Merge commit 'dkg/master'

4 files changed, 26 insertions, 12 deletions

diff --git a/debian/changelog b/debian/changelog
index 22f698b..1711a69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
-monkeysphere (0.4-1) UNRELEASED; urgency=low
+monkeysphere (0.4-1) experimental; urgency=low
 
-  [Daniel Kahn Gillmor]
-  * New version (switch UNRELEASED to experimental when ready)
+  [ Daniel Kahn Gillmor ]
+  * New version.
+  * Fixed return code error in openpgp2ssh
 
   [ Jameson Graef Rollins ]
   * Privilege separation: use monkeysphere user to handle maintenance of
@@ -14,7 +15,7 @@ monkeysphere (0.4-1) UNRELEASED; urgency=low
   * Add write permission check on authorized_keys, known_hosts, and
     authorized_user_ids files.
 
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Thu, 10 Jul 2008 16:47:17 -0400
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>  Tue, 22 Jul 2008 21:50:17 -0400
 
 monkeysphere (0.3-1) experimental; urgency=low
 
diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index 79832a2..288d45f 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -54,10 +54,12 @@ place of `publish-key'.
 .TP
 .B add-identity-certifier KEYID
 Instruct system to trust user identity certifications made by KEYID.
-A certifier domain can be specified with the `-n' or `--domain'
-option.  A certifier trust level can be specified with the `-t' or
-`--trust' option (possible values are `1' for `marginal' and `2' for
-`full' (default is `2')).  A certifier trust depth can be specified
+Using the `-n' or `--domain' option allows you to indicate that you
+only trust the given KEYID to make identifications within a specific
+domain (e.g. "trust KEYID to certify user identities within the
+@example.org domain").  A certifier trust level can be specified with
+the `-t' or `--trust' option (possible values are `marginal' and
+`full' (default is `full')).  A certifier trust depth can be specified
 with the `-d' or `--depth' option (default is 1).  `a' may be used in
 place of `add-identity-certifier'.
 .TP
diff --git a/src/keytrans/openpgp2ssh.c b/src/keytrans/openpgp2ssh.c
index 5cc6cfa..36fb30a 100644
--- a/src/keytrans/openpgp2ssh.c
+++ b/src/keytrans/openpgp2ssh.c
@@ -491,6 +491,8 @@ int main(int argc, char* argv[]) {
       err(0,"Translating public key\n");
 
       ret = emit_public_openssh_from_pgp(&pgp_crt, fingerprint, fpr_size);
+      if (ret != 0) 
+	return ret;
       
     } else {
       /* we have no idea what kind of key this is at all anyway! */
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 6534fa1..4d7acc6 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -47,8 +47,8 @@ subcommands:
   publish-key (p)                       publish server's host key to keyserver
 
   add-identity-certifier (a) KEYID      import and tsign a certification key
-    -n|--domain DOMAIN                    domain of certifier ()
-    -t|--trust TRUST                      trust level of certifier (2)
+    -n|--domain DOMAIN                    limit ID certifications to IDs in DOMAIN ()
+    -t|--trust TRUST                      trust level of certifier (full)
     -d|--depth DEPTH                      trust depth for certifier (1)
   remove-identity-certifier (r) KEYID   remove a certification key
   list-identity-certifiers (l)          list certification keys
@@ -383,10 +383,11 @@ add_certifier() {
     local keyID
     local fingerprint
     local ltsignCommand
+    local trustval
 
     # set default values for trust depth and domain
     domain=
-    trust=2
+    trust=full
     depth=1
 
     # get options
@@ -450,12 +451,20 @@ add_certifier() {
     # export the key to the host keyring
     gpg_authentication "--export $keyID" | gpg_host --import
 
+    if [ "$trust" == marginal ]; then
+	trustval=1
+    elif [ "$trust" == full ]; then
+	trustval=2
+    else
+	failure "trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)"
+    fi
+
     # ltsign command
     # NOTE: *all* user IDs will be ltsigned
     ltsignCommand=$(cat <<EOF
 ltsign
 y
-$trust
+$trustval
 $depth
 $domain
 y