security/keychain: update to 2.9.2

vins · vins · commit a28fda99ea9b · 2025-05-03T16:08:16.000Z
# pkgsrc changes * Project's Makefile is now bmake compatible. Use it to generate script and man page at build stage. * Taking maintainership. # upstream changes (since release 2.8.5) ## keychain 2.9.2 (2 May 2025) This is primarily a bug fix release, but also introduces the new `--extended` option -- see below: * Deprecate `--confhost` option and replace with `--extended` option. The old `--confhost myhost` would now be `--extended host:myhost`. This also allows specifying SSH keys (`sshk:` prefix), GPG keys ( `gpgk:` prefix) and hosts (`host:` prefix) together without confusion. * Well, I became intimately familiar with `IFS` the hard way. Fix 2.9.1 bug [#159](danielrobbins/keychain#159) by reworking IFS settings and adding proper documentation to the right places. This fixes the `--timeout` option and also now allows `--stop` to work properly which was broken. * Improve `--agents` deprecation warning. * Have keychain properly adopt a currently-running gpg-agent providing ssh-agent functionality when `--ssh-use-gpg` is specified. * Explicitly clean up known-bad pidfiles during processing. * Deprecate `--confhost` option and replace with new `--extended` option. * Improve host-based key processing by using `ssh -G` to officially extract host-based keys. * Make `Makefile` BSD-compatible. ## keychain 2.9.1 (1 May 2025) This release fixes a major bug related to the `--eval` option with non-Bourne shells. * Fix `--eval` option so it works with non-Bourne shells ([#158](danielrobbins/keychain#158)). * Last-minute option change: replace `--ssh-wipe` and `--gpg-wipe` with `--wipe [ssh|gpg|all]`. * Deprecate `--attempts` option which doesn't work with gpg-agent pinentry nor modern OpenSSH. * More script rewriting -- default to IFS of newline in the script, totally rework SSH and GPG key adding code. * Remove undocumented and likely unused `--` option. * Script is now at a svelte 1049 lines of code. ## keychain 2.9.0 (30 Apr 2025) These release notes contain a summary of all changes, including cumulative changes in pre-releases: * A new release after 8 years, with Daniel Robbins (script creator) returning as maintainer. * 60% of the script has been rewritten, and is now compliant with [ShellCheck](https://shellcheck.net). * `--agents` and `--inherit` options have been deprecated to improve ease-of-use. * `gpg-agent` no longer started by default -- only when a GPG key has been provided on the command-line. GnuPG 2.1+ supported. * GnuPG pidfiles with `-gpg` extension are deprecated and no longer used. * Better GnuPG integration: `gpg-agent` can be used for SSH key storage. This can be enabled by specifying one of the new `--ssh-allow-gpg` and `--ssh-spawn-gpg` options. Agent information for `gpg-agent`'s SSH socket will be stored in the regular pidfile for compatibility. * Add `--ssh-rm`, `--ssh-wipe`, `--gpg-wipe` options for removing/wiping SSH and GPG keys. This addresses GitHub Issue [#153](danielrobbins/keychain#153). * `--clear` option is now designed to be used for "initial clearing" of keys only. * Many user interface output improvements, to provide additional detail. * `--debug` option which can be used to troubleshoot issues with keychain. * Manual page significantly improved: New section on invocation, as well as documentation of the startup and agent detection algorithm. * Addition of `--ssh-agent-socket` option to manually specify desired path of the ssh-agent socket when starting. * Addition of `--confallhosts` to load identity files for all hosts. * Various bug fixes and improvements. * Script size reduced from 1500 to 1133 lines.
diff --git a/security/keychain/DESCR b/security/keychain/DESCR
@@ -1,6 +1,7 @@
-Keychain is a shell script which acts as user-friendly front-end to
-ssh-agent(1), allowing you to have one long-running ssh-agent process per
-system rather than per login session.
-
-Please study the documentation on the keychain website carefully since
-incorrect usage of this script may have certain security implications.
+Keychain helps you to manage SSH and GPG keys in a convenient and secure
+manner. It acts as a frontend to ssh-agent and ssh-add, but allows you
+to easily have one long running ssh-agent process per system, rather
+than the norm of one ssh-agent per login session. Keychain also makes
+it easy for remote cron jobs to securely "hook in" to a long-running
+ssh-agent process, allowing your scripts to take advantage of key-based
+logins.
diff --git a/security/keychain/Makefile b/security/keychain/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.40 2018/04/18 19:25:27 kamil Exp $
+# $NetBSD: Makefile,v 1.41 2025/05/03 16:08:16 vins Exp $
 
-DISTNAME=	keychain-2.8.5
+DISTNAME=	keychain-2.9.2
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=funtoo/}
 
-MAINTAINER=	pkgsrc-users@NetBSD.org
+MAINTAINER=	vins@NetBSD.org
 HOMEPAGE=	https://www.funtoo.org/Keychain
 COMMENT=	Nice ssh-agent front-end
 LICENSE=	gnu-gpl-v2
@@ -13,15 +13,15 @@ LICENSE=	gnu-gpl-v2
 DEPENDS+=	openssh-[0-9]*:../../security/openssh
 .endif
 
-NO_BUILD=	yes
+USE_TOOLS+=	groff perl:build pod2man
 
 INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1 share/doc/${PKGBASE}
 
 do-install:
-	${INSTALL_SCRIPT} ${WRKSRC}/keychain ${DESTDIR}${PREFIX}/bin
-	${INSTALL_MAN} ${WRKSRC}/keychain.1 \
+	${INSTALL_SCRIPT} ${WRKSRC}/keychain ${DESTDIR}${PREFIX}/bin/keychain
+	${INSTALL_MAN} ${WRKSRC}/keychain.1	\
 		${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
-	${INSTALL_DATA} ${WRKSRC}/README.md \
+	${INSTALL_DATA} ${WRKSRC}/README.md	\
 		${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
 
 .include "../../mk/bsd.pkg.mk"
diff --git a/security/keychain/distinfo b/security/keychain/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.26 2021/10/26 11:17:11 nia Exp $
+$NetBSD: distinfo,v 1.27 2025/05/03 16:08:16 vins Exp $
 
-BLAKE2s (keychain-2.8.5.tar.gz) = 4f9c4c8c1b935d5fa2a739cadf16343fffda62d3fd3919cd8f1ca325ab1ca1ce
-SHA512 (keychain-2.8.5.tar.gz) = 2b98a9937b058267150d62d4f95653c4bbab6117a0774ac266abf95020c41905412b1522a82abf71722f25f6af31ba3498f6d54622009498c845802bf2df6024
-Size (keychain-2.8.5.tar.gz) = 66446 bytes
+BLAKE2s (keychain-2.9.2.tar.gz) = 29f3179b43e128641b730bc6bd0338b34de6381a3c2f69ccf34180f8e3b94b06
+SHA512 (keychain-2.9.2.tar.gz) = 1b4aa06037cb3f89f4cfa6a4c1a1104ca6a757175a636043b7fb4776773a81f20b38b058b86618b8e6b89cf7c61af86e6441da70ed92b0c18d31fb50b3dd8a96
+Size (keychain-2.9.2.tar.gz) = 41401 bytes
