From: Daniel Kahn Gillmor Date: Tue, 19 Jan 2010 08:12:59 +0000 (-0500) Subject: Merge remote branch 'jrollins/master' X-Git-Tag: monkeysphere_0.28~4 X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=351bf22e962c7ba6da5ee3d8cec9d77264673c88;hp=8e1bd67f860f921743237c3e83ec8d6dfeaa5315 Merge remote branch 'jrollins/master' --- diff --git a/Makefile b/Makefile index 9381b03..710d779 100755 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ # © 2008-2010 Daniel Kahn Gillmor # Licensed under GPL v3 or later -MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +MONKEYSPHERE_VERSION = `head -n1 changelog | sed 's/.*(\([^-]*\)).*/\1/'` # these defaults are for debian. porters should probably adjust them # before calling make install diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst index 07bf468..8c6a555 100755 --- a/packaging/debian/monkeysphere.postinst +++ b/packaging/debian/monkeysphere.postinst @@ -3,7 +3,7 @@ # postinst script for monkeysphere # Author: Jameson Rollins -# Copyright 2008-2009 +# Copyright 2008-2010 set -e diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index dd44efe..7d08aac 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -211,7 +211,7 @@ case $COMMAND in gpg_sphere "$@" ;; - 'version'|'v') + 'version'|'--version'|'v') version ;; diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 4d3edf4..72205ad 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -110,6 +110,11 @@ update_pgp_pub_file() { # all-number (e.g. ssh://666.666), which are technically not allowed # (though some exist on the 'net, apparently) +# FIXME: this will probably misbehave if raw IP addresses are provided, +# either IPv4 or IPv6 using the bracket notation. + +# FIXME: this doesn't address the use of hashed User IDs. + check_service_name() { local name="$1" local errs="" @@ -265,7 +270,7 @@ multi_key() { if (( i++ > 0 )) ; then echo "##############################" fi - eval "$cmd" "$key" + "$cmd" "$key" done } @@ -422,7 +427,7 @@ case $COMMAND in update_pgp_pub_file ;; - 'version'|'v') + 'version'|'--version'|'v') version ;; diff --git a/src/share/common b/src/share/common index 0a7fe87..e735319 100644 --- a/src/share/common +++ b/src/share/common @@ -1200,13 +1200,25 @@ process_authorized_user_ids() { list_primary_fingerprints() { local fake=$(msmktempdir) trap "rm -rf $fake" EXIT - GNUPGHOME="$fake" gpg --no-tty --quiet --import + GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ awk -F: '/^fpr:/{ print $10 }' trap - EXIT rm -rf "$fake" } +# takes an OpenPGP key or set of keys on stdin, a fingerprint or other +# key identifier as $1, and outputs the gpg-formatted information for +# the requested keys from the material on stdin +get_cert_info() { + local fake=$(msmktempdir) + trap "rm -rf $fake" EXIT + GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null + GNUPGHOME="$fake" gpg --with-colons --fingerprint --fixed-list-mode --list-keys "$1" + trap - EXIT + rm -rf "$fake" +} + check_cruft_file() { local loc="$1" diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index 8e83cc5..9409f1d 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -8,107 +8,88 @@ # Jamie McClelland # Daniel Kahn Gillmor # -# They are Copyright 2008-2009, and are all released under the GPL, +# They are Copyright 2008-2010, and are all released under the GPL, # version 3 or later. -# check on the status and validity of the key and public certificates +# check on the status and validity of the host's public certificates (and keys?) -diagnostics() { - -local seckey -local keysfound -local curdate -local warnwindow -local warndate -local create -local expire -local uid -local fingerprint -local badhostkeys -local problemsfound=0 - -if ! [ -d "$SYSDATADIR" ] ; then - echo "! no $SYSDATADIR directory found. Please create it." - exit -fi - -if ! [ -f "$HOST_KEY_FILE" ] ; then - echo "No host key OpenPGP pub file found!" - echo " - Recommendation: run 'monkeysphere-host import-key'" - exit -fi +# global vars for communicating between functions: -# load the host key fingerprint -load_fingerprint - -seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) -keysfound=$(echo "$seckey" | grep -c ^sec:) -curdate=$(date +%s) +MHD_CURDATE=$(date +%s) # warn when anything is 2 months away from expiration -warnwindow='2 months' -warndate=$(advance_date $warnwindow +%s) - -if ! id monkeysphere >/dev/null ; then - echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." - problemsfound=$(($problemsfound+1)) -fi +MHD_WARNWINDOW='2 months' +MHD_WARNDATE=$(advance_date $MHD_WARNWINDOW +%s) +MHD_PROBLEMSFOUND=0 + + +diagnose_key() { + local fpr="$1" + local certinfo + local create + local expire + local uid + local keysfound + local uiderrs + local errcount + + printf "Checking OpenPGP Certificate for key 0x%s\n" "$fpr" + + certinfo=$(get_cert_info "0x$fpr" <"$HOST_KEY_FILE") + keysfound=$(grep -c ^pub: <<<"$certinfo") + + if [ "$keysfound" -lt 1 ] ; then + printf "! Could not find key with fingerprint 0x%s\n" "$fpr" + # FIXME: recommend a way to resolve this! + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) + fi -echo "Checking host GPG key..." -if (( "$keysfound" < 1 )); then - echo "! No host key found. The monkeysphere-host data directory is corrupt?!?!" - echo " - Recommendation: purge the MHDATADIR ($MHDATADIR) and rerun 'monkeysphere-host import-key'" - problemsfound=$(($problemsfound+1)) -elif (( "$keysfound" > 1 )); then - echo "! More than one host key found?" - # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) -else - create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:) - expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:) - fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:) + create=$(echo "$certinfo" | grep ^pub: | cut -f6 -d:) + expire=$(echo "$certinfo" | grep ^pub: | cut -f7 -d:) # check for key expiration: if [ "$expire" ]; then - if (( "$expire" < "$curdate" )); then - echo "! Host key is expired." - echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'" - problemsfound=$(($problemsfound+1)) - elif (( "$expire" < "$warndate" )); then - echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) - echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'" - problemsfound=$(($problemsfound+1)) + if (( "$expire" < "$MHD_CURDATE" )); then + printf "! Host key 0x%s is expired.\n" "$fpr" + printf " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire 0x%s'\n" "$fpr" + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) + elif (( "$expire" < "$MHD_WARNDATE" )); then + printf "! Host key 0x%s expires in less than %s: %s\n" "$fpr" "$MHD_WARNWINDOW" $(advance_date $(( $expire - $MHD_CURDATE )) seconds +%F) + printf " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire %s'\n" "$fpr" + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) fi fi # and weirdnesses: - if [ "$create" ] && (( "$create" > "$curdate" )); then - echo "! Host key was created in the future(?!). Is your clock correct?" - echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" - problemsfound=$(($problemsfound+1)) + if [ "$create" ] && (( "$create" > "$MHD_CURDATE" )); then + printf "! Host key 0x%s was created in the future(?!): %s. Is your clock correct?\n" "$fpr" $(date -d "1970-01-01 + $create seconds" +%F) + printf " - Recommendation: Check your clock (is it really %s?); use NTP?\n" $(date +%F_%T) + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) fi # check for UserID expiration: - echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \ - while IFS=: read create expire uid ; do - # FIXME: should we be doing any checking on the form - # of the User ID? Should we be unmangling it somehow? - - if [ "$create" ] && (( "$create" > "$curdate" )); then - echo "! User ID '$uid' was created in the future(?!). Is your clock correct?" - echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" - problemsfound=$(($problemsfound+1)) - fi - if [ "$expire" ] ; then - if (( "$expire" < "$curdate" )); then - echo "! User ID '$uid' is expired." + uiderrs=$(printf '%s\n' "$certinfo" | grep ^uid: | cut -d: -f6,7,10 | \ + while IFS=: read -r create expire uid ; do + uid=$(gpg_unescape <<<"$uid") + + check_service_name "$uid" + if [ "$create" ] && (( "$create" > "$MHD_CURDATE" )); then + printf "! The latest self-sig on User ID '%s' was created in the future(?!): %s.\n - Is your clock correct?\n" "$uid" $(date -d "1970-01-01 + $create seconds" +%F) + printf " - Recommendation: Check your clock (is it really %s ?); use NTP?\n" $(date +%F_%T) + fi + if [ "$expire" ] ; then + if (( "$expire" < "$MHD_CURDATE" )); then + printf "! User ID '%s' is expired.\n" "$uid" # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) - elif (( "$expire" < "$warndate" )); then - echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) + elif (( "$expire" < "$MHD_WARNDATE" )); then + printf "! User ID '%s' expires in less than %s: %s\n" "%s" "$MHD_WARNWINDOW" $(advance_date $(( $expire - $MHD_CURDATE )) seconds +%F) # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) + fi fi - fi - done + done) + errcount=$(grep -c '^!' <<<"$uiderrs") || \ + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+ $errcount )) + printf '%s\n' "$uiderrs" + + # FIXME: verify that the host key is properly published to the # keyservers (do this with the non-privileged user) @@ -120,11 +101,45 @@ else # FIXME: propose adding a revoker to the host key if none exist (do we # have a way to do that after key generation?) -# FIXME: test (with ssh-keyscan?) that the running ssh -# daemon is actually offering the monkeysphere host key. +# FIXME: test (with ssh-keyscan?) that any running ssh daemon is +# actually offering the monkeysphere host key, if such a key is +# loaded. + +# FIXME: scan /proc/net/tcp and /proc/net/tcp6 to see what +# known-crypto ports (ssh, https, imaps?, ldaps?, etc) are in use +# locally. Propose bringing them into the monkeysphere. + +# FIXME: ensure that the key is of a reasonable size + +# FIXME: ensure that the cert has the right key usage flags + +# FIXME: ensure that the key doesn't match any known blacklist +} + +diagnostics() { + +MHD_PROBLEMSFOUND=0 + + +if ! [ -d "$SYSDATADIR" ] ; then + echo "! no $SYSDATADIR directory found. Please create it." + exit +fi +if ! [ -f "$HOST_KEY_FILE" ] ; then + echo "No host OpenPGP certificates file found!" + echo " - Recommendation: run 'monkeysphere-host import-key' with a service key" + exit fi +if ! id monkeysphere >/dev/null ; then + echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) +fi + +echo "Checking host OpenPGP certificates..." +multi_key diagnose_key + # FIXME: look at the ownership/privileges of the various keyrings, # directories housing them, etc (what should those values be? can # we make them as minimal as possible?) @@ -132,8 +147,8 @@ fi # report on any cruft from old monkeysphere version report_cruft -if [ "$problemsfound" -gt 0 ]; then - echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" +if [ "$MHD_PROBLEMSFOUND" -gt 0 ]; then + echo "When the above $MHD_PROBLEMSFOUND issue"$(if [ "$MHD_PROBLEMSFOUND" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" echo " monkeysphere-host diagnostics" else echo "Everything seems to be in order!" diff --git a/utils/build-releasenote b/utils/build-releasenote index 1dee649..cac0869 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -1,10 +1,18 @@ #!/bin/bash -VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` +# script to build a release announcement for the Monkeysphere +# if you're running this, you probably also want to read through +# the checklist in utils/preparing-release. + +# Author: Daniel Kahn Gillmor +# Copyright: © 2008-2010 +# License: GPL, v3 or later + +VERSION=`head -n1 changelog | sed 's/.*(\([^)]*\)).*/\1/'` { sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header - head -n$(( $(grep -n '^ --' packaging/debian/changelog | head -n1 | cut -f1 -d:) - 2 )) packaging/debian/changelog | tail -n+3 + head -n$(( $(grep -n '^ --' changelog | head -n1 | cut -f1 -d:) - 2 )) changelog | tail -n+3 sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer } > "website/news/release-$VERSION.mdwn" diff --git a/utils/preparing-release b/utils/preparing-release index 3273c1c..8ecbc00 100644 --- a/utils/preparing-release +++ b/utils/preparing-release @@ -1,7 +1,7 @@ ### Notes about preparing a release for the monkeysphere ### - * make sure that packaging/debian/changelog has a reasonable version - number. + * make sure that changelog and packaging/debian/changelog both have + reasonable version numbers. * have the monkeysphere archive signing key handy!