From: Matt Goins <mjgoins@openflows.com>
Date: Wed, 29 Oct 2008 16:20:42 +0000 (-0400)
Subject: Merge commit 'dkg/master'
X-Git-Tag: monkeysphere_0.23~169
X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=680d7340d29d16325eb991feb37885d6faa955e2;hp=1b6ebcddf8226ad4aa29da643060b6410030cf5d

Merge commit 'dkg/master'
---

diff --git a/Makefile b/Makefile
index 057707a..dfeb3f1 100644
--- a/Makefile
+++ b/Makefile
@@ -46,6 +46,8 @@ install: all installman
 	install src/monkeysphere-server $(DESTDIR)$(PREFIX)/sbin
 	install -m 0644 src/common $(DESTDIR)$(PREFIX)/share/monkeysphere
 	install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
+	install -m 0644 etc/gnupg-host.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/gnupg-host.conf$(ETCSUFFIX)
+	install -m 0644 etc/gnupg-authentication.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/gnupg-authentication.conf$(ETCSUFFIX)
 	install -m 0644 etc/monkeysphere.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere.conf$(ETCSUFFIX)
 	install -m 0644 etc/monkeysphere-server.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-server.conf$(ETCSUFFIX)
 
diff --git a/debian/changelog b/debian/changelog
index 4db311e..a7514a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,38 @@
+monkeysphere (0.19-1) experimental; urgency=low
+
+  [ Daniel Kahn Gillmor ]
+  * simulating an X11 session in the test script.
+  * updated packaging so that symlinks to config files are correct.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 29 Oct 2008 02:47:49 -0400
+
+monkeysphere (0.18-1) experimental; urgency=low
+
+  [ Jameson Graef Rollins ]
+  * Fix bugs in authorized_{user_ids,keys} file permission checking.
+  * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys
+    files.
+  * chown authorized_keys files to `whoami`, for compatibility with test
+    suite.
+  * major improvements to test suite, added more tests.
+  
+  [ Daniel Kahn Gillmor ]
+  * update make install to ensure placement of
+    /etc/monkeysphere/gnupg-{host,authentication}.conf 
+  * choose either --quick-random or --debug-quick-random depending on
+    which gpg supports for the test suite.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 29 Oct 2008 00:41:38 -0400
+
 monkeysphere (0.17-1) experimental; urgency=low
 
+  [ Jameson Graef Rollins ]  
   * Fix some bugs in, and cleanup, authorized_keys file creation in
     monkeysphere-server update-users.
   * Move to using the empty string for not adding a user-controlled
     authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
 
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Mon, 27 Oct 2008 07:39:10 -0400
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Tue, 28 Oct 2008 02:04:22 -0400
 
 monkeysphere (0.16-1) experimental; urgency=low
 
diff --git a/debian/control b/debian/control
index 8f5aeef..efd734b 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: monkeysphere
 Section: net
 Priority: extra
 Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Uploaders: Jameson Rollins <jrollins@fifthhorseman.net>
+Uploaders: Jameson Graef Rollins <jrollins@phys.columbia.edu>
 Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0)
 Standards-Version: 3.8.0.1
 Homepage: http://web.monkeysphere.info/
diff --git a/debian/dirs b/debian/dirs
deleted file mode 100644
index e9390a7..0000000
--- a/debian/dirs
+++ /dev/null
@@ -1,12 +0,0 @@
-var/lib/monkeysphere
-var/lib/monkeysphere/authorized_keys
-usr/bin
-usr/sbin
-usr/share
-usr/share/monkeysphere
-usr/share/man
-usr/share/man/man1
-usr/share/man/man5
-usr/share/man/man8
-etc/monkeysphere
-etc/monkeysphere/authorized_user_ids
diff --git a/debian/monkeysphere.dirs b/debian/monkeysphere.dirs
index b0b2d9c..cfafe15 100644
--- a/debian/monkeysphere.dirs
+++ b/debian/monkeysphere.dirs
@@ -1,4 +1,12 @@
-usr/share/monkeysphere
 var/lib/monkeysphere
 var/lib/monkeysphere/authorized_keys
+var/lib/monkeysphere/tmp
+usr/bin
+usr/sbin
+usr/share
+usr/share/monkeysphere
+usr/share/man
+usr/share/man/man1
+usr/share/man/man5
+usr/share/man/man8
 etc/monkeysphere
diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst
index 27a50e0..02d6304 100755
--- a/debian/monkeysphere.postinst
+++ b/debian/monkeysphere.postinst
@@ -20,9 +20,9 @@ fi
 # install host gnupg home directory
 install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host
 # link in the gpg.conf
-ln -sTf "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf
+ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf
 
 # install authentication gnupg home directory
 install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication
 # link in the gpg.conf
-ln -sTf "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
+ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf
index b69420a..8b9ffa4 100644
--- a/etc/monkeysphere-server.conf
+++ b/etc/monkeysphere-server.conf
@@ -23,6 +23,6 @@
 # Path to a user controlled authorized_keys file to be added to the
 # monkeysphere-generated authorized_keys file.  '%h' will be replaced
 # by the home directory of the user, and '%u' will by replaced by the
-# username of the user.  To not add any user-controlled file set this
-# variable to be the empty string, "".
-#RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
+# username of the user.  Setting this variable to 'none' prevents the
+# inclusion of user controlled authorized_keys file.
+# RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
diff --git a/packaging/freebsd/Makefile b/packaging/freebsd/Makefile
index 78ad0d3..984bc87 100644
--- a/packaging/freebsd/Makefile
+++ b/packaging/freebsd/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      monkeysphere
-PORTVERSION=   0.16
+PORTVERSION=   0.19
 CATEGORIES=    security
 MASTER_SITES=  http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/
 # hack for debian orig tarballs
@@ -17,7 +17,7 @@ COMMENT=       use the OpenPGP web of trust to verify ssh connections
 
 LIB_DEPENDS=	gnutls.26:${PORTSDIR}/security/gnutls
 RUN_DEPENDS=    base64:${PORTSDIR}/converters/base64 \
-		gpg:${PORTSDIR}/security/gnupg \
+		gpg:${PORTSDIR}/security/gnupg1 \
 		lockfile:${PORTSDIR}/mail/procmail \
 		/usr/local/bin/getopt:${PORTSDIR}/misc/getopt \
 		bash:${PORTSDIR}/shells/bash
@@ -34,6 +34,12 @@ post-patch:
 	find . -iname '*.orig' -delete
 
 post-install:
+	@if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-host.conf ]; then \
+		${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-host.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-host.conf ; \
+	fi
+	@if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ]; then \
+		${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ; \
+	fi
 	@if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere.conf ]; then \
 		${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere.conf ; \
 	fi
diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo
index 16e88de..86aecd1 100644
--- a/packaging/freebsd/distinfo
+++ b/packaging/freebsd/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.16.orig.tar.gz) = 4bc223e8004e0e374bd54f0315585c49
-SHA256 (monkeysphere_0.16.orig.tar.gz) = f2dbd031315f99c82099a4a902f2240cca97536b035ef75872e72a65f324c9d7
-SIZE (monkeysphere_0.16.orig.tar.gz) = 66062
+MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e
+SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522
+SIZE (monkeysphere_0.19.orig.tar.gz) = 68335
diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install
index 5e520cd..d7e4dbe 100755
--- a/packaging/freebsd/pkg-install
+++ b/packaging/freebsd/pkg-install
@@ -15,6 +15,7 @@
 # MySQL puts its data in /var/db/mysql
 
 VARLIB="/var/monkeysphere"
+ETCDIR="/usr/local/etc/monkeysphere"
 
 case $2 in
 POST-INSTALL)
@@ -56,20 +57,14 @@ POST-INSTALL)
                 fi
         fi
 
-	## set up the cache directories:
+	## set up the cache directories, and link them to the config files:
 
 	install -d -o root -g monkeysphere -m 750 "$VARLIB"/gnupg-host
-	cat <<EOF > "$VARLIB"/gnupg-host/gpg.conf
-list-options show-uid-validity
-EOF
+	ln -sf "$ETCDIR"/gnupg-host.conf  "$VARLIB"/gnupg-host/gpg.conf
 
 	install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication
-# install authentication gpg.conf
-	cat <<EOF > "$VARLIB"/gnupg-authentication/gpg.conf
-list-options show-uid-validity
-primary-keyring $VARLIB/gnupg-authentication/pubring.gpg
-keyring $VARLIB/gnupg-host/pubring.gpg
-EOF
+	ln -sf "$ETCDIR"/gnupg-authentication.conf  "$VARLIB"/gnupg-authentication/gpg.conf
+
 	chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf
 
 	monkeysphere-server diagnostics
diff --git a/src/common b/src/common
index 5d92b26..297e7f3 100644
--- a/src/common
+++ b/src/common
@@ -24,7 +24,7 @@ export SYSCONFIGDIR
 
 # failure function.  exits with code 255, unless specified otherwise.
 failure() {
-    echo "$1" >&2
+    [ "$1" ] && echo "$1" >&2
     exit ${2:-'255'}
 }
 
@@ -393,8 +393,9 @@ test_gpg_expire() {
 # check that a file is properly owned, and that all it's parent
 # directories are not group/other writable
 check_key_file_permissions() {
-    local user
+    local uname
     local path
+    local stat
     local access
     local gAccess
     local oAccess
@@ -404,30 +405,36 @@ check_key_file_permissions() {
 	[ "$1" = "w" ]
     }
 
-    user="$1"
+    uname="$1"
     path="$2"
 
-    # return 0 is path does not exist
-    [ -e "$path" ] || return 0
+    # return 255 if cannot stat file
+    if ! stat=$(ls -ld "$path" 2>/dev/null) ; then
+        log error "could not stat path '$path'."
+	return 255
+    fi
 
-    owner=$(ls -l "$path" | awk '{ print $3 }')
-    gAccess=$(ls -l "$path" | cut -c6)
-    oAccess=$(ls -l "$path" | cut -c9)
+    owner=$(echo "$stat" | awk '{ print $3 }')
+    gAccess=$(echo "$stat" | cut -c6)
+    oAccess=$(echo "$stat" | cut -c9)
 
-    # check owner
-    if [ "$owner" != "$user" -a "$owner" != 'root' ] ; then
+    # return 1 if path has invalid owner
+    if [ "$owner" != "$uname" -a "$owner" != 'root' ] ; then
+	log error "improper ownership on path '$path'."
 	return 1
     fi
 
-    # check group/other writability
+    # return 2 if path has group or other writability
     if is_write "$gAccess" || is_write "$oAccess" ; then
+	log error "improper group or other writability on path '$path'."
 	return 2
     fi
 
+    # return zero if all clear, or go to next path
     if [ "$path" = '/' ] ; then
 	return 0
     else
-	check_key_file_permissions $(dirname "$path")
+	check_key_file_permissions "$uname" $(dirname "$path")
     fi
 }
 
@@ -662,7 +669,7 @@ process_user_id() {
 		else
 		    log debug "  - unacceptable primary key."
 		    if [ -z "$sshKey" ] ; then
-			log error "   ! primary key could not be translated (not RSA or DSA?)."
+			log error "    ! primary key could not be translated (not RSA or DSA?)."
 		    else
 			echo "1:${sshKey}"
 		    fi
@@ -1018,7 +1025,7 @@ process_authorized_user_ids() {
     log debug "processing authorized_user_ids file..."
 
     if ! meat "$authorizedUserIDs" > /dev/null ; then
-	log debug "no user IDs to process."
+	log debug " no user IDs to process."
 	return
     fi
 
diff --git a/src/monkeysphere b/src/monkeysphere
index dd689b5..7e800cc 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -318,10 +318,12 @@ case $COMMAND in
     'update-known_hosts'|'update-known-hosts'|'k')
 	MODE='known_hosts'
 
+	# touch the known_hosts file so that the file permission check
+	# below won't fail upon not finding the file
+	(umask 0022 && touch "$KNOWN_HOSTS")
+
 	# check permissions on the known_hosts file path
-	if ! check_key_file_permissions "$USER" "$KNOWN_HOSTS" ; then
-	    failure "Improper permissions on known_hosts file path."
-	fi
+	check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
 
         # if hosts are specified on the command line, process just
         # those hosts
@@ -347,14 +349,10 @@ case $COMMAND in
 	MODE='authorized_keys'
 
 	# check permissions on the authorized_user_ids file path
-	if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then
-	    failure "Improper permissions on authorized_user_ids file path."
-	fi
+	check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" || failure
 
 	# check permissions on the authorized_keys file path
-	if ! check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" ; then
-	    failure "Improper permissions on authorized_keys file path."
-	fi
+	check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
 
         # exit if the authorized_user_ids file is empty
 	if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 6ca6a4f..5f0cb73 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -20,6 +20,11 @@ export SYSSHAREDIR
 SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
 export SYSDATADIR
 
+# monkeysphere temp directory, in sysdatadir to enable atomic moves of
+# authorized_keys files
+MSTMPDIR="${SYSDATADIR}/tmp"
+export MSTMPDIR
+
 # UTC date in ISO 8601 format if needed
 DATE=$(date -u '+%FT%T')
 
@@ -148,6 +153,8 @@ update_users() {
 	unames=$(getent passwd | cut -d: -f1)
     fi
 
+    RETCODE=0
+
     # set mode
     MODE="authorized_keys"
 
@@ -165,7 +172,7 @@ update_users() {
     # loop over users
     for uname in $unames ; do
 	# check all specified users exist
-	if ! getent passwd "$uname" >/dev/null ; then
+	if ! id "$uname" >/dev/null ; then
 	    log error "----- unknown user '$uname' -----"
 	    continue
 	fi
@@ -173,7 +180,7 @@ update_users() {
 	log verbose "----- user: $uname -----"
 
         # make temporary directory
-        TMPLOC=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+        TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX)
 
 	# trap to delete temporary directory on exit
 	trap "rm -rf $TMPLOC" EXIT
@@ -194,6 +201,7 @@ update_users() {
         chown -R "$MONKEYSPHERE_USER" "$TMPLOC"
 
 	# process authorized_user_ids file
+	log debug "checking for authorized_user_ids..."
 	# translating ssh-style path variables
 	authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
 	if [ -s "$authorizedUserIDs" ] ; then
@@ -213,20 +221,27 @@ update_users() {
 		    ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS"
 		RETURN="$?"
 	    else
-		log error "Improper permissions on path '$AUTHORIZED_USER_IDS'."
+		log debug "not processing authorized_user_ids."
 	    fi
+	else
+	    log debug "empty or absent authorized_user_ids file."
 	fi
 
 	# add user-controlled authorized_keys file if specified
 	# translate ssh-style path variables
 	rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS")
-	if [ "$rawAuthorizedKeys" -a -s "$rawAuthorizedKeys" ] ; then
-	    # check permissions on the authorized_keys file path
-	    if check_key_file_permissions "$uname" "$rawAuthorizedKeys" ; then
-		log verbose "adding raw authorized_keys file... "
-		cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS"
+	if [ "$rawAuthorizedKeys" != 'none' ] ; then
+	    log debug "checking for raw authorized_keys..."
+	    if [ -s "$rawAuthorizedKeys" ] ; then
+		# check permissions on the authorized_keys file path
+		if check_key_file_permissions "$uname" "$rawAuthorizedKeys" ; then
+		    log verbose "adding raw authorized_keys file... "
+		    cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS"
+		else
+		    log debug "not adding raw authorized_keys file."		
+		fi
 	    else
-		log error "Improper permissions on path '$RAW_AUTHORIZED_KEYS'.  Not added to authorized_keys file."
+		log debug "empty or absent authorized_keys file."
 	    fi
 	fi
 
@@ -235,12 +250,25 @@ update_users() {
 	    # openssh appears to check the contents of the
 	    # authorized_keys file as the user in question, so the
 	    # file must be readable by that user at least.
-	    # FIXME: is there a better way to do this?
-	    chown root "$AUTHORIZED_KEYS"
-	    chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
-	    chmod g+r "$AUTHORIZED_KEYS"
 
-	    mv -f "$AUTHORIZED_KEYS" "${SYSDATADIR}/authorized_keys/${uname}"
+	    # but in general, we don't want the user tampering with
+	    # this file directly, so we'll adopt this approach: Own
+	    # the file by the monkeysphere-server invoker (usually
+	    # root, but should be the same uid that sshd is launched
+	    # as); change the group of the file so that members of the
+	    # user's group can read it.
+
+	    # FIXME: is there a better way to do this?
+	    chown $(whoami) "$AUTHORIZED_KEYS" && \
+		chgrp $(id -g "$uname") "$AUTHORIZED_KEYS" && \
+		chmod g+r "$AUTHORIZED_KEYS" && \
+		mv -f "$AUTHORIZED_KEYS" "${SYSDATADIR}/authorized_keys/${uname}" || \
+		{ 
+		log error "Failed to install authorized_keys for '$uname'!"
+		rm -f "${SYSDATADIR}/authorized_keys/${uname}"
+		# indicate that there has been a failure:
+		RETURN=1
+		}
 	else
 	    rm -f "${SYSDATADIR}/authorized_keys/${uname}"
 	fi
@@ -371,7 +399,7 @@ EOF
     (umask 077 && \
 	gpg_host --export-secret-key "$fingerprint" | \
 	openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-    log info "Private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
 }
 
 # extend the lifetime of a host key:
diff --git a/tests/basic b/tests/basic
index 46ba63c..d735578 100755
--- a/tests/basic
+++ b/tests/basic
@@ -19,18 +19,44 @@ gpgadmin() {
     GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
 }
 
-launch_sshd() {
+# test ssh connection
+# first argument is expected return code from ssh connection
+ssh_test() {
+    umask 0077
+
+    CODE=${1:-0}
+
+    # start the ssh daemon on the socket
+    echo "##### starting ssh server..."
     socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
-    export SSHD_PID=$!
+    SSHD_PID="$!"
 
+    # wait until the socket is created before continuing
     while [ ! -S "$SOCKET" ] ; do
 	sleep 1
     done
-}
 
-ssh_test() {
+    set +e
+
+    # make a client connection to the socket
+    echo "##### starting ssh client..."
     ssh-agent bash -c \
 	"monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config testhost true"
+    RETURN="$?"
+
+    # kill the sshd process if it's still running
+    kill "$SSHD_PID"
+
+    set -e
+
+    echo "##### return $RETURN"
+    if [ "$RETURN" = "$CODE" ] ; then
+	echo "##### ssh connection test returned as desired"
+	return 0
+    else
+	echo "##### ssh connection test failed.  expected return code $CODE"
+	return 1
+    fi
 }
 
 failed_cleanup() {
@@ -41,12 +67,15 @@ failed_cleanup() {
     cleanup
 }
 
-cleanup() {
-    if ( ps "$SSHD_PID" >/dev/null ) ; then 
-	echo "### stopping still-running sshd..."
-	kill "$SSHD_PID"
+get_gpg_prng_arg() {
+    if (gpg --quick-random --version >/dev/null 2>&1) ; then
+	echo quick-random
+    elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
+	echo debug-quick-random
     fi
+}
 
+cleanup() {
     echo "### removing temp dir..."
     rm -rf "$TEMPDIR"
 
@@ -56,6 +85,8 @@ cleanup() {
 ## setup trap
 trap failed_cleanup EXIT
 
+
+### SETUP VARIABLES
 ## set up some variables to ensure that we're operating strictly in
 ## the tests, not system-wide:
 
@@ -76,46 +107,73 @@ export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH"
 export MONKEYSPHERE_SYSDATADIR="$TEMPDIR"
 export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR"
 export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src
-export MONKEYSPHERE_MONKEYSPHERE_USER="$USER"
+export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami)
 export MONKEYSPHERE_CHECK_KEYSERVER=false
+export MONKEYSPHERE_LOG_LEVEL=DEBUG
 
 export SSHD_CONFIG="$TEMPDIR"/sshd_config
 export SOCKET="$TEMPDIR"/ssh-socket
+export SSHD_PID=
+
+# Make sure $DISPLAY is set to convince ssh and monkeysphere to fall
+# back on $SSH_ASKPASS.  Make sure it's not set to the current actual
+# $DISPLAY (if one exists) because this test suite should not be doing
+# *anything* with any running X11 session.
+export DISPLAY=monkeys
+
+### CONFIGURE ENVIRONMENTS
 
 # copy in admin and testuser home to tmp
 echo "### copying admin and testuser homes..."
 cp -a "$TESTDIR"/home/admin "$TEMPDIR"/
 cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
 
-cat <<EOF >> "$TEMPDIR"/testuser/.ssh/config
-UserKnownHostsFile $TEMPDIR/testuser/.ssh/known_hosts
-ProxyCommand $TEMPDIR/testuser/.ssh/proxy-command %h %p $SOCKET
+# set up environment for testuser
+TESTHOME="$TEMPDIR"/testuser
+export GNUPGHOME="$TESTHOME"/.gnupg
+export SSH_ASKPASS="$TESTHOME"/.ssh/askpass
+export MONKEYSPHERE_HOME="$TESTHOME"/.monkeysphere
+cat <<EOF >> "$TESTHOME"/.ssh/config
+UserKnownHostsFile $TESTHOME/.ssh/known_hosts
+IdentityFile $TESTHOME/.ssh/no-such-identity
+ProxyCommand $TESTHOME/.ssh/proxy-command %h %p $SOCKET
 EOF
-
-cat <<EOF >> "$TEMPDIR"/testuser/.monkeysphere/monkeysphere.conf
-KNOWN_HOSTS=$TEMPDIR/testuser/.ssh/known_hosts
+cat <<EOF >> "$MONKEYSPHERE_HOME"/monkeysphere.conf
+KNOWN_HOSTS=$TESTHOME/.ssh/known_hosts
 EOF
+get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf
 
-# set up a simple default monkeysphere-server.conf
-cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf
-AUTHORIZED_USER_IDS="$TEMPDIR/testuser/.monkeysphere/authorized_user_ids"
+# set up sshd
+echo "### configuring sshd..."
+cp etc/ssh/sshd_config "$SSHD_CONFIG"
+# write the sshd_config
+cat <<EOF >> "$SSHD_CONFIG"
+HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
+AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
 EOF
 
-### SERVER TESTS
-
-# setup monkeysphere temp gnupghome directories
+# set up monkeysphere-server
+echo "### configuring monkeysphere..."
 mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host
 mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication
 mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys
+mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/tmp
+cp etc/monkeysphere/monkeysphere-server.conf "$TEMPDIR"/monkeysphere-server.conf
+cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf
+AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authorized_user_ids"
+EOF
 cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf
 primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg
 keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg
 EOF
 
+
+### SERVER TESTS
+
 # create a new host key
 echo "### generating server key..."
 # add gpg.conf with quick-random
-echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
+get_gpg_prng_arg >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
 echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost
 # remove the gpg.conf
 rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf
@@ -135,27 +193,12 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
 echo "### adding admin as certifier..."
 echo y | monkeysphere-server add-identity-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
 
-# initialize base sshd_config
-cp etc/ssh/sshd_config "$SSHD_CONFIG"
-# write the sshd_config
-cat <<EOF >> "$SSHD_CONFIG"
-HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
-AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
-EOF
-
-# launch test sshd with the new host key.
-echo "### starting sshd..."
-launch_sshd
 
 ### TESTUSER TESTS
 
-# generate an auth subkey for the test user
+# generate an auth subkey for the test user that expires in 2 days
 echo "### generating key for testuser..."
-export GNUPGHOME="$TEMPDIR"/testuser/.gnupg
-export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass
-export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere
-
-monkeysphere gen-subkey --expire 0
+monkeysphere gen-subkey --expire 2
 
 # add server key to testuser keychain
 echo "### export server key to testuser..."
@@ -165,34 +208,37 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import
 echo "### export testuser key to server..."
 gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import
 echo "### update server authorized_keys file for this testuser..."
-monkeysphere-server update-users "$USER"
+monkeysphere-server update-users $(whoami)
 
 # connect to test sshd, using monkeysphere-ssh-proxycommand to verify
 # the identity before connection.  This should work in both directions!
-echo "### testuser connecting to sshd socket..."
+echo "### ssh connection test for success..."
 ssh_test
 
-# kill the previous sshd process if it's still running
-kill "$SSHD_PID"
-
-# now remove the testuser's authorized_user_ids file and reupdate
-# authorized_keys file...
-echo "### removing testuser authorized_user_ids and reupdating authorized_keys..."
-rm -f "$TEMPDIR"/testuser/.monkeysphere/authorized_user_ids
-monkeysphere-server update-users "$USER"
-
-# restart the sshd
-echo "### restarting sshd..."
-launch_sshd
-
-# and make sure the user can no longer connect
-echo "### testuser attempting to connect to sshd socket..."
-# FIXME: this prompts for the passphrase for the default identity
-# file.  how can this be avoided?
-ssh_test || SSH_RETURN="$?"
-if [ "$SSH_RETURN" != '255' ] ; then
-    exit
-fi
+# remove the testuser's authorized_user_ids file, update, and make
+# sure that the ssh authentication FAILS
+echo "### removing testuser authorized_user_ids and updating..."
+mv "$TESTHOME"/.monkeysphere/authorized_user_ids{,.bak}
+monkeysphere-server update-users $(whoami)
+echo "### ssh connection test for server authentication denial..."
+ssh_test 255
+mv "$TESTHOME"/.monkeysphere/authorized_user_ids{.bak,}
+
+# put improper permissions on authorized_user_ids file, update, and
+# make sure ssh authentication FAILS
+echo "### setting group writability on authorized_user_ids and updating..."
+chmod g+w "$TESTHOME"/.monkeysphere/authorized_user_ids
+monkeysphere-server update-users $(whoami)
+echo "### ssh connection test for server authentication denial..."
+ssh_test 255
+chmod g-w "$TESTHOME"/.monkeysphere/authorized_user_ids
+echo "### setting other writability on authorized_user_ids and updating..."
+chmod o+w "$TESTHOME"/.monkeysphere/authorized_user_ids
+monkeysphere-server update-users $(whoami)
+echo "### ssh connection test for server authentication denial..."
+ssh_test 255
+chmod o-w "$TESTHOME"/.monkeysphere/authorized_user_ids
+
 
 trap - EXIT
 
diff --git a/tests/etc/monkeysphere/monkeysphere-server.conf b/tests/etc/monkeysphere/monkeysphere-server.conf
new file mode 100644
index 0000000..9cc396f
--- /dev/null
+++ b/tests/etc/monkeysphere/monkeysphere-server.conf
@@ -0,0 +1,5 @@
+# Base monkeysphere-server.conf for monkeysphere tests
+
+# AUTHORIZED_USER_IDS variable will be added dynamically during test.
+
+RAW_AUTHORIZED_KEYS=none
diff --git a/tests/home/testuser/.gnupg/gpg.conf b/tests/home/testuser/.gnupg/gpg.conf
index f65c71b..c8cb60d 100644
--- a/tests/home/testuser/.gnupg/gpg.conf
+++ b/tests/home/testuser/.gnupg/gpg.conf
@@ -1,5 +1,3 @@
-# command to avoid depleting the system entropy
-quick-random
 # other options
 verify-options show-uid-validity
 list-options show-uid-validity
diff --git a/tests/home/testuser/.monkeysphere/monkeysphere.conf b/tests/home/testuser/.monkeysphere/monkeysphere.conf
index 59cc0cf..dbe0233 100644
--- a/tests/home/testuser/.monkeysphere/monkeysphere.conf
+++ b/tests/home/testuser/.monkeysphere/monkeysphere.conf
@@ -1,3 +1,5 @@
 # monkeysphere config for testuser in monkeysphere test suite
 
+LOG_LEVEL=DEBUG
+
 # KNOWN_HOSTS will be dynamically defined after creation.
diff --git a/website/download.mdwn b/website/download.mdwn
index 32ba9b7..e5ea72c 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -33,38 +33,38 @@ look at the source, we recommend [using git](/community).
 
 But if you want a tarball of the most recent release, we publish those
 too.  The [latest
-tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.16.orig.tar.gz)
+tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.19.orig.tar.gz)
 has these checksums:
 
 <pre>
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-checksums for the monkeysphere 0.16 release:
+checksums for the monkeysphere 0.19 release:
 
 MD5:
-4bc223e8004e0e374bd54f0315585c49  monkeysphere_0.16.orig.tar.gz
+64c643dd0ab642bbc8814aec1718000e  monkeysphere_0.19.orig.tar.gz
 
 SHA1:
-82c78ea1aeecb3059a14af9dfab0f471ce315e38  monkeysphere_0.16.orig.tar.gz
+ea3c263b084d2c0b7922cd96677be192201700e4  monkeysphere_0.19.orig.tar.gz
 
 SHA256:
-f2dbd031315f99c82099a4a902f2240cca97536b035ef75872e72a65f324c9d7  monkeysphere_0.16.orig.tar.gz
+321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522  monkeysphere_0.19.orig.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iQIVAwUBSQQdZRjmZ/HrivMUAQJaIA/6AnZG0yYJJ+0C4S0McnBnLMyiA4zQzVsH
-5J9dAYO771h0TZnlre1NZdgiP37YiPA1et24O/S7da0Ud/CND+V7CGrsxPzsfEbP
-xTPVDST2BgvnDo9LYN4Q9h7QD4lOiGjhoJM6PN/R6Zo2OGiw+yZ8RP+BW5AxW21e
-3AnasZ2XLEmwqI0AMl9OWsLk4NzeS7t+ycWjwJKINOk/5ghzlOR0Use/mRyTHvzy
-GhMjrLoqtgHo85pAfAWT7LkwTt+FDVRzLZl2shzJszewvPFva+z2A8kvuY+vAzUw
-CSvIAC5MSrheFUg1JC+6efVbUTgn3RZj+zn7CxyttVuRzjyrnY2WkiMOT5mKuZCg
-LR42FEXnDCNHjreVLB6PoU1bOseohRbfK2yN+oDSoXmO4GoKetokGEWU/S+pi/gq
-dhjyMZUYv1pgE9Vtz3ps0vVC4e8D/i39qEm7JB2AWPWU4jGX5cLCeEkrfXGsGWyu
-OxGGywarXfNp83R62QTh2cPZlkACj3IwoYgZ2h8r98ikyJlQE0Y7V8uHKsx1DMJX
-JBemkEVW5P7pZiRS7X2zqLGIDNwqBKNRnjZ7bAhqThJXpCBWNuZ+DjGY743BBddr
-RAfQUvdjbSEOD78NMh6pLLg3iYJA902EVXZX8Q8JQnjg5GlUrB2yS5uz82dwjbpx
-dy0gzEhr4DA=
-=DY0y
+iQIVAwUBSQgMCRjmZ/HrivMUAQI2Jg//bZoSxx0Nor6uBikRGHQny8LzgUT/0kpv
+xg0eRmL9kQwhGis/sdOiJ9cHykJ1ukhRiIZGfxPBdxiQbWGs9nM6147TGIDgqx6D
+yYIW41dvzTRB0TwjNd7g1q6MaSiDNuU/6dD+ooM3/IiR8PDR7X8we0WhSM63KD+v
+HeMsN51UMhBfeaZ06fxrjYoJCvnp0YNYJpLuvtd5tzxqJCJA2Vh5VqJMbMP/MtbY
+zM/zuNXRI1mJnQZeU++IaAnimX7c7SsGjLaloZG8mapYqqY0tKJ5Yod6aeloq+i5
+wI4gZuuPcgAntD6cnPaqB1ni/d71yywme5F75zpezXGzKzDSh1J5oE6akjMi2lJE
+DSOKp7zb7TvDwXxCl+vOVod81F260gPhonlTsD/LpBfPGPBdWlWP+fFchb9N/a2u
+weCMhUYX1u8Jg/bHIycjoQjPEgZwCkJT9RKF1NTLyWvb4P4a3sPe+fauCMZFbTQ/
+3EYPRBY+PfIDO09XswdB5O3gq6B33ChyWJpdwlXEEHMcFt1FuezuP0avVM9/3ZNp
+MkqalDrUEd65X8o+CE3KjFxjMceVdda9mz2netnoHrFMW6X3mFqE2fTldgHi1mCT
+hMCqpPzY04+HOHYZ0GapR3pvedd4dwhkNYrdpckp+nJMTRfexEPH/NXDVNH/mxKg
+jLoIos0SaiY=
+=VUsz
 -----END PGP SIGNATURE-----
 </pre>
diff --git a/website/news/release-0.17-1.mdwn b/website/news/release-0.17-1.mdwn
new file mode 100644
index 0000000..ec847fb
--- /dev/null
+++ b/website/news/release-0.17-1.mdwn
@@ -0,0 +1,17 @@
+[[meta title="Monkeysphere 0.17-1 released!"]]
+
+# Monkeysphere 0.17-1 released! #
+
+Monkeysphere 0.17-1 has been released.  
+
+Notes from the changelog:
+
+<pre>
+  [ Jameson Graef Rollins ]  
+  * Fix some bugs in, and cleanup, authorized_keys file creation in
+    monkeysphere-server update-users.
+  * Move to using the empty string for not adding a user-controlled
+    authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
+</pre>
+
+[[Download]] it now!
diff --git a/website/news/release-0.18-1.mdwn b/website/news/release-0.18-1.mdwn
new file mode 100644
index 0000000..b434360
--- /dev/null
+++ b/website/news/release-0.18-1.mdwn
@@ -0,0 +1,25 @@
+[[meta title="Monkeysphere 0.18-1 released!"]]
+
+# Monkeysphere 0.18-1 released! #
+
+Monkeysphere 0.18-1 has been released.  
+
+Notes from the changelog:
+
+<pre>
+  [ Jameson Graef Rollins ]
+  * Fix bugs in authorized_{user_ids,keys} file permission checking.
+  * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys
+    files.
+  * chown authorized_keys files to `whoami`, for compatibility with test
+    suite.
+  * major improvements to test suite, added more tests.
+  
+  [ Daniel Kahn Gillmor ]
+  * update make install to ensure placement of
+    /etc/monkeysphere/gnupg-{host,authentication}.conf 
+  * choose either --quick-random or --debug-quick-random depending on
+    which gpg supports for the test suite.
+</pre>
+
+[[Download]] it now!
diff --git a/website/news/release-0.19-1.mdwn b/website/news/release-0.19-1.mdwn
new file mode 100644
index 0000000..f3336da
--- /dev/null
+++ b/website/news/release-0.19-1.mdwn
@@ -0,0 +1,15 @@
+[[meta title="Monkeysphere 0.19-1 released!"]]
+
+# Monkeysphere 0.19-1 released! #
+
+Monkeysphere 0.19-1 has been released.  
+
+Notes from the changelog:
+
+<pre>
+  [ Daniel Kahn Gillmor ]
+  * simulating an X11 session in the test script.
+  * updated packaging so that symlinks to config files are correct.
+</pre>
+
+[[Download]] it now!