# # # patch "cmd_agent.cc" # from [f56e3ab466716f32c5c3e161cc7c6332396fcf0b] # to [8aba51657d4defe3088669ae92d900ef5b9adee2] # # patch "monotone.texi" # from [7a31419d08b6264a320187bdb846095edf60f901] # to [cca4d020b0b52db81dec6d650120043581859cd0] # # patch "tests/ssh_agent/__driver__.lua" # from [6069179d7c47689284dbee55fc8b5a7194d7eab2] # to [f57ae928fdd522532ed7f5ba8e7b918c3b627247] # ============================================================ --- cmd_agent.cc f56e3ab466716f32c5c3e161cc7c6332396fcf0b +++ cmd_agent.cc 8aba51657d4defe3088669ae92d900ef5b9adee2 @@ -14,7 +14,7 @@ using std::vector; using std::cout; using std::string; using std::vector; -using std::fstream; +using std::ofstream; using boost::scoped_ptr; using boost::shared_ptr; using Botan::RSA_PublicKey; @@ -25,7 +25,7 @@ agent_export(string const & name, app_st static void agent_export(string const & name, app_state & app, vector const & args) { - if (args.size() != 0) + if (args.size() > 1) throw usage(name); rsa_keypair_id id; @@ -50,15 +50,21 @@ agent_export(string const & name, app_st Botan::PKCS8::encode(*priv, p); } string decoded_key = p.read_all_as_string(); - cout << decoded_key; + if (args.size() == 0) + cout << decoded_key; + else + { + ofstream fout(idx(args,0)().c_str(), ofstream::out); + fout << decoded_key; + } } CMD(ssh_agent_export, N_("key and cert"), - "", - N_("export your monotone key for use with ssh-agent in PKCS8 PEM format"), + N_("[FILENAME]"), + N_("export your monotone key for use with ssh-agent"), options::opts::none) { - if (args.size() != 0) + if (args.size() > 1) throw usage(name); agent_export(name, app, args); ============================================================ --- monotone.texi 7a31419d08b6264a320187bdb846095edf60f901 +++ monotone.texi cca4d020b0b52db81dec6d650120043581859cd0 @@ -1266,11 +1266,41 @@ @section Generating Keys to re-enter his passphrase in order to perform security-sensitive tasks. -TODO: add ssh-agent explanation +Pretty soon Jim gets annoyed when he has to enter his passphrase every +time he invokes @code{mtn} (and, more importantly, it simplifies the +tutorial text to skip the passphrase prompts) so he decides to use address@hidden to store his key. He does this by using the address@hidden command to export his key into a format that +ssh-agent can understand and adding it with @code{ssh-add}. -DEPRECATED!! -Jim isn't very worried about security (and, more importantly, it -simplifies the tutorial text to skip the passphrase prompts) so he address@hidden address@hidden +$ mtn ssh_agent_export ~/.ssh/id_monotone +enter passphrase for key ID [user@@example.com]: +enter new passphrase for key ID [user@@example.com]: +confirm passphrase for key ID [user@@example.com]: +$ chmod 600 ~/.ssh/id_monotone address@hidden group address@hidden smallexample + +From now on, Jim just needs to add his key to ssh-agent when he logs in +and he will not need to enter his passphrase every time he uses monotone. + address@hidden address@hidden +$ ssh-agent /bin/bash +$ ssh-add ~/.ssh/id_monotone +Enter passphrase for /home/user/.ssh/id_monotone: +Identity added: /home/user/.ssh/id_monotone (/home/user/.ssh/id_monotone) +$ mtn ci -m"Changed foo to bar" +$ mtn push address@hidden group address@hidden smallexample + +The following procedure is deprecated and not suggested for general use +as it is very insecure. + +Jim isn't very worried about security so he decides to store his passphrase in his @file{monotonerc} file. He does this by writing a @emph{hook function} which returns the passphrase: @@ -5094,7 +5124,7 @@ @section Key and Cert Trust Monotone would trust a cert on that revision with that value signed by those keys. address@hidden mtn ssh_agent_export address@hidden mtn ssh_agent_export @var{filename} This command will export your private key in a format that ssh-agent can read (PKCS8, PEM). You will be asked for your current key's password @@ -5105,7 +5135,7 @@ @section Key and Cert Trust @smallexample @group -$ mtn ssh_agent_export > ~/.ssh/id_monotone +$ mtn ssh_agent_export ~/.ssh/id_monotone enter passphrase for key ID [user@@example.com]: enter new passphrase for key ID [user@@example.com]: confirm passphrase for key ID [user@@example.com]: ============================================================ --- tests/ssh_agent/__driver__.lua 6069179d7c47689284dbee55fc8b5a7194d7eab2 +++ tests/ssh_agent/__driver__.lua f57ae928fdd522532ed7f5ba8e7b918c3b627247 @@ -29,14 +29,12 @@ check(mtn("ssh_agent_export"), 0, false, check(mtn("ssh_agent_export"), 0, false, false, tkey .. "\n" .. tkey .. "\n") -- * (ok) export monotone key without passphrase -check(mtn("ssh_agent_export"), 0, true, false) -rename("stdout", "id_monotone") +check(mtn("ssh_agent_export", "id_monotone"), 0, false, false) skip_if(not existsonpath("chmod")) check({"chmod", "600", "id_monotone"}, 0, false, false) --- xfail_if --- * Windows skip_if(not existsonpath("ssh-agent")) +skip_if(ostype == "Windows") function cleanup() check({"kill", os.getenv("SSH_AGENT_PID")}, 0, false, false) @@ -137,8 +135,7 @@ check(raw_mtn("--rcfile", test.root .. " "ssh_agent_export"), 1, false, false) -- * (ok) export monotone key with -k -check(mtn("ssh_agent_export", "--key", "address@hidden"), 0, false, false) -rename("stdout", "id_monotone2") +check(mtn("ssh_agent_export", "--key", "address@hidden", "id_monotone2"), 0, false, false) skip_if(not existsonpath("chmod")) check({"chmod", "600", "id_monotone2"}, 0, false, false)