1 ******************************************************************************
5 ******************************************************************************
6 * Please add new entries in reverse chronological order whenever you make *
7 * changes to this system (first command at top, last at bottom) *
8 ******************************************************************************
11 * aptitude update && aptitude full-upgrade
12 * (checked and found that monkeysphere version 0.24-1 is already
13 installed; don't know how that happened, coulda been me, just
14 sloppy about not noting it in the changelog)
15 * extended host key by 4 months
18 * fixed /etc/crontab line for update-users (was trying to run
19 monkeysphere-server instead of monkeysphere-authentication).
22 * upgraded to the latest versions of packages for lenny.
23 * upgraded george to monkeysphere 0.23.1. the transition upgrade
24 failed due to the way that gpg exports self-signatures secret
25 keys; it only exports the first self-sig for each user id, even if
26 that one is expired. Then any subsequent import fails, even if
27 the target import keyring knows about some valid self-signatures.
28 * i man-handled the upgrade into place so that george doesn't just
29 fail on us, but this is a pretty major bug in the transition process.
32 * applied diff represented in commit
33 f75a5747a8b99e04c02c475791c476f1fbd2b674 to change log level for
34 unacceptable untranslatable keys.
37 * Replaced nullmailer with postfix, nullmailer doesn't handle aliases
38 and insisted either on constantly respooling mail when there was no
42 * Configured /etc/aliases to have root go to mjgoins, micah, dkg, jrollins
43 * Configured /etc/nullmailer/remotes to have mail.riseup.net so remote delivery will work
44 * Removed the hundreds of queued cron emails that had resulted in 30gig of mail.err logs
45 * Rotated the giant logs out
48 * extended the expiration date for george's key three months into
50 * aptitude update && aptitude full-upgrade (brings monkeysphere to
54 * aptitude update && aptitude full-upgrade
55 * brought monkeysphere up to 0.19-1
59 * aptitude update && aptitude full-upgrade
60 * brought monkeysphere up to 0.16-1
61 * repointed keyserver usage to pool.sks-keyservers.net
64 * added two mime-type declarations in /etc/mathopd.conf so .debs
65 and .tar.gz files come out reasonably; restarted mathopd for the
67 * built monkeyshell (from src/monkeyshell) and installed as
68 /usr/local/bin/monkeyshell, added to /etc/shells.
69 * created new account "monkey" which has monkeyshell as the shell
70 for non-privileged test access. To let someone test this out,
71 make sure they're well-connected to george's web of trust, and
72 then add their User ID to
73 ~monkey/.monkeysphere/authorized_user_ids
74 * more mime types for mathopd: image/png image/x-icon
77 * migrated /home/*/.config/monkeysphere/authorized_user_ids to new
78 agreed location: /home/*/.monkeysphere/authorized_user_ids and created
79 a symlink in the original location for transition purposes. Also,
80 did /root's as well. I used this hackish mechanism:
81 $ for user in `find . -wholename './*/.config/monkeysphere/authorized_user_ids' \
82 | cut -d/ -f2`; do mkdir -v ${user}/.monkeysphere; chown ${user}:${user} \
83 ${user}/.monkeysphere; mv -v ${user}/.config/monkeysphere/authorized_user_ids \
84 ${user}/.monkeysphere; ln -s /home/${user}/.monkeysphere/authorized_user_ids \
85 ${user}/.config/monkeysphere/authorized_user_ids; done
88 * added the monkeysphere archive repository signing key
89 * aptitude update && aptitude full-upgrade (brings in monkeysphere 0.13-1)
90 * cleaned up /etc/skel to reflect correct location of the
91 monkeysphere config directory.
92 * micah moved all the existing config stuff over, and left
93 symlinks so people aren't disoriented.
96 * set up http://dkg.monkeysphere.info so that i could play around
98 * moved apt repository over to http://archive.monkeysphere.info/
99 * aptitude update && aptitude dist-upgrade
100 * canonicalizing hostname for normal web access to
101 http://web.monkeysphere.info
104 * aptitude update && aptitude full-upgrade
105 * added account 'daniel' for Dan Scott, and set him up with a way
106 to publish to http://daniel.monkeysphere.info
109 * aptitude update && aptitude dist-upgrade: this includes
110 monkeysphere 0.11-1 and OpenSSH 5.1p1-2
113 * moved monkeysphere apt repo entry to
114 /etc/apt/sources.list.d/monkeysphere.list
115 * aptitude update && aptitude full-upgrade (including monkeysphere
117 * switched george's monkeysphere-server preferred keyserver to
118 monkeysphere.info for the moment. Both pgp.mit.edu and
119 subkeys.pgp.net are sluggish right now :/
121 2008-08-16 - jrollins
122 * removed stale branches from jrollins from the master repo
123 * aptitude update && aptitude full-upgrade
124 * restarted services to clear up dependencies on old libraries
127 * aptitude update && aptitude full-upgrade
128 * restarted services to clear up dependencies on old libraries
131 * aptitude update && aptitude dist-upgrade
132 * removed debian's experimental from the sources.list
133 * removed experimental stanza from /etc/apt/preferences (now the
134 monkeysphere packages should upgrade automatically)
135 * upgraded to monkeysphere 0.7-1
137 * set up a public git daemon service to serve git repos from
138 george, using runit. (root-served repos are served from
139 /srv/git, but ~USER/public_git is supported as well, if anyone
140 wants to use that for publication).
143 * aptitude update && aptitude dist-upgrade
145 * added my User ID to ~webmaster/.config/monkeysphere/authorized_user_ids
147 2008-08-02 - jrollins
148 * aptitude update && aptitude dist-upgrade
149 * restarted cron, nullmailer, sshd
150 * aptitude install git-core ikiwiki
153 * created a bare repo at ~webmaster/monkeysphere.git. I then
154 pushed into this repo from my working directory on servo to verify
155 that it was accepting.
156 * cloned above repo at ~webmaster/monkeysphere
157 * created ~webmaster/ikiwiki.setup
158 * ikiwiki --setup ikiwiki.setup
159 * linked post-receive to new post-commit hook in monkeysphere.git
160 * changed default keyserver to be pgp.mit.edu (subkeys.pgp.net
162 * updated /etc/skel with ssh and monkeysphere stuff
163 * made authorzied_user_ids file for webmaster and ran
164 "monkeysphere-server u webmaster".
167 * added monkeysphere apt repository to /etc/apt/sources.list
168 * added dkg's key to apt's list of trusted keys.
169 * ran aptitude dist-upgrade
170 * upgraded to monkeysphere 0.2-1
171 * moved authorized_user_ids files into users' home directories.
172 * installed lockfile-progs
175 * installed screen (mjgoins and i were collaborating)
178 * Restored /etc/init.d/ssh to original package state and changed
179 /etc/default/ssh to have 'unset SSHD_OOM_ADJUST' instead.
182 * Commented out the 'export SSHD_OOM_ADJUST=-17' from the
183 /etc/init.d/ssh initscript, and the 'SSHD_OOM_ADJUST=-17' from
184 /etc/default/ssh in order to make this error go away:
185 "error writing /proc/self/oom_adj: Operation not permitted"
186 (c.f. Debian #487325)
189 * touched /etc/environment to get rid of some spurious auth.log
191 * turned up sshd's LogLevel from INFO to DEBUG
194 * installed rsync (for maintaining a public apt repo)
196 * configured mathopd to listen on port 80, serving /srv/www as /
197 and /srv/apt as /debian. We've got nothing in /srv/www at the
200 * installed lsof and psmisc as sysadmin utilities. sorry for the
203 * installed strace to try to figure out why onak is segfaulting.
206 * removed etch sources, switched "testing" to "lenny", added
207 lenny/updates, removed all contrib and non-free.
209 * removed testing pin in /etc/apt/preferences
212 * reset emacs22 to emacs22-nox (avoiding dependencies)
214 * removed sysklog and klogd because of errors restarting klogd.
215 Installed syslog-ng in their stead, which still gives errors
216 related to /proc/kmsg unreadability, but the install completes :/
219 * juggled pinning: experimental: 1, unstable: 2
220 * added mathopd onak, tweaked /etc/mathopd.conf and /etc/onak.conf
222 * installed monkeysphere v0.1-1, changed host key, published
223 them via the local keyserver (see host-key-publication)
225 * added local unprivileged user accounts for everyone listed in
226 /usr/share/doc/monkeysphere/copyright
228 * configured authorized_user_ids for every user account based on
229 my best guess at their OpenPGP User ID (see
230 user-id-configuration).
232 * set up a cronjob (in /etc/crontab) to run "monkeysphere-server
233 update-users" at 26 minutes past the hour.
235 2008-06-18 - jrollins
236 * installed less, emacs;
237 * aptitude update && aptitude dist-upgrade
240 * debootstrap'd debian etch install
241 * installed /etc/apt/sources.list with local proxy sources for etch,
242 testing, unstable, backports and volatile
243 * configured /etc/apt/preferences and apt.conf.d/local-conf to
244 pin etch, but make testing, sid and backports available
245 * added backports.org apt-key
246 * installed openssh-server and openssh-client packages
247 * added dkg, jrollins, mjgoins ssh public_keys to /root/.ssh/authorized_keys