Daniel Kahn Gillmor [Wed, 18 Feb 2009 04:33:55 +0000 (23:33 -0500)]
Merge commit 'jrollins/master'
Daniel Kahn Gillmor [Wed, 18 Feb 2009 04:29:43 +0000 (23:29 -0500)]
make m-a list-certifiers more intelligible when multiple uids have ltsigs.
Jameson Graef Rollins [Wed, 18 Feb 2009 04:13:31 +0000 (23:13 -0500)]
fix ma so that the setup command is folded into the other commands, so
it's never needed to be run manually, and can therefore be supressed
in the usage/documentation. Also, add setup to the postinst script so
that it's setup on installation.
Also add pipefail to ma, and try to supress unnecessary gpg output,
and redirect other to log debug.
Jameson Graef Rollins [Wed, 18 Feb 2009 03:35:29 +0000 (22:35 -0500)]
bring tests/basic uptodate with the new PROMPT env variable.
Daniel Kahn Gillmor [Wed, 18 Feb 2009 01:37:47 +0000 (20:37 -0500)]
describe the motivation for our current su_monkeysphere_user implementation.
Daniel Kahn Gillmor [Wed, 18 Feb 2009 01:01:36 +0000 (20:01 -0500)]
fix typo
Jameson Graef Rollins [Wed, 18 Feb 2009 00:43:20 +0000 (19:43 -0500)]
remove setting of ultimate owner trust on imported host key, since we probably don't want the host keyring to be accepting any certifications for anything.
Jameson Graef Rollins [Wed, 18 Feb 2009 00:16:58 +0000 (19:16 -0500)]
add README to tests/ directory
Jameson Graef Rollins [Wed, 18 Feb 2009 00:09:44 +0000 (19:09 -0500)]
add ability to bypass prompting with a MONKEYSPHERE_PROMPT variable,
for functions that prompt for confirmation. Also fix publish_key
function (NOT TESTED).
Jameson Graef Rollins [Wed, 18 Feb 2009 00:07:24 +0000 (19:07 -0500)]
add test to su_monkeysphere_user to check that the user is
monkeysphere user or root, and fail otherwise. this is so that there
is no password prompt for unpriviledged users (see bug #519).
Jameson Graef Rollins [Tue, 17 Feb 2009 20:19:40 +0000 (15:19 -0500)]
add some checks about setup to authentication
Jameson Graef Rollins [Tue, 17 Feb 2009 07:23:17 +0000 (02:23 -0500)]
rename create_gpg_pub_file to be update_gpg_pub_file, and add it to
every function that alters the host keyring, so that all changes will
show up in exported pub key file, and in show-key.
Jameson Graef Rollins [Tue, 17 Feb 2009 07:03:22 +0000 (02:03 -0500)]
Merge commit 'dkg/master'
Jameson Graef Rollins [Tue, 17 Feb 2009 07:02:58 +0000 (02:02 -0500)]
tweak the show-key output, and fix some comments.
Jameson Graef Rollins [Tue, 17 Feb 2009 07:02:23 +0000 (02:02 -0500)]
set ultimate ownertrust on hostkey after import
Daniel Kahn Gillmor [Tue, 17 Feb 2009 05:56:34 +0000 (00:56 -0500)]
update m-a list-identity-certifiers: output is not yet human-readable, but it should be more accurate.
Jameson Graef Rollins [Tue, 17 Feb 2009 05:36:07 +0000 (00:36 -0500)]
fix a couple of left over references to expert
Jameson Graef Rollins [Tue, 17 Feb 2009 05:26:09 +0000 (00:26 -0500)]
check host for gpg pub key file instead of fingerprint, and modify show_key to be able to show full key info to all users.
Jameson Graef Rollins [Tue, 17 Feb 2009 04:57:55 +0000 (23:57 -0500)]
make host show_key use just the pgp pub key file to get the ssh fingerprint, as it should have been doing before
Jameson Graef Rollins [Tue, 17 Feb 2009 04:45:28 +0000 (23:45 -0500)]
add some minimal checks to import_key that the default hostname is legitimate.
Jameson Graef Rollins [Tue, 17 Feb 2009 02:39:17 +0000 (21:39 -0500)]
fix reference to HOST_FINGERPRINT in show-key, and fix some references
to "expert" in test.
Jameson Graef Rollins [Tue, 17 Feb 2009 02:28:32 +0000 (21:28 -0500)]
REMOVE GEN_KEY. The gen_key function is entirely removed. Decided
this was OK now that import_key works, and we can't really see a
reason to keep it around. We can resurect it down the line if need
be. Also, removed "expert" subcommand, after promting import_key,
since it may be need semi-regularly. The other "expert" commands are
now just not listed in the usage.
Jameson Graef Rollins [Tue, 17 Feb 2009 01:15:58 +0000 (20:15 -0500)]
Stop all creation of a ssh_host_rsa_key.pub. Use openpgp2ssh to get
the fingerprint from the host pgp public key. Prevents us from having
to maintain the ssh pub key file, and generally makes things simpler.
Also allows us to go back to having import_key take the key on stdin
(which dkg will like).
Jameson Graef Rollins [Mon, 16 Feb 2009 06:10:02 +0000 (01:10 -0500)]
start script to do a 0.22 -> 0.23 transition. still needs work (UNTESTED).
Jameson Graef Rollins [Mon, 16 Feb 2009 06:08:28 +0000 (01:08 -0500)]
make sure MHTMPDIR is defined and created
Jameson Graef Rollins [Mon, 16 Feb 2009 06:07:04 +0000 (01:07 -0500)]
fix a bad reference to MATMPDIR
Jameson Graef Rollins [Mon, 16 Feb 2009 04:27:12 +0000 (23:27 -0500)]
unbreakout some functions that were broken out earlier for handling creating ssh key files, since they are actually done in different ways under different circumstances.
Jameson Graef Rollins [Mon, 16 Feb 2009 04:25:51 +0000 (23:25 -0500)]
Change import_key to take the path to the file to import as an argument. dkg won't like this, but I think it's necessary so that we can generate the ssh pub key file, which is needed for subsequenty works.
Jameson Graef Rollins [Mon, 16 Feb 2009 03:51:17 +0000 (22:51 -0500)]
fix the publish_key function for new gpg_sphere.
Jameson Graef Rollins [Mon, 16 Feb 2009 03:50:35 +0000 (22:50 -0500)]
have the import_key also create the ssh pub file, since it is needed to show full host key info.
Jameson Graef Rollins [Sun, 15 Feb 2009 23:16:33 +0000 (18:16 -0500)]
website: fix a small incorrect command line for apt-key import
Jameson Graef Rollins [Fri, 13 Feb 2009 00:13:19 +0000 (19:13 -0500)]
fix something that was resolved improperly in the previous merge.
Jameson Graef Rollins [Fri, 13 Feb 2009 00:11:50 +0000 (19:11 -0500)]
Merge commit 'dkg/master'
Conflicts:
src/share/ma/setup
Jameson Graef Rollins [Fri, 13 Feb 2009 00:10:12 +0000 (19:10 -0500)]
fix some calls to gpg_sphere that where not putting all arguments into a single argument, as required by the strange su requirements.
Daniel Kahn Gillmor [Fri, 13 Feb 2009 00:08:21 +0000 (19:08 -0500)]
trust level != trust model
Jameson Graef Rollins [Thu, 12 Feb 2009 23:59:01 +0000 (18:59 -0500)]
fix the su_monkeysphere_user function so that it does 'bash -c' instead of 'eval', if the user already is the monkeysphere user, so that a proper subshell is invoked.
Daniel Kahn Gillmor [Thu, 12 Feb 2009 23:53:17 +0000 (18:53 -0500)]
su_monkeysphere_user now invokes a subshell even when already called by the monkeysphere user.
Jameson Graef Rollins [Thu, 12 Feb 2009 23:39:38 +0000 (18:39 -0500)]
tweak some of the log output inconsequentially
Daniel Kahn Gillmor [Thu, 12 Feb 2009 23:34:08 +0000 (18:34 -0500)]
tests/common: enable a single subshell in the test environment before cleanup on failure; makes it easier to have $PATH, etc set up
Daniel Kahn Gillmor [Thu, 12 Feb 2009 23:32:32 +0000 (18:32 -0500)]
no longer require the primary-keyring for the sphere gpg.conf now that we use a single keyring
Daniel Kahn Gillmor [Thu, 12 Feb 2009 23:30:38 +0000 (18:30 -0500)]
fix typo
Jameson Graef Rollins [Thu, 12 Feb 2009 23:24:34 +0000 (18:24 -0500)]
add list-certifiers to the basic test
Jameson Graef Rollins [Thu, 12 Feb 2009 23:23:05 +0000 (18:23 -0500)]
fix some things in ma certifier functions:
- fix left over bad invocations of gpg_sphere --list-keys
- add some more debug log output
Jameson Graef Rollins [Thu, 12 Feb 2009 23:19:35 +0000 (18:19 -0500)]
Fix the ma/setup function:
- fix reference to MONKEYSPHERE_USER for GNUPGHOME_SPHERE
- break out core_fingerprint function
- export core key to sphere keyring (necessary)
- fix some logging (add more debug) and formatting
Jameson Graef Rollins [Thu, 12 Feb 2009 21:17:00 +0000 (16:17 -0500)]
fix reference to MONKEYSPHER_USER in ma/setup
Daniel Kahn Gillmor [Thu, 12 Feb 2009 20:19:16 +0000 (15:19 -0500)]
tests/basic: respect $TMPDIR variable for temporary directories set up during testing.
Jameson Graef Rollins [Thu, 12 Feb 2009 18:36:39 +0000 (13:36 -0500)]
some clean up to tests/basic
Jameson Graef Rollins [Thu, 12 Feb 2009 18:33:17 +0000 (13:33 -0500)]
add some debug logging to some common functions
Jameson Graef Rollins [Thu, 12 Feb 2009 18:30:57 +0000 (13:30 -0500)]
add ability to supress confirmation prompt in ma/add_certifier
fix some logging output
Jameson Graef Rollins [Thu, 12 Feb 2009 18:29:30 +0000 (13:29 -0500)]
clean up how trust level was check in ma/setup, with some debug output
Jameson Graef Rollins [Thu, 12 Feb 2009 18:25:35 +0000 (13:25 -0500)]
break out a bunch of common functions in monkeysphere-host:
- create_*_*_file to create the key files
- load_*fingerprint to load the host fingerprint into an exported
variable (HOST_FINGERPRINT)
- check_host_*key to check for the presence of a host key
modified {import,gen}_key to use these new functions.
Jameson Graef Rollins [Mon, 9 Feb 2009 06:52:00 +0000 (01:52 -0500)]
add much of an add_revoker function. still needs to be fleshed out
and tested, though, so it's not "active" yet.
Jameson Graef Rollins [Mon, 9 Feb 2009 06:51:02 +0000 (01:51 -0500)]
small formatting tweaks to add_certifier function
Jameson Graef Rollins [Mon, 9 Feb 2009 06:41:30 +0000 (01:41 -0500)]
rename function to get the host fingerprint, and fix some
HOST_FINGERPRINT variables.
Jameson Graef Rollins [Mon, 9 Feb 2009 06:39:50 +0000 (01:39 -0500)]
fix name of set_expire function
Jameson Graef Rollins [Mon, 9 Feb 2009 05:47:17 +0000 (00:47 -0500)]
break su_monkeysphere_user into common function, since it will likely
be needed by both m-host and m-auth for communicating with keyservers.
Jameson Graef Rollins [Mon, 9 Feb 2009 05:42:16 +0000 (00:42 -0500)]
define variable for public key files (HOST_KEY_PUB, HOST_KEY_PUB_GPG).
also, fix some function calls to check_host_fail function.
Jameson Graef Rollins [Mon, 9 Feb 2009 05:30:04 +0000 (00:30 -0500)]
a couple of small fixes to the {gen,import}_key functions
Jameson Graef Rollins [Mon, 9 Feb 2009 05:21:40 +0000 (00:21 -0500)]
Break out host export commands into gpg_host_export and
gpg_host_export_to_ssh_file functions, and update the {gen,import}_key
functions accordingly.
Jameson Graef Rollins [Mon, 9 Feb 2009 04:59:35 +0000 (23:59 -0500)]
Merge commit 'dkg/master'
Jameson Graef Rollins [Mon, 9 Feb 2009 04:55:28 +0000 (23:55 -0500)]
Some rearragement/cleanup in the monkeysphere-host:
- define exported variable to hold host key fingerprint
(HOST_FINGERPRINT)
- broke out some common commands into simpler functions
- rename the 'extend_key' function to be 'set_expire', since function
is more generically offered now.
Daniel Kahn Gillmor [Thu, 5 Feb 2009 20:53:18 +0000 (15:53 -0500)]
tests/basic created the wrong monkeysphere-authentication.conf
Daniel Kahn Gillmor [Thu, 5 Feb 2009 20:40:16 +0000 (15:40 -0500)]
fixing out-of-date comments
Daniel Kahn Gillmor [Thu, 5 Feb 2009 20:18:17 +0000 (15:18 -0500)]
fixing dumb typo in tests/basic
Daniel Kahn Gillmor [Thu, 5 Feb 2009 20:16:05 +0000 (15:16 -0500)]
m-a setup: take advantage of the new ability of pem2openpgp to generate its own key.
Daniel Kahn Gillmor [Thu, 5 Feb 2009 19:29:42 +0000 (14:29 -0500)]
restoring absolute paths to both TEMPDIR and TESTDIR in tests/basic.
Daniel Kahn Gillmor [Thu, 5 Feb 2009 19:24:49 +0000 (14:24 -0500)]
updated pem2openpgp invocation in m-h import-key
Daniel Kahn Gillmor [Thu, 5 Feb 2009 19:11:04 +0000 (14:11 -0500)]
pem2openpgp now supports generating the key as an alternative to reading it from stdin.
Daniel Kahn Gillmor [Thu, 5 Feb 2009 19:10:16 +0000 (14:10 -0500)]
updated man page for pem2openpgp.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 20:19:58 +0000 (15:19 -0500)]
set proper permissions on administrator gnupghome.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 20:03:25 +0000 (15:03 -0500)]
tests/basic ensure that the directory is actually an absolute path, not a relative one.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 19:11:42 +0000 (14:11 -0500)]
tests: making the temporary directory be created in a new place. make sure the proxy command used in the test is the new subcommand.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 17:21:45 +0000 (12:21 -0500)]
web site: added news item about the planned changes for the pending release of the monkeysphere.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 06:51:55 +0000 (01:51 -0500)]
tests/keytrans: terminate reasonably on success.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 06:47:46 +0000 (01:47 -0500)]
Merge commit 'jrollins/master'
Daniel Kahn Gillmor [Wed, 4 Feb 2009 06:47:16 +0000 (01:47 -0500)]
pem2openpgp: avoid dumping garbage to stderr
Jameson Graef Rollins [Wed, 4 Feb 2009 06:42:40 +0000 (01:42 -0500)]
fix some things in the keytrans test
Daniel Kahn Gillmor [Wed, 4 Feb 2009 06:38:53 +0000 (01:38 -0500)]
pem2openpgp: when creating a signature, make sure that the public key material uses a 2-octet packet length.
Jameson Graef Rollins [Wed, 4 Feb 2009 06:12:02 +0000 (01:12 -0500)]
move keytrans test to a separate test script, and move functions common to all test to a common file
Jameson Graef Rollins [Wed, 4 Feb 2009 05:58:25 +0000 (00:58 -0500)]
add test of key conversion (openpgp2ssh and pem2openpgp) in test script.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 05:27:35 +0000 (00:27 -0500)]
ensure that the output of modular multiplicative inverse is positive.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 03:19:57 +0000 (22:19 -0500)]
bring comments up-to-date and parameterize expiration date.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 02:42:06 +0000 (21:42 -0500)]
use the environment to determine usage flags (default to certify)
Daniel Kahn Gillmor [Wed, 4 Feb 2009 02:38:11 +0000 (21:38 -0500)]
*still* trying to get clean perl for pem2openpgp
Daniel Kahn Gillmor [Wed, 4 Feb 2009 02:37:29 +0000 (21:37 -0500)]
still trying to get clean perl for pem2openpgp
Daniel Kahn Gillmor [Wed, 4 Feb 2009 02:36:07 +0000 (21:36 -0500)]
stupid perl flailing in pem2openpgp.
Daniel Kahn Gillmor [Wed, 4 Feb 2009 02:32:50 +0000 (21:32 -0500)]
accept environment variables to adjust the behavior of pem2openpgp
Jameson Graef Rollins [Tue, 3 Feb 2009 16:11:37 +0000 (11:11 -0500)]
update debian info on web
Jameson Graef Rollins [Tue, 3 Feb 2009 06:23:51 +0000 (01:23 -0500)]
fix up gen/import-key:
- remove stuff about expiration, so we assume keys imported/generated
with no expiration
- set expiration with 'set-expire' function
- update tests to test key importing and generation
- fix some bugs
Jameson Graef Rollins [Mon, 2 Feb 2009 16:34:26 +0000 (11:34 -0500)]
add ability to specify key length of core secret key, so the test scripts can specify something smaller than the default.
Jameson Graef Rollins [Mon, 2 Feb 2009 04:05:31 +0000 (23:05 -0500)]
add some log debug output to ma-setup
Jameson Graef Rollins [Mon, 2 Feb 2009 03:48:36 +0000 (22:48 -0500)]
Fix a bug in setup where gpg was called instead of gpg_core. This
could have caused serious data loss for the running user. Should note
to be carefull with this in the future.
Also fix ownership on sphere gnupghome.
Jameson Graef Rollins [Mon, 2 Feb 2009 02:14:22 +0000 (21:14 -0500)]
new function to export signatures from core to sphere keyrings. this
is so that the sphere does not have to read the core pubring to get
the certifier ltsigs, and we can therefore keep tighter permissions on
the core keyring files. updated some comments/documentation as well.
Jameson Graef Rollins [Sun, 1 Feb 2009 20:47:25 +0000 (15:47 -0500)]
fix the log output for the ssh-proxycommand
Jameson Graef Rollins [Sun, 1 Feb 2009 19:01:32 +0000 (14:01 -0500)]
small tweak to ssh-proxycommand comments.
Jameson Graef Rollins [Sun, 1 Feb 2009 18:59:02 +0000 (13:59 -0500)]
some tweaks to the man pages
Jameson Graef Rollins [Sun, 1 Feb 2009 18:08:46 +0000 (13:08 -0500)]
some general fixes:
- fix some references to old function names
- move fingerprint_server_key to be fingerprint_host_key
- update diagnostic scripts
Jameson Graef Rollins [Sun, 1 Feb 2009 17:52:10 +0000 (12:52 -0500)]
fix a bunch of directory references to the new data/share dirs
Jameson Graef Rollins [Sun, 1 Feb 2009 17:16:33 +0000 (12:16 -0500)]
some small tweaks, and one tiny syntax bug fix, to ma/setup, and some
small formating and comment changes to test/basic
Daniel Kahn Gillmor [Sun, 1 Feb 2009 07:52:26 +0000 (02:52 -0500)]
trying to improve m-a setup; still not successfully tested.