[Pkg-privacy-commits] [Git][pkg-privacy-team/monkeysphere][master] 70 commits: work around gpg 2.1 breakage of monkeysphere subkey-to-ssh-agent

Daniel Kahn Gillmor dkg at debian.org
Tue Oct 16 19:01:47 BST 2018 

Daniel Kahn Gillmor pushed to branch master at Privacy Maintainers / monkeysphere


Commits:
b6a647b2 by Daniel Kahn Gillmor at 2016-04-01T18:42:21Z
work around gpg 2.1 breakage of monkeysphere subkey-to-ssh-agent

we work around by depending on gpg1 being available, which isn't a
great solution.  But i needed something to work for me right now.

- - - - -
033f9145 by Daniel Kahn Gillmor at 2016-04-02T03:24:59Z
switch to doing SHA256 OpenSSH fingerprints

- - - - -
b7384e7d by Daniel Kahn Gillmor at 2016-04-02T03:25:35Z
avoid uninitialized values when looping over inputs for sshfpr

- - - - -
78d2fcca by Daniel Kahn Gillmor at 2016-05-15T15:23:46Z
first commit

- - - - -
cc5c2695 by Daniel Kahn Gillmor at 2016-05-15T20:23:47Z
we now have the primitive elements for RSA

- - - - -
a0349d5d by Daniel Kahn Gillmor at 2016-05-15T23:17:19Z
actually talk to the ssh-agent

- - - - -
599e1baa by Daniel Kahn Gillmor at 2016-05-15T23:52:33Z
use simpler reading approach (appears to be what ssh-add uses)

- - - - -
875bf1c4 by Daniel Kahn Gillmor at 2016-05-16T00:30:36Z
select ssh-add options from the command line

- - - - -
4353b641 by Daniel Kahn Gillmor at 2016-05-16T00:31:12Z
no need to debug assuan so verbosely now

- - - - -
7e177278 by Daniel Kahn Gillmor at 2016-05-16T00:48:19Z
prompting to send the key now includes the keygrip at least

- - - - -
536ff85a by Daniel Kahn Gillmor at 2016-05-16T01:03:31Z
trying to launch gpg-agent if it is not already running

- - - - -
824eae93 by Daniel Kahn Gillmor at 2016-05-16T13:31:13Z
normalize return codes

- - - - -
161e28d9 by Daniel Kahn Gillmor at 2016-05-16T15:47:30Z
percent-plus-escape comment for prompt

- - - - -
13a3a242 by Daniel Kahn Gillmor at 2016-05-16T15:50:13Z
transferred to locations to ship with monkeysphere

- - - - -
a7d8fb41 by Daniel Kahn Gillmor at 2016-05-16T15:52:27Z
Merge remote-tracking branch 'agent-transfer/master'

- - - - -
e2b02c52 by Daniel Kahn Gillmor at 2016-05-16T16:24:33Z
improve documentation and agent-transfer behavior

- - - - -
6d9cc776 by Daniel Kahn Gillmor at 2016-06-17T06:05:40Z
build agent-transfer with c99

- - - - -
a25f514b by Daniel Kahn Gillmor at 2016-06-17T15:43:08Z
ensure that we can talk to the agent on any version of gpg

- - - - -
c7b2462b by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
revert gpg1 hackery

- - - - -
f126cecc by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
enable monkeysphere-subkey-to-ssh-agent with gpg 2.1.x

in gpg 2.1.x, subkey-to-ssh-agent doesn't work, because
export-reset-subkey-passwd was dropped.

We've now added a more performant agent-transfer tool to work in that
scenario.

- - - - -
4825d9ec by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
optimize test for capabilities

We should be listing the public key when testing for capabilities;
listing secret keys is slower and not necessary here.

- - - - -
d044a942 by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
minor improvements/speedups to subkey_to_ssh_agent

- - - - -
47de7449 by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
tests need to have the agent-transfer mechanism built

- - - - -
339c8dd8 by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
if we use 2.1.x, use --export-secret-keys instead of pulling from secring.gpg

modern versions of gpg (>= 2.1.x) do not create secring.gpg, but we
need secring.gpg for our use in add-servicename and
revoke-servicename.

If we can depend on gpg 2.1.13 and the --quick-revuid patch makes it
in, it would be better to just use gpg's --quick-adduid and
--quick-revuid, and maybe even to drop the add/revoke functionality
from keytrans for simplicity.

- - - - -
48eece7f by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
tests/basic should now be passing

- - - - -
13ac8141 by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
make tests work with gpg 2.1.x and later

- - - - -
37519ec6 by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
avoid assuming that we use gpg 1.4.x or 2.0.x in m-h show

- - - - -
2a5a1e85 by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
avoid claiming any specific storage file for secret keys for m-h

- - - - -
5cc3e56d by Daniel Kahn Gillmor at 2016-06-17T15:43:13Z
create test GnuPG homedirs cleanly

Use transferable key formats as inputs instead of assuming prior
structure of a gpg homedir, which changes depending on the version of
gpg you're using.

- - - - -
5fee2427 by Daniel Kahn Gillmor at 2016-06-17T16:55:27Z
add "make check" as an alias for "make test"

- - - - -
17a195df by Daniel Kahn Gillmor at 2016-06-17T16:55:27Z
avoid persistent gpg-agents when creating temporary GNUPGHOME

- - - - -
f227b33f by Daniel Kahn Gillmor at 2016-06-17T20:33:59Z
Shorten the testing tmpdir path to avoid socket limits

This avoids tickling the sockaddr_un.sun_path limits for me, since
when i build in ~/src/monkeysphere/monkeysphere without a TMPDIR set,
i see gpg-agent paths like:

  /home/dkg/src/monkeysphere/monkeysphere/tests/tmp/monkeyspheretest.VDc4Aek/testuser/.gnupg/S.gpg-agent

which is quite close to the limit, and:

  /home/dkg/src/monkeysphere/monkeysphere/tests/tmp/monkeyspheretest.VDc4Aek/authentication/sphere/S.gpg-agent

Which is actually over it if you include the terminating NUL

Switching from tmp/monkeyspheretest.XXXXXXX to tmp/ms.XXX gives more
breathing room (without fixing the underlying problem).

- - - - -
6682a8e2 by Daniel Kahn Gillmor at 2016-06-17T20:36:36Z
preparing upstream changelog

- - - - -
b756fd2e by Daniel Kahn Gillmor at 2016-08-07T22:24:47Z
avoid warning about unused asprintf return value

some versions of gcc produce this warning, which is treated as an
error due to our conservative defaults in Makefile:

src/agent-transfer/main.c: In function ‘main’:
src/agent-transfer/main.c:676:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
     asprintf (&alt_comment, "GnuPG keygrip %s", args.keygrip);
     ^
cc1: all warnings being treated as errors

this patch avoids the warning.

- - - - -
c75c7553 by Daniel Kahn Gillmor at 2016-08-09T00:45:07Z
avoid treating src/share/common as an executable

having src/share/common treated as an executable (commit
ed10318d3760b56e57d5e1bef04ab57761ab8bd1) was actually a terrible
idea.

In addition to causing "monkeysphere version" to print the version
number twice, it meant that any invocation of a monkeysphere command
that sourced src/share/common and had a first argument that happened
to be a function name would accidentally invoke that function.

This commit reverts that idea.

- - - - -
0e339de4 by Daniel Kahn Gillmor at 2016-08-09T13:39:45Z
ensure that this works even if SYSSHAREDIR has whitespace

- - - - -
ef3e35cd by Daniel Kahn Gillmor at 2016-08-30T06:37:16Z
Include local build of agent-transfer in $PATH (Closes: #835719)

- - - - -
fe3bf727 by Daniel Kahn Gillmor at 2016-08-30T06:55:54Z
force bash as the shell during su (Closes: #827660)

Standard installations should have the monkeysphere user's shell set
to /bin/bash (or whatever is the preferred bash) already.  But in some
stranger situations that is not the case.  This workaround should help
fix those cases, and shouldn't cause any additional problems.

- - - - -
79e44fe1 by Daniel Kahn Gillmor at 2016-08-30T07:13:45Z
preparing 0.39 release

- - - - -
b1dd8fb1 by Valo at 2016-08-31T18:01:01Z
Make tests pass with GnuPG 2.1.15

2.1.15 appears to always emit the fingerprint lines in these cases,
while 2.1.14 did not.

- - - - -
d56774b1 by Matthias Klose at 2016-08-31T21:49:03Z
build cleanly with ld --as-needed (Closes: #836228)

- - - - -
76c64fe8 by Daniel Kahn Gillmor at 2016-10-03T17:52:33Z
avoid type error

clang noticed that there was a type mismatch if you believe that
gpg_error_t is unsigned:

-------
src/agent-transfer/main.c:677:13: error: comparison of unsigned expression < 0
      is always false [-Werror,-Wtautological-compare]
    if (err < 0) {
        ~~~ ^ ~
1 error generated.
-------

Avoid this by using an independent int for the return of asprintf.

- - - - -
cb836a29 by Daniel Kahn Gillmor at 2016-10-03T17:58:03Z
agent-transfer: avoid compilation failure on OS X

on IRC, brethil reports that clang on OS X reports this failure when
compiling agent-transfer:

--------------
src/agent-transfer/main.c:467:27: error: incompatible pointer types passing 'struct sockaddr_un *' to parameter of type 'const struct sockaddr *'
      [-Werror,-Wincompatible-pointer-types]
  if (-1 == connect (ret, &sockaddr, sizeof(sockaddr))) {
                          ^~~~~~~~~
/usr/include/sys/socket.h:583:41: note: passing argument to parameter here
int     connect(int, const struct sockaddr *, socklen_t) __DARWIN_ALIAS_C( connect);
--------------

An explicit cast should address this concern.  Ah, the joys of the BSD
socket interface.

- - - - -
d089d53b by Daniel Kahn Gillmor at 2016-10-03T23:10:57Z
Avoid non-portable use of sed -i

Apparently BSD sed and GNU sed treat -i differently, and there is no
portable way to do in-place sed.  This makes me sad and necessitates a
fairly complicated workaround here.

see also:

https://unix.stackexchange.com/questions/92895/how-to-achieve-portability-with-sed-i-in-place-editing

- - - - -
9fdef256 by Daniel Kahn Gillmor at 2016-10-04T14:13:14Z
reshuffle make targets

We want "make" to do all the file generation, so that no files are
created while we're running "make install" as the superuser.

- - - - -
ae0de274 by Daniel Kahn Gillmor at 2016-10-04T14:33:03Z
More Makefile target shuffling

The installman target was generating files as well.  Move those to
their own build stage so that they get created cleanly.

- - - - -
7a39b6fc by Daniel Kahn Gillmor at 2016-10-04T14:41:09Z
ensure manpage links do not fail

when doing "make install" over an existing installation, the manpage
links were failing because the link already existed.

- - - - -
fb8e4756 by Daniel Kahn Gillmor at 2016-10-12T05:14:07Z
preparing 0.40 release

- - - - -
35c1fbf5 by Daniel Kahn Gillmor at 2016-10-12T05:14:32Z
updated utils/preparing-release notes

- - - - -
40815ff5 by Daniel Kahn Gillmor at 2016-10-12T06:44:55Z
test for PATH_MAX; use PATH_MAX!

- - - - -
d086b1d3 by Daniel Kahn Gillmor at 2016-12-02T07:32:45Z
Added issuer's full fingerprint (v4 fingerprint subpacket) to self-sig

When generating an OpenPGP certificate, include the v4 fingerprint in
its hashed subpackets.

This resolves https://bugs.debian.org/844971 when building against
GnuPG 2.1.x

- - - - -
0828eba9 by Daniel Kahn Gillmor at 2016-12-02T07:35:13Z
test suite: GnuPG should not block for entropy

https://bugs.debian.org/841208

This particular fix will only work for GnuPG 2.1.x or later, but
should be safely ignored by older versions.

- - - - -
c29b216a by Daniel Kahn Gillmor at 2016-12-02T07:43:25Z
clean up unnecessary Version: header from example keys

- - - - -
23ee8532 by Daniel Kahn Gillmor at 2016-12-02T07:46:53Z
add encryption-capable subkey to admin key for more realism in test suite

- - - - -
6d84352a by Daniel Kahn Gillmor at 2016-12-02T08:37:46Z
Look only for primary key fingerprints in most cases.

Now that GnuPG reports fingerprints for all keys in GnuPG 2.1.16 (when
using --with-colons), we need to tease out primary key fingerprints
and to discard subkey fingerprints.

- - - - -
4af56ed4 by Daniel Kahn Gillmor at 2016-12-03T04:22:13Z
update notes about how to prepare a release

- - - - -
89657e03 by Daniel Kahn Gillmor at 2016-12-03T04:22:13Z
include CPPFLAGS during C compilation

- - - - -
d5ca4b9d by Daniel Kahn Gillmor at 2016-12-03T04:22:46Z
prepare release

- - - - -
c0c005fa by Daniel Kahn Gillmor at 2016-12-05T04:58:10Z
make print_date_from_seconds_since_the_epoch deal better with bad input

- - - - -
a1e2bbc5 by Helmut Grohne at 2017-11-29T00:08:50Z
use generic compiler (closes: #883015)

See https://bugs.debian.org/883015

- - - - -
dfab82aa by Daniel Kahn Gillmor at 2018-02-28T15:38:34Z
clean up test suite failures when built against newer GnuPG

- - - - -
5605f478 by Clint Adams at 2018-09-27T00:32:17Z
Remove RSAAuthentication from test ssh config (Closes: #902318)

- - - - -
438dbdca by Antoine Beaupré at 2018-09-27T01:07:09Z
fix more gnupg2 colons changes (Closes: #902367)

- - - - -
3c328998 by Antoine Beaupré at 2018-09-27T01:36:37Z
yet more colon fixes that escaped previous inspections

- - - - -
d8fc9f28 by Antoine Beaupré at 2018-09-27T01:48:00Z
write old-style PEM files to unbreak test suite (Closes: #909700)

- - - - -
09e8ed60 by Clint Adams at 2018-09-27T02:03:30Z
Remove deprecated option from test sshd config (Closes: #902320)

- - - - -
50e53b5c by Sunil Mohan Adapa at 2018-10-16T14:57:09Z
tests: Ensure that stale sockets don't fail socat (Closes: #899060)

- - - - -
225d7704 by Daniel Kahn Gillmor at 2018-10-16T14:58:58Z
use --send-keys instead of --send (closes: #908228)

- - - - -
f427cb94 by Daniel Kahn Gillmor at 2018-10-16T15:39:19Z
prepare new release

- - - - -
d21457f8 by Daniel Kahn Gillmor at 2018-10-16T16:24:55Z
enable tests to operate on system installation

- - - - -


30 changed files:

- .gitignore
- Changelog
- Makefile
- examples/make-x509-certreqs
- + man/man1/agent-transfer.1
- man/man8/monkeysphere-host.8
- + src/agent-transfer/main.c
- + src/agent-transfer/ssh-agent-proto.h
- src/monkeysphere
- src/monkeysphere-authentication
- src/monkeysphere-host
- src/share/common
- src/share/keytrans
- src/share/m/subkey_to_ssh_agent
- src/share/ma/add_certifier
- src/share/ma/diagnostics
- src/share/ma/update_users
- src/share/mh/add_name
- src/share/mh/add_revoker
- src/share/mh/publish_key
- src/share/mh/revoke_key
- src/share/mh/revoke_name
- tests/basic
- tests/etc/ssh/sshd_config
- + tests/home-setup/admin/ownertrustdb.txt
- + tests/home-setup/admin/public_keyring.keys
- + tests/home-setup/admin/secret_keyring.keys
- + tests/home-setup/testuser/ownertrustdb.txt
- + tests/home-setup/testuser/public_keyring.keys
- + tests/home-setup/testuser/secret_keyring.keys


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/321b5dca3604699a1abd8e60cfcf196b005f60c7...d21457f8fbc86cd1fb5d3b0d20c7a8c8fad8fae6

-- 
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/monkeysphere/compare/321b5dca3604699a1abd8e60cfcf196b005f60c7...d21457f8fbc86cd1fb5d3b0d20c7a8c8fad8fae6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20181016/c38f7a57/attachment-0001.html>

More information about the Pkg-privacy-commits mailing list