# ChangeLog for Keychain; http://www.gentoo.org/projects/keychain # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL version 2 # Written by Daniel Robbins # Maintained by Aron Griffis * keychain 2.5.1 (12 Jan 2005) 12 Jan 2005; Aron Griffis ; Don't accidentally inherit a forwarded agent when inheritwhich=local-once. Move the --stop warning after the version splash. * keychain 2.5.0 (07 Jan 2005) 07 Jan 2005; Aron Griffis ; Add inheritance support via --inherit. Add parameters to --stop for more control. Change the default behavior of keychain to inherit if there's no keychain agent running ("--inherit local-once"), and refrain from killing other agents unless "--stop others" is specified. * keychain 2.4.3 (17 Nov 2004) 17 Nov 2004; Aron Griffis ; Fix bug 69879: Update findpids to work again on BSD; it has been broken since the changes in version 2.4.2. Now we use OSTYPE (bash) or uname to determine the system type and call ps appropriately. * keychain 2.4.2.1 (30 Sep 2004) 30 Sep 2004; Aron Griffis ; Fix minor issues in the test for existing gpg keys wrt DISPLAY * keychain 2.4.2 (29 Sep 2004) 29 Sep 2004; Aron Griffis ; Make gpg support more complete. Allow adding keys, clearing the agent, etc. Fix --quick support to work properly again; it was broken since 2.4.0. Change default --attempts to 1 since the progs ask multiple times anyway. * keychain 2.4.1 (22 Sep 2004) 22 Sep 2004; Aron Griffis ; Fix bugs 64174 and 64178; support Sun SSH, which is really OpenSSH in disguise and a few critical outputs changed. Thanks to Nathan Bardsley for lots of help debugging on Solaris 9 15 Sep 2004; Aron Griffis ; Fix pod2man output so it formats properly on SGI systems. Thanks to Matthew Moore for reporting the problem. * keychain 2.4.0 (09 Sep 2004) 09 Sep 2004; Aron Griffis ; Fix bug 26970 with first pass at gpg-agent support Fix Debian bug 269722; don't filter output of ssh-add Fix bug reported by Marko Myllynen regarding keychain and Solaris awk's inability to process -F'[ :]' Fix bug in now_seconds calculation, noticed by me. * keychain 2.3.5 (28 Jul 2004) 28 Jul 2004; Aron Griffis ; Fix bug 58623 with patch from Daniel Westermann-Clark; don't put an extra newline in the output of listmissing Generate keychain.spec from keychain.spec.in automatically so that the version can be set appropriately. * keychain 2.3.4 (24 Jul 2004) 24 Jul 2004; Aron Griffis ; Fix bug 28599 reported by Bruno Pelaia; ignore defunct processes in ps output * keychain 2.3.3 (30 Jun 2004) 30 Jun 2004; Aron Griffis ; Fix bug reported by Matthew S. Moore in email; escape the backticks in --help output Fix bug reported by Herbie Ong in email; set pidf, cshpidf and lockf variables after parsing command-line to honor --dir setting Fix bug reported by Stephan Stahl in email; make spaces in filenames work throughout keychain, even in pure Bourne shell Fix operation on HP-UX with older OpenSSH by interpreting output of ssh-add as well as the error status * keychain 2.3.2 (16 Jun 2004) 16 Jun 2004; Aron Griffis ; Fix bug 53837 (keychain needs ssh-askpass) by unsetting SSH_ASKPASS when --nogui is specified * keychain 2.3.1 (03 Jun 2004) 03 Jun 2004; Aron Griffis ; Fix bug 52874: problems when the user is running csh * keychain 2.3.0 (14 May 2004) 14 May 2004; Aron Griffis ; Rewrite the locking code to avoid procmail * keychain 2.2.2 (03 May 2004) 03 May 2004; Aron Griffis ; Call loadagent prior to generating HOSTNAME-csh file so that variables are set. * keychain 2.2.1 (27 Apr 2004) 27 Apr 2004; Aron Griffis ; Find running ssh-agent processes by searching for /[s]sh-agen/ instead of /[s]sh-agent/ for the sake of Solaris, which cuts off ps -u output at 8 characters. Thanks to Clay England for reporting the problem and testing the fix. * keychain 2.2.0 (21 Apr 2004) 21 Apr 2004; Aron Griffis ; Rewrote most of the code, organized into functions, fixed speed issues involving ps, fixed compatibility issues for various UNIXes, hopefully didn't introduce too many bugs. This version has a --quick option (for me) and a --timeout option (for carpaski). Also added a Makefile and converted the man-page to pod for easier editing. See perlpod(1) for information on the format. Note that the pod is sucked into keychain and colorized when you run make. * keychain 2.0.3 (06 Apr 2003) 06 Apr 2003; Seth Chandler ; Added keychain man page, fixed bugs with displaying colors for keychain --help. Also added a $grepopts to fix the grepping for a pid on cygwin Also added a TODO document color fix based on submission by Luke Holden * keychain 2.0.2 (26 Aug 2002) 26 Aug 2002; the Tru64 fix didn't work; it was being caused by "trap - foo" rather than "tail +2 -". Now really fixed. 26 Aug 2002; fixed "ssh-add" call to only redirect stdin (thus enabling ssh-askpass) if ssh_askpass happens to be set; this is to work around a bug in openssh were redirecting stdin will enable ssh-askpass even if ssh_askpass isn't set, which contradicts the openssh 3.4_p1 man page. to enable ssh-askpass, keychain now requires that the ssh_askpass var be set to point to your askpass program. * keychain 2.0.1 (24 Aug 2002) 24 Aug 2002; "--help" fixes; the keychain files were listed as sh-${HOSTNAME} rather than ${HOSTNAME}-sh. Now consistent with the actual program. Thanks to Christian Plessl , others for reporting this issue. 24 Aug 2002; cycloon : "If you add < /dev/null when adding the missingkeys via "ssh-add ${missingkeys}" (at line 454 of version 2.0) so that it reads: "ssh-add ${missingkeys} < /dev/null" then users can use program like x11-ssh-askpass in xfree to type in their passphrase. It then still works for users on shell, depending if $DISPLAY is set." Added. 24 Aug 2002; A fix to calling "tail" that *should* fix things for Tru64 Unix; unfortunately, I have no way to test but the solution should be portable to all other flavors of systems. Thanks to Mark Scarborough for reporting the issue. 24 Aug 2002; Changed around the psopts detection stuff so that "-x -u $me f" is used; this is needed on MacOS X. Thanks to Brian Bergstrand , others for reporting this issue. * keychain 2.0 (17 Aug 2002) 17 Aug 2002; (Many submitters): A fix for keychain when running on HP-UX 10.20. 17 Aug 2002; Patrice DUMAS - DOCT : Now perform help early on to avoid unnecessary processing. Also added --dir option to allow keychain to look in an alternate location for the .keychain directory (use like this: "keychain --dir /var/foo") 17 Aug 2002; Martial MICHEL : Martial also suggested moving help processing to earlier in the script. He also submitted a patch to place .ssh-agent-* files in a ~/.keychain/ directory, which makes sense particularly for NFS users so I integrated the concept into the code. 17 Aug 2002; Fred Carter : Cygwin fix to use proper "ps" options. 17 Aug 2002; Adrian Howard : patch so that lockfile gets removed even if --noask is specified. 17 Aug 2002; Mario Wolff : Replaced an awk dependency with a shell construct for improved performance. 17 Aug 2002; Marcus Stoegbauer , Dmitry Frolov : I (Daniel Robbins) solved problems reported by Marcus and Dmitry (mis-parsed command line issues) by following Dmitry's good suggestion of performing argument parsing all at once at the top of the script. 17 Aug 2002; Brian W. Curry : Added commercial SSH2 client support; improved output readability by initializing myfail=0; integrated Cygwin support into the main keychain script; improved Cygwin support by setting "trap" appropriately. Thanks Brian! * keychain 1.9 (04 Mar 2002) 04 Mar 2002; changed license from "GPL, v2 or later" to "GPL v2". 04 Mar 2002; added "keychain.cygwin" for Cygwin systems. It may be time to follow this pattern and start building separate, optimized scripts for each platform so they don't get too sluggish. Maybe I could use a C preprocessor for this. 06 Dec 2001; several people: Solaris doesn't like '-e' comparisons; switched to '-f' * keychain 1.8 (29 Nov 2001) 29 Nov 2001; Philip Hallstrom (philip@adhesivemedia.com) Added a "--local" option for removing the ${HOSTNAME} from the various files that keychain creates. Handy for non-NFS users. 29 Nov 2001; Aron Griffis (agriffis@gentoo.org) Using the Bourne shell "type" builtin rather than using the external "which" command. Should make things a lot more robust and slightly faster. 09 Nov 2001; Mike Briseno (mike@radik.com) Solaris' "which" command outputs "no lockfile in..." to stdout rather than stderr. A one-line fix (test the error condition) has been applied. 09 Nov 2001; lockfile settings tweak 09 Nov 2001; Rewrote how keychain detects failed passphrase attempts. If you stop making progress providing valid passphrases, it's three strikes and you're out. 09 Nov 2001; Constantine P. Sapuntzakis (csapuntz@stanford.edu) Some private keys can't be "ssh-keygen -l -f"'d; this patch causes keychain to look for the corresponding public key if the private key doesn't work. Thanks Constantine! 09 Nov 2001; Victor Leitman (vleitman@yahoo.com) CYAN color misdefined; fixed. 27 Oct 2001; Brian Wellington (bwelling@xbill.org) A "quiet mode" (--quiet) fix; I missed an "echo". 27 Oct 2001; J.A. Neitzel (jan@belvento.org) Missed another "kill -9"; it's now gone. * keychain 1.7 (21 Oct 2001) 21 Oct 2001; Frederic Gobry (frederic.gobry@smartdata.ch) Frederic suggested using procmail's lockfile to serialize the execution of critical parts of keychain, thus avoiding multiple ssh-agent processes being started if you happen to have multiple xterms open automatically when you log in. Initially, I didn't think I could add this, since systems may not have the lockfile command; however, keychain will now auto-detect whether lockfile is installed; if it is, keychain will automatically use it, thus preventing multiple ssh-agent processes from being spawned. 21 Oct 2001; Raymond Wu (ursus@usa.net): --nocolor test is no longer inside the test for whether "echo -e" works. According to Raymond, this works optimally on his Solaris box. 21 Oct 2001; J.A. Neitzel (jan@belvento.org): No longer "kill -9" our ssh-agent processes. SIGTERM should be sufficient and will allow ssh-agent to clean up after itself (this reverses a previously-applied patch). 21 Oct 2001; Thomas Finneid (tfinneid@online.no): Added argument "--quiet | -q" to make the program less intrusive to the user; with it, only error and interactive messages will appear. 21 Oct 2001; Thomas Finneid (tfinneid@online.no): Changed the format of some arguments to bring them more in line with common *nix programs: added "-h" as alias for "--help"; added "-k" as alias for "--stop" 21 Oct 2001; Mark Stosberg (mark@summersault.com): $pidf to "$pidf" fixes to allow keychain to work with paths that include spaces (for Darwin and MacOS X in particular). 21 Oct 2001; Jonathan Wakely (redi@redi.uklinux.net): Small patch to convert "echo -n -e" to "echo -e "\c"" for FreeBSD compatibility. * keychain 1.6 (15 Oct 2001) 13 Oct 2001; Ralf Horstmann (ralf.horstmann@webwasher.com): Add /usr/ucb to path for Solaris systems. 11 Oct 2001; Idea from Joe Reid (jreid@vnet.net): Try to add multiple keys using ssh-add; avoid typing in identical passphrases more than once. Good idea! *keychain 1.5 (21 Sep 2001) 21 Sep 2001; David Hull (hull@paracel.com): misc. compatibility, signal handling, cleanup fixes 21 Sep 2001; "ps" test to find the right one for your OS. 20 Sep 2001; Marko Myllynen (myllynen@lut.fi): "grep [s]sh-agent" to "grep [s]sh-agent" (zsh fix) *keychain 1.4 (20 Sep 2001) 20 Sep 2001; David Hull (hull@paracel.com): "touch $foo" to ">$foo" optimization and other "don't fork" fixes. Converted ${foo#--} to a case statement for Solaris sh compatibility. 20 Sep 2001; Try an alternate "ps" syntax if our default one fails. This should give us Solaris and IRIX (sysV) compatibility without breaking BSD. 20 Sep 2001; Hans Peter Verne (h.p.verne@usit.uio.no); "echo -e" to "echo $E" (for IRIX compatibility with --nocolor), optimization of grep ("grep [s]sh-agent") 17 Sep 2001; Marko Myllynen (myllynen@lut.fi): Various fixes: trap signal 2 if signal INT not supported (NetBSD); handle invalid keys correctly; ancient version of ash didn't support ~, so using $HOME; correct zsh instruction; minor cleanups *keychain 1.3 (12 Sep 2001) 12 Sep 2001; Minor color changes; the cyan was hard to read on xterm-colored terms so it was switched to bold. Additional --help text added. 10 Sep 2001; We now use .ssh-agent-[hostname] instead of .ssh-agent. We now create a .ssh-agent-csh-[hostname] file that can be sourced by csh-compatible shells. We also now kill all our existing ssh-agent processes before starting a new one. 10 Sep 2001; Robert R. Wal (rrw@hell.pl): Very nice NFS fixes, colorization fixes, tcsh redirect -> grep -v fix. Thanks go out to others who sent me similar patches. 10 Sep 2001; Johann Visagie (johann@egenetics.com): "source" to "." shell-compatibility fixes. Thanks for the FreeBSD port. 10 Sep 2001; Marko Myllynen (myllynen@lut.fi): rm -f $pidf after stopping ssh-agent fix *keychain 1.2 09 Sep 2001; README updates to reflect new changes. 09 Sep 2001; Marko Myllynen (myllynen@lut.fi): bash 1/zsh/sh compatibility; now only tries to kill *your* ssh-agent processes, version fix, .ssh-agent file creation error detection. Thanks! *keychain 1.1; fixes for calling "pidof"; README; ChangeLog 07 Sep 2001; Addition of README stating that keychain requires bash 2.0 or greater, as well as quick install directions and web URL. 07 Sep 2001; Explicitly added /sbin and /usr/sbin to path, and then called "pidof". I think that this is a bit more robust. 06 Sep 2001; from John Ellson (ellson@lucent.com): "pidof" changed to "/sbin/pidof", since it's probably not in $PATH 06 Sep 2001; New ChangeLog! :) *keychain 1.0; initial release (Aug 2001)