diff options
author | Martin Wilke <miwi@FreeBSD.org> | 2009-03-10 07:45:27 +0000 |
---|---|---|
committer | Martin Wilke <miwi@FreeBSD.org> | 2009-03-10 07:45:27 +0000 |
commit | c041c07d224b5924f6b9936ac331b4a272d3ae11 (patch) | |
tree | f58327ebdfd7a3445d5f9bc5a307581282c57309 /security/monkeysphere | |
parent | af4b03f9c56197b975bcd6c8fa66dfeef6d60b13 (diff) | |
download | ports-c041c07d224b5924f6b9936ac331b4a272d3ae11.tar.gz ports-c041c07d224b5924f6b9936ac331b4a272d3ae11.zip |
SSH key-based authentication is tried-and-true, but it lacks a true
Public Key Infrastructure for key certification, revocation and
expiration. Monkeysphere is a framework that uses the OpenPGP web of
trust for these PKI functions. It can be used in both directions: for
users to get validated host keys, and for hosts to authenticate users.
WWW: http://web.monkeysphere.info/
PR: ports/128406
Submitted by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Notes
Notes:
svn path=/head/; revision=229822
Diffstat (limited to 'security/monkeysphere')
-rw-r--r-- | security/monkeysphere/Makefile | 72 | ||||
-rw-r--r-- | security/monkeysphere/distinfo | 3 | ||||
-rw-r--r-- | security/monkeysphere/files/patch-src_monkeysphere-host | 11 | ||||
-rw-r--r-- | security/monkeysphere/files/patch-src_share_keytrans | 11 | ||||
-rw-r--r-- | security/monkeysphere/pkg-deinstall | 29 | ||||
-rw-r--r-- | security/monkeysphere/pkg-descr | 7 | ||||
-rw-r--r-- | security/monkeysphere/pkg-install | 64 | ||||
-rw-r--r-- | security/monkeysphere/pkg-plist | 49 |
8 files changed, 246 insertions, 0 deletions
diff --git a/security/monkeysphere/Makefile b/security/monkeysphere/Makefile new file mode 100644 index 000000000000..65d71f4bcef6 --- /dev/null +++ b/security/monkeysphere/Makefile @@ -0,0 +1,72 @@ +# New ports collection makefile for: monkeysphere +# Date created: 2008-09-11 23:38:27-0400 +# Whom: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# $FreeBSD$ +# + +PORTNAME= monkeysphere +PORTVERSION= 0.24 +CATEGORIES= security +MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ +# hack for debian orig tarballs +DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz + +MAINTAINER= dkg@fifthhorseman.net +COMMENT= Use the OpenPGP web of trust to verify ssh connections + +RUN_DEPENDS= gpg:${PORTSDIR}/security/gnupg1 \ + lockfile:${PORTSDIR}/mail/procmail \ + bash:${PORTSDIR}/shells/bash \ + ${SITE_PERL}/${PERL_ARCH}/Crypt/OpenSSL/RSA.pm:${PORTSDIR}/security/p5-Crypt-OpenSSL-RSA \ + ${SITE_PERL}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1 + +MAN1= monkeysphere.1 openpgp2ssh.1 pem2openpgp.1 +MAN7= monkeysphere.7 +MAN8= monkeysphere-host.8 monkeysphere-authentication.8 +MANCOMPRESSED= yes + +MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample + +# use proper system paths for FreeBSD instead of debian's: +post-patch: + @${REINPLACE_CMD} -e 's|/etc/monkeysphere|/usr/local/etc/monkeysphere|g' \ + ${WRKSRC}/src/share/defaultenv \ + ${WRKSRC}/src/transitions/0.23 \ + ${WRKSRC}/man/man1/monkeysphere.1 \ + ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ + ${WRKSRC}/man/man8/monkeysphere-host.8 \ + ${WRKSRC}/etc/monkeysphere-authentication.conf + @${REINPLACE_CMD} -e 's|/var/lib/monkeysphere|/var/monkeysphere|g' \ + ${WRKSRC}/src/transitions/0.23 \ + ${WRKSRC}/man/man1/monkeysphere.1 \ + ${WRKSRC}/man/man8/monkeysphere-authentication.8 \ + ${WRKSRC}/man/man8/monkeysphere-host.8 \ + ${WRKSRC}/src/monkeysphere-host \ + ${WRKSRC}/src/monkeysphere-authentication \ + ${WRKSRC}/doc/getting-started-admin.mdwn + @${REINPLACE_CMD} -e 's|/usr/share/monkeysphere|/usr/local/share/monkeysphere|g' \ + ${WRKSRC}/src/monkeysphere-host \ + ${WRKSRC}/src/monkeysphere-authentication \ + ${WRKSRC}/src/monkeysphere + # and clean up cruft from the sed replacements: + ${FIND} ${WRKSRC} -name '*.bak' -delete + +post-install: + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-host.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-authentication.conf ; \ + fi +.if !defined(PACKAGE_BUILDING) + @${SETENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL +.endif + +post-deinstall: + @${SETENV} ${SH} ${PKGDEINSTALL} ${PKGNAME} POST-DEINSTALL + +.include <bsd.port.mk> diff --git a/security/monkeysphere/distinfo b/security/monkeysphere/distinfo new file mode 100644 index 000000000000..a0a9df9e98e6 --- /dev/null +++ b/security/monkeysphere/distinfo @@ -0,0 +1,3 @@ +MD5 (monkeysphere_0.24.orig.tar.gz) = 8590532f4702fa44027a6a583657c9ef +SHA256 (monkeysphere_0.24.orig.tar.gz) = 2a58cee998ddb1b21b953826fc746a743e17d94e6fa34ac9cbee4262873b5c5f +SIZE (monkeysphere_0.24.orig.tar.gz) = 86044 diff --git a/security/monkeysphere/files/patch-src_monkeysphere-host b/security/monkeysphere/files/patch-src_monkeysphere-host new file mode 100644 index 000000000000..9414c7355010 --- /dev/null +++ b/security/monkeysphere/files/patch-src_monkeysphere-host @@ -0,0 +1,11 @@ +--- src/monkeysphere-host ++++ src/monkeysphere-host +@@ -103,7 +103,7 @@ update_gpg_pub_file() { + load_fingerprint() { + if [ -f "$HOST_KEY_FILE" ] ; then + HOST_FINGERPRINT=$( \ +- (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \ ++ (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \ + && gpg --quiet --import \ + && gpg --quiet --list-keys --with-colons --with-fingerprint \ + && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \ diff --git a/security/monkeysphere/files/patch-src_share_keytrans b/security/monkeysphere/files/patch-src_share_keytrans new file mode 100644 index 000000000000..9d584acbeed6 --- /dev/null +++ b/security/monkeysphere/files/patch-src_share_keytrans @@ -0,0 +1,11 @@ +--- src/share/keytrans 2009-03-01 13:39:50.000000000 -0500 ++++ src/share/keytrans 2009-03-10 00:39:53.681890554 -0400 +@@ -199,7 +199,7 @@ + sub simple_checksum { + my $bytes = shift; + +- return unpack("%32W*",$bytes) % 65536; ++ return unpack("%32U*",$bytes) % 65536; + } + + # calculate the multiplicative inverse of a mod b this is euclid's diff --git a/security/monkeysphere/pkg-deinstall b/security/monkeysphere/pkg-deinstall new file mode 100644 index 000000000000..3e69eabbb1dd --- /dev/null +++ b/security/monkeysphere/pkg-deinstall @@ -0,0 +1,29 @@ +#!/bin/sh + +# a package removal script for monkeysphere (borrowing from +# monkeysphere's debian/monkeysphere.postrm) + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Copyright 2008,2009 + +# FIXME: is /var/monkeysphere the right place for this stuff on +# FreeBSD? +VARLIB="/var/monkeysphere" + + +case $2 in +POST-DEINSTALL) + USER=monkeysphere +# FIXME: This doesn't do anything! Under what circumstances do we +# want to actually automatically purge all of /var/monkeysphere? + +# (note: FreeBSD does not seem to want the package-specific user to be +# purged at package removal) + if pw user show "${USER}" 2>/dev/null >/dev/null; then + echo "Warning: If you will *NOT* use this package anymore, please remove the monkeysphere user manually." + fi + if [ -d "$VARLIB" ] ; then + echo "Warning: You may want to remove monkeysphere's cached authentication data and keyrings in $VARLIB" + fi +;; +esac diff --git a/security/monkeysphere/pkg-descr b/security/monkeysphere/pkg-descr new file mode 100644 index 000000000000..9adc44f32979 --- /dev/null +++ b/security/monkeysphere/pkg-descr @@ -0,0 +1,7 @@ +SSH key-based authentication is tried-and-true, but it lacks a true +Public Key Infrastructure for key certification, revocation and +expiration. Monkeysphere is a framework that uses the OpenPGP web of +trust for these PKI functions. It can be used in both directions: for +users to get validated host keys, and for hosts to authenticate users. + +WWW: http://web.monkeysphere.info/ diff --git a/security/monkeysphere/pkg-install b/security/monkeysphere/pkg-install new file mode 100644 index 000000000000..435c69ad12c0 --- /dev/null +++ b/security/monkeysphere/pkg-install @@ -0,0 +1,64 @@ +#!/bin/sh + +# an installation script for monkeysphere (borrowing liberally from +# postgresql and mysql pkg-install scripts, and from monkeysphere's +# debian/monkeysphere.postinst) + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Copyright 2008,2009 + +# FIXME: is /var/monkeysphere the right place for this stuff on +# FreeBSD? + +# PostgreSQL puts its data in /usr/local/pgsql/data + +# MySQL puts its data in /var/db/mysql + +VARLIB="/var/monkeysphere" +ETCDIR="/usr/local/etc/monkeysphere" + +case $2 in +POST-INSTALL) + USER=monkeysphere + GROUP=${USER} + UID=641 + GID=${UID} + SHELL=/usr/local/bin/bash + + if pw group show "${GROUP}" >/dev/null 2>&1; then + echo "You already have a group \"${GROUP}\", so I will use it." + else + if pw groupadd ${GROUP} -g ${GID}; then + echo "Added group \"${GROUP}\"." + else + echo "Adding group \"${GROUP}\" failed..." + exit 1 + fi + fi + + if pw user show "${USER}" >/dev/null 2>&1; then + oldshell=`pw user show "${USER}" 2>/dev/null | cut -f10 -d:` + if [ x"$oldshell" != x"$SHELL" ]; then + echo "You already have a \"${USER}\" user, but its shell is '$oldshell'." + echo "This package requires that \"${USER}\"'s shell be '$SHELL'." + echo "You should fix this by hand and then re-install the package." + echo " hint: pw usermod '$USER' -s '$SHELL'" + exit 1 + fi + echo "You already have a user \"${USER}\" with the proper shell, so I will use it." + else + if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ + -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,," + then + echo "Added user \"${USER}\"." + else + echo "Adding user \"${USER}\" failed..." + exit 1 + fi + fi + + ## set up the monkeysphere authentication cache directory: + + monkeysphere-authentication setup + ;; +esac diff --git a/security/monkeysphere/pkg-plist b/security/monkeysphere/pkg-plist new file mode 100644 index 000000000000..95afa0111dd0 --- /dev/null +++ b/security/monkeysphere/pkg-plist @@ -0,0 +1,49 @@ +sbin/monkeysphere-host +sbin/monkeysphere-authentication +share/doc/monkeysphere/TODO +share/doc/monkeysphere/MonkeySpec +share/doc/monkeysphere/getting-started-user.mdwn +share/doc/monkeysphere/getting-started-admin.mdwn +bin/openpgp2ssh +bin/pem2openpgp +bin/monkeysphere +share/monkeysphere/mh/publish_key +share/monkeysphere/mh/import_key +share/monkeysphere/mh/set_expire +share/monkeysphere/mh/diagnostics +share/monkeysphere/mh/add_hostname +share/monkeysphere/mh/add_revoker +share/monkeysphere/mh/revoke_hostname +share/monkeysphere/mh/revoke_key +share/monkeysphere/keytrans +share/monkeysphere/defaultenv +share/monkeysphere/VERSION +share/monkeysphere/transitions/0.23 +share/monkeysphere/transitions/README.txt +share/monkeysphere/ma/list_certifiers +share/monkeysphere/ma/add_certifier +share/monkeysphere/ma/update_users +share/monkeysphere/ma/setup +share/monkeysphere/ma/remove_certifier +share/monkeysphere/ma/diagnostics +share/monkeysphere/common +share/monkeysphere/m/gen_subkey +share/monkeysphere/m/ssh_proxycommand +share/monkeysphere/m/subkey_to_ssh_agent +share/monkeysphere/m/import_subkey +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere.conf.sample %D/etc/monkeysphere/monkeysphere.conf; then rm -f %D/etc/monkeysphere/monkeysphere.conf; fi +etc/monkeysphere/monkeysphere.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere.conf ] ; then cp -p %D/%F %B/monkeysphere.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-host.conf.sample %D/etc/monkeysphere/monkeysphere-host.conf; then rm -f %D/etc/monkeysphere/monkeysphere-host.conf; fi +etc/monkeysphere/monkeysphere-host.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-host.conf ] ; then cp -p %D/%F %B/monkeysphere-host.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-authentication.conf.sample %D/etc/monkeysphere/monkeysphere-authentication.conf; then rm -f %D/etc/monkeysphere/monkeysphere-authentication.conf; fi +etc/monkeysphere/monkeysphere-authentication.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-authentication.conf ] ; then cp -p %D/%F %B/monkeysphere-authentication.conf; fi +@dirrm share/doc/monkeysphere +@dirrm share/monkeysphere/transitions +@dirrm share/monkeysphere/mh +@dirrm share/monkeysphere/ma +@dirrm share/monkeysphere/m +@dirrm share/monkeysphere +@dirrm etc/monkeysphere |