diff -Nru monkeysphere-0.39/Changelog monkeysphere-0.41/Changelog --- monkeysphere-0.39/Changelog 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/Changelog 2016-12-03 04:25:41.000000000 +0000 @@ -1,3 +1,26 @@ +monkeysphere (0.41) unstable; urgency=medium + + * pem2openpgp now includes issuer fingerprint subpacket + in hashed self-sig, more compatible with GnuPG 2.1.16 + (Closes: #846554) + * avoid blocking for entropy during test suite + (Closes: #841208) + * augment test suite for id certifier with a subkey, for better realism + * ensure that attempts to fetch primary key fingerprint only fetch + primary key fingerprint even if subkey fprs are emitted + (Closes: #846554) + * include $CPPFLAGS in agent-transfer build + + -- Daniel Kahn Gillmor Wed, 12 Oct 2016 01:12:27 -0400 + +monkeysphere (0.40) unstable; urgency=medium + + * bugfix release: + * get tests to pass against GnuPG 2.1.15 + * build more portably + + -- Daniel Kahn Gillmor Wed, 12 Oct 2016 01:12:27 -0400 + monkeysphere (0.39) unstable; urgency=medium * avoid warning about unused asprintf return value diff -Nru monkeysphere-0.39/debian/changelog monkeysphere-0.41/debian/changelog --- monkeysphere-0.39/debian/changelog 2016-08-31 17:42:35.000000000 +0000 +++ monkeysphere-0.41/debian/changelog 2018-02-04 21:20:23.000000000 +0000 @@ -1,8 +1,46 @@ -monkeysphere (0.39-1ubuntu1) yakkety; urgency=medium +monkeysphere (0.41-1ubuntu1) bionic; urgency=medium - * Fix build with ld --as-needed. + * Disable tests, fail to build the package. The tests are better + executed as autopkgtest. Closes: #841208, #861457, #613678 - -- Matthias Klose Wed, 31 Aug 2016 19:42:35 +0200 + -- Dimitri John Ledkov Sun, 04 Feb 2018 21:20:23 +0000 + +monkeysphere (0.41-1) unstable; urgency=medium + + * new upstream release + - pem2openpgp now includes issuer fingerprint subpacket + in hashed self-sig, more compatible with GnuPG 2.1.16 + (Closes: #846554) + - avoid blocking for entropy during test suite + (Closes: #841208) + - ensure that attempts to fetch primary key fingerprint only fetch + primary key fingerprint even if subkey fprs are emitted + (Closes: #846554) + * convert to debhelper 10 + * wrap-and-sort -ast + * add netcat-openbsd to Recommends (Closes: #595947) + * switch Recommends: from cron to cron-daemon (Closes: #842823) + * drop patches already applied upstream + * moved debian packaging to collab-maint for better visibility + * added debian/watch to make lintian happy + * converted debian/NEWS to not use asterisk-bulleted style + * use all hardening options during C build + + -- Daniel Kahn Gillmor Fri, 02 Dec 2016 22:58:25 -0500 + +monkeysphere (0.40-2) unstable; urgency=medium + + * try to fix kfreebsd builds + + -- Daniel Kahn Gillmor Wed, 12 Oct 2016 02:46:18 -0400 + +monkeysphere (0.40-1) unstable; urgency=medium + + * new upstream release + - build cleanly with ld --as-needed (Closes: #836228) + - tests pass with GnuPG 2.1.15 (Closes: #839790) + + -- Daniel Kahn Gillmor Wed, 12 Oct 2016 01:16:54 -0400 monkeysphere (0.39-1) unstable; urgency=medium diff -Nru monkeysphere-0.39/debian/compat monkeysphere-0.41/debian/compat --- monkeysphere-0.39/debian/compat 2016-08-30 07:14:09.000000000 +0000 +++ monkeysphere-0.41/debian/compat 2016-12-03 03:58:25.000000000 +0000 @@ -1 +1 @@ -9 +10 diff -Nru monkeysphere-0.39/debian/control monkeysphere-0.41/debian/control --- monkeysphere-0.39/debian/control 2016-08-30 07:14:09.000000000 +0000 +++ monkeysphere-0.41/debian/control 2018-02-04 21:20:18.000000000 +0000 @@ -1,37 +1,50 @@ Source: monkeysphere Section: net Priority: extra -Maintainer: Jameson Rollins -Uploaders: Daniel Kahn Gillmor -Build-Depends: bash (>= 3.2), - cpio, - debhelper (>= 9.20141010), - dpkg-dev (>= 1.17.14), - gnupg , - gnupg-agent , - libassuan-dev, - libcrypt-openssl-rsa-perl , - libdigest-sha-perl , - libgcrypt20-dev, - lockfile-progs | procmail , - openssh-server , - openssl , - socat +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Jameson Rollins +Uploaders: + Daniel Kahn Gillmor , +Build-Depends: + bash (>= 3.2), + cpio, + debhelper (>= 10~), + dpkg-dev (>= 1.17.14), + gnupg , + gnupg-agent , + libassuan-dev, + libcrypt-openssl-rsa-perl , + libdigest-sha-perl , + libgcrypt20-dev, + lockfile-progs | procmail , + openssh-server , + openssl , + socat , Standards-Version: 3.9.8 Homepage: http://web.monkeysphere.info/ -Vcs-Git: git://git.monkeysphere.info/monkeysphere +Vcs-Git: https://anonscm.debian.org/git/collab-maint/monkeysphere -b debian +Vcs-Browser: https://anonscm.debian.org/git/collab-maint/monkeysphere Package: monkeysphere Architecture: all -Depends: adduser, - gnupg, - libcrypt-openssl-rsa-perl, - libdigest-sha-perl, - lockfile-progs | procmail, - ${misc:Depends} -Recommends: agent-transfer, cron, netcat | socat, openssh-client, ssh-askpass -Suggests: monkeysphere-validation-agent -Enhances: openssh-client, openssh-server +Depends: + adduser, + gnupg, + libcrypt-openssl-rsa-perl, + libdigest-sha-perl, + lockfile-progs | procmail, + ${misc:Depends}, +Recommends: + agent-transfer, + cron-daemon, + netcat-openbsd | netcat | socat, + openssh-client, + ssh-askpass, +Suggests: + monkeysphere-validation-agent, +Enhances: + openssh-client, + openssh-server, Description: leverage the OpenPGP web of trust for SSH and TLS authentication SSH key-based authentication is tried-and-true, but it lacks a true Public Key Infrastructure for key certification, revocation and @@ -46,9 +59,16 @@ Package: agent-transfer Architecture: any -Depends: gnupg-agent (>= 2.1.0), ${misc:Depends}, ${shlibs:Depends} -Recommends: openssh-client, pinentry-curses | pinentry -Enhances: openssh-client, openssh-server +Depends: + gnupg-agent (>= 2.1.0), + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + openssh-client, + pinentry-curses | pinentry, +Enhances: + openssh-client, + openssh-server, Description: copy a secret key from GnuPG's gpg-agent to OpenSSH's ssh-agent agent-transfer is a simple utility to extract a secret key from GnuPG's gpg-agent and send it to a running ssh-agent. This is useful diff -Nru monkeysphere-0.39/debian/monkeysphere.install monkeysphere-0.41/debian/monkeysphere.install --- monkeysphere-0.39/debian/monkeysphere.install 2016-08-30 07:14:09.000000000 +0000 +++ monkeysphere-0.41/debian/monkeysphere.install 2016-12-03 03:58:25.000000000 +0000 @@ -1,9 +1,9 @@ -usr/share/monkeysphere/* -usr/share/monkeysphere/*/* +etc/monkeysphere/* usr/bin/monkeysphere +usr/bin/openpgp2pem +usr/bin/openpgp2spki usr/bin/openpgp2ssh usr/bin/pem2openpgp -usr/bin/openpgp2spki -usr/bin/openpgp2pem usr/sbin/* -etc/monkeysphere/* +usr/share/monkeysphere/* +usr/share/monkeysphere/*/* diff -Nru monkeysphere-0.39/debian/monkeysphere.manpages monkeysphere-0.41/debian/monkeysphere.manpages --- monkeysphere-0.39/debian/monkeysphere.manpages 2016-08-30 07:14:09.000000000 +0000 +++ monkeysphere-0.41/debian/monkeysphere.manpages 2016-12-03 03:58:25.000000000 +0000 @@ -1,8 +1,8 @@ debian/tmp/usr/share/man/man1/monkeysphere.1.gz -debian/tmp/usr/share/man/man1/pem2openpgp.1.gz +debian/tmp/usr/share/man/man1/openpgp2pem.1.gz +debian/tmp/usr/share/man/man1/openpgp2spki.1.gz debian/tmp/usr/share/man/man1/openpgp2ssh.1.gz -debian/tmp/usr/share/man/man8/monkeysphere-host.8.gz -debian/tmp/usr/share/man/man8/monkeysphere-authentication.8.gz +debian/tmp/usr/share/man/man1/pem2openpgp.1.gz debian/tmp/usr/share/man/man7/monkeysphere.7.gz -debian/tmp/usr/share/man/man1/openpgp2spki.1.gz -debian/tmp/usr/share/man/man1/openpgp2pem.1.gz +debian/tmp/usr/share/man/man8/monkeysphere-authentication.8.gz +debian/tmp/usr/share/man/man8/monkeysphere-host.8.gz diff -Nru monkeysphere-0.39/debian/NEWS monkeysphere-0.41/debian/NEWS --- monkeysphere-0.39/debian/NEWS 2016-08-30 07:14:09.000000000 +0000 +++ monkeysphere-0.41/debian/NEWS 2016-12-03 03:58:25.000000000 +0000 @@ -1,22 +1,25 @@ monkeysphere (0.23-1) unstable; urgency=low - * There has been a major interface and data refactoring. Please see the - man pages for details. Major changes are listed here: - * For end users: monkeysphere-ssh-proxycommand is no more. - its functionality has been folded into monkeysphere as a subcommand. - So if you are currently using: + There has been a major interface and data refactoring. Please see the + man pages for details. Major changes are listed here: + + For end users: monkeysphere-ssh-proxycommand is no more. + its functionality has been folded into monkeysphere as a subcommand. + So if you are currently using: ssh -oProxyCommand='monkeysphere-ssh-proxycommand %h %p' - please use instead: + please use instead: ssh -oProxyCommand='monkeysphere ssh-proxycommand %h %p' - * For sysadmins: monkeysphere-server has been split into - monkeysphere-host (for publishing the ssh host key of your machine) - and monkeysphere-authentication (for setting up your machine to - authenticate users via the OpenPGP Web of Trust) - * For too-curious sysadmins: the layout of /var/lib/monkeysphere has - changed dramatically. If you did any tricky tweaking of the files in - there, you probably want to check that your changes have been - preserved after the upgrade. The old files can be found in - /var/lib/monkeysphere/backup-from-0.23-transition. + + For sysadmins: monkeysphere-server has been split into + monkeysphere-host (for publishing the ssh host key of your machine) + and monkeysphere-authentication (for setting up your machine to + authenticate users via the OpenPGP Web of Trust) + + For too-curious sysadmins: the layout of /var/lib/monkeysphere has + changed dramatically. If you did any tricky tweaking of the files in + there, you probably want to check that your changes have been + preserved after the upgrade. The old files can be found in + var/lib/monkeysphere/backup-from-0.23-transition. -- Daniel Kahn Gillmor Wed, 18 Feb 2009 21:29:22 -0500 diff -Nru monkeysphere-0.39/debian/patches/ld-as-needed.diff monkeysphere-0.41/debian/patches/ld-as-needed.diff --- monkeysphere-0.39/debian/patches/ld-as-needed.diff 2016-08-31 17:42:35.000000000 +0000 +++ monkeysphere-0.41/debian/patches/ld-as-needed.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -Index: b/Makefile -=================================================================== ---- a/Makefile -+++ b/Makefile -@@ -15,14 +15,16 @@ PREFIX ?= /usr - MANPREFIX ?= $(PREFIX)/share/man - LOCALSTATEDIR ?= /var/lib - --CFLAGS += $(shell libassuan-config --cflags --libs) --CFLAGS += $(shell libgcrypt-config --cflags --libs) -+CFLAGS += $(shell libassuan-config --cflags) -+CFLAGS += $(shell libgcrypt-config --cflags) - CFLAGS += --pedantic -Wall -Werror -std=c99 -+LIBS = $(shell libassuan-config --libs) -+LIBS += $(shell libgcrypt-config --libs) - - all: src/agent-transfer/agent-transfer - - src/agent-transfer/agent-transfer: src/agent-transfer/main.c src/agent-transfer/ssh-agent-proto.h -- gcc -o $@ $(CFLAGS) $(LDFLAGS) $< -+ gcc -o $@ $(CFLAGS) $(LDFLAGS) $< $(LIBS) - - debian-package: - git buildpackage -uc -us diff -Nru monkeysphere-0.39/debian/patches/series monkeysphere-0.41/debian/patches/series --- monkeysphere-0.39/debian/patches/series 2016-08-31 17:42:35.000000000 +0000 +++ monkeysphere-0.41/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -ld-as-needed.diff diff -Nru monkeysphere-0.39/debian/rules monkeysphere-0.41/debian/rules --- monkeysphere-0.39/debian/rules 2016-08-30 07:14:09.000000000 +0000 +++ monkeysphere-0.41/debian/rules 2018-02-04 21:20:13.000000000 +0000 @@ -1,7 +1,12 @@ #!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + %: dh $@ override_dh_auto_install: dh_auto_install rm -f $(CURDIR)/debian/monkeysphere/usr/share/doc/monkeysphere/Changelog + +override_dh_auto_test: diff -Nru monkeysphere-0.39/debian/watch monkeysphere-0.41/debian/watch --- monkeysphere-0.39/debian/watch 1970-01-01 00:00:00.000000000 +0000 +++ monkeysphere-0.41/debian/watch 2016-12-03 03:58:25.000000000 +0000 @@ -0,0 +1,3 @@ +version=4 + +http://archive.monkeysphere.info/debian/pool/@PACKAGE@/m/@PACKAGE@/@PACKAGE@@ANY_VERSION@.orig@ARCHIVE_EXT@ diff -Nru monkeysphere-0.39/examples/make-x509-certreqs monkeysphere-0.41/examples/make-x509-certreqs --- monkeysphere-0.39/examples/make-x509-certreqs 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/examples/make-x509-certreqs 2016-12-03 04:25:41.000000000 +0000 @@ -92,6 +92,6 @@ # default to looking for https keys. proto="${1:-https}" -for fpr in $(gpg --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | grep '^fpr:' | cut -f10 -d:); do +for fpr in $(gpg --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }'); do gencertreq "$fpr" done diff -Nru monkeysphere-0.39/.gitignore monkeysphere-0.41/.gitignore --- monkeysphere-0.39/.gitignore 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/.gitignore 2016-12-03 04:25:41.000000000 +0000 @@ -1,2 +1,3 @@ *~ src/agent-transfer/agent-transfer +replaced/ diff -Nru monkeysphere-0.39/Makefile monkeysphere-0.41/Makefile --- monkeysphere-0.39/Makefile 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/Makefile 2016-12-03 04:25:41.000000000 +0000 @@ -15,14 +15,22 @@ MANPREFIX ?= $(PREFIX)/share/man LOCALSTATEDIR ?= /var/lib -CFLAGS += $(shell libassuan-config --cflags --libs) -CFLAGS += $(shell libgcrypt-config --cflags --libs) +CFLAGS += $(shell libassuan-config --cflags) +CFLAGS += $(shell libgcrypt-config --cflags) CFLAGS += --pedantic -Wall -Werror -std=c99 +LIBS += $(shell libassuan-config --libs) +LIBS += $(shell libgcrypt-config --libs) -all: src/agent-transfer/agent-transfer +REPLACEMENTS = src/monkeysphere src/monkeysphere-host \ +src/monkeysphere-authentication src/share/defaultenv $(wildcard \ +src/transitions/*) + +REPLACED_COMPRESSED_MANPAGES = $(addsuffix .gz,$(addprefix replaced/,$(wildcard man/*/*))) + +all: src/agent-transfer/agent-transfer $(addprefix replaced/,$(REPLACEMENTS)) $(REPLACED_COMPRESSED_MANPAGES) src/agent-transfer/agent-transfer: src/agent-transfer/main.c src/agent-transfer/ssh-agent-proto.h - gcc -o $@ $(CFLAGS) $(LDFLAGS) $< + gcc -o $@ $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< $(LIBS) debian-package: git buildpackage -uc -us @@ -37,9 +45,20 @@ clean: rm -f src/agent-transfer/agent-transfer + rm -rf replaced/ # clean up old monkeysphere packages lying around as well. rm -f monkeysphere_* +replaced/%: % + mkdir -p $(dir $@) + sed < $< > $@ \ + -e 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' \ + -e 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' \ + -e 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' + +replaced/%.gz: replaced/% + gzip -n $< + # this target is to be called from the tarball, not from the git # working dir! install: all installman @@ -48,17 +67,12 @@ mkdir -p $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere printf "Monkeysphere %s\n" $(MONKEYSPHERE_VERSION) > $(DESTDIR)$(PREFIX)/share/monkeysphere/VERSION - install src/monkeysphere $(DESTDIR)$(PREFIX)/bin - sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere - install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin - sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host - install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin - sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication + install replaced/src/monkeysphere $(DESTDIR)$(PREFIX)/bin + install replaced/src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin + install replaced/src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere - install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere - sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv - sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/defaultenv + install -m 0644 replaced/src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp @@ -66,9 +80,7 @@ ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2pem ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2spki install -m 0755 src/agent-transfer/agent-transfer $(DESTDIR)$(PREFIX)/bin - install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions - sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23 - sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28 + install -m 0744 replaced/src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh @@ -80,26 +92,13 @@ install -m 0644 etc/monkeysphere-host.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-host.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-authentication.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-authentication.conf$(ETCSUFFIX) -installman: +installman: $(REPLACED_COMPRESSED_MANPAGES) mkdir -p $(DESTDIR)$(MANPREFIX)/man1 $(DESTDIR)$(MANPREFIX)/man7 $(DESTDIR)$(MANPREFIX)/man8 - gzip -n man/*/* - install man/man1/* $(DESTDIR)$(MANPREFIX)/man1 - install man/man7/* $(DESTDIR)$(MANPREFIX)/man7 - install man/man8/* $(DESTDIR)$(MANPREFIX)/man8 - ln -s openpgp2ssh.1.gz $(DESTDIR)$(MANPREFIX)/man1/openpgp2pem.1.gz - ln -s openpgp2ssh.1.gz $(DESTDIR)$(MANPREFIX)/man1/openpgp2spki.1.gz - gzip -d man/*/* - gzip -d $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1.gz - sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1 - gzip -n $(DESTDIR)$(MANPREFIX)/man1/monkeysphere.1 - gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8.gz - sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8 - sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8 - gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-host.8 - gzip -d $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8.gz - sed -i 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8 - sed -i 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8 - gzip -n $(DESTDIR)$(MANPREFIX)/man8/monkeysphere-authentication.8 + install replaced/man/man1/* $(DESTDIR)$(MANPREFIX)/man1 + install replaced/man/man7/* $(DESTDIR)$(MANPREFIX)/man7 + install replaced/man/man8/* $(DESTDIR)$(MANPREFIX)/man8 + ln -sf openpgp2ssh.1.gz $(DESTDIR)$(MANPREFIX)/man1/openpgp2pem.1.gz + ln -sf openpgp2ssh.1.gz $(DESTDIR)$(MANPREFIX)/man1/openpgp2spki.1.gz # this target depends on you having the monkeysphere-docs # repo checked out as a peer of your monkeysphere repo. diff -Nru monkeysphere-0.39/src/agent-transfer/main.c monkeysphere-0.41/src/agent-transfer/main.c --- monkeysphere-0.39/src/agent-transfer/main.c 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/agent-transfer/main.c 2016-12-03 04:25:41.000000000 +0000 @@ -91,7 +91,7 @@ } #ifdef PATH_MAX -#define BUFSIZE PATHMAX +#define BUFSIZE PATH_MAX #else #define BUFSIZE 4096 #endif @@ -464,7 +464,8 @@ fprintf (stderr, "Could not open a socket file descriptor\n"); return ret; } - if (-1 == connect (ret, &sockaddr, sizeof(sockaddr))) { + if (-1 == connect (ret, (const struct sockaddr*)(&sockaddr), + sizeof(sockaddr))) { fprintf (stderr, "Failed to connect to ssh agent socket %s\n", sock_name); close (ret); return -1; @@ -673,8 +674,10 @@ } if (!args.comment) { - err = asprintf (&alt_comment, "GnuPG keygrip %s", args.keygrip); - if (err < 0) { + int bytes_printed = asprintf (&alt_comment, + "GnuPG keygrip %s", + args.keygrip); + if (bytes_printed < 0) { fprintf (stderr, "failed to generate key comment\n"); return 1; } diff -Nru monkeysphere-0.39/src/monkeysphere-authentication monkeysphere-0.41/src/monkeysphere-authentication --- monkeysphere-0.39/src/monkeysphere-authentication 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/monkeysphere-authentication 2016-12-03 04:25:41.000000000 +0000 @@ -97,7 +97,7 @@ log debug "determining core key fingerprint..." gpg_core --list-secret-key --with-colons \ --with-fingerprint \ - | grep ^fpr: | cut -d: -f10 + | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }' } # export signatures from core to sphere diff -Nru monkeysphere-0.39/src/monkeysphere-host monkeysphere-0.41/src/monkeysphere-host --- monkeysphere-0.39/src/monkeysphere-host 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/monkeysphere-host 2016-12-03 04:25:41.000000000 +0000 @@ -95,7 +95,7 @@ update_pgp_pub_file() { log debug "updating openpgp public key file '$HOST_KEY_FILE'..." gpg_host --export --armor --export-options export-minimal \ - $(gpg_host --list-secret-keys --with-colons --fingerprint | grep ^fpr | cut -f10 -d:) \ + $(gpg_host --list-secret-keys --with-colons --fingerprint | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }') \ > "$HOST_KEY_FILE" } @@ -234,7 +234,7 @@ local fingerprint if gpgOut=$(gpg_host_list_keys "=${userID}" 2>/dev/null) ; then - fingerprint=$(echo "$gpgOut" | grep '^fpr:' | cut -d: -f10) + fingerprint=$(echo "$gpgOut" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }') if [ "$PROMPT" != "false" ] ; then printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$userID" "$fingerprint" >&2 read OK; OK=${OK:=N} @@ -302,7 +302,7 @@ # get the gpg fingerprint if gpg --quiet --list-keys \ --with-colons --with-fingerprint "$id" \ - | grep '^fpr:' | cut -d: -f10 > "$GNUPGHOME"/fingerprint ; then + | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }' > "$GNUPGHOME"/fingerprint ; then fingerprint=$(cat "$GNUPGHOME"/fingerprint) else failure "ID '$id' not found." diff -Nru monkeysphere-0.39/src/openpgp2ssh monkeysphere-0.41/src/openpgp2ssh --- monkeysphere-0.39/src/openpgp2ssh 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/openpgp2ssh 2016-12-03 04:25:41.000000000 +0000 @@ -184,6 +184,7 @@ features => 30, signature_target => 31, embedded_signature => 32, + issuer_fpr => 33, }; # bitstring (see RFC 4880 section 5.2.3.24) @@ -580,10 +581,13 @@ if ($key_timestamp > $sig_timestamp) { die "key timestamp must not be later than signature timestamp\n"; } + my $v4_fpr = fingerprint($rsa, $key_timestamp); my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $sig_timestamp); - my $hashed_subs = $creation_time_packet.$args->{hashed_subpackets}; + my $issuer_fpr_packet = pack('CCCa20', 22, $subpacket_types->{issuer_fpr}, 4, $v4_fpr); + + my $hashed_subs = $issuer_fpr_packet.$creation_time_packet.$args->{hashed_subpackets}; my $subpacket_octets = pack('n', length($hashed_subs)); @@ -603,7 +607,7 @@ my $key_data = make_packet($packet_types->{pubkey}, $pubkey, {'packet_length'=>2}); # take the last 8 bytes of the fingerprint as the keyid: - my $keyid = substr(fingerprint($rsa, $key_timestamp), 20 - 8, 8); + my $keyid = substr($v4_fpr, 20 - 8, 8); # the v4 signature trailer is: diff -Nru monkeysphere-0.39/src/pem2openpgp monkeysphere-0.41/src/pem2openpgp --- monkeysphere-0.39/src/pem2openpgp 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/pem2openpgp 2016-12-03 04:25:41.000000000 +0000 @@ -184,6 +184,7 @@ features => 30, signature_target => 31, embedded_signature => 32, + issuer_fpr => 33, }; # bitstring (see RFC 4880 section 5.2.3.24) @@ -580,10 +581,13 @@ if ($key_timestamp > $sig_timestamp) { die "key timestamp must not be later than signature timestamp\n"; } + my $v4_fpr = fingerprint($rsa, $key_timestamp); my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $sig_timestamp); - my $hashed_subs = $creation_time_packet.$args->{hashed_subpackets}; + my $issuer_fpr_packet = pack('CCCa20', 22, $subpacket_types->{issuer_fpr}, 4, $v4_fpr); + + my $hashed_subs = $issuer_fpr_packet.$creation_time_packet.$args->{hashed_subpackets}; my $subpacket_octets = pack('n', length($hashed_subs)); @@ -603,7 +607,7 @@ my $key_data = make_packet($packet_types->{pubkey}, $pubkey, {'packet_length'=>2}); # take the last 8 bytes of the fingerprint as the keyid: - my $keyid = substr(fingerprint($rsa, $key_timestamp), 20 - 8, 8); + my $keyid = substr($v4_fpr, 20 - 8, 8); # the v4 signature trailer is: diff -Nru monkeysphere-0.39/src/share/common monkeysphere-0.41/src/share/common --- monkeysphere-0.39/src/share/common 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/share/common 2016-12-03 04:25:41.000000000 +0000 @@ -959,7 +959,7 @@ trap cleanup EXIT GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ - awk -F: '/^fpr:/{ print $10 }' + awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }' trap - EXIT cleanup } diff -Nru monkeysphere-0.39/src/share/keytrans monkeysphere-0.41/src/share/keytrans --- monkeysphere-0.39/src/share/keytrans 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/share/keytrans 2016-12-03 04:25:41.000000000 +0000 @@ -184,6 +184,7 @@ features => 30, signature_target => 31, embedded_signature => 32, + issuer_fpr => 33, }; # bitstring (see RFC 4880 section 5.2.3.24) @@ -580,10 +581,13 @@ if ($key_timestamp > $sig_timestamp) { die "key timestamp must not be later than signature timestamp\n"; } + my $v4_fpr = fingerprint($rsa, $key_timestamp); my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $sig_timestamp); - my $hashed_subs = $creation_time_packet.$args->{hashed_subpackets}; + my $issuer_fpr_packet = pack('CCCa20', 22, $subpacket_types->{issuer_fpr}, 4, $v4_fpr); + + my $hashed_subs = $issuer_fpr_packet.$creation_time_packet.$args->{hashed_subpackets}; my $subpacket_octets = pack('n', length($hashed_subs)); @@ -603,7 +607,7 @@ my $key_data = make_packet($packet_types->{pubkey}, $pubkey, {'packet_length'=>2}); # take the last 8 bytes of the fingerprint as the keyid: - my $keyid = substr(fingerprint($rsa, $key_timestamp), 20 - 8, 8); + my $keyid = substr($v4_fpr, 20 - 8, 8); # the v4 signature trailer is: diff -Nru monkeysphere-0.39/src/share/m/subkey_to_ssh_agent monkeysphere-0.41/src/share/m/subkey_to_ssh_agent --- monkeysphere-0.39/src/share/m/subkey_to_ssh_agent 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/share/m/subkey_to_ssh_agent 2016-12-03 04:25:41.000000000 +0000 @@ -50,7 +50,7 @@ # (to work around bug https://bugs.g10code.com/gnupg/issue945): secretkeys=$(gpg_user --list-secret-keys --with-colons \ --fingerprint | \ - grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') + awk -F: '/^fpr:/{ if (ok) { print "0x" $10 "!" } ; ok=0 } /^sec:/{ ok=1 }') if [ -z "$secretkeys" ]; then failure "You have no secret keys in your keyring! diff -Nru monkeysphere-0.39/src/share/ma/add_certifier monkeysphere-0.41/src/share/ma/add_certifier --- monkeysphere-0.39/src/share/ma/add_certifier 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/share/ma/add_certifier 2016-12-03 04:25:41.000000000 +0000 @@ -120,7 +120,7 @@ # get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere --list-key --with-colons --with-fingerprint "0x${keyID}!" \ - | grep '^fpr:' | cut -d: -f10) + | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }') # test that there is only a single fingerprint if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then diff -Nru monkeysphere-0.39/src/share/ma/diagnostics monkeysphere-0.41/src/share/ma/diagnostics --- monkeysphere-0.39/src/share/ma/diagnostics 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/share/ma/diagnostics 2016-12-03 04:25:41.000000000 +0000 @@ -70,7 +70,7 @@ else create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:) expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:) - fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:) + fingerprint=$(echo "$seckey" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }') # check for key expiration: if [ "$expire" ]; then if (( "$expire" < "$curdate" )); then diff -Nru monkeysphere-0.39/src/share/mh/add_revoker monkeysphere-0.41/src/share/mh/add_revoker --- monkeysphere-0.39/src/share/mh/add_revoker 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/src/share/mh/add_revoker 2016-12-03 04:25:41.000000000 +0000 @@ -77,7 +77,7 @@ # get the full fingerprint of new revoker key log debug "getting fingerprint of revoker key..." fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \ - | grep '^fpr:' | cut -d: -f10) + | awk -F: '/^fpr:/{ if (ok) { print $10 }; ok=0 } /^pub:/{ ok=1 }') # test that there is only a single fingerprint if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then diff -Nru monkeysphere-0.39/tests/home-setup/admin/secret_keyring.keys monkeysphere-0.41/tests/home-setup/admin/secret_keyring.keys --- monkeysphere-0.39/tests/home-setup/admin/secret_keyring.keys 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/tests/home-setup/admin/secret_keyring.keys 2016-12-03 04:25:41.000000000 +0000 @@ -1,5 +1,4 @@ -----BEGIN PGP PRIVATE KEY BLOCK----- -Version: GnuPG v2 lQHYBEjxFmEBBADTWxomjz77EggNTlCzxey9zYne9ISzJg06SsS4NwGb+Q92m4Ut SyHjTxNePTuPRVQIbChDGUrXx9AmEtRAZZYBW8P6kNfbt5xMcrLzYfsF0b9OnY4u @@ -16,6 +15,20 @@ 8RZhAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQNv94s3AF076ZoQQAlHT7 9lCi39qbPW4Emf4dN6YYqsI7pTuI8o3Zmmy8M0Yr5beo6DXNPvU+50/GhHJYomI6 8lafVW1AWqZmaCrz155cLvoWpTiQgWivGoqcFo4iRFtUcDFzg80U7m97mohjiD9n -EqlAFYV6BJn4pUT2GPTlR5iK52BDVDvC489GDdA= -=DQ1m +EqlAFYV6BJn4pUT2GPTlR5iK52BDVDvC489GDdCdAdgEWEElpAEEAMv4gZ3ioPBv +TV7iJAlvf2Bl6EMvnGXoxyvnoayGxgXj2cmCr2PTmtl4p0XYd61wnQl+XQGX3r54 +GsZfpjc4OMsQfvt/E+XyThJ//JkSV/uqU0dRr6cxjhvZNNyptusIEddur+ZeYkvI +Xyz2xQ2z29B7+qnYNSdPKoiYBM6aPy9JABEBAAEAA/0STOGUQNkfuVy/vpptHkvX +Yk1MeeEWY6Q7FDU1PYJW1PKdWdRSqJGkIWcgpSNXtFrilyvREMczX6NHWR2Yprqx +lEWo7yYb2Us3zOShn1GNmCpL8vtn5ft/b8vE4GQauajv6Ug9+ATE4CvBTkR/K1C7 +nIqhC0UOwFCbLD4Qy3MzYQIA0Nl2Ly5qR+T8BjrXiKJSbxf+G2Ety+TddknBLAxw +Ul5tMzbCsbEXXX5Lie3NIyLoy7RGDBvb3BHvs3HggEmt7wIA+gUTjqHIUUlYTKIg +GnbA10ZAn4VhTdQyZpwwNS1N4GHYMsJQmAX6CVPBSybGqzKCGpU16clyOaeYroic +L2EuRwH+MenAFJdzhtQfQbJJ9ymtHjAzK2lgzDqObxPV8kZdFYoEFW7GpZYA9x4m +7mMcfcvp4Fsgt4BswJJ9lgWS+dCqY5rViLYEGAEIACAWIQRCdSeclRLhS90UCYo2 +/3izcAXTvgUCWEElpAIbDAAKCRA2/3izcAXTvtuWA/9uGptsbfv0bPn6J90IvEMe +cU/UopxijmympU/G4089RmfprjhEkXWI20/xi7Y/iKp6NpLcdImIIsZouQG3CQxO +kAc81qeUJPo5eF4uAO3JBCoZkQA9hh7dAISkD35M9aip0SxHLTUd99TUl96fM1XK +k5zWszPZPe1Oz7SebbUgDg== +=fOOz -----END PGP PRIVATE KEY BLOCK----- diff -Nru monkeysphere-0.39/tests/home-setup/testuser/public_keyring.keys monkeysphere-0.41/tests/home-setup/testuser/public_keyring.keys --- monkeysphere-0.39/tests/home-setup/testuser/public_keyring.keys 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/tests/home-setup/testuser/public_keyring.keys 2016-12-03 04:25:41.000000000 +0000 @@ -1,5 +1,4 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 mI0ESPPkSQEEALmNpNQ5hko9iOy16JTV3ATS7DuYzRwBWprMlBbBh3rRofQ3Dv1U 3c2rQH+KMl2vvXhjZHl/AkFsZoE9rJW2+ituHGq1ZpqXGwZ4RChpLkfC6cj91rOq diff -Nru monkeysphere-0.39/tests/home-setup/testuser/secret_keyring.keys monkeysphere-0.41/tests/home-setup/testuser/secret_keyring.keys --- monkeysphere-0.39/tests/home-setup/testuser/secret_keyring.keys 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/tests/home-setup/testuser/secret_keyring.keys 2016-12-03 04:25:41.000000000 +0000 @@ -1,5 +1,4 @@ -----BEGIN PGP PRIVATE KEY BLOCK----- -Version: GnuPG v2 lQIGBEjz5EkBBAC5jaTUOYZKPYjsteiU1dwE0uw7mM0cAVqazJQWwYd60aH0Nw79 VN3Nq0B/ijJdr714Y2R5fwJBbGaBPayVtvorbhxqtWaalxsGeEQoaS5HwunI/daz diff -Nru monkeysphere-0.39/tests/keytrans monkeysphere-0.41/tests/keytrans --- monkeysphere-0.39/tests/keytrans 2016-08-30 07:19:50.000000000 +0000 +++ monkeysphere-0.41/tests/keytrans 2016-12-03 04:25:41.000000000 +0000 @@ -81,6 +81,8 @@ Name-Real: testtest Expire-Date: 0 +%no-ask-passphrase +%no-protection %commit %echo done EOF @@ -111,7 +113,7 @@ <(hd "$TEMPDIR"/secret.key) \ <(hd "$TEMPDIR"/converted.secret.key) -KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:) +KEYFPR=$(gpg --fingerprint --with-colons --list-keys | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }') KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40) echo "conversions look good!" @@ -140,7 +142,7 @@ sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x:::::8 EOF -diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -v ^tru | sed 's/:*$//') +diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | sed 's/:*$//') echo "##################################################" echo "### sleeping to avoid test suite breakage on fast" @@ -170,7 +172,7 @@ EOF -diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -v ^tru | sed 's/:*$//') +diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | sed 's/:*$//') echo "##################################################" @@ -206,7 +208,7 @@ EOF echo "test: diff expected gpg list output" -diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -v ^tru | sed 's/:*$//') +diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | sed 's/:*$//') sort >"$TEMPDIR"/expectedout <