diff options
| author | VinÃcius Zavam <egypcio@FreeBSD.org> | 2019-02-25 14:43:23 +0000 |
|---|---|---|
| committer | VinÃcius Zavam <egypcio@FreeBSD.org> | 2019-02-25 14:43:23 +0000 |
| commit | b1d97de0ca1dd07482dd6f92c6652ae020386f1c (patch) | |
| tree | 3882b965c464e382e9d154ded2e3830f5d2af5fe /security/monkeysphere/files/patch-src_transitions_0.23 | |
| parent | [NEW PORT] security/ssllabs-scan: Command-line tool to use the SSL Labs API (diff) | |
security/monkeysphere: update 0.41 to 0.42
- Makefile
adopt the port;
pet portlint;
remove comment about 'applying patches' on the post-patch stage;
unmute post-patch.
- files/*
patch src/share/mh/revoke_keys, to use gpg2;
move patch-gpg2 (410 lines), and split it to have separated patches;
regen all patches using makepatch.
Approved by: rene (mentor)
Differential Revision: https://reviews.freebsd.org/D18871
Diffstat (limited to 'security/monkeysphere/files/patch-src_transitions_0.23')
| -rw-r--r-- | security/monkeysphere/files/patch-src_transitions_0.23 | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/security/monkeysphere/files/patch-src_transitions_0.23 b/security/monkeysphere/files/patch-src_transitions_0.23 new file mode 100644 index 000000000000..56f83c6aa1a1 --- /dev/null +++ b/security/monkeysphere/files/patch-src_transitions_0.23 @@ -0,0 +1,67 @@ +--- src/transitions/0.23.orig 2019-01-17 11:12:48 UTC ++++ src/transitions/0.23 +@@ -72,7 +72,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then + # get the old host keygrip (don't know why there would be more + # than one, but we'll transfer all tsigs made by any key that + # had been given ultimate ownertrust): +- for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export-ownertrust | \ ++ for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export-ownertrust | \ + grep ':6:$' | \ + sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do + +@@ -88,7 +88,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then + # one of those certifications (even if later + # certifications had different parameters). + +- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \ ++ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --fingerprint --with-colons --fixed-list-mode --check-sigs | \ + cut -f 1,2,5,8,9,10 -d: | \ + egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ + while IFS=: read -r type validity grip trustparams trustdomain fpr ; do +@@ -130,7 +130,7 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then + + CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX) + log "Adding identity certifier with fingerprint %s\n" "$keyfpr" +- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY" ++ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export "0x$keyfpr" --export-options export-clean >"$CERTKEY" + MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY" + rm -f "$CERTKEY" + # clear the fingerprint so that we don't +@@ -150,9 +150,9 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then + log "Not transferring host key info because host directory already exists.\n" + else + if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \ +- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then ++ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --with-colons --list-secret-keys | grep -q '^sec:' ; then + +- FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' ) ++ FPR=$(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --with-colons --fixed-list-mode --list-secret-keys --fingerprint | awk -F: '/^fpr:/{ print $10 }' ) + + # create host home + mkdir -p $(dirname "$MHDATADIR") +@@ -169,12 +169,12 @@ if [ -d "$SYSDATADIR"/gnupg-host ] ; then + # FIXME: if all self-sigs are expired, then the secret key import may + # fail anyway. How should we deal with that? + +- if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export-secret-keys && \ +- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --quiet --no-tty --no-permission-warning --export "$FPR") | \ +- GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --import ; then ++ if (GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export-secret-keys && \ ++ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg2 --quiet --no-tty --no-permission-warning --export "$FPR") | \ ++ GNUPGHOME="$NEWDATADIR" gpg2 --quiet --no-tty --import ; then + : we are in good shape! + else +- if ! GNUPGHOME="$NEWDATADIR" gpg --quiet --no-tty --list-secret-key >/dev/null ; then ++ if ! GNUPGHOME="$NEWDATADIR" gpg2 --quiet --no-tty --list-secret-key >/dev/null ; then + log "The old host key (%s) was not imported properly.\n" "$FPR" + exit 1 + fi +@@ -204,7 +204,7 @@ fi + if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then + + GNUPGHOME="${SYSDATADIR}/gnupg-authentication" \ +- gpg --quiet --no-tty --no-permission-warning --export 2>/dev/null | \ ++ gpg2 --quiet --no-tty --no-permission-warning --export 2>/dev/null | \ + monkeysphere-authentication gpg-cmd --import 2>/dev/null || \ + log "No OpenPGP certificates imported into monkeysphere-authentication trust sphere.\n" + |