deb http://monkeysphere.info/debian experimental monkeysphere
deb-src http://monkeysphere.info/debian experimental monkeysphere
-The repository is currently signed by [Daniel Kahn Gillmor's OpenPGP key](http://fifthhorseman.net/dkg.gpg "dkg's key"), key id D21739E9
+The repository is currently signed by [Daniel Kahn Gillmor's OpenPGP
+key](http://fifthhorseman.net/dkg.gpg "dkg's key"), key id D21739E9
(fingerprint: `0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9`).
-To cryptographically verify the packages, you'll want to [add `dkg`'s key to your apt configuration](http://cmrg.fifthhorseman.net/wiki/apt/importing-keys "Instructions for adding dkg's key to apt")
+To cryptographically verify the packages, you'll want to [add `dkg`'s
+key to your apt
+configuration](http://cmrg.fifthhorseman.net/wiki/apt/importing-keys
+"Instructions for adding dkg's key to apt")
+
+### Enhancements ###
+
+As of 2008-08-22, If you run debian lenny you're very close to being
+able to run a fully monkeysphere-enabled system. One gap in the
+system is that lenny's GnuTLS can't support the `monkeysphere
+subkey-to-ssh-agent` subcommand.
+
+You can install a patched version of GnuTLS to enable this feature of
+the MonkeySphere by adjusting the monkeysphere `sources.list` lines to
+include the `gnutls` component. So they'd look like this instead:
+
+ deb http://monkeysphere.info/debian experimental monkeysphere gnutls
+ deb-src http://monkeysphere.info/debian experimental monkeysphere gnutls
+
+You can [read more about this offering](/news/modified-gnutls-2.4.x-available.mdwn).
## git repositories ##
--- /dev/null
+[[meta title="Modified GnuTLS 2.4.x available"]]
+
+The MonkeySphere project is now making available a patched version of
+[GnuTLS](http://gnutls.org/) version 2.4.x, which enhances the utility
+of the `monkeysphere` package by enabling it to read authentication
+subkeys emitted by [GnuPG](http://gnupg.org/) under certain
+circumstances.
+
+You can track this package in debian lenny by adding the following
+lines to `/etc/apt/sources.list`:
+
+ deb http://monkeysphere.info/debian experimental gnutls
+ deb-src http://monkeysphere.info/debian experimental gnutls
+
+Or you can patch and build the packages yourself with the patches and
+scripts provided in [the MonkeySphere git repo](/download).
+
+The only modification needed simply enables the library to parse a GNU
+extension to the String-to-key (S2K) mechanism as laid out in [RFC
+4880](http://tools.ietf.org/html/rfc4880#section-3.7).
+
+The specific S2K extension supported is known as gnu-dummy, and it
+simply allows a "secret" key block to be written *without* storing any
+of the secret key material. This is used by GnuPG on the primary key
+when the `--export-secret-subkeys` argument is given.
+
+You can read notes about the GNU S2K extensions in DETAILS from GnuPG,
+which you can fetch this way:
+
+ svn co svn://cvs.gnupg.org/gnupg/trunk/doc
+ less doc/DETAILS
+
+A version of this patch was first proposed [on
+`gnutls-dev`](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html),
+and looks like it will be adopted upstream in the GnuTLS 2.6.x series,
+at which point these packages will be unnecessary.
+
+Until that time, these packages are provided to tide over users of
+`monkeysphere` on debian lenny (or compatible systems) who want to be
+able to hand off the authentication-capable OpenPGP subkeys in their
+GnuPG keyring to their SSH agent.
projects / monkeysphere.git / commitdiff