- Addition of a "make clean" target. removal of runtests as it is currently
broken.
- New release process in Makefile and release.sh - keychain release tarball
will now contain pre-generated keychain, keychain.1 and keychain.spec so
that users do not need to run "make". Updated README.rst to refer to the
"source code" as a "release archive" since it contains both source code and
ready-to-go script and man page.
- GPG fix from Gentoo bug 203871; This fix will fix the issue with pinentry
starting in the background and not showing up in the terminal.
* keychain 2.7.0 (23 Oct 2009)
- lockfile() replacement from Parallels Inc. OpenVZ code, takelock() rewrite,
resulting in ~100 line code savings. Default lock timeout set to 5 seconds,
and now keychain will try to forcefully acquire the lock if the timeout
aborts, rather than simply failing and aborting.
- MacOS X/BSD improvements: fix sed call in Makefile for MacOS X and presumably
other *BSD environments. Rename COPYING to COPYING.txt + slight COPYING.txt
formatting change. Fixed POD errors (removed '=end').
- Disable "Identity added" messages when --quiet is specified.
(Gentoo bug #250328)
--help will print output to stdout (Gentoo bug #196060)
output cleanup and colorization changes - moving away from blue and over to
cyan as it displays better terminals with black background.
Also some additional colorization.
* keychain 2.6.9 (26 Jul 2009)
- Close Gentoo bug 222953 fix potential issues with GNU grep, Mac OS X color
fix when called with --eval.
- Perl 5.10 Makefile fix. Transition README to README.rst (reStructuredText).
Updated maintainership information.
Simplified default output
* keychain 2.6.8 (24 Oct 2006)
Save LC_ALL for gpg invocation so that pinentry-curses works. This affected
peper and kloeri, though it seems to work for me in any case.
* keychain 2.6.7 (24 Oct 2006)
Prevent gpg_listmissing from accidentally loading keys
* keychain 2.6.6 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Make --lockwait -1 mean forever. Previously 0 meant forever but was
undocumented. Add more locking regression tests #137981
* keychain 2.6.5 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Break out of loop when empty lockfile can't be removed #127471. Add locking
regression tests:
100_lock_stale 101_lock_held 102_lock_empty 103_lock_empty_cant_remove
* keychain 2.6.4 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Add validinherit function so that validity of SSH_AUTH_SOCK and friends can be
validated from startagent rather than up front. The advantage is that warning
messages aren't emitted unnecessarily when --inherit *-once.
Fix --eval for fish, and add new testcases:
053_start_with_--eval_ksh
054_start_with_--eval_fish
055_start_with_--eval_csh
* keychain 2.6.3 (07 Sep 2006)
07 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Support fish: http://roo.no-ip.org/fish/
Thanks to Ilkka Poutanen for the patch.
Add --confirm option and corresponding regression tests for Debian bug 296382.
Thanks to Liyang HU for the patch. Also add initialization for $ssh_timeout
which was being inherited from the environment and add regression tests for
--timeout
* keychain 2.6.1 (10 Oct 2005)
10 Oct 2005; Aron Griffis <agriffis@gentoo.org>:
Change "unset evalopt" to "evalopt=false" and run through *all* the regression
tests instead of just the new ones. *sigh*
* keychain 2.6.0 (10 Oct 2005)
10 Oct 2005; Aron Griffis <agriffis@gentoo.org>:
Add the --eval option which makes keychain startup easier. See the man-page
for examples. Get rid of the release notes from README, so now this file is
where changes are tracked.
Don't accidentally inherit a forwarded agent when
inheritwhich=local-once. Move the --stop warning after the version
splash.
Add inheritance support via --inherit. Add parameters to --stop for
more control. Change the default behavior of keychain to inherit if
there's no keychain agent running ("--inherit local-once"), and
refrain from killing other agents unless "--stop others" is
specified.
* keychain 2.3.4 (24 Jul 2004)
24 Jul 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug 28599 reported by Bruno Pelaia; ignore defunct processes in
ps output
* keychain 2.3.3 (30 Jun 2004)
30 Jun 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug reported by Matthew S. Moore in email; escape the backticks
in --help output
Fix bug reported by Herbie Ong in email; set pidf, cshpidf and lockf
variables after parsing command-line to honor --dir setting
Fix bug reported by Stephan Stahl in email; make spaces in filenames
work throughout keychain, even in pure Bourne shell
Fix operation on HP-UX with older OpenSSH by interpreting output of
ssh-add as well as the error status
* keychain 2.3.2 (16 Jun 2004)
16 Jun 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug 53837 (keychain needs ssh-askpass) by unsetting SSH_ASKPASS
when --nogui is specified
* keychain 2.3.1 (03 Jun 2004)
03 Jun 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug 52874: problems when the user is running csh
* keychain 2.3.0 (14 May 2004)
14 May 2004; Aron Griffis <agriffis@gentoo.org>;
Rewrite the locking code to avoid procmail
* keychain 2.2.2 (03 May 2004)
03 May 2004; Aron Griffis <agriffis@gentoo.org>;
Call loadagent prior to generating HOSTNAME-csh file so that
variables are set.
* keychain 2.2.1 (27 Apr 2004)
27 Apr 2004; Aron Griffis <agriffis@gentoo.org>;
Find running ssh-agent processes by searching for /[s]sh-agen/
instead of /[s]sh-agent/ for the sake of Solaris, which cuts off ps
-u output at 8 characters. Thanks to Clay England for reporting the
problem and testing the fix.
* keychain 2.2.0 (21 Apr 2004)
21 Apr 2004; Aron Griffis <agriffis@gentoo.org>;
Rewrote most of the code, organized into functions, fixed speed
issues involving ps, fixed compatibility issues for various UNIXes,
hopefully didn't introduce too many bugs. This version has a
--quick option (for me) and a --timeout option (for carpaski).
Also added a Makefile and converted the man-page to pod for easier
editing. See perlpod(1) for information on the format. Note that
the pod is sucked into keychain and colorized when you run make.
- Added keychain man page
- Fixed bugs with displaying colors for keychain --help
- Added a $grepopts to fix the grepping for a pid on cygwin
- Added a TODO document color fix based on submission by Luke Holden
NOTE: The .ssh-agent-* files are now in the ~/.keychain/ directory. Use
something like this in your dot files:
[ -r ${HOME}/.ssh-agent-`hostname` ] && . ${HOME}/.ssh-agent-`hostname`
[ -r ${HOME}/.keychain/`hostname`-sh ] && . ${HOME}/.keychain/`hostname`-sh
OK'd by martti and garbled.
Changelog:
04 Mar 2002; changed license from "GPL, v2 or later" to "GPL v2".
04 Mar 2002; added "keychain.cygwin" for Cygwin systems. It may be time to
follow this pattern and start building separate, optimized scripts for each
platform so they don't get too sluggish. Maybe I could use a C preprocessor
for this.
06 Dec 2001; several people: Solaris doesn't like '-e' comparisons; switched
to '-f'
* Added a "--local" option for removing the ${HOSTNAME} from the various
files that keychain creates. Handy for non-NFS users.
* Using the Bourne shell "type" builtin rather than using the external
"which" command. Should make things a lot more robust and slightly
faster.
* Solaris' "which" command outputs "no lockfile in..." to stdout rather
than stderr. A one-line fix (test the error condition) has been
applied.
* lockfile settings tweak
* If you stop making progress providing valid passphrases, it's three
strikes and you're out.
* Some private keys can't be "ssh-keygen -l -f"'d; this patch causes
keychain to look for the corresponding public key if the private
key doesn't work. Thanks Constantine!
* CYAN color misdefined; fixed.
* A "quiet mode" (--quiet) fix; I missed an "echo".
* Missed another "kill -9"; it's now gone.
* Use procmail's lockfile to serialize the execution of critical parts of
keychain, thus avoiding multiple ssh-agent processes being started if
you happen to have multiple xterms open automatically when you log in.
Keychain will now auto-detect whether lockfile is installed; if it is,
keychain will automatically use it
* No longer "kill -9" our ssh-agent processes
* Added argument "--quiet | -q"
* Added "-h" as alias for "--help", added "-k" as alias for "--stop"
* Add /usr/ucb to path for Solaris systems
* Try to add multiple keys using ssh-add; avoid typing in identical
passphrases more than once.
* Misc. compatibility, signal handling, cleanup fixes
* We now use .ssh-agent-[hostname] instead of .ssh-agent
* "source" to "." shell-compatibility fixes.
* "rm -f $pidf" after stopping ssh-agent fix
DESCR:
Keychain is a shell script which acts as user-friendly front-end to
ssh-agent(1), allowing you to have one long-running ssh-agent process per
system rather than per login session.
Please study the documentation on the keychain website carefully since
incorrect usage of this script may have certain security implementations.
