Add sshfpr subcommand to monkeysphere

[monkeysphere.git] / packaging / debian / changelog

monkeysphere (0.25-1~pre) UNRELEASED; urgency=low

  * New upstream release:
    - update/fix the marginal ui output
    - use msmktempdir everywhere (avoid unwrapped calls to mktemp for
      portability)
    - clean out some redundant "cat"s
    - fix monkeysphere update-known_hosts for sshd running on non-standard
      ports
    - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key
    - some portability improvements
  * update Standard-Version to 3.8.1

 -- Jameson Graef Rollins <jrollins@finestructure.net>  Thu, 30 Apr 2009 15:34:28 -0700

monkeysphere (0.24-1) unstable; urgency=low

  * New upstream release:
    - fixed how version information is stored/retrieved
    - now uses perl-based keytrans for both pem2openpgp and openpgp2ssh
    - no longer needs base64 in PATH
    - added "test" make target
    - improved transitions/0.23 script so it no longer fails in common
      circumstances (Closes: #517779)
    - RSA only: no longer handles DSA keys
    - added ability to specify subkeys to add to ssh agent with
      new MONKEYSPHERE_SUBKEYS_FOR_AGENT environment variable
  * update/cleanup maintainer scripts
  * remove GnuTLS dependency
  * remove versioned coreutils | base64 dependency
  * added Build-Deps for dh_autotest
  * switch to Architecture: all
  * added cron to Recommends

 -- Jameson Graef Rollins <jrollins@finestructure.net>  Tue, 03 Mar 2009 19:38:33 -0500

monkeysphere (0.23.1-1) unstable; urgency=low

  * New Upstrem "Brown Paper Bag" Release:
   - adjusts internal version numbers

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sat, 21 Feb 2009 18:09:47 -0500

monkeysphere (0.23-1) unstable; urgency=low
  
  "The Golden Bezoar Release"

  * New upstream release.
  * rearchitect UI:
    - replace monkeysphere-server with monkeysphere-{authentication,host}
    - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere

  * new ability to import existing ssh host key into monkeysphere.  So now
    m-a import-key replaces m-s gen-key.
  * provide pem2openpgp for translating unencrypted PEM-encoded raw key
    material into OpenPGP keys (introduces new perl dependencies)
  * get rid of getopts dependency
  * added version output option
  * better checks for the existence of a host private key for
    monkeysphere-host subcommands that need it.
  * better checks on validity of existing authentication subkeys when
    doing monkeysphere gen_subkey.
  * add transition infrastructure for major changes between releases (see
    transitions/README.txt)
  * implement and document two new monkeysphere-host subcommands:
    revoke-key and add-revoker

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sat, 21 Feb 2009 17:51:06 -0500

monkeysphere (0.22-1) unstable; urgency=low

  * New upstream release:
  [ Jameson Graef Rollins ]

    - added info log output when a new key is added to known_hosts file.
    - added some useful output to the ssh-proxycommand for "marginal"
      cases where keys are found for host but do not have full validity.
    - force ssh-keygen to read from stdin to get ssh key fingerprint.

  [ Daniel Kahn Gillmor ]

    - automatically output two copies of the host's public key: one
    standard ssh public key file, and the other a minimal OpenPGP key with
    just the latest valid self-sig.
    - debian/control: corrected alternate dependency from procfile to
    procmail (which provides /usr/bin/lockfile)

 -- Jameson Graef Rollins <jrollins@finestructure.net>  Fri, 28 Nov 2008 14:23:31 -0500

monkeysphere (0.21-2) unstable; urgency=low

  * actually rmdir /var/lib/monkeysphere-* during prerm if possible.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sat, 15 Nov 2008 16:36:57 -0500

monkeysphere (0.21-1) unstable; urgency=low

  * New upstream release:
    - move debian packaging to packaging subdirectory.
  * Add debian prerm script, and add debhelper lines to other install
    scripts.
  * Initial release to Debian (Closes: #505806)

 -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 15 Nov 2008 16:14:27 -0500

monkeysphere (0.20-1) unstable; urgency=low

  [ Daniel Kahn Gillmor ]
  * ensure that tempdirs are properly created, bail out otherwise instead
    of stumbling ahead.
  * minor fussing with the test script to make it cleaner.

  [ Jameson Graef Rollins ]
  * clean up Makefile to generate more elegant source tarballs.
  * make myself the maintainer.

 -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 15 Nov 2008 13:12:57 -0500

monkeysphere (0.19-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * simulating an X11 session in the test script.
  * updated packaging so that symlinks to config files are correct.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 29 Oct 2008 02:47:49 -0400

monkeysphere (0.18-1) experimental; urgency=low

  [ Jameson Graef Rollins ]
  * Fix bugs in authorized_{user_ids,keys} file permission checking.
  * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys
    files.
  * chown authorized_keys files to `whoami`, for compatibility with test
    suite.
  * major improvements to test suite, added more tests.
  
  [ Daniel Kahn Gillmor ]
  * update make install to ensure placement of
    /etc/monkeysphere/gnupg-{host,authentication}.conf 
  * choose either --quick-random or --debug-quick-random depending on
    which gpg supports for the test suite.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 29 Oct 2008 00:41:38 -0400

monkeysphere (0.17-1) experimental; urgency=low

  [ Jameson Graef Rollins ]  
  * Fix some bugs in, and cleanup, authorized_keys file creation in
    monkeysphere-server update-users.
  * Move to using the empty string for not adding a user-controlled
    authorized_keys file in the RAW_AUTHORIZED_KEYS variable.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Tue, 28 Oct 2008 02:04:22 -0400

monkeysphere (0.16-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
    portability.
  * fixed busted lockfile arrangement, where empty file was being locked
  * portability fixes in the way we use date, mktemp, hostname, su
  * stop using /usr/bin/stat, since the syntax appears to be totally
    unportable
  * require GNU getopt, and test for getopt failures (look for getopt in
    /usr/local/bin first, since that's where FreeBSD's GNU-compatible
    getopt lives.
  * monkeysphere-server diagnostics now counts problems and suggests a
    re-run after they have been resolved.
  * completed basic test suite: this can be run from the git sources or
    the tarball with: cd tests && ./basic

  [ Jameson Graef Rollins ]
  * Genericize fs location variables.
  * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
    install.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sun, 26 Oct 2008 03:06:18 -0400

monkeysphere (0.15-1) experimental; urgency=low

  * porting work and packaging simplification: clarifying makefiles,
    pruning dependencies, etc.
  * added tests to monkeysphere-server diagnostics
  * moved monkeysphere(5) to section 7 of the manual
  * now shipping TODO in /usr/share/doc/monkeysphere

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 04 Sep 2008 19:08:40 -0400

monkeysphere (0.14-1) experimental; urgency=low

  * changing debian packaging back to format 1.0 so we get automatic
    tarballs, and easier inclusion in other build networks.
  * no other source changes.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 04 Sep 2008 13:03:35 -0400

monkeysphere (0.13-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings.
  * updated makefile to reflect the package building technique we've been
    using for a month now.

  [ Jameson Graef Rollins ]
  * move location of user config directory to ~/.monkeysphere.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 03 Sep 2008 17:26:10 -0400

monkeysphere (0.12-1) experimental; urgency=low

  [ Jameson Graef Rollins ]
  * Improved output handling.  New LOG_LEVEL variable.
  
  [ Daniel Kahn Gillmor ]
  * debian/control: switched Homepage: and Vcs-Git: to canonicalized
    upstream hostnames.
  * updated documentation for new release.
  * changed my associated e-mail address for this package.

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Tue, 02 Sep 2008 18:54:29 -0400

monkeysphere (0.11-1) experimental; urgency=low

  [ Jameson Graef Rollins ]
  * fix bug in trustdb update on add/revoke-hostname.

  [ Daniel Kahn Gillmor ]
  * debian/control: added Build-Depends: git-core for the new packaging
    format
  * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched
    GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly
    if not found).
  
 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Wed, 20 Aug 2008 11:24:35 -0400

monkeysphere (0.10-1) experimental; urgency=low

  [ Jameson Graef Rollins ]
  * brown paper bag release: invert test on calculated validity of keys.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Mon, 18 Aug 2008 16:22:34 -0400

monkeysphere (0.9-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * implemented "monkeysphere-server extend-key" to adjust expiration
    date of host key.
  * removed "monkeysphere-server fingerprint".  Use "monkeysphere-server
    show-key" instead.
  
  [ Jameson Graef Rollins ]
  * fixed bug in user id processing that prevented bad primary keys from
    being properly removed.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Mon, 18 Aug 2008 15:42:12 -0400

monkeysphere (0.8-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * debian/control: switched Vcs-Git to use "centralized" git repo instead
    of my own.
  * More monkeysphere-server diagnostics
  * monkeysphere --gen-subkey now guesses what KeyID you meant.
  * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey
    works sensibly under X11

  [ Jameson Graef Rollins ]
  * fix another bug when known_hosts files are missing.
  * sort processed keys so that "good" keys are processed after "bad"
    keys.  This will prevent malicious bad keys from causing good keys to
    be removed from key files.
  * enabled host key publication.
  * added checking of gpg.conf for keyserver
  * new functions to add/revoke host key user IDs
  * improved list-certifiers function (now non-privileged)

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Mon, 18 Aug 2008 12:43:37 -0400

monkeysphere (0.7-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * Added monkeysphere-server diagnostics subcommand.
  * rebuilding package using Format: 3.0 (git)

  [ Jameson Graef Rollins ]
  * fix how check for file modification is done.
  * rework out user id processing is done to provide more verbose log
    output.
  * fix bug in monkeysphpere update-authorized_keys subcommand where
    disallowed keys failed to be remove from authorized_keys file.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Mon, 04 Aug 2008 10:47:41 -0400

monkeysphere (0.6-1) experimental; urgency=low
  
  [ Jameson Graef Rollins ]
  * Fix bug in return on error of ssh-proxycommand.
  
  [ Daniel Kahn Gillmor ]
  * try socat if netcat is not available in proxycommand.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Tue, 29 Jul 2008 10:27:20 -0400

monkeysphere (0.5-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * updated READMEs to match current state of code
  
  [ Jameson Graef Rollins ]
  * Tweak how empty authorized_user_ids and known_hosts files are handled.
  * Do not fail when authorized_user_ids or known_hosts file is not found.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Mon, 28 Jul 2008 10:50:02 -0400

monkeysphere (0.4-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * New version.
  * Fixed return code error in openpgp2ssh

  [ Jameson Graef Rollins ]
  * Privilege separation: use monkeysphere user to handle maintenance of
    the gnupg authentication keychain for server.
  * Improved certifier key management.
  * Fixed variable scoping and config file precedence.
  * Add options for key generation and add-certifier functions.
  * Fix return codes for known_host and authorized_keys updating
    functions.
  * Add write permission check on authorized_keys, known_hosts, and
    authorized_user_ids files.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Tue, 22 Jul 2008 21:50:17 -0400

monkeysphere (0.3-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * new version.

  [ Jameson Graef Rollins ]
  * Move files in /var/cache/monkeysphere and GNUPGHOME for server to
    the more appropriate /var/lib/monkeysphere.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Tue, 24 Jun 2008 00:55:29 -0400

monkeysphere (0.2-2) experimental; urgency=low

  * added lockfile-progs dependency

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Mon, 23 Jun 2008 19:34:05 -0400

monkeysphere (0.2-1) experimental; urgency=low

  [ Daniel Kahn Gillmor ]
  * openpgp2ssh now supports specifying keys by full fingerprint.

  [ Jameson Graef Rollins ]
  * Add AUTHORIZED_USER_IDS config variable for server, which defaults to
    %h/.config/monkeysphere/authorized_user_ids, instead of
    /etc/monkeysphere/authorized_user_ids.
  * Remove {update,remove}-userids functions, since we decided they
    weren't useful enough to be worth maintaining.
  * Better handling of unknown users in server update-users
  * Add file locking when modifying known_hosts or authorized_keys
  * Better failure/prompting for gen-subkey
  * Add ability to set any owner trust level for keys in server keychain.

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Mon, 23 Jun 2008 17:03:19 -0400

monkeysphere (0.1-1) experimental; urgency=low

  * First release of debian package for monkeysphere.
  * This is experimental -- please report bugs!

 -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Thu, 19 Jun 2008 00:34:53 -0400