1.1 --- a/ChangeLog Wed Sep 15 15:16:41 2004 -0400 1.2 +++ b/ChangeLog Wed Sep 22 21:15:42 2004 -0400 1.3 @@ -3,6 +3,13 @@ 1.4 # Written by Daniel Robbins <drobbins@gentoo.org> 1.5 # Maintained by Aron Griffis <agriffis@gentoo.org> 1.6 1.7 +* keychain 2.4.1 (22 Sep 2004) 1.8 + 1.9 + 22 Sep 2004; Aron Griffis <agriffis@gentoo.org>; 1.10 + Fix bugs 64174 and 64178; support Sun SSH, which is really OpenSSH 1.11 + in disguise and a few critical outputs changed. Thanks to Nathan 1.12 + Bardsley for lots of help debugging on Solaris 9 1.13 + 1.14 15 Sep 2004; Aron Griffis <agriffis@gentoo.org>; 1.15 Fix pod2man output so it formats properly on SGI systems. Thanks to 1.16 Matthew Moore for reporting the problem.

2.1 --- a/README Wed Sep 15 15:16:41 2004 -0400 2.2 +++ b/README Wed Sep 22 21:15:42 2004 -0400 2.3 @@ -3,6 +3,9 @@ 2.4 2.5 RELEASE NOTES (See "ChangeLog" for more info): 2.6 2.7 +Keychain 2.4.1 enables Sun SSH compatibility and fixes some more 2.8 +Solaris awk problems. 2.9 + 2.10 Keychain 2.4.0 fixes a problem with awk on Solaris, a problem with 2.11 commercial ssh not prompting for a password, and adds gpg-agent 2.12 support.

3.1 --- a/TODO Wed Sep 15 15:16:41 2004 -0400 3.2 +++ b/TODO Wed Sep 22 21:15:42 2004 -0400 3.3 @@ -3,6 +3,4 @@ 3.4 # Written by Daniel Robbins <drobbins@gentoo.org> 3.5 # Maintained by Seth Chandler <sethbc@gentoo.org> 3.6 3.7 -Things to do on keychain: 3.8 - 3.9 -Reworking locking (to fix OS X control-c bug) 3.10 +Nothing presently on the todo list

4.1 --- a/keychain.pod Wed Sep 15 15:16:41 2004 -0400 4.2 +++ b/keychain.pod Wed Sep 22 21:15:42 2004 -0400 4.3 @@ -134,17 +134,41 @@ 4.4 This snippet would work in .bash_profile (for bash) or .zlogin (for zsh): 4.5 4.6 keychain id_rsa id_dsa 4.7 - . ~/.keychain/$HOSTNAME-sh 4.8 + [[ -f $HOME/.keychain/$HOSTNAME-sh ]] && \ 4.9 + source $HOME/.keychain/$HOSTNAME-sh 4.10 + [[ -f $HOME/.keychain/$HOSTNAME-sh-gpg ]] && \ 4.11 + source $HOME/.keychain/$HOSTNAME-sh-gpg 4.12 4.13 -This snippet would work in other Bourne-compatible shells: 4.14 +For other Bourne-compatible shells such as sh, you can use this in 4.15 +.profile: 4.16 4.17 keychain id_rsa id_dsa 4.18 - . ~/.keychain/`uname -n`-sh 4.19 + host=`uname -n` 4.20 + [ -f $HOME/.keychain/$host-sh ] && \ 4.21 + . $HOME/.keychain/$host-sh 4.22 + [ -f $HOME/.keychain/$host-sh-gpg ] && \ 4.23 + . $HOME/.keychain/$host-sh-gpg 4.24 4.25 -This snippet would work in .login (for csh or tcsh): 4.26 +This snippet would work in .login for tcsh: 4.27 4.28 keychain id_rsa id_dsa 4.29 - source $HOME/.keychain/`uname -n`-csh 4.30 + if (-f $HOME/.keychain/$HOST-csh) then 4.31 + source $HOME/.keychain/$HOST-csh 4.32 + endif 4.33 + if (-f $HOME/.keychain/$HOST-csh-gpg) then 4.34 + source $HOME/.keychain/$HOST-csh-gpg 4.35 + endif 4.36 + 4.37 +This snippet would work in .login for csh: 4.38 + 4.39 + keychain id_rsa id_dsa 4.40 + host=`uname -n` 4.41 + if (-f $HOME/.keychain/$host-csh) then 4.42 + source $HOME/.keychain/$host-csh 4.43 + endif 4.44 + if (-f $HOME/.keychain/$host-csh-gpg) then 4.45 + source $HOME/.keychain/$host-csh-gpg 4.46 + endif 4.47 4.48 =head1 SEE ALSO 4.49

5.1 --- a/keychain.sh Wed Sep 15 15:16:41 2004 -0400 5.2 +++ b/keychain.sh Wed Sep 22 21:15:42 2004 -0400 5.3 @@ -6,7 +6,7 @@ 5.4 # Current Maintainer: Aron Griffis <agriffis@gentoo.org> 5.5 # $Header$ 5.6 5.7 -version=2.4.0 5.8 +version=2.4.1 5.9 5.10 PATH="/usr/bin:/bin:/sbin:/usr/sbin:/usr/ucb:${PATH}" 5.11 5.12 @@ -22,6 +22,7 @@ 5.13 nolockopt=false 5.14 lockwait=30 5.15 openssh=unknown 5.16 +sunssh=unknown 5.17 quickopt=false 5.18 quietopt=false 5.19 clearopt=false 5.20 @@ -87,14 +88,15 @@ 5.21 } 5.22 5.23 # synopsis: testssh 5.24 -# Figure out which ssh is in use, set the global boolean $openssh 5.25 +# Figure out which ssh is in use, set the global boolean $openssh and $sunssh 5.26 testssh() { 5.27 - # Query local host for SSH application, presently supporting only 5.28 - # OpenSSH (see http://www.openssh.org) when openssh="yes" and 5.29 - # SSH2 (see http://www.ssh.com) when openssh="no". 5.30 + # Query local host for SSH application, presently supporting 5.31 + # OpenSSH, Sun SSH, and ssh.com 5.32 + openssh=false 5.33 + sunssh=false 5.34 case "`ssh -V 2>&1`" in 5.35 *OpenSSH*) openssh=true ;; 5.36 - *) openssh=false ;; 5.37 + *Sun?SSH*) sunssh=true ;; 5.38 esac 5.39 } 5.40 5.41 @@ -479,6 +481,27 @@ 5.42 ;; 5.43 esac 5.44 return $sl_retval 5.45 + 5.46 + elif $sunssh; then 5.47 + # Error codes (from http://docs.sun.com/db/doc/817-3936/6mjgdbvio?a=view) 5.48 + # 0 success (even when there are no keys) 5.49 + # 1 error 5.50 + case $sl_retval in 5.51 + 0) 5.52 + # Output of ssh-add -l: 5.53 + # md5 1024 7c:c3:e2:7e:fb:05:43:f1:8e:e6:91:0d:02:a0:f0:9f /home/harvey/.ssh/id_dsa(DSA) 5.54 + # Return a space-separated list of fingerprints 5.55 + echo "$sl_mylist" | cut -f3 -d' ' | xargs 5.56 + return 0 5.57 + ;; 5.58 + 1) 5.59 + case "$sl_mylist" in 5.60 + *"open a connection"*) sl_retval=2 ;; 5.61 + esac 5.62 + ;; 5.63 + esac 5.64 + return $sl_retval 5.65 + 5.66 else 5.67 # Error codes: 5.68 # 0 success - however might say "The authorization agent has no keys." 5.69 @@ -492,7 +515,7 @@ 5.70 # The authorization agent has one key: 5.71 # id_dsa_2048_a: 2048-bit dsa, agriffis@alpha.zk3.dec.com, Fri Jul 25 2003 10:53:49 -0400 5.72 # Since we don't have a fingerprint, just get the filenames *shrug* 5.73 - echo "$sl_mylist" | awk 'NR>1{sub(":.*", ""); print}' | xargs 5.74 + echo "$sl_mylist" | sed '2,$s/:.*//' | xargs 5.75 fi 5.76 return $sl_retval 5.77 fi 5.78 @@ -500,16 +523,22 @@ 5.79 5.80 # synopsis: ssh_f filename 5.81 # Return finger print for a keyfile 5.82 -# Requires $openssh 5.83 +# Requires $openssh and $sunssh 5.84 ssh_f() { 5.85 sf_filename="$1" 5.86 - if $openssh; then 5.87 + if $openssh || $sunssh; then 5.88 if [ ! -f "$sf_filename.pub" ]; then 5.89 warn "$sf_filename.pub missing; can't tell if $sf_filename is loaded" 5.90 return 1 5.91 fi 5.92 sf_fing=`ssh-keygen -l -f "$sf_filename.pub"` || return 1 5.93 - echo "$sf_fing" | cut -f2 -d' ' 5.94 + if $sunssh; then 5.95 + # md5 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /home/barney/.ssh/id_dsa(DSA) 5.96 + echo "$sf_fing" | cut -f3 -d' ' 5.97 + else 5.98 + # 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 /home/barney/.ssh/id_dsa (DSA) 5.99 + echo "$sf_fing" | cut -f2 -d' ' 5.100 + fi 5.101 else 5.102 # can't get fingerprint for ssh2 so use filename *shrug* 5.103 basename "$sf_filename" 5.104 @@ -768,7 +797,7 @@ 5.105 5.106 setagents # verify/set $agentsopt 5.107 verifykeydir # sets up $keydir 5.108 -wantagent ssh && testssh # sets $openssh 5.109 +wantagent ssh && testssh # sets $openssh and $sunssh 5.110 getuser # sets $me 5.111 5.112 # --stop: kill the existing ssh-agent(s) and quit 5.113 @@ -821,7 +850,9 @@ 5.114 # minutes and OpenSSH uses seconds 5.115 if [ -n "$timeout" ] && wantagent ssh; then 5.116 ssh_timeout=$timeout 5.117 - $openssh && ssh_timeout=`expr $ssh_timeout \* 60` 5.118 + if $openssh || $sunssh; then 5.119 + ssh_timeout=`expr $ssh_timeout \* 60` 5.120 + fi 5.121 ssh_timeout="-t ${ssh_timeout}" 5.122 fi 5.123

6.1 --- a/keychain.spec.in Wed Sep 15 15:16:41 2004 -0400 6.2 +++ b/keychain.spec.in Wed Sep 22 21:15:42 2004 -0400 6.3 @@ -1,7 +1,7 @@ 6.4 Name: keychain 6.5 Version: KEYCHAIN_VERSION 6.6 Release: 1 6.7 -Summary: ssh-agent manager for OpenSSH and commercial SSH2 6.8 +Summary: agent manager for OpenSSH, ssh.com, Sun SSH, and GnuPG 6.9 Vendor: Gentoo Foundation 6.10 Packager: Aron Griffis <agriffis@gentoo.org> 6.11 URL: http://www.gentoo.org/proj/en/keychain/index.xml 6.12 @@ -9,17 +9,17 @@ 6.13 License: GPL v2 6.14 Group: Applications/Internet 6.15 BuildArch: noarch 6.16 -Requires: bash openssh-clients sh-utils 6.17 +Requires: bash sh-utils 6.18 Prefix: /usr/bin 6.19 BuildRoot: %{_tmppath}/%{name}-root 6.20 6.21 %description 6.22 -Keychain is an extremely handy OpenSSH and commercial SSH2-compatible RSA/DSA 6.23 -key management application. It acts as a front-end to ssh-agent, allowing you 6.24 -to easily have one long-running ssh-agent process per system, rather than per 6.25 -login session. This dramatically reduces the number of times you need to enter 6.26 -your passphrase from once per new login session to once every time your local 6.27 -machine is rebooted. 6.28 +Keychain is a manager for OpenSSH, ssh.com, Sun SSH and GnuPG agents. 6.29 +It acts as a front-end to the agents, allowing you to easily have one 6.30 +long-running agent process per system, rather than per login session. 6.31 +This dramatically reduces the number of times you need to enter your 6.32 +passphrase from once per new login session to once every time your 6.33 +local machine is rebooted. 6.34 6.35 %prep 6.36 %setup -q