From 5ea1e5b4bbefd1ac2eef64f71f70ffe3ceaab55e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vin=C3=ADcius=20Zavam?= Date: Mon, 28 Feb 2022 22:12:47 +0000 Subject: security/monkeysphere: update 0.42 to 0.43 * Depend on a modern version of GnuPG (>= 2.1.11) for --export-ssh-key * Depend on OpenSSH's ssh-keygen directly for most SSH fingerprints * Depend on OpenSSH >= 6.0 for ed25519 and "sshd -T" * Use runuser instead of su * Support Ed25519 authentication-capable subkeys for users * Use https for all outbound links * Clean up spelling * Use 3072 bits for RSA keys everywhere by default * Provide clearer error message for PEM2OPENPGP_NEWKEY * Avoid locking out users unnecessarily https://github.com/dkg/monkeysphere/tree/monkeysphere_0.43 --- .../files/patch-examples_make-x509-certreqs | 34 ---------------------- 1 file changed, 34 deletions(-) delete mode 100644 security/monkeysphere/files/patch-examples_make-x509-certreqs (limited to 'security/monkeysphere/files/patch-examples_make-x509-certreqs') diff --git a/security/monkeysphere/files/patch-examples_make-x509-certreqs b/security/monkeysphere/files/patch-examples_make-x509-certreqs deleted file mode 100644 index 86c0cc0efe89..000000000000 --- a/security/monkeysphere/files/patch-examples_make-x509-certreqs +++ /dev/null @@ -1,34 +0,0 @@ ---- examples/make-x509-certreqs.orig 2018-10-16 16:24:55 UTC -+++ examples/make-x509-certreqs -@@ -69,12 +69,12 @@ EOF - gencertreq() { - keyid="$1" - -- timestamp=$(gpg --fixed-list-mode --with-colons --list-keys "0x$keyid!" | grep ^pub: | cut -f6 -d:) -+ timestamp=$(gpg2 --fixed-list-mode --with-colons --list-keys "0x$keyid!" | grep ^pub: | cut -f6 -d:) - - san='' - primary='' - # find all the $proto-using User IDs: -- uids=$(gpg --fixed-list-mode --with-colons --list-keys "0x$keyid!" | \ -+ uids=$(gpg2 --fixed-list-mode --with-colons --list-keys "0x$keyid!" | \ - grep '^uid:' | cut -f10 -d: | \ - grep '^'"${proto}"'\\x3a//' | \ - sed -r -e 's!^'"${proto}"'\\x3a//!!' -e 's!:[0-9]+$!!') -@@ -83,7 +83,7 @@ gencertreq() { - printf "Certificate Request for TLS WWW server %s\n[OpenPGP key %s]\n" "$primary" "$keyid" - openssl req -text -new \ - -config <(get_openssl_config "$timestamp" "$uids") \ -- -key <(gpg --export-secret-key "$keyid" | openpgp2ssh "$keyid") \ -+ -key <(gpg2 --export-secret-key "$keyid" | openpgp2ssh "$keyid") \ - -subj "/CN=${primary}/" - } - -@@ -92,6 +92,6 @@ export GNUPGHOME=/var/lib/monkeysphere/host - # default to looking for https keys. - proto="${1:-https}" - --for fpr in $(gpg --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }'); do -+for fpr in $(gpg2 --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^sec:/{ ok=1 }'); do - gencertreq "$fpr" - done -- cgit v1.2.3