[9fans] ipso(1) patch

[9fans] ipso(1) patch

[Nils M Holm]

I just put my passwords in a secstore and got the following message
when running ipso:

can't dial tcp!$auth!5356
secstore authentication failed
secstore read failed - bad password?

After adding '-s $auth' to the auth/secstore invocation in /rc/bin/ipso,
everything works fine. However, I guess that ipso is supposed to run
fine without this modification. Am I missing something?

Anyway, while looking at ipso, I thought that an option to just fetch
the factotum keys without displaying them would be nice. So I added the
'-q' flag which does this.

BTW, is there any common format for supplying patches for Plan 9?
I guess that using diff(1) would cause trouble when patching an
already-patched file, since it uses absolute line numbers.

Below, there is a context diff containing my changes to ipso, in
case anyone is interested.

Nils.

----- ipso(1) -q cdiff -----
*** ipso.old	Sun Mar 14 14:31:31 2004
--- ipso	Sun Mar 14 14:34:36 2004
***************
*** 11,16 ****
--- 11,17 ----
  name = secstore
  get = secstoreget
  put = secstoreput
+ edit = yes
  
  fn secstoreget{
  	auth/secstore -i -g $1 <_password
***************
*** 50,57 ****
  		name = aescbc
  		get = aesget
  		put = aesput
  	case *
! 		echo >[2=1] 'usage: ipso [-s] [file ...]'
  		exit usage
  	}
  	shift
--- 51,60 ----
  		name = aescbc
  		get = aesget
  		put = aesput
+ 	case -q
+ 		edit = no
  	case *
! 		echo >[2=1] 'usage: ipso [-aqs] [file ...]'
  		exit usage
  	}
  	shift
***************
*** 68,74 ****
  bind -c /tmp /srv
  cd /tmp
  
! echo '
  	Warning: The editor will display the secret contents of
  	your '$name' files in the clear.
  '
--- 71,77 ----
  bind -c /tmp /srv
  cd /tmp
  
! if (~ $edit yes) echo '
  	Warning: The editor will display the secret contents of
  	your '$name' files in the clear.
  '
***************
*** 103,109 ****
  sleep 2; date > _timestamp	# so we can find which files have been edited.
  
  # edit the files
! $editor `{for(i in $files) basename $i}
  
  # copy the files back
  for(i in `{editedfiles}){
--- 106,113 ----
  sleep 2; date > _timestamp	# so we can find which files have been edited.
  
  # edit the files
! if (~ $edit yes) $editor `{for(i in $files) basename $i}
! if not if (~ factotum $files) read -m < factotum > /mnt/factotum/ctl
  
  # copy the files back
  for(i in `{editedfiles}){
-- 
Nils M Holm <nmh@t3x.org> -- http://www.t3x.org/nmh/

Re: [9fans] ipso(1) patch

[David Tolpin]

> BTW, is there any common format for supplying patches for Plan 9?
> I guess that using diff(1) would cause trouble when patching an
> already-patched file, since it uses absolute line numbers.
>
> Below, there is a context diff containing my changes to ipso, in
> case anyone is interested.

It has been recently discussed on the list, with the usual (for 9fans)
friendliness and clarity of instructions. 

A way that works is to use ape/patch -- so your context diff is OK.
ape/patch is Gnu patch 2.5.0.

The right way is to use patch(1), except that it does not work.

You must bind your /tmp (or another) directory before
/n/sources/patch because /n/sources/patch is not writable, then
roll the arcive created by patch and deliver it somehow to 'Plan
9 developers'. I wonder what the 'Plan 9 developers' use to
merge patches in, if they do that at all, since many patches
generated with diff are just posted to the list.

I think that a good solution that does not have 'gnu' in its name
is not yet available for Plan 9.

Re: [9fans] ipso(1) patch

[David Presotto]

If its small ( a few lines ) just email it to 9trouble as a diff
or content diff.  If its long, just bundle up the files somehow
(tar in a MIME attachment is fine) and email it to 9trouble.  I
have no idea what patch is, nor care.

Re: [9fans] ipso(1) patch

[David Presotto]

On Sun Mar 14 09:17:49 EST 2004, nmh@t3x.org wrote:
> 
> I just put my passwords in a secstore and got the following message
> when running ipso:
> 
> can't dial tcp!$auth!5356
> secstore authentication failed
> secstore read failed - bad password?
> 
> After adding '-s $auth' to the auth/secstore invocation in /rc/bin/ipso,
> everything works fine. However, I guess that ipso is supposed to run
> fine without this modification. Am I missing something?

I find this odd to say the least.  In secstore, the default for -s
is $auth.  Of course, if you didn't have $auth escaped (or quoted)
the shell probably expanded it and you just happen to have the right
server defined in your environment.

If that's the case, then ndb/cs doesn't know where your default auth server
is.  This will bite you in the backside some other time, so you should
fix it.  You can either configure it for your network in /lib/ndb/local,
get it from dhcp, or just cat it onto the end of /net/ndb once you've
done a dhcp.  To get it from dhcp you either have to be running a plan9
dhcp server or configure the response into the dhcp server you are
running.

> 
> Anyway, while looking at ipso, I thought that an option to just fetch
> the factotum keys without displaying them would be nice. So I added the
> '-q' flag which does this.
> 

Looking at your code, it looks like you mean, just load the factotum from
the secstore (or aes) file.  It seems to me that editing and loading factotum
are independent things.  Perhaps they should be separate options.  In general,
I'ld like to load my factotum from the new keys whenever I edit them.
Would anyone mind if I made that the default and added two options instead:

- one to NOT start the editor
- one to NOT load the files

That way the default behavior would be a little more than it currently is,
i.e., edit files and load factotum. 

Re: [9fans] ipso(1) patch

[boyd, rounin]

> I think that a good solution that does not have 'gnu' in its name
> is not yet available for Plan 9.

i reckon the wobber/prusker solution predates all this by 10+ years.

you could buy it off HP, maybe ...

Re: [9fans] ipso(1) patch

[boyd, rounin]

> have no idea what patch is, nor care.

another larry wall-ism.  nasty, when it breaks.

Re: [9fans] ipso(1) patch

[Nils M Holm]

On 2004-03-14, David Presotto wrote:
> If that's the case, then ndb/cs doesn't know where your default auth server
> is. [...][

That was it. After adding an auth attribute to my ipnet in
/lib/ndb/local, ipso works fine without the '-s $auth' modification.

> Looking at your code, it looks like you mean, just load the factotum from
> the secstore (or aes) file. [...]

Yes. Without my modification, I have to make a fake change to the
factotum file to make ipso load it. Since I run ipso each time I boot
my terminal, this started to annoy me.

To make editing and loading the factotum independent operations sounds
like a good idea to me. Where would I get the new version of ipso?

Nils.

-- 
Nils M Holm <nmh@t3x.org> -- http://www.t3x.org/nmh/