monkeysphere (0.24~pre-1) UNRELEASED; urgency=low * New upstream release: - Fixed how version information is stored/retrieved. - Now uses perl-based keytrans for both pem2openpgp and openpgp2ssh - no longer needs base64 in PATH - added "test" make target - improved transitions/0.23 script so it no longer fails in common circumstances (Closes: #517779) - RSA only: no longer handles DSA keys - added ability to specify subkeys to add to ssh agent with new MONKEYSPHERE_SUBKEYS_FOR_AGENT environment variable * update/cleanup maintainer scripts * remove GnuTLS dependency. * remove versioned coreutils | base64 dependency. * added Build-Deps for dh_autotest. * switch to Architecture: all -- Jameson Graef Rollins Mon, 02 Mar 2009 15:33:44 -0500 monkeysphere (0.23.1-1) unstable; urgency=low * New Upstrem "Brown Paper Bag" Release: - adjusts internal version numbers -- Daniel Kahn Gillmor Sat, 21 Feb 2009 18:09:47 -0500 monkeysphere (0.23-1) unstable; urgency=low "The Golden Bezoar Release" * New upstream release. * rearchitect UI: - replace monkeysphere-server with monkeysphere-{authentication,host} - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere * new ability to import existing ssh host key into monkeysphere. So now m-a import-key replaces m-s gen-key. * provide pem2openpgp for translating unencrypted PEM-encoded raw key material into OpenPGP keys (introduces new perl dependencies) * get rid of getopts dependency * added version output option * better checks for the existence of a host private key for monkeysphere-host subcommands that need it. * better checks on validity of existing authentication subkeys when doing monkeysphere gen_subkey. * add transition infrastructure for major changes between releases (see transitions/README.txt) * implement and document two new monkeysphere-host subcommands: revoke-key and add-revoker -- Daniel Kahn Gillmor Sat, 21 Feb 2009 17:51:06 -0500 monkeysphere (0.22-1) unstable; urgency=low * New upstream release: [ Jameson Graef Rollins ] - added info log output when a new key is added to known_hosts file. - added some useful output to the ssh-proxycommand for "marginal" cases where keys are found for host but do not have full validity. - force ssh-keygen to read from stdin to get ssh key fingerprint. [ Daniel Kahn Gillmor ] - automatically output two copies of the host's public key: one standard ssh public key file, and the other a minimal OpenPGP key with just the latest valid self-sig. - debian/control: corrected alternate dependency from procfile to procmail (which provides /usr/bin/lockfile) -- Jameson Graef Rollins Fri, 28 Nov 2008 14:23:31 -0500 monkeysphere (0.21-2) unstable; urgency=low * actually rmdir /var/lib/monkeysphere-* during prerm if possible. -- Daniel Kahn Gillmor Sat, 15 Nov 2008 16:36:57 -0500 monkeysphere (0.21-1) unstable; urgency=low * New upstream release: - move debian packaging to packaging subdirectory. * Add debian prerm script, and add debhelper lines to other install scripts. * Initial release to Debian (Closes: #505806) -- Jameson Graef Rollins Sat, 15 Nov 2008 16:14:27 -0500 monkeysphere (0.20-1) unstable; urgency=low [ Daniel Kahn Gillmor ] * ensure that tempdirs are properly created, bail out otherwise instead of stumbling ahead. * minor fussing with the test script to make it cleaner. [ Jameson Graef Rollins ] * clean up Makefile to generate more elegant source tarballs. * make myself the maintainer. -- Jameson Graef Rollins Sat, 15 Nov 2008 13:12:57 -0500 monkeysphere (0.19-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * simulating an X11 session in the test script. * updated packaging so that symlinks to config files are correct. -- Daniel Kahn Gillmor Wed, 29 Oct 2008 02:47:49 -0400 monkeysphere (0.18-1) experimental; urgency=low [ Jameson Graef Rollins ] * Fix bugs in authorized_{user_ids,keys} file permission checking. * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys files. * chown authorized_keys files to `whoami`, for compatibility with test suite. * major improvements to test suite, added more tests. [ Daniel Kahn Gillmor ] * update make install to ensure placement of /etc/monkeysphere/gnupg-{host,authentication}.conf * choose either --quick-random or --debug-quick-random depending on which gpg supports for the test suite. -- Daniel Kahn Gillmor Wed, 29 Oct 2008 00:41:38 -0400 monkeysphere (0.17-1) experimental; urgency=low [ Jameson Graef Rollins ] * Fix some bugs in, and cleanup, authorized_keys file creation in monkeysphere-server update-users. * Move to using the empty string for not adding a user-controlled authorized_keys file in the RAW_AUTHORIZED_KEYS variable. -- Daniel Kahn Gillmor Tue, 28 Oct 2008 02:04:22 -0400 monkeysphere (0.16-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better portability. * fixed busted lockfile arrangement, where empty file was being locked * portability fixes in the way we use date, mktemp, hostname, su * stop using /usr/bin/stat, since the syntax appears to be totally unportable * require GNU getopt, and test for getopt failures (look for getopt in /usr/local/bin first, since that's where FreeBSD's GNU-compatible getopt lives. * monkeysphere-server diagnostics now counts problems and suggests a re-run after they have been resolved. * completed basic test suite: this can be run from the git sources or the tarball with: cd tests && ./basic [ Jameson Graef Rollins ] * Genericize fs location variables. * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at install. -- Daniel Kahn Gillmor Sun, 26 Oct 2008 03:06:18 -0400 monkeysphere (0.15-1) experimental; urgency=low * porting work and packaging simplification: clarifying makefiles, pruning dependencies, etc. * added tests to monkeysphere-server diagnostics * moved monkeysphere(5) to section 7 of the manual * now shipping TODO in /usr/share/doc/monkeysphere -- Daniel Kahn Gillmor Thu, 04 Sep 2008 19:08:40 -0400 monkeysphere (0.14-1) experimental; urgency=low * changing debian packaging back to format 1.0 so we get automatic tarballs, and easier inclusion in other build networks. * no other source changes. -- Daniel Kahn Gillmor Thu, 04 Sep 2008 13:03:35 -0400 monkeysphere (0.13-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. * updated makefile to reflect the package building technique we've been using for a month now. [ Jameson Graef Rollins ] * move location of user config directory to ~/.monkeysphere. -- Daniel Kahn Gillmor Wed, 03 Sep 2008 17:26:10 -0400 monkeysphere (0.12-1) experimental; urgency=low [ Jameson Graef Rollins ] * Improved output handling. New LOG_LEVEL variable. [ Daniel Kahn Gillmor ] * debian/control: switched Homepage: and Vcs-Git: to canonicalized upstream hostnames. * updated documentation for new release. * changed my associated e-mail address for this package. -- Daniel Kahn Gillmor Tue, 02 Sep 2008 18:54:29 -0400 monkeysphere (0.11-1) experimental; urgency=low [ Jameson Graef Rollins ] * fix bug in trustdb update on add/revoke-hostname. [ Daniel Kahn Gillmor ] * debian/control: added Build-Depends: git-core for the new packaging format * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly if not found). -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 monkeysphere (0.10-1) experimental; urgency=low [ Jameson Graef Rollins ] * brown paper bag release: invert test on calculated validity of keys. -- Daniel Kahn Gillmor Mon, 18 Aug 2008 16:22:34 -0400 monkeysphere (0.9-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * implemented "monkeysphere-server extend-key" to adjust expiration date of host key. * removed "monkeysphere-server fingerprint". Use "monkeysphere-server show-key" instead. [ Jameson Graef Rollins ] * fixed bug in user id processing that prevented bad primary keys from being properly removed. -- Daniel Kahn Gillmor Mon, 18 Aug 2008 15:42:12 -0400 monkeysphere (0.8-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * debian/control: switched Vcs-Git to use "centralized" git repo instead of my own. * More monkeysphere-server diagnostics * monkeysphere --gen-subkey now guesses what KeyID you meant. * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey works sensibly under X11 [ Jameson Graef Rollins ] * fix another bug when known_hosts files are missing. * sort processed keys so that "good" keys are processed after "bad" keys. This will prevent malicious bad keys from causing good keys to be removed from key files. * enabled host key publication. * added checking of gpg.conf for keyserver * new functions to add/revoke host key user IDs * improved list-certifiers function (now non-privileged) -- Daniel Kahn Gillmor Mon, 18 Aug 2008 12:43:37 -0400 monkeysphere (0.7-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * Added monkeysphere-server diagnostics subcommand. * rebuilding package using Format: 3.0 (git) [ Jameson Graef Rollins ] * fix how check for file modification is done. * rework out user id processing is done to provide more verbose log output. * fix bug in monkeysphpere update-authorized_keys subcommand where disallowed keys failed to be remove from authorized_keys file. -- Daniel Kahn Gillmor Mon, 04 Aug 2008 10:47:41 -0400 monkeysphere (0.6-1) experimental; urgency=low [ Jameson Graef Rollins ] * Fix bug in return on error of ssh-proxycommand. [ Daniel Kahn Gillmor ] * try socat if netcat is not available in proxycommand. -- Daniel Kahn Gillmor Tue, 29 Jul 2008 10:27:20 -0400 monkeysphere (0.5-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * updated READMEs to match current state of code [ Jameson Graef Rollins ] * Tweak how empty authorized_user_ids and known_hosts files are handled. * Do not fail when authorized_user_ids or known_hosts file is not found. -- Daniel Kahn Gillmor Mon, 28 Jul 2008 10:50:02 -0400 monkeysphere (0.4-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * New version. * Fixed return code error in openpgp2ssh [ Jameson Graef Rollins ] * Privilege separation: use monkeysphere user to handle maintenance of the gnupg authentication keychain for server. * Improved certifier key management. * Fixed variable scoping and config file precedence. * Add options for key generation and add-certifier functions. * Fix return codes for known_host and authorized_keys updating functions. * Add write permission check on authorized_keys, known_hosts, and authorized_user_ids files. -- Daniel Kahn Gillmor Tue, 22 Jul 2008 21:50:17 -0400 monkeysphere (0.3-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * new version. [ Jameson Graef Rollins ] * Move files in /var/cache/monkeysphere and GNUPGHOME for server to the more appropriate /var/lib/monkeysphere. -- Daniel Kahn Gillmor Tue, 24 Jun 2008 00:55:29 -0400 monkeysphere (0.2-2) experimental; urgency=low * added lockfile-progs dependency -- Daniel Kahn Gillmor Mon, 23 Jun 2008 19:34:05 -0400 monkeysphere (0.2-1) experimental; urgency=low [ Daniel Kahn Gillmor ] * openpgp2ssh now supports specifying keys by full fingerprint. [ Jameson Graef Rollins ] * Add AUTHORIZED_USER_IDS config variable for server, which defaults to %h/.config/monkeysphere/authorized_user_ids, instead of /etc/monkeysphere/authorized_user_ids. * Remove {update,remove}-userids functions, since we decided they weren't useful enough to be worth maintaining. * Better handling of unknown users in server update-users * Add file locking when modifying known_hosts or authorized_keys * Better failure/prompting for gen-subkey * Add ability to set any owner trust level for keys in server keychain. -- Daniel Kahn Gillmor Mon, 23 Jun 2008 17:03:19 -0400 monkeysphere (0.1-1) experimental; urgency=low * First release of debian package for monkeysphere. * This is experimental -- please report bugs! -- Daniel Kahn Gillmor Thu, 19 Jun 2008 00:34:53 -0400