-MonkeySphere is a system to use the OpenPGP web-of-trust to
+Monkeysphere is a system to use the OpenPGP web-of-trust to
authenticate and encrypt ssh connections.
It is free software, developed by:
Ross Glover <ross@ross.mayfirst.org>
Greg Lyle <greg@stealthisemail.com>
-MonkeySphere is distributed in the hope that it will be useful, but
+Monkeysphere is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-MonkeySphere Copyright 2007, and are all released under the GPL,
+Monkeysphere Copyright 2007, and are all released under the GPL,
version 3 or later.
# (c) 2008 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
# Licensed under GPL v3 or later
-MONKEYSPHERE_VERSION = `head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`
+MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`
# these defaults are for debian. porters should probably adjust them
# before calling make install
debian-package: tarball
tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz
- cp -a debian monkeysphere-$(MONKEYSPHERE_VERSION)
+ cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION)
(cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us)
rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
--- /dev/null
+website/changelog
\ No newline at end of file
+++ /dev/null
-monkeysphere (0.20-1) unstable; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * ensure that tempdirs are properly created, bail out otherwise instead
- of stumbling ahead.
- * minor fussing with the test script to make it cleaner.
-
- [ Jameson Graef Rollins ]
- * clean up Makefile to generate more elegant source tarballs.
- * make myself the maintainer.
-
- -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 13:12:57 -0500
-
-monkeysphere (0.19-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * simulating an X11 session in the test script.
- * updated packaging so that symlinks to config files are correct.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 02:47:49 -0400
-
-monkeysphere (0.18-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Fix bugs in authorized_{user_ids,keys} file permission checking.
- * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys
- files.
- * chown authorized_keys files to `whoami`, for compatibility with test
- suite.
- * major improvements to test suite, added more tests.
-
- [ Daniel Kahn Gillmor ]
- * update make install to ensure placement of
- /etc/monkeysphere/gnupg-{host,authentication}.conf
- * choose either --quick-random or --debug-quick-random depending on
- which gpg supports for the test suite.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 00:41:38 -0400
-
-monkeysphere (0.17-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Fix some bugs in, and cleanup, authorized_keys file creation in
- monkeysphere-server update-users.
- * Move to using the empty string for not adding a user-controlled
- authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 28 Oct 2008 02:04:22 -0400
-
-monkeysphere (0.16-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
- portability.
- * fixed busted lockfile arrangement, where empty file was being locked
- * portability fixes in the way we use date, mktemp, hostname, su
- * stop using /usr/bin/stat, since the syntax appears to be totally
- unportable
- * require GNU getopt, and test for getopt failures (look for getopt in
- /usr/local/bin first, since that's where FreeBSD's GNU-compatible
- getopt lives.
- * monkeysphere-server diagnostics now counts problems and suggests a
- re-run after they have been resolved.
- * completed basic test suite: this can be run from the git sources or
- the tarball with: cd tests && ./basic
-
- [ Jameson Graef Rollins ]
- * Genericize fs location variables.
- * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
- install.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Oct 2008 03:06:18 -0400
-
-monkeysphere (0.15-1) experimental; urgency=low
-
- * porting work and packaging simplification: clarifying makefiles,
- pruning dependencies, etc.
- * added tests to monkeysphere-server diagnostics
- * moved monkeysphere(5) to section 7 of the manual
- * now shipping TODO in /usr/share/doc/monkeysphere
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 19:08:40 -0400
-
-monkeysphere (0.14-1) experimental; urgency=low
-
- * changing debian packaging back to format 1.0 so we get automatic
- tarballs, and easier inclusion in other build networks.
- * no other source changes.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 13:03:35 -0400
-
-monkeysphere (0.13-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings.
- * updated makefile to reflect the package building technique we've been
- using for a month now.
-
- [ Jameson Graef Rollins ]
- * move location of user config directory to ~/.monkeysphere.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Sep 2008 17:26:10 -0400
-
-monkeysphere (0.12-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Improved output handling. New LOG_LEVEL variable.
-
- [ Daniel Kahn Gillmor ]
- * debian/control: switched Homepage: and Vcs-Git: to canonicalized
- upstream hostnames.
- * updated documentation for new release.
- * changed my associated e-mail address for this package.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 02 Sep 2008 18:54:29 -0400
-
-monkeysphere (0.11-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * fix bug in trustdb update on add/revoke-hostname.
-
- [ Daniel Kahn Gillmor ]
- * debian/control: added Build-Depends: git-core for the new packaging
- format
- * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched
- GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly
- if not found).
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Wed, 20 Aug 2008 11:24:35 -0400
-
-monkeysphere (0.10-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * brown paper bag release: invert test on calculated validity of keys.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 16:22:34 -0400
-
-monkeysphere (0.9-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * implemented "monkeysphere-server extend-key" to adjust expiration
- date of host key.
- * removed "monkeysphere-server fingerprint". Use "monkeysphere-server
- show-key" instead.
-
- [ Jameson Graef Rollins ]
- * fixed bug in user id processing that prevented bad primary keys from
- being properly removed.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 15:42:12 -0400
-
-monkeysphere (0.8-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * debian/control: switched Vcs-Git to use "centralized" git repo instead
- of my own.
- * More monkeysphere-server diagnostics
- * monkeysphere --gen-subkey now guesses what KeyID you meant.
- * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey
- works sensibly under X11
-
- [ Jameson Graef Rollins ]
- * fix another bug when known_hosts files are missing.
- * sort processed keys so that "good" keys are processed after "bad"
- keys. This will prevent malicious bad keys from causing good keys to
- be removed from key files.
- * enabled host key publication.
- * added checking of gpg.conf for keyserver
- * new functions to add/revoke host key user IDs
- * improved list-certifiers function (now non-privileged)
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 12:43:37 -0400
-
-monkeysphere (0.7-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * Added monkeysphere-server diagnostics subcommand.
- * rebuilding package using Format: 3.0 (git)
-
- [ Jameson Graef Rollins ]
- * fix how check for file modification is done.
- * rework out user id processing is done to provide more verbose log
- output.
- * fix bug in monkeysphpere update-authorized_keys subcommand where
- disallowed keys failed to be remove from authorized_keys file.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 04 Aug 2008 10:47:41 -0400
-
-monkeysphere (0.6-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Fix bug in return on error of ssh-proxycommand.
-
- [ Daniel Kahn Gillmor ]
- * try socat if netcat is not available in proxycommand.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 29 Jul 2008 10:27:20 -0400
-
-monkeysphere (0.5-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * updated READMEs to match current state of code
-
- [ Jameson Graef Rollins ]
- * Tweak how empty authorized_user_ids and known_hosts files are handled.
- * Do not fail when authorized_user_ids or known_hosts file is not found.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 28 Jul 2008 10:50:02 -0400
-
-monkeysphere (0.4-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * New version.
- * Fixed return code error in openpgp2ssh
-
- [ Jameson Graef Rollins ]
- * Privilege separation: use monkeysphere user to handle maintenance of
- the gnupg authentication keychain for server.
- * Improved certifier key management.
- * Fixed variable scoping and config file precedence.
- * Add options for key generation and add-certifier functions.
- * Fix return codes for known_host and authorized_keys updating
- functions.
- * Add write permission check on authorized_keys, known_hosts, and
- authorized_user_ids files.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400
-
-monkeysphere (0.3-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * new version.
-
- [ Jameson Graef Rollins ]
- * Move files in /var/cache/monkeysphere and GNUPGHOME for server to
- the more appropriate /var/lib/monkeysphere.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 00:55:29 -0400
-
-monkeysphere (0.2-2) experimental; urgency=low
-
- * added lockfile-progs dependency
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 19:34:05 -0400
-
-monkeysphere (0.2-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * openpgp2ssh now supports specifying keys by full fingerprint.
-
- [ Jameson Graef Rollins ]
- * Add AUTHORIZED_USER_IDS config variable for server, which defaults to
- %h/.config/monkeysphere/authorized_user_ids, instead of
- /etc/monkeysphere/authorized_user_ids.
- * Remove {update,remove}-userids functions, since we decided they
- weren't useful enough to be worth maintaining.
- * Better handling of unknown users in server update-users
- * Add file locking when modifying known_hosts or authorized_keys
- * Better failure/prompting for gen-subkey
- * Add ability to set any owner trust level for keys in server keychain.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 17:03:19 -0400
-
-monkeysphere (0.1-1) experimental; urgency=low
-
- * First release of debian package for monkeysphere.
- * This is experimental -- please report bugs!
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 19 Jun 2008 00:34:53 -0400
-
+++ /dev/null
-Source: monkeysphere
-Section: net
-Priority: extra
-Maintainer: Jameson Graef Rollins <jrollins@finestructure.net>
-Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0)
-Standards-Version: 3.8.0.1
-Homepage: http://web.monkeysphere.info/
-Vcs-Git: git://git.monkeysphere.info/monkeysphere
-Dm-Upload-Allowed: yes
-
-Package: monkeysphere
-Architecture: any
-Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends}
-Recommends: netcat | socat, ssh-askpass
-Enhances: openssh-client, openssh-server
-Description: use the OpenPGP web of trust to verify ssh connections
- SSH key-based authentication is tried-and-true, but it lacks a true
- Public Key Infrastructure for key certification, revocation and
- expiration. Monkeysphere is a framework that uses the OpenPGP web of
- trust for these PKI functions. It can be used in both directions:
- for users to get validated host keys, and for hosts to authenticate
- users.
+++ /dev/null
-Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226
-Debianized-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Debianized-Date: Fri Jun 13 10:19:16 EDT 2008
-Original-Source: http://web.monkeysphere.info/download
-
-Files: *
-Copyright: Copyright 2008 Jameson Rollins <jrollins@fifthhorseman.net>,
- Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
- Jamie McClelland <jamie@mayfirst.org>,
- Micah Anderson <micah@riseup.net>,
- Matthew Goins <mjgoins@openflows.com>,
- Mike Castleman <mlcastle@mlcastle.net>,
- Elliot Winard <enw@caveteen.com>,
- Ross Glover <ross@ross.mayfirst.org>,
- Greg Lyle <greg@stealthisemail.com>
-
-License: GPL-3+
- This package is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
- .
- On Debian systems, the complete text of the GNU General Public License
- can be found in file "/usr/share/common-licenses/GPL".
+++ /dev/null
-var/lib/monkeysphere
-var/lib/monkeysphere/authorized_keys
-var/lib/monkeysphere/tmp
-usr/bin
-usr/sbin
-usr/share
-usr/share/monkeysphere
-usr/share/man
-usr/share/man/man1
-usr/share/man/man7
-usr/share/man/man8
-etc/monkeysphere
+++ /dev/null
-#!/bin/sh -e
-
-# postinst script for monkeysphere
-
-# Author: Jameson Rollins <jrollins@fifthhorseman.net>
-# Copyright 2008
-
-ETC="/etc/monkeysphere"
-VARLIB="/var/lib/monkeysphere"
-
-if ! getent passwd monkeysphere >/dev/null ; then
- echo "adding monkeysphere user..."
- adduser --quiet --system --no-create-home --group \
- --home "$VARLIB" \
- --shell '/bin/bash' \
- --gecos 'monkeysphere authentication user,,,' \
- monkeysphere
-fi
-
-# install host gnupg home directory
-install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host
-# link in the gpg.conf
-ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf
-
-# install authentication gnupg home directory
-install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication
-# link in the gpg.conf
-ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
+++ /dev/null
-#!/bin/sh -e
-
-# postrm script for monkeysphere
-
-# Author: Jameson Rollins <jrollins@fifthhorseman.net>
-# Copyright 2008
-
-case $1 in
- purge)
- rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true
- echo "removing monkeysphere user..."
- userdel monkeysphere > /dev/null || true
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
+++ /dev/null
-#!/bin/sh -e
-
-# preinst script for monkeysphere
-
-# Author: Jameson Rollins <jrollins@fifthhorseman.net>
-# Copyright 2008
-
-ETC="/etc/monkeysphere"
-VARLIB="/var/lib/monkeysphere"
-
-# move the gpg.conf files from the GNUPGHOMEs if they're there to
-# /etc, where they will be linked back into the GNUPGHOMEs later
-if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then
- mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf
- chown root:root "$ETC"/gpg-host.conf
- ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf
-fi
-if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then
- mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf
- chown root:root "$ETC"/gpg-authentication.conf
- ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
-fi
+++ /dev/null
-#!/usr/bin/make -f
-%:
- dh $@
--- /dev/null
+../../website/changelog
\ No newline at end of file
--- /dev/null
+Source: monkeysphere
+Section: net
+Priority: extra
+Maintainer: Jameson Graef Rollins <jrollins@finestructure.net>
+Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0)
+Standards-Version: 3.8.0.1
+Homepage: http://web.monkeysphere.info/
+Vcs-Git: git://git.monkeysphere.info/monkeysphere
+Dm-Upload-Allowed: yes
+
+Package: monkeysphere
+Architecture: any
+Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends}
+Recommends: netcat | socat, ssh-askpass
+Enhances: openssh-client, openssh-server
+Description: use the OpenPGP web of trust to verify ssh connections
+ SSH key-based authentication is tried-and-true, but it lacks a true
+ Public Key Infrastructure for key certification, revocation and
+ expiration. Monkeysphere is a framework that uses the OpenPGP web of
+ trust for these PKI functions. It can be used in both directions:
+ for users to get validated host keys, and for hosts to authenticate
+ users.
--- /dev/null
+Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226
+Debianized-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Debianized-Date: Fri Jun 13 10:19:16 EDT 2008
+Original-Source: http://web.monkeysphere.info/download
+
+Files: *
+Copyright: Copyright 2008 Jameson Rollins <jrollins@fifthhorseman.net>,
+ Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
+ Jamie McClelland <jamie@mayfirst.org>,
+ Micah Anderson <micah@riseup.net>,
+ Matthew Goins <mjgoins@openflows.com>,
+ Mike Castleman <mlcastle@mlcastle.net>,
+ Elliot Winard <enw@caveteen.com>,
+ Ross Glover <ross@ross.mayfirst.org>,
+ Greg Lyle <greg@stealthisemail.com>
+
+License: GPL-3+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ can be found in file "/usr/share/common-licenses/GPL".
--- /dev/null
+var/lib/monkeysphere
+var/lib/monkeysphere/authorized_keys
+var/lib/monkeysphere/tmp
+usr/bin
+usr/sbin
+usr/share
+usr/share/monkeysphere
+usr/share/man
+usr/share/man/man1
+usr/share/man/man7
+usr/share/man/man8
+etc/monkeysphere
--- /dev/null
+#!/bin/sh -e
+
+# postinst script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright 2008
+
+ETC="/etc/monkeysphere"
+VARLIB="/var/lib/monkeysphere"
+
+if ! getent passwd monkeysphere >/dev/null ; then
+ echo "adding monkeysphere user..."
+ adduser --quiet --system --no-create-home --group \
+ --home "$VARLIB" \
+ --shell '/bin/bash' \
+ --gecos 'monkeysphere authentication user,,,' \
+ monkeysphere
+fi
+
+# install host gnupg home directory
+install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host
+# link in the gpg.conf
+ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf
+
+# install authentication gnupg home directory
+install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication
+# link in the gpg.conf
+ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
--- /dev/null
+#!/bin/sh -e
+
+# postrm script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright 2008
+
+case $1 in
+ purge)
+ rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true
+ echo "removing monkeysphere user..."
+ userdel monkeysphere > /dev/null || true
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+
+# preinst script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright 2008
+
+ETC="/etc/monkeysphere"
+VARLIB="/var/lib/monkeysphere"
+
+# move the gpg.conf files from the GNUPGHOMEs if they're there to
+# /etc, where they will be linked back into the GNUPGHOMEs later
+if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then
+ mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf
+ chown root:root "$ETC"/gpg-host.conf
+ ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf
+fi
+if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then
+ mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf
+ chown root:root "$ETC"/gpg-authentication.conf
+ ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
+fi
--- /dev/null
+#!/usr/bin/make -f
+%:
+ dh $@
--- /dev/null
+monkeysphere (0.21-1) unstable; urgency=low
+
+ * move debian packaging to packaging subdirectory.
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 14:26:48 -0500
+
+monkeysphere (0.20-1) unstable; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * ensure that tempdirs are properly created, bail out otherwise instead
+ of stumbling ahead.
+ * minor fussing with the test script to make it cleaner.
+
+ [ Jameson Graef Rollins ]
+ * clean up Makefile to generate more elegant source tarballs.
+ * make myself the maintainer.
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 13:12:57 -0500
+
+monkeysphere (0.19-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * simulating an X11 session in the test script.
+ * updated packaging so that symlinks to config files are correct.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 02:47:49 -0400
+
+monkeysphere (0.18-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Fix bugs in authorized_{user_ids,keys} file permission checking.
+ * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys
+ files.
+ * chown authorized_keys files to `whoami`, for compatibility with test
+ suite.
+ * major improvements to test suite, added more tests.
+
+ [ Daniel Kahn Gillmor ]
+ * update make install to ensure placement of
+ /etc/monkeysphere/gnupg-{host,authentication}.conf
+ * choose either --quick-random or --debug-quick-random depending on
+ which gpg supports for the test suite.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 00:41:38 -0400
+
+monkeysphere (0.17-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Fix some bugs in, and cleanup, authorized_keys file creation in
+ monkeysphere-server update-users.
+ * Move to using the empty string for not adding a user-controlled
+ authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 28 Oct 2008 02:04:22 -0400
+
+monkeysphere (0.16-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
+ portability.
+ * fixed busted lockfile arrangement, where empty file was being locked
+ * portability fixes in the way we use date, mktemp, hostname, su
+ * stop using /usr/bin/stat, since the syntax appears to be totally
+ unportable
+ * require GNU getopt, and test for getopt failures (look for getopt in
+ /usr/local/bin first, since that's where FreeBSD's GNU-compatible
+ getopt lives.
+ * monkeysphere-server diagnostics now counts problems and suggests a
+ re-run after they have been resolved.
+ * completed basic test suite: this can be run from the git sources or
+ the tarball with: cd tests && ./basic
+
+ [ Jameson Graef Rollins ]
+ * Genericize fs location variables.
+ * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
+ install.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Oct 2008 03:06:18 -0400
+
+monkeysphere (0.15-1) experimental; urgency=low
+
+ * porting work and packaging simplification: clarifying makefiles,
+ pruning dependencies, etc.
+ * added tests to monkeysphere-server diagnostics
+ * moved monkeysphere(5) to section 7 of the manual
+ * now shipping TODO in /usr/share/doc/monkeysphere
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 19:08:40 -0400
+
+monkeysphere (0.14-1) experimental; urgency=low
+
+ * changing debian packaging back to format 1.0 so we get automatic
+ tarballs, and easier inclusion in other build networks.
+ * no other source changes.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 13:03:35 -0400
+
+monkeysphere (0.13-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings.
+ * updated makefile to reflect the package building technique we've been
+ using for a month now.
+
+ [ Jameson Graef Rollins ]
+ * move location of user config directory to ~/.monkeysphere.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Sep 2008 17:26:10 -0400
+
+monkeysphere (0.12-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Improved output handling. New LOG_LEVEL variable.
+
+ [ Daniel Kahn Gillmor ]
+ * debian/control: switched Homepage: and Vcs-Git: to canonicalized
+ upstream hostnames.
+ * updated documentation for new release.
+ * changed my associated e-mail address for this package.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 02 Sep 2008 18:54:29 -0400
+
+monkeysphere (0.11-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * fix bug in trustdb update on add/revoke-hostname.
+
+ [ Daniel Kahn Gillmor ]
+ * debian/control: added Build-Depends: git-core for the new packaging
+ format
+ * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched
+ GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly
+ if not found).
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Wed, 20 Aug 2008 11:24:35 -0400
+
+monkeysphere (0.10-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * brown paper bag release: invert test on calculated validity of keys.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 16:22:34 -0400
+
+monkeysphere (0.9-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * implemented "monkeysphere-server extend-key" to adjust expiration
+ date of host key.
+ * removed "monkeysphere-server fingerprint". Use "monkeysphere-server
+ show-key" instead.
+
+ [ Jameson Graef Rollins ]
+ * fixed bug in user id processing that prevented bad primary keys from
+ being properly removed.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 15:42:12 -0400
+
+monkeysphere (0.8-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * debian/control: switched Vcs-Git to use "centralized" git repo instead
+ of my own.
+ * More monkeysphere-server diagnostics
+ * monkeysphere --gen-subkey now guesses what KeyID you meant.
+ * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey
+ works sensibly under X11
+
+ [ Jameson Graef Rollins ]
+ * fix another bug when known_hosts files are missing.
+ * sort processed keys so that "good" keys are processed after "bad"
+ keys. This will prevent malicious bad keys from causing good keys to
+ be removed from key files.
+ * enabled host key publication.
+ * added checking of gpg.conf for keyserver
+ * new functions to add/revoke host key user IDs
+ * improved list-certifiers function (now non-privileged)
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 12:43:37 -0400
+
+monkeysphere (0.7-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * Added monkeysphere-server diagnostics subcommand.
+ * rebuilding package using Format: 3.0 (git)
+
+ [ Jameson Graef Rollins ]
+ * fix how check for file modification is done.
+ * rework out user id processing is done to provide more verbose log
+ output.
+ * fix bug in monkeysphpere update-authorized_keys subcommand where
+ disallowed keys failed to be remove from authorized_keys file.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 04 Aug 2008 10:47:41 -0400
+
+monkeysphere (0.6-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Fix bug in return on error of ssh-proxycommand.
+
+ [ Daniel Kahn Gillmor ]
+ * try socat if netcat is not available in proxycommand.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 29 Jul 2008 10:27:20 -0400
+
+monkeysphere (0.5-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * updated READMEs to match current state of code
+
+ [ Jameson Graef Rollins ]
+ * Tweak how empty authorized_user_ids and known_hosts files are handled.
+ * Do not fail when authorized_user_ids or known_hosts file is not found.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 28 Jul 2008 10:50:02 -0400
+
+monkeysphere (0.4-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * New version.
+ * Fixed return code error in openpgp2ssh
+
+ [ Jameson Graef Rollins ]
+ * Privilege separation: use monkeysphere user to handle maintenance of
+ the gnupg authentication keychain for server.
+ * Improved certifier key management.
+ * Fixed variable scoping and config file precedence.
+ * Add options for key generation and add-certifier functions.
+ * Fix return codes for known_host and authorized_keys updating
+ functions.
+ * Add write permission check on authorized_keys, known_hosts, and
+ authorized_user_ids files.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400
+
+monkeysphere (0.3-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * new version.
+
+ [ Jameson Graef Rollins ]
+ * Move files in /var/cache/monkeysphere and GNUPGHOME for server to
+ the more appropriate /var/lib/monkeysphere.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 00:55:29 -0400
+
+monkeysphere (0.2-2) experimental; urgency=low
+
+ * added lockfile-progs dependency
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 19:34:05 -0400
+
+monkeysphere (0.2-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * openpgp2ssh now supports specifying keys by full fingerprint.
+
+ [ Jameson Graef Rollins ]
+ * Add AUTHORIZED_USER_IDS config variable for server, which defaults to
+ %h/.config/monkeysphere/authorized_user_ids, instead of
+ /etc/monkeysphere/authorized_user_ids.
+ * Remove {update,remove}-userids functions, since we decided they
+ weren't useful enough to be worth maintaining.
+ * Better handling of unknown users in server update-users
+ * Add file locking when modifying known_hosts or authorized_keys
+ * Better failure/prompting for gen-subkey
+ * Add ability to set any owner trust level for keys in server keychain.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 17:03:19 -0400
+
+monkeysphere (0.1-1) experimental; urgency=low
+
+ * First release of debian package for monkeysphere.
+ * This is experimental -- please report bugs!
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 19 Jun 2008 00:34:53 -0400
+
--- /dev/null
+[[meta title="Monkeysphere 0.20-1 released!"]]
+
+Monkeysphere 0.20-1 has been released.
+
+Notes from the changelog:
+
+<pre>
+ [ Daniel Kahn Gillmor ]
+ * ensure that tempdirs are properly created, bail out otherwise instead
+ of stumbling ahead.
+ * minor fussing with the test script to make it cleaner.
+
+ [ Jameson Graef Rollins ]
+ * clean up Makefile to generate more elegant source tarballs.
+ * make myself the maintainer.
+</pre>
+
+[[Download]] it now!
projects / monkeysphere.git / commitdiff