From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <272f30affaea63d326103dc12299cace@plan9.bell-labs.com> To: 9fans@cse.psu.edu From: "Russ Cox" MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: [9fans] backwards-incompatible changes Date: Tue, 25 Mar 2003 16:58:45 -0500 Topicbox-Message-UUID: 8401902a-eacb-11e9-9e20-41e7f4b1d025 There are two backwards incompatible changes that will appear on sources tomorrow. If you prepare for them, nothing will break when you do the pull. First, namespace files now have a `.' syntax to include other files. /lib/namespace will include /lib/namespace.$sysname. Thus, namespace.$sysname will become additions to the default name space rather than replacing it. To prepare for this change, add the line ``clear'' to the top of any namespace.$sysname files you have. The old code will ignore it, and the new code will do rfork(RFCNAMEG) when it sees it. Once you are running the new code everywhere, you can trim your namespace.$sysname files considerably. Second, the handling of rsa keys is redone. The new tools are already out -- see rsa(8). There will be a new ssh client that looks for keys identified by proto=rsa service=ssh rather than proto=sshrsa If you put both tags on the key, that will work with either ssh. Once you've switched, you can remove the proto=sshrsa tag. There will be a new sshserve that uses factotum to hold the host key, identified by proto=rsa service=sshserve You can convert with awk '{ printf("key proto=rsa service=sshserve owner=* "); printf("size=%s ek=%s !dk=%s n=%s !p=%s !q=%s !kp=%s !kq=%s !c2=%s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9); }' /sys/lib/ssh/hostkey.secret After the switch you can delete hostkey.secret. TLS will look for keys identified by proto=rsa service=tls rather than proto=sshrsa As with the ssh client, if you put both tags on the key, it will work with old and new. Also, and not an incompatibility, there is a new factotum that knows about an ``owner'' tag to specify who can use the key. owner=* means anyone, otherwise you give a list owner=rsc owner=presotto etc. This way, you can publish, in bootes's factotum, the SSH host key and TLS key, and then services using them can run as none. Summary: - add "clear" to the top of your namespace.$sysname files - add "proto=rsa service=ssh" to your ssh client keys - add your ssh host key to factotum - add "proto=rsa service=tls" to your tls server keys Russ