From c0fed884906cc1a55f447449d323e96397952ee9 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 21 Aug 2008 01:57:00 -0400 Subject: [PATCH] updating documentation (incl. debian/changelog) to reflect new subkey-to-ssh-agent subcommand. --- debian/changelog | 5 ++++- website/bugs/handle-passphrase-locked-secret-keys.mdwn | 6 +++++- website/bugs/install-seckey2sshagent-in-usr-bin.mdwn | 10 +++++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index fb1c2f4..f3efd57 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -monkeysphere (0.11-1) UNRELEASED; urgency=low +monkeysphere (0.11-1) experimental; urgency=low [ Jameson Graef Rollins ] * fix bug in trustdb update on add/revoke-hostname. @@ -6,6 +6,9 @@ monkeysphere (0.11-1) UNRELEASED; urgency=low [ Daniel Kahn Gillmor ] * debian/control: added Build-Depends: git-core for the new packaging format + * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched + GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly + if not found). -- Daniel Kahn Gillmor Wed, 20 Aug 2008 11:24:35 -0400 diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn index ae5bf72..2df14eb 100644 --- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn +++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn @@ -32,7 +32,7 @@ primary key, then something like the following script should actually work for reasonable values of `$KEYID`: TMPDIR=$(mktemp -d) - uname 077 + umask 077 mkfifo "$TMPDIR/passphrase" kname="MonkeySphere Key $KEYID" mkfifo "$TMPDIR/$kname" @@ -50,6 +50,10 @@ so if we can get it incorporated into upstream (and/or into debian), we have a possible solution, as long as the authentication key is a subkey, and not a primary key. +As of version 0.11-1, `monkeysphere subkey-to-ssh-agent` implements +this particular strategy (and fails cleanly if the version of GnuTLS +present doesn't support the GNU dummy S2K extension). + --------- Ben Laurie and Rachel Willmer's diff --git a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn index 0163727..e2c2682 100644 --- a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn +++ b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn @@ -35,9 +35,17 @@ which means that we can cleanly test whether the proposed [handling of passphrase-locked secret keys](bugs/handle-passphrase-locked-secret-keys/) is functional. With that in mind, I'd like to propose that we could resolve this bug -simply by adding a new subcommand: `monkeysphere authkey-to-agent`, +simply by adding a new subcommand: `monkeysphere subkey-to-ssh-agent`, which would fail in the absence of a functionally-patched GnuTLS. Would this proposal be sufficient to resolve this bug? --dkg + +--- + +Version 0.11-1 now has the `monkeysphere subkey-to-ssh-agent` +subcommand, which works cleanly in the presence of a +functionally-patched GnuTLS. + +--dkg -- 2.25.1