From: Micah Anderson <micah@riseup.net>
Date: Sun, 22 Mar 2009 23:57:35 +0000 (-0400)
Subject: Merge commit 'jrollins/master'
X-Git-Tag: monkeysphere_0.25~32^2~6^2~1
X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=abd2c7a17b57d7b802353c851c2150b07824a3a5;hp=a6603e05c8067efca6197ec435696c1a45bcc517

Merge commit 'jrollins/master'

Conflicts:
	website/download.mdwn
---

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 70fef9f..16e7f21 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,11 +1,11 @@
 monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
 
   * New upstream release:
-    - fix the marginal ui output so that it's not prefixed by the LOG_PREFIX
+    - update/fix the marginal ui output
     - use msmktempdir everywhere (avoid unwrapped calls to mktemp for
       portability)
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 07 Mar 2009 12:28:13 -0500
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Wed, 18 Mar 2009 11:46:44 -0400
 
 monkeysphere (0.24-1) unstable; urgency=low
 
diff --git a/packaging/macports/Portfile b/packaging/macports/Portfile
new file mode 100644
index 0000000..f9cf7a5
--- /dev/null
+++ b/packaging/macports/Portfile
@@ -0,0 +1,40 @@
+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
+# $Id$
+
+PortSystem          1.0
+
+name                monkeysphere
+version             0.24
+categories          net
+maintainers         nomaintainer
+platforms           darwin
+description         use the OpenPGP web of trust to verify ssh connections
+
+long_description    SSH key-based authentication is tried-and-true, \
+                    but it lacks a true Public Key Infrastructure for \
+                    key certification, revocation and expiration. \
+                    Monkeysphere is a framework that uses the OpenPGP \
+                    web of trust for these PKI functions.  It can be \
+                    used in both directions: for users to get \
+                    validated host keys, and for hosts to authenticate \
+                    users.
+
+homepage            http://web.monkeysphere.info/
+master_sites        ???
+distname            ${name}_${version}
+worksrcdir          ${name}-${version}
+checksums           md5 8590532f4702fa44027a6a583657c9ef
+
+depends_run         bin:ssh:openssh \
+                    port:gnupg \
+                    port:perl5.10 \
+                    port:p5-crypt-rsa \
+                    port:p5-digest-sha1 \
+                    port:procmail
+
+build.target        build
+destroot.args       PREFIX=${destroot}${prefix} \
+                    CONFDIR=${destroot}${prefix}/etc/monkeysphere \
+                    DBDIR=${destroot}${prefix}/var/lib/monkeysphere \
+                    MANDIR=${destroot}${prefix}/share/man \
+                    DOCDIR=${destroot}${prefix}/share/doc/monkeysphere
diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey
index dbd9dd6..a0fa3ce 100644
--- a/src/share/m/gen_subkey
+++ b/src/share/m/gen_subkey
@@ -44,8 +44,7 @@ Type '$PGRM help' for usage."
     check_gpg_authentication_subkey "$keyID"
 
     # generate the list of commands that will be passed to edit-key
-    editCommands=$(cat <<EOF
-addkey
+    editCommands="addkey
 7
 S
 E
@@ -53,9 +52,7 @@ A
 Q
 $keyLength
 0
-save
-EOF
-)
+save"
 
     # setup the temp fifo dir for retrieving the key password
     log debug "creating password fifo..."
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index 7ab4bec..77f9d24 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -36,52 +36,55 @@ output_no_valid_key() {
 
     LOG_PREFIX=
 
-    cat <<EOF | log info
--------------------- Monkeysphere warning -------------------
-Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
-EOF
-
-    # retrieve the actual ssh key
-    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
-    # FIXME: should we do any checks for failed keyscans, eg. host not
-    # found?
+    # retrieve the ssh key being offered by the host
+    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \
+	| awk '{ print $2, $3 }')
 
     # get the gpg info for userid
     gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
 	--with-fingerprint --with-fingerprint \
 	="$userID" 2>/dev/null)
 
-    # find all 'pub' and 'sub' lines in the gpg output, which each
-    # represent a retrieved key for the user ID
-    echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
-    while IFS=: read -r type validity keyid uidfpr usage ; do
-	case $type in
-	    'pub'|'sub')
-		# get the ssh key of the gpg key
-		sshKeyGPG=$(gpg2ssh "$keyid")
-
-		# if one of keys found matches the one offered by the
-		# host, then output info
-		if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
-		    cat <<EOF | log info
+    # output header
+    log info <<EOF
+-------------------- Monkeysphere warning -------------------
+Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
+EOF
+
+    # if the host key is retrieved from the host, check against known
+    # OpenPGP keys
+    if [ "$sshKeyOffered" ] ; then
+	# find all 'pub' and 'sub' lines in the gpg output, which each
+	# represent a retrieved key for the user ID
+	echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+	while IFS=: read -r type validity keyid uidfpr usage ; do
+	    case $type in
+		'pub'|'sub')
+		    # get the ssh key of the gpg key
+		    sshKeyGPG=$(gpg2ssh "$keyid")
+
+		    # if one of keys found matches the one offered by the
+		    # host, then output info
+		    if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+			log info <<EOF
 An OpenPGP key matching the ssh key offered by the host was found:
 
 EOF
 
-		    sshKeyGPGFile=$(msmktempfile)
-		    printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
-		    sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
-			awk '{ print $2 }')
-		    rm -f "$sshKeyGPGFile"
+			sshKeyGPGFile=$(msmktempfile)
+			printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
+			sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
+			    awk '{ print $2 }')
+			rm -f "$sshKeyGPGFile"
 
-		    # get the sigs for the matching key
-		    gpgSigOut=$(gpg_user --check-sigs \
-			--list-options show-uid-validity \
-			"$keyid")
+			# get the sigs for the matching key
+			gpgSigOut=$(gpg_user --check-sigs \
+			    --list-options show-uid-validity \
+			    "$keyid")
 
-		    # output the sigs, but only those on the user ID
-		    # we are looking for
-		    echo "$gpgSigOut" | awk '
+			# output the sigs, but only those on the user ID
+			# we are looking for
+			echo "$gpgSigOut" | awk '
 {
 if (match($0,"^pub")) {	print; }
 if (match($0,"^uid")) { ok=0; }
@@ -89,51 +92,59 @@ if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
 if (ok) { if (match($0,"^sig")) { print; } }
 }
 ' | log info
-		    echo | log info
+			echo | log info
 
-		    # output the other user IDs for reference
-		    if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
-			cat <<EOF | log info
+			# output the other user IDs for reference
+			if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
+			    log info <<EOF
 Other user IDs on this key:
 
 EOF
-			echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" | log info
-			echo | log info
-		    fi
+			    echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" | log info
+			    echo | log info
+			fi
 
-		    # output ssh fingerprint
-		    cat <<EOF | log info
+			# output ssh fingerprint
+			log info <<EOF
 RSA key fingerprint is ${sshFingerprint}.
 EOF
 
-		    # this whole process is in a "while read"
-		    # subshell.  the only way to get information out
-		    # of the subshell is to change the return code.
-		    # therefore we return 1 here to indicate that a
-		    # matching gpg key was found for the ssh key
-		    # offered by the host
-		    return 1
-		fi
-		;;
-	esac
-    done || returnCode="$?"
-
-    # if no key match was made (and the "while read" subshell returned
-    # 1) output how many keys were found
-    if (( returnCode != 1 )) ; then
-	cat <<EOF | log info
+			# this whole process is in a "while read"
+			# subshell.  the only way to get information
+			# out of the subshell is to change the return
+			# code.  therefore we return 1 here to
+			# indicate that a matching gpg key was found
+			# for the ssh key offered by the host
+			return 1
+		    fi
+		    ;;
+	    esac
+	done || returnCode="$?"
+
+	# if no key match was made (and the "while read" subshell
+	# returned 1) output how many keys were found
+	if (( returnCode != 1 )) ; then
+	    log info <<EOF
 None of the found keys matched the key offered by the host.
 Run the following command for more info about the found keys:
 gpg --check-sigs --list-options show-uid-validity =${userID}
 EOF
 
-	# FIXME: should we do anything extra here if the retrieved
-	# host key is actually in the known_hosts file and the ssh
-	# connection will succeed?  Should the user be warned?
-	# prompted?
+	    # FIXME: should we do anything extra here if the retrieved
+	    # host key is actually in the known_hosts file and the ssh
+	    # connection will succeed?  Should the user be warned?
+	    # prompted?
+	fi
+
+    # if host key could not be retrieved from the host, output message
+    else
+	log info <<EOF
+Could not retrieve RSA host key from $HOST.
+EOF
     fi
 
-    cat <<EOF | log info
+    # output footer
+    log info <<EOF
 -------------------- ssh continues below --------------------
 EOF
 }
diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire
index 63e5c55..a6bf1f1 100644
--- a/src/share/mh/set_expire
+++ b/src/share/mh/set_expire
@@ -40,7 +40,7 @@ EOF
 
 update_gpg_pub_file
 
-cat <<EOF | log info
+log info <<EOF
 NOTE: Host key expiration date adjusted, but not yet published.
 Run '$PGRM publish-key' to publish the new expiration date.
 EOF
diff --git a/website/download.mdwn b/website/download.mdwn
index 543d4e9..3cf9d62 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -18,7 +18,15 @@ Monkeysphere relies on:
 ## Debian ##
 
 If you are running a [Debian](http://www.debian.org/) system, the
-[monkeysphere is available in the Debian archive, and as a backport](http://packages.debian.org/search?keywords=monkeysphere&searchon=names&section=all&suite=all)
+[monkeysphere is available in the Debian archive](http://packages.debian.org/search?keywords=monkeysphere&searchon=names&section=all&suite=all)
+
+If you are running Debian unstable or testing install the latest monkeysphere
+version as follows:
+
+    aptitude install monkeysphere
+
+If you are running Debian stable, you can get the monkeysphere package
+from [backports.org](http://backports.org/dokuwiki/doku.php?id=instructions)
 
 You can also install the Monkeysphere directly from the Monkeysphere
 Debian archive.  You can add this archive to your system by putting
diff --git a/website/news/0.24-accepted-in-Debian-testing.mdwn b/website/news/0.24-accepted-in-Debian-testing.mdwn
new file mode 100644
index 0000000..4222493
--- /dev/null
+++ b/website/news/0.24-accepted-in-Debian-testing.mdwn
@@ -0,0 +1,10 @@
+[[meta title="Monkeysphere 0.24 accepted in Debian testing"]]
+
+[Monkeysphere 0.24 is now available in the Debian testing distribution
+("squeeze")](http://packages.debian.org/testing/monkeysphere).
+Monkeysphere 0.24 is our strongest release yet.  If you are running
+Debian testing, installing the monkeysphere is now very easy:
+
+       aptitude install monkeysphere
+
+See the [[download]] page for more information.