git: 5ea1e5b4bbef - main - security/monkeysphere: update 0.42 to 0.43
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Feb 2022 22:15:33 UTC
The branch main has been updated by egypcio:
URL: https://cgit.FreeBSD.org/ports/commit/?id=5ea1e5b4bbefd1ac2eef64f71f70ffe3ceaab55e
commit 5ea1e5b4bbefd1ac2eef64f71f70ffe3ceaab55e
Author: Vinícius Zavam <egypcio@FreeBSD.org>
AuthorDate: 2022-02-28 22:12:47 +0000
Commit: Vinícius Zavam <egypcio@FreeBSD.org>
CommitDate: 2022-02-28 22:12:47 +0000
security/monkeysphere: update 0.42 to 0.43
* Depend on a modern version of GnuPG (>= 2.1.11) for --export-ssh-key
* Depend on OpenSSH's ssh-keygen directly for most SSH fingerprints
* Depend on OpenSSH >= 6.0 for ed25519 and "sshd -T"
* Use runuser instead of su
* Support Ed25519 authentication-capable subkeys for users
* Use https for all outbound links
* Clean up spelling
* Use 3072 bits for RSA keys everywhere by default
* Provide clearer error message for PEM2OPENPGP_NEWKEY
* Avoid locking out users unnecessarily
https://github.com/dkg/monkeysphere/tree/monkeysphere_0.43
---
security/monkeysphere/Makefile | 52 ++++++++--------
security/monkeysphere/distinfo | 6 +-
.../files/patch-examples_make-x509-certreqs | 34 -----------
.../files/patch-examples_monkeysphere-monitor-keys | 11 ----
.../files/patch-src_agent-transfer_main.c | 20 +++++++
security/monkeysphere/files/patch-src_monkeysphere | 20 -------
.../files/patch-src_monkeysphere-authentication | 20 -------
.../monkeysphere/files/patch-src_monkeysphere-host | 49 ---------------
security/monkeysphere/files/patch-src_share_common | 69 ----------------------
.../monkeysphere/files/patch-src_share_keytrans | 20 -------
.../files/patch-src_share_m_gen__subkey | 11 ----
.../files/patch-src_share_m_ssh__proxycommand | 11 ----
.../files/patch-src_share_m_subkey__to__ssh__agent | 11 ----
.../files/patch-src_share_mh_add__revoker | 35 -----------
.../files/patch-src_share_mh_publish__key | 20 -------
.../files/patch-src_share_mh_revoke__key | 29 ---------
.../monkeysphere/files/patch-src_transitions_0.23 | 67 ---------------------
security/monkeysphere/pkg-plist | 2 +-
18 files changed, 51 insertions(+), 436 deletions(-)
diff --git a/security/monkeysphere/Makefile b/security/monkeysphere/Makefile
index 156be1f05700..76a9197ea1ec 100644
--- a/security/monkeysphere/Makefile
+++ b/security/monkeysphere/Makefile
@@ -1,13 +1,14 @@
# Created by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
PORTNAME= monkeysphere
-PORTVERSION= 0.42
+PORTVERSION= 0.43
CATEGORIES= security
MAINTAINER= egypcio@FreeBSD.org
COMMENT= Use the OpenPGP web of trust to verify ssh connections
LICENSE= GPLv3
+LICENSE_FILE= ${WRKSRC}/COPYING
LIB_DEPENDS= libassuan.so:security/libassuan \
libgcrypt.so:security/libgcrypt \
@@ -15,16 +16,17 @@ LIB_DEPENDS= libassuan.so:security/libassuan \
RUN_DEPENDS= gpg2:security/gnupg \
lockfile:mail/procmail \
bash:shells/bash \
- p5-Crypt-OpenSSL-RSA>=0:security/p5-Crypt-OpenSSL-RSA \
- p5-Digest-SHA1>=0:security/p5-Digest-SHA1
+ p5-Crypt-OpenSSL-RSA>=0:security/p5-Crypt-OpenSSL-RSA
-USES= gmake shebangfix
+USES= gmake perl5 shebangfix
USE_GITHUB= yes
GH_ACCOUNT= dkg
GH_TAGNAME= ${PORTNAME}_${PORTVERSION}
-SHEBANG_FILES= src/share/checkperms src/transitions/0.23 \
- src/transitions/0.28 src/share/keytrans
+SHEBANG_FILES= src/monkeysphere* \
+ src/share/c* src/share/defaultenv src/share/keytrans \
+ src/transitions/0.23 src/transitions/0.28 \
+ tests/basic tests/common tests/keytrans tests/phony*
USERS= monkeysphere
GROUPS= monkeysphere
@@ -35,26 +37,26 @@ OPTIONS_DEFINE= DOCS
post-patch:
@${REINPLACE_CMD} -i '' 's|/etc/monkeysphere|${PREFIX}/etc/monkeysphere|g' \
- ${WRKSRC}/src/share/defaultenv \
- ${WRKSRC}/src/transitions/0.23 \
- ${WRKSRC}/man/man1/monkeysphere.1 \
- ${WRKSRC}/man/man8/monkeysphere-authentication.8 \
- ${WRKSRC}/man/man8/monkeysphere-host.8 \
- ${WRKSRC}/etc/monkeysphere-authentication.conf
- @${REINPLACE_CMD} -i '' 's|/var/lib/monkeysphere|/var/monkeysphere|g' \
- ${WRKSRC}/src/transitions/0.23 \
- ${WRKSRC}/man/man1/monkeysphere.1 \
- ${WRKSRC}/man/man8/monkeysphere-authentication.8 \
- ${WRKSRC}/man/man8/monkeysphere-host.8 \
- ${WRKSRC}/src/monkeysphere-host \
- ${WRKSRC}/src/monkeysphere-authentication
+ ${WRKSRC}/etc/*.conf ${WRKSRC}/examples/* \
+ ${WRKSRC}/man/man1/* ${WRKSRC}/man/man7/* ${WRKSRC}/man/man8/* \
+ ${WRKSRC}/src/monkeysphere* \
+ ${WRKSRC}/src/share/c* ${WRKSRC}/src/share/defaultenv ${WRKSRC}/src/share/keytrans \
+ ${WRKSRC}/src/share/m/* ${WRKSRC}/src/share/mh/* \
+ ${WRKSRC}/tests/basic ${WRKSRC}/tests/keytrans ${WRKSRC}/tests/phony*
@${REINPLACE_CMD} -i '' 's|/usr/share/monkeysphere|${PREFIX}/share/monkeysphere|g' \
- ${WRKSRC}/src/monkeysphere-host \
- ${WRKSRC}/src/monkeysphere-authentication \
- ${WRKSRC}/src/monkeysphere
- # and clean up cruft from any patches or sed replacements:
- ${FIND} ${WRKSRC} \( -name \*.bak -o -name \*.orig \) -delete
- @${REINPLACE_CMD} 's|gcc|${CC}|g' ${WRKSRC}/Makefile
+ ${WRKSRC}/etc/*.conf ${WRKSRC}/examples/* \
+ ${WRKSRC}/man/man1/* ${WRKSRC}/man/man7/* ${WRKSRC}/man/man8/* \
+ ${WRKSRC}/src/monkeysphere* \
+ ${WRKSRC}/src/share/c* ${WRKSRC}/src/share/defaultenv ${WRKSRC}/src/share/keytrans \
+ ${WRKSRC}/src/share/m/* ${WRKSRC}/src/share/mh/* \
+ ${WRKSRC}/tests/basic ${WRKSRC}/tests/keytrans ${WRKSRC}/tests/phony*
+ @${REINPLACE_CMD} -i '' 's|/var/lib/monkeysphere|/var/monkeysphere|g' \
+ ${WRKSRC}/etc/*.conf ${WRKSRC}/examples/* \
+ ${WRKSRC}/man/man1/* ${WRKSRC}/man/man7/* ${WRKSRC}/man/man8/* \
+ ${WRKSRC}/src/monkeysphere* \
+ ${WRKSRC}/src/share/c* ${WRKSRC}/src/share/defaultenv ${WRKSRC}/src/share/keytrans \
+ ${WRKSRC}/src/share/m/* ${WRKSRC}/src/share/mh/* \
+ ${WRKSRC}/tests/basic ${WRKSRC}/tests/keytrans ${WRKSRC}/tests/phony*
post-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/agent-transfer
diff --git a/security/monkeysphere/distinfo b/security/monkeysphere/distinfo
index ac36986c9689..aa59049ee6f1 100644
--- a/security/monkeysphere/distinfo
+++ b/security/monkeysphere/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1645881389
-SHA256 (dkg-monkeysphere-0.42-monkeysphere_0.42_GH0.tar.gz) = 8190047383a91c17301be8063f59b9f9c07b349853f865ce0f6d199094cfe90d
-SIZE (dkg-monkeysphere-0.42-monkeysphere_0.42_GH0.tar.gz) = 110434
+TIMESTAMP = 1646065321
+SHA256 (dkg-monkeysphere-0.43-monkeysphere_0.43_GH0.tar.gz) = 5f0d39aecda508ac23883f3255d0f43b4c1f596dbcf718f859f64114cdfa3a17
+SIZE (dkg-monkeysphere-0.43-monkeysphere_0.43_GH0.tar.gz) = 111791
diff --git a/security/monkeysphere/files/patch-examples_make-x509-certreqs b/security/monkeysphere/files/patch-examples_make-x509-certreqs
deleted file mode 100644
index 86c0cc0efe89..000000000000
--- a/security/monkeysphere/files/patch-examples_make-x509-certreqs
+++ /dev/null
@@ -1,34 +0,0 @@
---- examples/make-x509-certreqs.orig 2018-10-16 16:24:55 UTC
-+++ examples/make-x509-certreqs
-@@ -69,12 +69,12 @@ EOF
- gencertreq() {
- keyid="$1"
-
-- timestamp=$(gpg --fixed-list-mode --with-colons --list-keys "0x$keyid!" | grep ^pub: | cut -f6 -d:)
-+ timestamp=$(gpg2 --fixed-list-mode --with-colons --list-keys "0x$keyid!" | grep ^pub: | cut -f6 -d:)
-
- san=''
- primary=''
- # find all the $proto-using User IDs:
-- uids=$(gpg --fixed-list-mode --with-colons --list-keys "0x$keyid!" | \
-+ uids=$(gpg2 --fixed-list-mode --with-colons --list-keys "0x$keyid!" | \
- grep '^uid:' | cut -f10 -d: | \
- grep '^'"${proto}"'\\x3a//' | \
- sed -r -e 's!^'"${proto}"'\\x3a//!!' -e 's!:[0-9]+$!!')
-@@ -83,7 +83,7 @@ gencertreq() {
- printf "Certificate Request for TLS WWW server %s\n[OpenPGP key %s]\n" "$primary" "$keyid"
- openssl req -text -new \
- -config <(get_openssl_config "$timestamp" "$uids") \
-- -key <(gpg --export-secret-key "$keyid" | openpgp2ssh "$keyid") \
-+ -key <(gpg2 --export-secret-key "$keyid" | openpgp2ssh "$keyid") \
- -subj "/CN=${primary}/"
- }
-
-@@ -92,6 +92,6 @@ export GNUPGHOME=/var/lib/monkeysphere/host
- # default to looking for https keys.
- proto="${1:-https}"
-
--for fpr in $(gpg --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }'); do
-+for fpr in $(gpg2 --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }'); do
- gencertreq "$fpr"
- done
diff --git a/security/monkeysphere/files/patch-examples_monkeysphere-monitor-keys b/security/monkeysphere/files/patch-examples_monkeysphere-monitor-keys
deleted file mode 100644
index 9b80668e0f86..000000000000
--- a/security/monkeysphere/files/patch-examples_monkeysphere-monitor-keys
+++ /dev/null
@@ -1,11 +0,0 @@
---- examples/monkeysphere-monitor-keys.orig 2018-10-16 16:24:55 UTC
-+++ examples/monkeysphere-monitor-keys
-@@ -31,7 +31,7 @@
-
- # FIXME: does this handle revocations and re-keying? if a sysadmin
- # switches over to this arrangement, how will the system check for
--# revocations? Scheduling a simple gpg --refresh should handle
-+# revocations? Scheduling a simple gpg2 --refresh should handle
- # revocations. I'm not sure how to best handle re-keyings.
-
- use strict;
diff --git a/security/monkeysphere/files/patch-src_agent-transfer_main.c b/security/monkeysphere/files/patch-src_agent-transfer_main.c
new file mode 100644
index 000000000000..00401b20ceee
--- /dev/null
+++ b/security/monkeysphere/files/patch-src_agent-transfer_main.c
@@ -0,0 +1,20 @@
+--- src/agent-transfer/main.c.orig 2022-02-28 17:21:23 UTC
++++ src/agent-transfer/main.c
+@@ -385,7 +385,7 @@ size_t get_ssh_sz (gcry_mpi_t mpi) {
+ int send_to_ssh_agent(struct exporter *e, int fd, unsigned int seconds, int confirm, const char *comment) {
+ const char *key_type;
+ int ret;
+- size_t len, mpilen;
++ size_t len=0, mpilen=0;
+ off_t offset;
+ unsigned char *msgbuf = NULL;
+ uint32_t tmp;
+@@ -450,7 +450,7 @@ int send_to_ssh_agent(struct exporter *e, int fd, unsi
+ qdata = gcry_mpi_get_opaque (e->q, &qsz);
+ ddata = gcry_mpi_get_opaque (e->d, &dsz);
+ if (qsz != 33*8 || dsz != 32*8 || !qdata || !ddata) {
+- fprintf (stderr, "Ed25519 key did not have the expected components (q: %d %p, d: %d %p)\n",
++ fprintf (stderr, "Ed25519 key did not have the expected components (q: %d %s, d: %d %s)\n",
+ qsz, qdata, dsz, ddata);
+ return -1;
+ }
diff --git a/security/monkeysphere/files/patch-src_monkeysphere b/security/monkeysphere/files/patch-src_monkeysphere
deleted file mode 100644
index 9b308e3449d3..000000000000
--- a/security/monkeysphere/files/patch-src_monkeysphere
+++ /dev/null
@@ -1,20 +0,0 @@
---- src/monkeysphere.orig 2018-10-16 16:24:55 UTC
-+++ src/monkeysphere
-@@ -62,7 +62,7 @@ EOF
-
- # user gpg command to define common options
- gpg_user() {
-- LC_ALL=C "${GPG:-gpg}" --fixed-list-mode --no-greeting --quiet --no-tty "$@"
-+ LC_ALL=C "${GPG:-gpg2}" --fixed-list-mode --no-greeting --quiet --no-tty "$@"
- }
-
- # output the ssh fingerprint of a gpg key
-@@ -92,7 +92,7 @@ check_gpg_sec_key_id() {
- case $(echo "$gpgSecOut" | grep -c '^sec:') in
- 0)
- failure "No secret keys found. Create an OpenPGP key with the following command:
-- gpg --gen-key"
-+ gpg2 --gen-key"
- ;;
- 1)
- echo "$gpgSecOut" | cut -d: -f5
diff --git a/security/monkeysphere/files/patch-src_monkeysphere-authentication b/security/monkeysphere/files/patch-src_monkeysphere-authentication
deleted file mode 100644
index 3f5c26ef687e..000000000000
--- a/security/monkeysphere/files/patch-src_monkeysphere-authentication
+++ /dev/null
@@ -1,20 +0,0 @@
---- src/monkeysphere-authentication.orig 2018-10-16 16:24:55 UTC
-+++ src/monkeysphere-authentication
-@@ -73,7 +73,7 @@ gpg_core() {
- GNUPGHOME="$GNUPGHOME_CORE"
- export GNUPGHOME
-
-- gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@"
-+ gpg2 --fixed-list-mode --no-greeting --quiet --no-tty "$@"
- }
-
- # function to interact with the gpg sphere keyring
-@@ -81,7 +81,7 @@ gpg_sphere() {
- GNUPGHOME="$GNUPGHOME_SPHERE"
- export GNUPGHOME
-
-- su_monkeysphere_user gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@"
-+ su_monkeysphere_user gpg2 --fixed-list-mode --no-greeting --quiet --no-tty "$@"
- }
-
- check_openpgp2ssh_sanity() {
diff --git a/security/monkeysphere/files/patch-src_monkeysphere-host b/security/monkeysphere/files/patch-src_monkeysphere-host
deleted file mode 100644
index 6602f69cc060..000000000000
--- a/security/monkeysphere/files/patch-src_monkeysphere-host
+++ /dev/null
@@ -1,49 +0,0 @@
---- src/monkeysphere-host.orig 2018-10-16 16:24:55 UTC
-+++ src/monkeysphere-host
-@@ -71,7 +71,7 @@ EOF
-
- # function to interact with the gpg keyring
- gpg_host() {
-- GNUPGHOME="$GNUPGHOME_HOST" LC_ALL=C gpg --no-auto-check-trustdb --trust-model=always --no-greeting --quiet --no-tty --fixed-list-mode "$@"
-+ GNUPGHOME="$GNUPGHOME_HOST" LC_ALL=C gpg2 --no-auto-check-trustdb --trust-model=always --no-greeting --quiet --no-tty --fixed-list-mode "$@"
- }
-
- # list the info about the a key, in colon format, to stdout
-@@ -297,10 +297,10 @@ show_key() {
- trap cleanup EXIT
-
- # import the host key into the tmp dir
-- gpg --quiet --import <"$HOST_KEY_FILE"
-+ gpg2 --quiet --import <"$HOST_KEY_FILE"
-
- # get the gpg fingerprint
-- if gpg --quiet --list-keys \
-+ if gpg2 --quiet --list-keys \
- --with-colons --with-fingerprint "$id" \
- | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }' > "$GNUPGHOME"/fingerprint ; then
- fingerprint=$(cat "$GNUPGHOME"/fingerprint)
-@@ -311,13 +311,13 @@ show_key() {
- # list the host key info
- # FIXME: make no-show-keyring work so we don't have to do the grep'ing
- # FIXME: can we show uid validity somehow?
-- gpg --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \
-+ gpg2 --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \
- | egrep -v "^${GNUPGHOME}/pubring.(gpg|kbx)$" \
- | egrep -v '^-+$' \
- | grep -v '^$'
-
- # list revokers, if there are any
-- revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$fingerprint" \
-+ revokers=$(gpg2 --list-keys --with-colons --fixed-list-mode "$fingerprint" \
- | awk -F: '/^rvk:/{ print $10 }' )
- if [ "$revokers" ] ; then
- echo "The following keys are allowed to revoke this host key:"
-@@ -331,7 +331,7 @@ show_key() {
-
- # list the ssh fingerprint
- printf "ssh fingerprint: %s\n" \
-- "$(gpg --export --no-armor "$fingerprint" 2>/dev/null | "$SYSSHAREDIR/keytrans" openpgp2sshfpr "$fingerprint")"
-+ "$(gpg2 --export --no-armor "$fingerprint" 2>/dev/null | "$SYSSHAREDIR/keytrans" openpgp2sshfpr "$fingerprint")"
-
- # remove the tmp file
- trap - EXIT
diff --git a/security/monkeysphere/files/patch-src_share_common b/security/monkeysphere/files/patch-src_share_common
deleted file mode 100644
index 1c2b501f5de0..000000000000
--- a/security/monkeysphere/files/patch-src_share_common
+++ /dev/null
@@ -1,69 +0,0 @@
---- src/share/common.orig 2018-10-16 16:24:55 UTC
-+++ src/share/common
-@@ -495,7 +495,7 @@ gpg2ssh() {
-
- keyID="$1"
-
-- gpg --export --no-armor "$keyID" | openpgp2ssh "$keyID" 2>/dev/null
-+ gpg2 --export --no-armor "$keyID" | openpgp2ssh "$keyID" 2>/dev/null
- }
-
- # output known_hosts line from ssh key
-@@ -601,7 +601,7 @@ gpg2authorized_keys() {
-
- # script to determine if gpg version is equal to or greater than specified version
- is_gpg_version_greater_equal() {
-- local gpgVersion=$(gpg --version | head -1 | awk '{ print $3 }')
-+ local gpgVersion=$(gpg2 --version | head -1 | awk '{ print $3 }')
- local latest=$(printf '%s\n%s\n' "$1" "$gpgVersion" \
- | tr '.' ' ' | sort -g -k1 -k2 -k3 \
- | tail -1 | tr ' ' '.')
-@@ -622,7 +622,7 @@ gpg_fetch_userid() {
-
- log verbose " checking keyserver $KEYSERVER... "
- foundkeyids="$(echo | \
-- gpg --quiet --batch --with-colons \
-+ gpg2 --quiet --batch --with-colons \
- --command-fd 0 --keyserver "$KEYSERVER" \
- --search ="$userID" 2>/dev/null)"
- returnCode="$?"
-@@ -637,7 +637,7 @@ $foundkeyids
- foundkeyids="$(printf "%s" "$foundkeyids" | grep '^pub:' | cut -f2 -d: | sed 's/^/0x/')"
- log verbose " Found keyids on keyserver: $(printf "%s" "$foundkeyids" | tr '\n' ' ')"
- if [ -n "$foundkeyids" ]; then
-- echo | gpg --quiet --batch --with-colons \
-+ echo | gpg2 --quiet --batch --with-colons \
- --command-fd 0 --keyserver "$KEYSERVER" \
- --recv-keys $foundkeyids &>/dev/null
- returnCode="$?"
-@@ -693,7 +693,7 @@ process_user_id() {
- gpg_fetch_userid "$userID"
-
- # output gpg info for (exact) userid and store
-- gpgOut=$(gpg --list-key --fixed-list-mode --with-colons \
-+ gpgOut=$(gpg2 --list-key --fixed-list-mode --with-colons \
- --with-fingerprint --with-fingerprint \
- ="$userID" 2>/dev/null) || returnCode="$?"
-
-@@ -962,8 +962,8 @@ list_primary_fingerprints() {
- rm -rf "$fake"
- }
- trap cleanup EXIT
-- GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
-- GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \
-+ GNUPGHOME="$fake" gpg2 --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
-+ GNUPGHOME="$fake" gpg2 --with-colons --fingerprint --list-keys | \
- awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }'
- trap - EXIT
- cleanup
-@@ -981,8 +981,8 @@ get_cert_info() {
- fi
- rm -rf "$fake"
- }
-- GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
-- GNUPGHOME="$fake" gpg --with-colons --fingerprint --fixed-list-mode --list-keys "$1"
-+ GNUPGHOME="$fake" gpg2 --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
-+ GNUPGHOME="$fake" gpg2 --with-colons --fingerprint --fixed-list-mode --list-keys "$1"
- trap - EXIT
- cleanup
- }
diff --git a/security/monkeysphere/files/patch-src_share_keytrans b/security/monkeysphere/files/patch-src_share_keytrans
deleted file mode 100644
index 3eeea26fd878..000000000000
--- a/security/monkeysphere/files/patch-src_share_keytrans
+++ /dev/null
@@ -1,20 +0,0 @@
---- src/share/keytrans.orig 2019-01-17 11:12:48 UTC
-+++ src/share/keytrans
-@@ -20,7 +20,7 @@
-
- # Usage:
-
--# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import
-+# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg2 --import
-
-
-
-@@ -35,7 +35,7 @@
-
- # Example usage:
-
--# gpg --export-secret-subkeys --export-options export-reset-subkey-passwd $KEYID | \
-+# gpg2 --export-secret-subkeys --export-options export-reset-subkey-passwd $KEYID | \
- # openpgp2ssh $KEYID | ssh-add /dev/stdin
-
-
diff --git a/security/monkeysphere/files/patch-src_share_m_gen__subkey b/security/monkeysphere/files/patch-src_share_m_gen__subkey
deleted file mode 100644
index a1fc8a614fa3..000000000000
--- a/security/monkeysphere/files/patch-src_share_m_gen__subkey
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/share/m/gen_subkey.orig 2018-10-16 16:24:55 UTC
-+++ src/share/m/gen_subkey
-@@ -46,7 +46,7 @@ Type '$PGRM help' for usage."
-
- # determine which keyType to use from gpg version
- keyType=7
-- case $(gpg --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in
-+ case $(gpg2 --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in
- 1)
- if is_gpg_version_greater_equal 1.4.10 ; then
- keyType=8
diff --git a/security/monkeysphere/files/patch-src_share_m_ssh__proxycommand b/security/monkeysphere/files/patch-src_share_m_ssh__proxycommand
deleted file mode 100644
index 09fb7f9fd28d..000000000000
--- a/security/monkeysphere/files/patch-src_share_m_ssh__proxycommand
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/share/m/ssh_proxycommand.orig 2018-10-16 16:24:55 UTC
-+++ src/share/m/ssh_proxycommand
-@@ -301,7 +301,7 @@ EOF
-
- log info <<EOF
- Run the following command for more info about the found keys:
--gpg --check-sigs --list-options show-uid-validity =${userID}
-+gpg2 --check-sigs --list-options show-uid-validity =${userID}
- EOF
-
- # FIXME: should we do anything extra here if the retrieved
diff --git a/security/monkeysphere/files/patch-src_share_m_subkey__to__ssh__agent b/security/monkeysphere/files/patch-src_share_m_subkey__to__ssh__agent
deleted file mode 100644
index 2d9dd7bb5636..000000000000
--- a/security/monkeysphere/files/patch-src_share_m_subkey__to__ssh__agent
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/share/m/subkey_to_ssh_agent.orig 2018-10-16 16:24:55 UTC
-+++ src/share/m/subkey_to_ssh_agent
-@@ -54,7 +54,7 @@ subkey_to_ssh_agent() {
-
- if [ -z "$secretkeys" ]; then
- failure "You have no secret keys in your keyring!
--You might want to run 'gpg --gen-key'."
-+You might want to run 'gpg2 --gen-key'."
- fi
-
- # $2 regex means "is some kind of valid, or at least not invalid"
diff --git a/security/monkeysphere/files/patch-src_share_mh_add__revoker b/security/monkeysphere/files/patch-src_share_mh_add__revoker
deleted file mode 100644
index a51e198120a7..000000000000
--- a/security/monkeysphere/files/patch-src_share_mh_add__revoker
+++ /dev/null
@@ -1,35 +0,0 @@
---- src/share/mh/add_revoker.orig 2018-10-16 16:24:55 UTC
-+++ src/share/mh/add_revoker
-@@ -71,12 +71,12 @@ else
-
- # download the key from the keyserver as the monkeysphere user
- log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..."
-- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \
-+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \
- || failure "Could not receive a key with this ID from keyserver '$KEYSERVER'."
-
- # get the full fingerprint of new revoker key
- log debug "getting fingerprint of revoker key..."
-- fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \
-+ fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --list-key --with-colons --with-fingerprint "${revokerKeyID}" \
- | awk -F: '/^fpr:/{ if (ok) { print $10 }; ok=0 } /^pub:/{ ok=1 }')
-
- # test that there is only a single fingerprint
-@@ -90,7 +90,7 @@ EOF
- fi
-
- log info "revoker key found:"
-- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!"
-+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --fingerprint "0x${fingerprint}!"
-
- if [ "$PROMPT" = "true" ] ; then
- printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2
-@@ -104,7 +104,7 @@ EOF
-
- # export the new key to the host keyring
- log debug "loading revoker key into host keyring..."
-- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \
-+ su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg2 --quiet --export "0x${fingerprint}!" \
- | gpg_host --import
- fi
-
diff --git a/security/monkeysphere/files/patch-src_share_mh_publish__key b/security/monkeysphere/files/patch-src_share_mh_publish__key
deleted file mode 100644
index 609222685bf2..000000000000
--- a/security/monkeysphere/files/patch-src_share_mh_publish__key
+++ /dev/null
@@ -1,20 +0,0 @@
---- src/share/mh/publish_key.orig 2018-10-16 16:24:55 UTC
-+++ src/share/mh/publish_key
-@@ -46,7 +46,7 @@ trap cleanup EXIT
-
- # import the key into the tmp dir
- su_monkeysphere_user \
-- gpg --quiet --import <"$HOST_KEY_FILE"
-+ gpg2 --quiet --import <"$HOST_KEY_FILE"
-
- ANCHORFILE=""
- for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
-@@ -59,7 +59,7 @@ done
- # publish key
- log debug "publishing key with the following gpg command line and options:"
- su_monkeysphere_user \
-- gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!"
-+ gpg2 --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!"
-
- # remove the tmp file
- trap - EXIT
diff --git a/security/monkeysphere/files/patch-src_share_mh_revoke__key b/security/monkeysphere/files/patch-src_share_mh_revoke__key
deleted file mode 100644
index 2616c1b6191b..000000000000
--- a/security/monkeysphere/files/patch-src_share_mh_revoke__key
+++ /dev/null
@@ -1,29 +0,0 @@
---- src/share/mh/revoke_key.orig 2018-10-16 16:24:55 UTC
-+++ src/share/mh/revoke_key
-@@ -72,11 +72,11 @@ y
- else
- # note: we're not using the gpg_host function because we actually
- # want to use gpg's UI in this case, so we want to omit --no-tty
-- revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \
-+ revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg2 --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \
- || failure "Failed to generate revocation certificate!"
- fi
-
-- # if you run gpg --gen-revoke but cancel it or quit in the middle,
-+ # if you run gpg2 --gen-revoke but cancel it or quit in the middle,
- # it returns success, but emits no revocation certificate:
- if ! [ "$revcert" ] ; then
- failure "Revocation canceled."
-@@ -94,9 +94,9 @@ y
- printf "Not publishing.\n" >&2
- else
- local newhome=$(msmktempdir)
-- GNUPGHOME="$newhome" gpg --no-tty --quiet --import < "$HOST_KEY_FILE"
-- GNUPGHOME="$newhome" gpg --no-tty --quiet --import <<< "$revcert"
-- GNUPGHOME="$newhome" gpg --keyserver "$KEYSERVER" --send-keys "0x${keyID}!"
-+ GNUPGHOME="$newhome" gpg2 --no-tty --quiet --import < "$HOST_KEY_FILE"
-+ GNUPGHOME="$newhome" gpg2 --no-tty --quiet --import <<< "$revcert"
-+ GNUPGHOME="$newhome" gpg2 --keyserver "$KEYSERVER" --send-keys "0x${keyID}!"
- rm -rf "$newhome"
- fi
- fi
diff --git a/security/monkeysphere/files/patch-src_transitions_0.23 b/security/monkeysphere/files/patch-src_transitions_0.23
deleted file mode 100644
index 56f83c6aa1a1..000000000000
--- a/security/monkeysphere/files/patch-src_transitions_0.23
+++ /dev/null
@@ -1,67 +0,0 @@
---- src/transitions/0.23.orig 2019-01-17 11:12:48 UTC
-+++ src/transitions/0.23
-@@ -72,7 +72,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
- # get the old host keygrip (don't know why there would be more
- # than one, but we'll transfer all tsigs made by any key that
- # had been given ultimate ownertrust):
-- for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export-ownertrust | \
-+ for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export-ownertrust | \
- grep ':6:$' | \
- sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do
-
-@@ -88,7 +88,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
- # one of those certifications (even if later
- # certifications had different parameters).
-
-- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \
-+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \
- cut -f 1,2,5,8,9,10 -d: | \
- egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
- while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
-@@ -130,7 +130,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
-
- CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX)
- log "Adding identity certifier with fingerprint %s\n" "$keyfpr"
-- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY"
-+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY"
- MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY"
- rm -f "$CERTKEY"
- # clear the fingerprint so that we don't
-@@ -150,9 +150,9 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
- log "Not transferring host key info because host directory already exists.\n"
- else
- if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
-- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then
-+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then
-
-- FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' )
-+ FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' )
-
- # create host home
- mkdir -p $(dirname "$MHDATADIR")
-@@ -169,12 +169,12 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then
- # FIXME: if all self-sigs are expired, then the secret key import may
- # fail anyway. How should we deal with that?
-
-- if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export-secret-keys && \
-- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export "$FPR") | \
-- GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --import ; then
-+ if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export-secret-keys && \
-+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export "$FPR") | \
-+ GNUPGHOME="$NEWDATADIR" gpg2 --quiet --no-tty --import ; then
- : we are in good shape!
- else
-- if ! GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --list-secret-key >/dev/null ; then
-+ if ! GNUPGHOME="$NEWDATADIR" gpg2 --quiet --no-tty --list-secret-key >/dev/null ; then
- log "The old host key (%s) was not imported properly.\n" "$FPR"
- exit 1
- fi
-@@ -204,7 +204,7 @@ fi
- if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then
-
- GNUPGHOME="${SYSDATADIR}/gnupg-authentication" \
-- gpg --quiet --no-tty --no-permission-warning --export 2>/dev/null | \
-+ gpg2 --quiet --no-tty --no-permission-warning --export 2>/dev/null | \
- monkeysphere-authentication gpg-cmd --import 2>/dev/null || \
- log "No OpenPGP certificates imported into monkeysphere-authentication trust sphere.\n"
-
diff --git a/security/monkeysphere/pkg-plist b/security/monkeysphere/pkg-plist
index 9b2e0105cece..7ce066cf1fb4 100644
--- a/security/monkeysphere/pkg-plist
+++ b/security/monkeysphere/pkg-plist
@@ -19,9 +19,9 @@ man/man8/monkeysphere-host.8.gz
sbin/monkeysphere-authentication
sbin/monkeysphere-host
%%PORTDOCS%%%%DOCSDIR%%/Changelog
+%%PORTDOCS%%%%DOCSDIR%%/examples/crontab
%%PORTDOCS%%%%DOCSDIR%%/examples/make-x509-certreqs
%%PORTDOCS%%%%DOCSDIR%%/examples/monkeysphere-monitor-keys
-%%PORTDOCS%%%%DOCSDIR%%/examples/crontab
%%PORTDOCS%%%%DOCSDIR%%/examples/ssh_config
%%PORTDOCS%%%%DOCSDIR%%/examples/sshd_config
%%DATADIR%%/VERSION