OpenSSH 7.8 and above use OpenSSH key format instead of the earlier PEM format
by default for RSA keys. This format is not understood by openssl/monkeysphere
yet. Convert it to PEM before importing into monkeysphere.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Implement killing the publish process from within the action. Don't let
the killing be too generic to avoid potential security issues. Kill
process only if it appears as expected.
Older format was:
uid ssh://host
Newer format is:
uid [ something] ssh://host
I believe this change happened due to migration from gpg to gpg2. Adopt
our code to handle both cases.
Monkeysphere was using MD5 fingerprints (without the 'MD5:' prefix).
They seem to have switched to 'SHA256' recently and started prepending
the hash with the string 'SHA256:'. Make the module work with this
change and hopefully for future hash algorithm fixes.
- Read Apache configuration to find the list of all available
certificates and their associated domains. Use this for setting UIDs
properly.
- Solve the issue of re-importing renewed certficiate. Use the SSH
fingerprints as unique keys instead of domain names. Compute SSH
fingerprints for SSH keys and HTTPS certficates inorder accurately
identify if they are currently imported into monkeysphere.
- Allow having more than one domains for a certficiate. Add action to
import new domains to an existing monkeysphere OpenPGP key.
- Import only once for a given certficiate and keep adding UIDs when
domains get added.
- Merge services SSH and HTTPS giving us the ability to deals with many
more services. Remove special handling for different kinds of
certificate sources.
- Supress monkeysphere prompts in case of reusing UIDs.
Action:
- Don't use const for HOST_TOOL, it is unlikely to be ever changed.
- Don't pass multiple key ids as single string to monkeysphere-host.
- Use JSON for data transfer with action instead of custom format and
parsing.
- Minor styling fixes.
Template:
- More consistent indentation.
- Improve the description.
- Add headers to the table.
- List domains instead of domain types.
URLs:
- Take domain as argument for key generation.
- Narrow down fingerprint matching regex.
Views:
- Take domain as argument for key generation. Verify that domain is
valid.
- Minor grammer fix to cancel message.
- Use JSON format for getting key status.
- List domains instead of domain types.
monkeysphere: Run publish as background task, allow user to cancel.
Small fixes to names module:
- Remove unused ugettext import.
- Change SERVICES to tuple.
- If a domain is not available for a service type, return None instead
of (translated) "Not Available".
- Rename get_services -> get_enabled_services.
