I guess it's time for a status update. Lately, I've been working on two things with lsh, spki and xenofarm, which I'd like to talk a little about.
SPKI
Simple Public Key Infrastructure is a way of dealing with things like certificates, names, delegations, and acl:s, that actually makes some sense. Using spki for lsh is something I've wanted to do for a *long* time. At last I've written some new code, replacing the partial SPKI implementation that has been in lsh for a while. The new library is called "libspki", and there's a modest homepage at URL: http://www.lysator.liu.se/~nisse/libspki/.
This doesn't yet make any huge difference, it's still only acl:s that are supported. To do real certificates, I need to implement a few more functions in the library, and I need tools for creating and managing the certificates.
There are subtle differences to the key formats, and not so subtle changes to the known_hosts key file, to make it conform to the latest spki drafts. The latter file is replaced by a file .lsh/host-acls, that can contain acl:s in human readble syntax. I.e. instead of
; ACL for host sture.lysator.liu.se {KDM6YWNsKDU6ZW50cnkoMTA6cHVibGljLWtleSgzOmRzYSgxOnAxMjg61Vps+RYqS9vTchbmShwgG5PVatRTsTcLZOTRlxSejrfXqo8pws+v906e0DWs73fNG345SGEhHh5eEhvy0yzjuCGslKVUyYPE4o627985uTXs3yBUT1SuIXbxrEG6j7Fed6/i27pWEjo/2OD1Yn7iJWOvz/8bwoYYMsNLzcs4e6cpKDE6cTIwOqkGKsa47cbG9Cv/X5LPo9uZqxT7KSgxOmcxMjg6U3ZwwhJ5r1RTeeLaNHCREEHk8rTStn+krOsd4lprAsKmMM/6oC4HQ6sSw5LBuuNbGht55zql8MENFkLedCRzRsAwxhS/SV1TGXq8XocDkYSnDG0YiJIsgwRgl1KZBXQEksXUWT1ZieT+iVETVnBhawz//wfSHgTHHaFdEYMQYg0pKDE6eTEyODpO8Lfsfgdp9fDTNOuiaLXW2SHG2pSmnmXacuW/svIDca75LE9nnH+ojWAjwrkzV49hDDjVLZr1oNm0RKg+9melJekmcSw4DAmXwttEonoc8VKxeZ7oaWaeqFE/i95mihakIZ/7DTynkevLuu+6k5BQEhUxKATmK7n33WoyMkk6rCkpKSgzOnRhZygxMTpzc2gtaG9zdGtleTIwOnNlLmxpdS5seXNhdG9yLnN0dXJlKSkpKQ==}
one will have
(acl (entry (subject (public-key (dsa (p |ANVabPkWKkvb03IW5kocIBuT1WrUU7 E3C2Tk0ZcUno6316qPKcLPr/dOntA1 rO93zRt+OUhhIR4eXhIb8tMs47ghrJ SlVMmDxOKOtu/fObk17N8gVE9UriF2 8axBuo+xXnev4tu6VhI6P9jg9WJ+4i Vjr8//G8KGGDLDS83LOHun|) (q |AKkGKsa47cbG9Cv/X5LPo9uZqxT7|) (g |U3ZwwhJ5r1RTeeLaNHCREEHk8rTStn +krOsd4lprAsKmMM/6oC4HQ6sSw5LB uuNbGht55zql8MENFkLedCRzRsAwxh S/SV1TGXq8XocDkYSnDG0YiJIsgwRg l1KZBXQEksXUWT1ZieT+iVETVnBhaw z//wfSHgTHHaFdEYMQYg0=|) (y |TvC37H4HafXw0zTromi11tkhxtqUpp 5l2nLlv7LyA3Gu+SxPZ5x/qI1gI8K5 M1ePYQw41S2a9aDZtESoPvZnpSXpJn EsOAwJl8LbRKJ6HPFSsXme6GlmnqhR P4veZooWpCGf+w08p5Hry7rvupOQUB IVMSgE5iu5991qMjJJOqw=|)))) (tag (ssh-hostkey se.liu.lysator.sture))))
There's a script lsh-upgrade to help with the conversion. To reflect these changes and incompatibilities, the next "stable" release should probably be called lsh-2.0. I hope to get some more spki features by then. The point is that there should be a single key for a site, such as lysator.liu.se. That key can be used to sign all the host keys on the site, and then there's only a single key that the user need to fingerprint. And when that works, I'd like to hack spki support for user authentication as well.
XENOFARM
Xenofarm is a distributed build system aimed to find bugs and portability problems. A build package is created automatically soon after any change have been checked in. A build client fetches new packages, compiles and tests them, and then sends the result back to a central server that keeps track of all results. The web-page generation is not yet fully automated, but you can look at the temporary result page at URL: http://www.lysator.liu.se/~nisse/xeno-lsh/latest.html to get an idea of what it's about. As you can see, so far most or all of the build machines lack some of the prerequisites for an lsh build. I need to install gmp, liboop or both.
Setting up a xenofarm client is a good way to help get lsh properly tested on your favourite platform. You can either get xenofarm directly from it's cvs repository, or download a client package. See http://www.lysator.liu.se/xenofarm/download.xml. In the latter case, you also need the client configuration for lsh, <URL: http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/xenofarm/projects/lsh/lsh.cfg?....
Some other projects that you also can build with xenofarm are Pike and Python (two nice scripting languages) and lyskom-server, which is a pretty cool discussion group software.
Happy hacking, /Niels