--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package monkeysphere/0.37-2
- From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Date: Wed, 08 Jul 2015 15:31:57 -0400
- Message-id: <20150708193157.9208.11918.reportbug@alice.fifthhorseman.net>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
On some systems, #778833 appears to be repeatable and reliable, though
i do not control any systems like that. I tried to fix it in 0.37-2,
and called for testing before the release of jessie, but heard no
feedback. After the release of jessie, I found out that i had failed
to actually apply the patch in question, which means that it didn't
fix things for people who have machines that exhibit #778833. 0.37-3
does apparently fix things for those people.
Furthermore, the sshd_config settings suggested by
monkeysphere-authentication diagnostics can be improved for the
version of sshd in jesse, as noted upstream and in 0.37-3 (in
testing/unstable).
The debdiff between 0.37-2 and 0.37-3 (attached here) should improve
the situation for users of monkeysphere on jessie. Is it OK to upload
0.37-3 as 0.37-2+deb8u1? or should i more narrowly-target just
#778833 (a clear bug that prevents package installation on some
platforms) and leave jessie monkeysphere-authentication diagnostics
with subpotimal sshd_config suggestions?
Sorry for this hassle.
Regards,
--dkg
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru monkeysphere-0.37/debian/changelog monkeysphere-0.37/debian/changelog
--- monkeysphere-0.37/debian/changelog 2014-11-27 15:01:49.000000000 -0500
+++ monkeysphere-0.37/debian/changelog 2015-05-06 23:30:56.000000000 -0400
@@ -1,3 +1,14 @@
+monkeysphere (0.37-3) unstable; urgency=medium
+
+ * actually patch log() to consume all stdin when not given a message
+ argument (apparently the fix in 0.37-2 did not get properly applied)
+ (Closes: #778833)
+ * also from usptream: improve monkeysphere-authentication diagnostic
+ checks.
+ * wrap-and-sort for a cleaner debian/
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 06 May 2015 23:14:57 -0400
+
monkeysphere (0.37-2) unstable; urgency=medium
* patch from upstream: log() should consume all stdin when not given a
diff -Nru monkeysphere-0.37/debian/control monkeysphere-0.37/debian/control
--- monkeysphere-0.37/debian/control 2014-11-27 15:01:33.000000000 -0500
+++ monkeysphere-0.37/debian/control 2015-05-06 23:30:02.000000000 -0400
@@ -3,33 +3,29 @@
Priority: extra
Maintainer: Jameson Rollins <jrollins@finestructure.net>
Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Build-Depends: debhelper (>= 9~),
- cpio,
- socat,
- openssh-server,
- gnupg (>= 1.4.10),
- libcrypt-openssl-rsa-perl,
- libdigest-sha-perl,
- lockfile-progs | procmail,
- openssl,
- bash (>= 3.2)
+Build-Depends: bash (>= 3.2),
+ cpio,
+ debhelper (>= 9~),
+ gnupg (>= 1.4.10),
+ libcrypt-openssl-rsa-perl,
+ libdigest-sha-perl,
+ lockfile-progs | procmail,
+ openssh-server,
+ openssl,
+ socat
Standards-Version: 3.9.6
Homepage: http://web.monkeysphere.info/
Vcs-Git: git://git.monkeysphere.info/monkeysphere
Package: monkeysphere
Architecture: all
-Depends:
- gnupg (>= 1.4.10),
- libcrypt-openssl-rsa-perl,
- libdigest-sha-perl,
- lockfile-progs | procmail,
- adduser,
- ${misc:Depends}
-Recommends: netcat | socat,
- ssh-askpass,
- cron,
- openssh-client
+Depends: adduser,
+ gnupg (>= 1.4.10),
+ libcrypt-openssl-rsa-perl,
+ libdigest-sha-perl,
+ lockfile-progs | procmail,
+ ${misc:Depends}
+Recommends: cron, netcat | socat, openssh-client, ssh-askpass
Suggests: monkeysphere-validation-agent
Enhances: openssh-client, openssh-server
Description: leverage the OpenPGP web of trust for SSH and TLS authentication
@@ -40,6 +36,6 @@
for users to get validated host keys, and for hosts to authenticate
users. Current monkeysphere SSH tools are designed to integrate
with the OpenSSH implementation of the Secure Shell protocol.
- .
+ .
Monkeysphere can also be used by a validation agent to validate TLS
connections (e.g. https).
diff -Nru monkeysphere-0.37/debian/monkeysphere.dirs monkeysphere-0.37/debian/monkeysphere.dirs
--- monkeysphere-0.37/debian/monkeysphere.dirs 2014-11-27 14:51:28.000000000 -0500
+++ monkeysphere-0.37/debian/monkeysphere.dirs 2015-05-06 23:30:02.000000000 -0400
@@ -1,12 +1,12 @@
-var/lib/monkeysphere
+etc/X11
+etc/X11/Xsession.d
+etc/monkeysphere
usr/bin
usr/sbin
usr/share
-usr/share/monkeysphere
usr/share/man
usr/share/man/man1
usr/share/man/man7
usr/share/man/man8
-etc/monkeysphere
-etc/X11
-etc/X11/Xsession.d
+usr/share/monkeysphere
+var/lib/monkeysphere
diff -Nru monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch
--- monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch 1969-12-31 19:00:00.000000000 -0500
+++ monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch 2015-05-06 23:11:50.000000000 -0400
@@ -0,0 +1,56 @@
+From e7b1fd672161872c874cb2b28a7277ead47e4f0a Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Wed, 26 Nov 2014 19:35:24 -0500
+Subject: [PATCH 1/2] Always consume stdin when log is called without a message
+ argument
+
+See the discussion about this in https://bugs.debian.org/635711
+
+I'm hoping this will resolve the intermittent SIGPIPEs plaguing
+monkeysphere's postinst.
+
+I'm still unable to reproduce the problem. If people who can
+reproduce the problem could try this patch and report back if it fixes
+things for them, that would be great.
+---
+ src/share/common | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/share/common b/src/share/common
+index e377ff3..2ea097e 100755
+--- a/src/share/common
++++ b/src/share/common
+@@ -38,6 +38,7 @@ log() {
+ local output
+ local alllevels
+ local found=
++ local written=
+
+ # don't include SILENT in alllevels: it's handled separately
+ # list in decreasing verbosity (all caps).
+@@ -50,6 +51,9 @@ log() {
+
+ # just go ahead and return if the log level is silent
+ if [ "$LOG_LEVEL" = 'SILENT' ] ; then
++ if [ ! "$2" ] ; then
++ cat >/dev/null
++ fi
+ return
+ fi
+
+@@ -81,8 +85,12 @@ log() {
+ else
+ cat
+ fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
++ written=true
+ fi
+ done
++ if [ "$written" != 'true' -a ! "$1" ]; then
++ cat >/dev/null
++ fi
+ }
+
+ # run command as monkeysphere user
+--
+2.1.4
+
diff -Nru monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch
--- monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch 2014-11-27 14:52:29.000000000 -0500
+++ monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch 1969-12-31 19:00:00.000000000 -0500
@@ -1,50 +0,0 @@
-commit e7b1fd672161872c874cb2b28a7277ead47e4f0a
-Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Wed Nov 26 19:35:24 2014 -0500
-
- Always consume stdin when log is called without a message argument
-
- See the discussion about this in https://bugs.debian.org/635711
-
- I'm hoping this will resolve the intermittent SIGPIPEs plaguing
- monkeysphere's postinst.
-
- I'm still unable to reproduce the problem. If people who can
- reproduce the problem could try this patch and report back if it fixes
- things for them, that would be great.
-
-diff --git a/src/share/common b/src/share/common
-index e377ff3..2ea097e 100755
---- a/src/share/common
-+++ b/src/share/common
-@@ -38,6 +38,7 @@ log() {
- local output
- local alllevels
- local found=
-+ local written=
-
- # don't include SILENT in alllevels: it's handled separately
- # list in decreasing verbosity (all caps).
-@@ -50,6 +51,9 @@ log() {
-
- # just go ahead and return if the log level is silent
- if [ "$LOG_LEVEL" = 'SILENT' ] ; then
-+ if [ ! "$2" ] ; then
-+ cat >/dev/null
-+ fi
- return
- fi
-
-@@ -81,8 +85,12 @@ log() {
- else
- cat
- fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
-+ written=true
- fi
- done
-+ if [ "$written" != 'true' -a ! "$1" ]; then
-+ cat >/dev/null
-+ fi
- }
-
- # run command as monkeysphere user
diff -Nru monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch
--- monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch 1969-12-31 19:00:00.000000000 -0500
+++ monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch 2015-05-06 23:11:50.000000000 -0400
@@ -0,0 +1,29 @@
+From 321b5dca3604699a1abd8e60cfcf196b005f60c7 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Tue, 5 May 2015 12:11:00 -0400
+Subject: [PATCH 2/2] fix diagnostic check and recommendation for good
+ authorizedkeysfile in sshd_config
+
+---
+ src/share/ma/diagnostics | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics
+index abf207e..a59244a 100644
+--- a/src/share/ma/diagnostics
++++ b/src/share/ma/diagnostics
+@@ -122,9 +122,9 @@ echo "Checking for Monkeysphere-enabled public-key authentication for users ..."
+ # Ensure that User ID authentication is enabled:
+ if echo "AuthorizedKeysFile foo bar" | /usr/sbin/sshd -t -f /dev/stdin; then
+ # OpenSSH >= 6.0, multiple authorized_keys file supported
+- if ! grep -q "^AuthorizedKeysFile[[:space:]]\+.*[[:space:]]\*${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
++ if ! grep -q "^AuthorizedKeysFile[[:space:]]\+.*[[:space:]]*${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
+ echo "! $sshd_config does not point to monkeysphere authorized keys."
+- echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 ${SYSDATADIR}/authorized_keys/%u'"
++ echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys2 ${SYSDATADIR}/authorized_keys/%u'"
+ problemsfound=$(($problemsfound+1))
+ fi
+ if [ "$RAW_AUTHORIZED_KEYS" != none ]; then
+--
+2.1.4
+
diff -Nru monkeysphere-0.37/debian/patches/series monkeysphere-0.37/debian/patches/series
--- monkeysphere-0.37/debian/patches/series 1969-12-31 19:00:00.000000000 -0500
+++ monkeysphere-0.37/debian/patches/series 2015-05-06 23:13:51.000000000 -0400
@@ -0,0 +1,2 @@
+0001-Always-consume-stdin-when-log-is-called-without-a-me.patch
+0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch
--- End Message ---
--- Begin Message ---
- To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 791837-done@bugs.debian.org
- Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Subject: Re: Bug#791837: jessie-pu: package monkeysphere/0.37-2
- From: Julien Cristau <jcristau@debian.org>
- Date: Sat, 20 Feb 2016 22:13:06 +0000
- Message-id: <20160220221306.GP6200@betterave.cristau.org>
- In-reply-to: <1436901217.1935.13.camel@adam-barratt.org.uk>
- References: <20150708193157.9208.11918.reportbug@alice.fifthhorseman.net> <1436901217.1935.13.camel@adam-barratt.org.uk>
On Tue, Jul 14, 2015 at 20:13:37 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2015-07-08 at 15:31 -0400, Daniel Kahn Gillmor wrote:
> > On some systems, #778833 appears to be repeatable and reliable, though
> > i do not control any systems like that. I tried to fix it in 0.37-2,
> > and called for testing before the release of jessie, but heard no
> > feedback. After the release of jessie, I found out that i had failed
> > to actually apply the patch in question, which means that it didn't
> > fix things for people who have machines that exhibit #778833. 0.37-3
> > does apparently fix things for those people.
> >
> > Furthermore, the sshd_config settings suggested by
> > monkeysphere-authentication diagnostics can be improved for the
> > version of sshd in jesse, as noted upstream and in 0.37-3 (in
> > testing/unstable).
>
> I'm not really very keen on wrap-and-sort applications in stable
> updates, as they introduce quite a bit of noise, but the patches
> themselves look okay; please feel free to go ahead with those.
>
Looks like that upload's not happening. Closing the bug.
Cheers,
Julien
--- End Message ---