Merge remote branch 'origin/master'

10 files changed, 131 insertions, 38 deletions

diff --git a/changelog b/Changelog
index e29cbaf..cac0386 100644
--- a/changelog
+++ b/Changelog
@@ -1,12 +1,22 @@
-monkeysphere (0.29~pre1) UNRELEASED; urgency=low
+monkeysphere (0.29) unstable; urgency=low
 
+  * This is mainly a bugfix release
   * Fix man page typo about monkeysphere authorized_keys location
   * Monkeysphere should work properly even if the user has "armor" in
     their gpg.conf (closes MS #1625)
   * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER
     environment variable (and defaults to true)
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 18 Feb 2010 12:38:43 -0500
+  * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes
+    MS #1436
+  * respect CHECK_KEYSERVER in more places (closes MS #1997)
+  * warn on keyserver failures for monkeysphere-authentication (closes MS
+    #1750)
+  * avoid checking trustdb for monkeysphere-host (closes MS #1957)
+  * allow monkeysphere-authentication to use hkps with trusted X.509 root
+    certificate authorities in
+    /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sun, 14 Mar 2010 21:00:47 -0400
 
 monkeysphere (0.28) unstable; urgency=low
 
diff --git a/Makefile b/Makefile
index 4b0c9e1..aeb5d9a 100755
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@
 # © 2008-2010 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 # Licensed under GPL v3 or later
 
-MONKEYSPHERE_VERSION = `head -n1 changelog | sed 's/.*(\([^-]*\)).*/\1/'`
+MONKEYSPHERE_VERSION = `head -n1 Changelog | sed 's/.*(\([^-]*\)).*/\1/'`
 
 # these defaults are for debian.  porters should probably adjust them
 # before calling make install
@@ -21,7 +21,7 @@ tarball: clean
 	rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
 	mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc
 	ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc
-	ln -s ../changelog ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION)
+	ln -s ../Changelog ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION)
 	echo Monkeysphere $(MONKEYSPHERE_VERSION) > monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION
 	echo -n "git revision " >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION
 	git rev-parse HEAD >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION
@@ -68,7 +68,7 @@ install: all installman
 	install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh
 	install -m 0644 src/share/ma/* $(DESTDIR)$(PREFIX)/share/monkeysphere/ma
 	install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
-	install changelog $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
+	install Changelog $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
 	install -m 0644 etc/monkeysphere.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere.conf$(ETCSUFFIX)
 	install -m 0644 etc/monkeysphere-host.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-host.conf$(ETCSUFFIX)
 	install -m 0644 etc/monkeysphere-authentication.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-authentication.conf$(ETCSUFFIX)
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 4d8eab6..25421ce 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -128,14 +128,13 @@ specify the full fingerprints of specific keys to add to the agent
 (space separated), instead of adding them all.  `s' may be used in
 place of `subkey\-to\-ssh\-agent'.
 .TP
-.B sshfpr KEYID
-Output the ssh fingerprint of a key in your gpg keyring. `f' may be
-used in place of `fingerprint'.
-.TP
 .B keys\-for\-userid USERID
-Output to stdout all acceptable keys for a given user ID literal.
+Output to stdout all acceptable keys for a given user ID.
 `u' may be used in place of `keys\-for\-userid'.
 .TP
+.B sshfprs\-for\-userid USERID
+Output the ssh fingerprints of acceptable keys for a given user ID.
+.TP
 .B version
 Show the monkeysphere version number.  `v' may be used in place of
 `version'.
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index d971ee6..eb5c441 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,4 +1,4 @@
-monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low
+monkeysphere (0.29-1) unstable; urgency=low
 
   [ Jameson Graef Rollins ]
   * New upstream release
@@ -10,7 +10,7 @@ monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low
     administrators and users can choose to start up a validation agent for
     each X session using monkeysphere.conf
 
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 12 Mar 2010 01:57:39 -0500
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sun, 14 Mar 2010 21:07:17 -0400
 
 monkeysphere (0.28-1) unstable; urgency=low
 
diff --git a/src/monkeysphere b/src/monkeysphere
index a763151..fe92960 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -48,9 +48,9 @@ subcommands:
  ssh-proxycommand HOST [PORT]        monkeysphere ssh ProxyCommand
    --no-connect                        do not make TCP connection to host
  subkey-to-ssh-agent (s)             store authentication subkey in ssh-agent
- sshfpr (f) KEYID                    output ssh fingerprint of gpg key
 
- keys-for-userid (u) USERID          output valid keys for user id literal
+ keys-for-userid (u) USERID          output valid keys for given user ids
+ sshfprs-for-userid USERID           output ssh fingerprints for given user ids
  gen-subkey (g) [KEYID]              generate an authentication subkey
    --length (-l) BITS                  key length in bits (2048)
 
@@ -68,7 +68,7 @@ gpg_user() {
 # output the ssh fingerprint of a gpg key
 gpg_ssh_fingerprint() {
     keyid="$1"
-    local tmpfile=$(mktemp)
+    local tmpfile=$(msmktempfile)
 
     # trap to remove tmp file if break
     trap "rm -f $tmpfile" EXIT
@@ -271,7 +271,8 @@ case $COMMAND in
 	subkey_to_ssh_agent "$@"
 	;;
 
-    'sshfpr'|'f')
+    'sshfpr')
+	echo "Warning: 'sshfpr' is deprecated.  Please use 'sshfprs-for-userid' instead." >&2
 	gpg_ssh_fingerprint "$@"
 	;;
 
@@ -280,8 +281,24 @@ case $COMMAND in
 	keys_for_userid "$@"
 	;;
 
+    'sshfprs-for-userid')
+	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
+        keytmpdir=$(msmktempdir)
+        # use a file named " " to avoid arbitrary non-whitespace text
+        # in the fingerprint output
+        keytmpfile="$keytmpdir/ "
+        cd "$keytmpdir"
+	keys_for_userid "$@" | while read KEYLINE ; do
+            printf '%s\n' "$KEYLINE" > "$keytmpdir/ "
+            ssh-keygen -l -f ' '
+        done
+        rm -f "$keytmpfile"
+        rmdir "$keytmpdir"
+	;;
+
     'keys-from-userid')
 	echo "Warning: 'keys-from-userid' is deprecated.  Please use 'keys-for-userid' instead." >&2
+	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
 	keys_for_userid "$@"
 	;;
 
diff --git a/utils/build-releasenote b/utils/build-releasenote
index cac0869..71891ff 100755
--- a/utils/build-releasenote
+++ b/utils/build-releasenote
@@ -8,11 +8,11 @@
 # Copyright: © 2008-2010
 # License: GPL, v3 or later
 
-VERSION=`head -n1 changelog | sed 's/.*(\([^)]*\)).*/\1/'`
+VERSION=`head -n1 Changelog | sed 's/.*(\([^)]*\)).*/\1/'`
 
 { 
     sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header
-    head -n$(( $(grep -n '^ --' changelog  | head -n1 | cut -f1 -d:) - 2 )) changelog | tail -n+3
+    head -n$(( $(grep -n '^ --' Changelog  | head -n1 | cut -f1 -d:) - 2 )) Changelog | tail -n+3
     sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer
 } > "website/news/release-$VERSION.mdwn"
 
diff --git a/utils/releasenote.header b/utils/releasenote.header
index cf08728..91fbcfc 100644
--- a/utils/releasenote.header
+++ b/utils/releasenote.header
@@ -1,4 +1,4 @@
-[[meta title="Monkeysphere __VERSION__ released!"]]
+[[!meta title="Monkeysphere __VERSION__ released!"]]
 
 Monkeysphere __VERSION__ has been released.  
 
diff --git a/website/download.mdwn b/website/download.mdwn
index 119c42a..7ffa8ed 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -7,6 +7,21 @@ page](/doc) to read up on how to get started [as a regular
 user](/getting-started-user) or [as a systems
 administrator](/getting-started-admin).
 
+# Installing the Firefox/Iceweasel add-on #
+
+To use the Monkeysphere for website validation, you will need the
+Firefox/Iceweasel add-on, the monkeysphere package and the
+validation agent.
+
+[Download and install the Firefox/Iceweasel
+add-on](http://archive.monkeysphere.info/xul-ext/monkeysphere.xpi)
+
+Once you have installed the add-on, you will need to restart your
+browser, and then proceed to install the monkeysphere package and
+validation agent below.
+
+# Installing the Monkeysphere package and validation agent #
+
 ## Dependencies ##
 
 Monkeysphere relies on:
@@ -28,6 +43,13 @@ version as follows:
 If you are running Debian stable, you can get the monkeysphere package
 from [backports.org](http://backports.org/dokuwiki/doku.php?id=instructions)
 
+To get started using the Monkeysphere for website validation, you will
+need to install the Monkeysphere Validation Agent. Currently the perl
+version of the agent is available in Debian sid, or directly from our
+APT repository (see below):
+
+    aptitude install msva-perl
+
 ## Debian derivatives (including Ubuntu) ##
 
 You can also install the Monkeysphere directly from the Monkeysphere
@@ -86,38 +108,38 @@ For those that would like to download the source directly, [the source
 is available](/community) via [git](http://git.or.cz/).
 
 The [latest
-tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.28.orig.tar.gz)
+tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.29.orig.tar.gz)
 is also available, and has these checksums:
 
 <pre>
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-checksums for the monkeysphere 0.28 release:
+checksums for the monkeysphere 0.29 release:
 
 MD5:
-b66f671ec48725a0eb55de7de4d7ce6d  monkeysphere_0.28.orig.tar.gz
+009e26cc77d38e25697cdea06eecd5ab  monkeysphere_0.29.orig.tar.gz
 
 SHA1:
-ead634e0ea0a795e8a96812b7397d318a4be54b0  monkeysphere_0.28.orig.tar.gz
+db1074d6c5f424859ddec31cff0a0b6214789f16  monkeysphere_0.29.orig.tar.gz
 
 SHA256:
-b463577d36d6e8f5eb698d8e3c75d27bcfb3f928628c128f5d342e8a83bef6f2  monkeysphere_0.28.orig.tar.gz
+0e3c683b7d8a07e6ceae80cb0d3acf647c3f8c74cbaab527f73608dcdd1b01fb  monkeysphere_0.29.orig.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
-iQIVAwUBS1YAyBjmZ/HrivMUAQqbBBAAqhnDfDZukFUDEN6Y164o/AXMtBO20KUg
-GyrgjgJElQJC2oz9OooNJ60iPSOz/G+Wu5lSMnRqdKU8x50F7ogYE1Gnd+8J3c2G
-1ciDQbLrR7pE2jua7xyfA+SQgg3bSgSN/7Jl61+OosQpcI/WnJvOQWKA6TI+iRGC
-B4g87ZRSRUAVZoFDRY0lBINP70+riGrYm8b2tgp7FbpgVBtUFL8gsmxnPZ7cGYF2
-yTwg9ZCAlDQ6LIZ7DAwb2lUAtAHtlLfAhulr3qLW2SNc95vcJ7Ss7CjgIuCL8qTe
-2zX2fysG7Hgbi0G0GNjv+yomOFlRGWC1Gf3pv0Clmy7cVgIgcP61nE3djFSYa9vk
-k7cKtppNEzoleEjz+dMIOezcXCdLO2g+sQfpaYU5acRp95ouCaXYINS8DYDkaKwj
-Wjra6BSCbClzZYblOJIlCmK4JJPE4EB8NShL/VXSwV8uvtNniGNpGHeHqaKvbT+Y
-RYlCzL+/Ruyv1dQbtiBtErB8yP+psheoQYk6lU7nNy+MTH+R/xXrbHxptSDRQwru
-O1hbfONnEK6JfdVQI4zEBuBz8NVuZPPQqqy1mxLSWMxWKz4GtNbTXOR1tRFVqlxk
-eCTYdhhyIz7gu8EUwvTLZoqKOB6kQWS1ygycFRi/g+DOOXuSpazF5XmutF6HpJx1
-1nK2WBl5loE=
-=164p
+iQIVAwUBS52/UhjmZ/HrivMUAQr98g/7B+6CCN9vrJFNZp2KX+jTcxBLRxY/2cJp
+fIjtaNzoyr86Q6gXzsgavB6E+olqhM3YR2gy6Z+fzNe8CdI74ikFCb0b8JpbzU6a
+F5et7RqQ/pkQrCawrVPTZnompqfJrWBPYZU5is85SJgX4jJrgUFrGbvTq2PsJDbC
+w9H8oOxELmCGYUAxRYGcQKdhQTBoRYz0a7/DzKt4sQHYbNblO1T2YNuqBxn372Wp
+bd8xholyfO6EjCfoEJPee8Uf1sxE4nhsYFYIHsuckqLbcdoE8crAmjeDdDt+yVCO
+N35Y/SRKNbIe/Nj8NSwAobd8N2DWj1qBWtHbT8Mw5kyd65kRPnfTQII5W0/3m3rT
+DwcXGsMMfOsPEMtAYfmGOaIdEH9y2O7tmV1Om2CGx0AV9F9F3RnyNlYB6mfVaUVO
+fZOJuUU61FoGRYCb/R4DF0IdFUhy0yMgTgT5tAYGMFpHd5ZTYgzIAWrIbV7QhrHs
+9LgrnJYffScHjjsE6NjjvOZQe9RrI25ZLHZEMo/zhZEMMzdIne8IZUXvz68v1wN9
+mLcGRMG8B1CT4gXyi1uy1he7Zw0Hmz2Kbq619alRmyV8CqNhNrvMQicRqklKvcuW
+mwKQx+bOxpwZgW4/46EDHJ4nUOaGjVXIwoDdisvKU5jDIMZBXB4lLJtPNFFsv18D
+AxOLE3KlzF0=
+=372c
 -----END PGP SIGNATURE-----
 </pre>
diff --git a/website/news/msva-perl-0.2.mdwn b/website/news/msva-perl-0.2.mdwn
new file mode 100644
index 0000000..cb01bb8
--- /dev/null
+++ b/website/news/msva-perl-0.2.mdwn
@@ -0,0 +1,20 @@
+[[!meta title="Monkeysphere Validation Agent (Perl) 0.2 released!"]]
+
+Version 0.2 of the Perl implementation of the Monkeysphere Validation
+Agent has been released.
+
+Notes from the changelog:
+
+<pre>
+  * can now be invoked with a sub-command; will run until subcommand
+    completes, and then terminate with the same return code (this is
+    similar to the ssh-agent technique, and enables inclusion in
+    Xsession.d; see monkeysphere 0.29 package for automatic startup).
+  * chooses arbitrary open port by default (can still be specified with
+    MSVA_PORT environment variable)
+  * minimized logging spew by default.
+  * now shipping README.schema (notes about possible future MSVA
+    implementations)
+  * cleanup Makefile and distribution strategies.
+</pre>
+
diff --git a/website/news/release-0.29.mdwn b/website/news/release-0.29.mdwn
new file mode 100644
index 0000000..e113614
--- /dev/null
+++ b/website/news/release-0.29.mdwn
@@ -0,0 +1,25 @@
+[[!meta title="Monkeysphere 0.29 released!"]]
+
+Monkeysphere 0.29 has been released.  
+
+Notes from the changelog:
+
+<pre>
+  * This is mainly a bugfix release
+  * Fix man page typo about monkeysphere authorized_keys location
+  * Monkeysphere should work properly even if the user has "armor" in
+    their gpg.conf (closes MS #1625)
+  * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER
+    environment variable (and defaults to true)
+  * introduce monkeysphere sshfprs-for-userid (deprecates sshfpr), closes
+    MS #1436
+  * respect CHECK_KEYSERVER in more places (closes MS #1997)
+  * warn on keyserver failures for monkeysphere-authentication (closes MS
+    #1750)
+  * avoid checking trustdb for monkeysphere-host (closes MS #1957)
+  * allow monkeysphere-authentication to use hkps with trusted X.509 root
+    certificate authorities in
+    /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt
+</pre>
+
+[[Download]] it now!