AUTHORIZED_KEYS" + lock create "$AUTHORIZED_KEYS" + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $AUTHORIZED_KEYS" EXIT # note pre update file checksum fileCheck="$(file_hash "$AUTHORIZED_KEYS")" @@ -890,11 +932,12 @@ update_authorized_keys() { esac # touch the lockfile, for good measure. - lockfile-touch --oneshot "$AUTHORIZED_KEYS" + lock touch "$AUTHORIZED_KEYS" done - # remove the lockfile - lockfile-remove "$AUTHORIZED_KEYS" + # remove the lockfile and the trap + lock remove "$AUTHORIZED_KEYS" + trap - EXIT # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then diff --git a/utils/build-releasenote b/utils/build-releasenote new file mode 100755 index 0000000..af7ceb3 --- /dev/null +++ b/utils/build-releasenote @@ -0,0 +1,40 @@ +#!/bin/bash + +VERSION=`head -n1 debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` + +{ + sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header + head -n$(( $(grep -n '^ --' debian/changelog | head -n1 | cut -f1 -d:) - 2 )) debian/changelog | tail -n+3 + sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer +} > "website/news/release-$VERSION.mdwn" + +git add "website/news/release-$VERSION.mdwn" + +checksums() { + echo "checksums for the monkeysphere ${VERSION%%-*} release:" + echo + echo "MD5:" + md5sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" + echo + echo "SHA1:" + sha1sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" + echo + echo "SHA256:" + sha256sum "monkeysphere_${VERSION%%-*}.orig.tar.gz" +} + +checksums + +temprelease=$(mktemp) +trap "rm -f $temprelease" EXIT +set -e +head -n$(( $(grep -n '^-----BEGIN PGP SIGNED MESSAGE-----$' website/download.mdwn | head -n1 | cut -f1 -d:) - 1 )) website/download.mdwn >$temprelease +checksums | gpg --no-tty --clearsign --default-key EB8AF314 >>$temprelease +cat utils/download.mdwn.footer >>$temprelease +mv "$temprelease" website/download.mdwn +trap - EXIT +set +e + +git add website/download.mdwn + +gpg --verify website/download.mdwn diff --git a/utils/download.mdwn.footer b/utils/download.mdwn.footer new file mode 100644 index 0000000..95bc788 --- /dev/null +++ b/utils/download.mdwn.footer @@ -0,0 +1 @@ + diff --git a/utils/releasenote.footer b/utils/releasenote.footer new file mode 100644 index 0000000..640e765 --- /dev/null +++ b/utils/releasenote.footer @@ -0,0 +1,3 @@ + + +[[Download]] it now! diff --git a/utils/releasenote.header b/utils/releasenote.header new file mode 100644 index 0000000..1dbc5b9 --- /dev/null +++ b/utils/releasenote.header @@ -0,0 +1,9 @@ +[[meta title="Monkeysphere __VERSION__ released!"]] + +# Monkeysphere __VERSION__ released! # + +Monkeysphere __VERSION__ has been released. + +Notes from the changelog: + +
diff --git a/website/download.mdwn b/website/download.mdwn
index 64993c9..3ba40f4 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -46,31 +46,37 @@ look at the source, we recommend [using git](/community).
 But if you want a tarball of the most recent release, we publish those
 too.  The [latest
 tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.14.orig.tar.gz)
-has this sha1sum:
+has these checksums:
 
 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-sha1sum for the monkeysphere 0.14 release:
+checksums for the monkeysphere 0.15 release:
 
-8b05fec041cec7f86ddde92fa72c8aabf8af0b3b  monkeysphere_0.14.orig.tar.gz
+MD5:
+8be275e5b5119921a536d8a67d3bfe24  monkeysphere_0.15.orig.tar.gz
+
+SHA1:
+65da0a047d935e856e2a0d7032dbbb339a3ce20a  monkeysphere_0.15.orig.tar.gz
+
+SHA256:
+44f3feb6e9f6921d2ed0406af4e3862f67da9261c8f00c7ea37cfea5031cbc77  monkeysphere_0.15.orig.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iQIVAwUBSMBhXhjmZ/HrivMUAQJTmw//XB8y7UXAg2GD4A1wHS/lczQLlzN3fVmT
-MGzLVdlRtATQgnL1Zd2CbKEEswSDpok9h+meZxMUvBXnpGV3iUouNo7q6vkt9Dp6
-Y5B+mgSe1vlxtkHPRCpLFvnLch2+x9zk+OhfHK+85zu6yPd2KqN0uFMpx6xLDWNq
-iIx3KzEOqLNe5WjJoKbGDvBohxgPePDLkAQtz+6Bnvor+H5gR4Mg3enPCRUtndKs
-sxyfw40ZCCZQV8Hma1YzP8jRrTNhXy3jY57cJ966FgWANPxDWzQh3k0W9ZTp4KP7
-3xcxSxKGMCFtfkNFhC6vcry4TRh/f33snGhwvPX2sAfWTsDP3PPeY4bK2rtVynZm
-bHl6IT1ZEdFVtS9IwWz51SAW5nDjffQnjSUM6TWtviRAc+acCHBCWVaGCRea7PLt
-7BJ/chJUf48gSIYStH/rFVcGJGOQD8CYQeUrKPBZu/CHowJziYfYcBQ0zydPEz9A
-5Lvs7pUhBVB+YYRqx62LqOMxX+qbUGCNRa3xJHRbOq8j+qqwTTh2W/fAlT1ziez+
-VqmKwX5Fnxd9q0wEEn3NGNbV8SrhHtN0LxmVHwxPrk5uo5d9mfuLBFnA93vWacDd
-M0bZHHnV7w6CuR4ReGPh1HJFAPRf42S3HM9JooFV6hWlEci2iomInba691PMQOJv
-nd+N0oSL47A=
-=uAHY
+iQIVAwUBSMG2fxjmZ/HrivMUAQJ40RAAjb4Rh9qJQztp+tAOxpvXKmItRTFyBTeB
+QQWjl/gNSWbAOvZX9t+F63P8Dp/ET9XoE2iXUnClvCtkkKvwbKISHyM4C9tgu0z9
+Yggb6lFPt/Qz2fD/HTMxkeN+n0p/FVjLW9WlLPyKF++u/o8JelyuiXocHORzjtc/
+9HyQfdbZuUPA16ZsAb9D66aIC2pWR21EiXHj95EvUkm6AO53Sy9G5gzzveflRrLm
+UdrcwCnbXiZklbs9wXxeZTa4qLAhv31RmkCzbE3/lNwFSBfzFFfi2HXZqQdRmIgu
+xuV/wmi8xgxUbv7dbB7yhhqwFmRnzeuV3rvuvSdjqGjFu6R0fqorIOtLtBkG1m0Q
+RP5gs5mU+DreYkdeLWpFFFVjaJkz0cNUcnT22EJ5JgfeH3fkoAPpjlUMvgh8apGq
+CbtqmBfYVOLyifiwptCSwlQvfY2guBVmsW+C60g78vMlCa0Tezp79I5H1KdsXKlY
+cw1eLt3HhEy39yojmcD5EI293tfWTIYvULXvMIZjqEFnkFvoAogtinfd8fDoH15j
+8yqXOUfkuuSeGmPReyiZZkbBTMXOdM6JsXmjEMI5T9dnZcC0CClnDGfcxE2UfPQZ
+v9tneWXZzFmnWaAqH+T+SJJ4gpMhD+i0vXgQ7xOhUUCF+tiY8Qh1eltR2Kf+VeYW
+d+MRglTs/Z4=
+=AmW6
 -----END PGP SIGNATURE-----
 

-
diff --git a/website/news/release-0.15-1.mdwn b/website/news/release-0.15-1.mdwn
new file mode 100644
index 0000000..5a36ba1
--- /dev/null
+++ b/website/news/release-0.15-1.mdwn
@@ -0,0 +1,17 @@
+[[meta title="MonkeySphere 0.15-1 released!"]]
+
+# MonkeySphere 0.15-1 released! #
+
+MonkeySphere 0.15-1 has been released.  
+
+From the changelog:
+
+
+  * porting work and packaging simplification: clarifying makefiles,
+    pruning dependencies, etc.
+  * added tests to monkeysphere-server diagnostics
+  * moved monkeysphere(5) to section 7 of the manual
+  * now shipping TODO in /usr/share/doc/monkeysphere
+

+
+[[Download]] it now!
diff --git a/website/why.mdwn b/website/why.mdwn
index 3c70bab..3d67d32 100644
--- a/website/why.mdwn
+++ b/website/why.mdwn
@@ -2,6 +2,8 @@
 
 # Why should you be interested in the Monkeysphere? #
 
+[[!toc levels=2]]
+
 ## As an `ssh` user ##
 
 Do you use `ssh` to connect to remote machines?  Are you tired of