Merge commit 'dkg/master'

5 files changed, 27 insertions, 38 deletions

diff --git a/debian/changelog b/debian/changelog
index 9aa2b0a..4db311e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,10 @@ monkeysphere (0.17-1) experimental; urgency=low
 
   * Fix some bugs in, and cleanup, authorized_keys file creation in
     monkeysphere-server update-users.
+  * Move to using the empty string for not adding a user-controlled
+    authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
 
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Sun, 26 Oct 2008 21:49:17 -0400
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Mon, 27 Oct 2008 07:39:10 -0400
 
 monkeysphere (0.16-1) experimental; urgency=low
 
diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf
index adbac7e..b69420a 100644
--- a/etc/monkeysphere-server.conf
+++ b/etc/monkeysphere-server.conf
@@ -1,29 +1,28 @@
-# MonkeySphere server configuration file.
+# Monkeysphere server configuration file.
 
 # This is an sh-style shell configuration file.  Variable names should
-# be separated from their assignements by a single '=' and no spaces.
-# Environement variables with the same names as these variables but
-# prefeced by "MONKEYSPHERE_" will take precedence over the values
+# be separated from their assignments by a single '=' and no spaces.
+# Environment variables with the same names as these variables but
+# prefaced by "MONKEYSPHERE_" will take precedence over the values
 # specified here.
 
 # User who controls the monkeysphere authentication keyring.
 #MONKEYSPHERE_USER=monkeysphere
 
-# Log level.  Can be SILENT, ERROR, INFO, DEBUG, in increasing order
-# of verbosity.
+# Log level.  Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+# increasing order of verbosity.
 #LOG_LEVEL=INFO
 
 # Path to authorized_user_ids file to process to create
 # authorized_keys file.  '%h' will be replaced by the home directory
-# of the user, and %u will be replaced by the username of the user.
+# of the user, and '%u' will be replaced by the username of the user.
 # For purely admin-controlled authorized_user_ids, you might put them
-# in /etc/monkeysphere/authorized_user_ids/%u
+# in /etc/monkeysphere/authorized_user_ids/%u, for instance.
 #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids"
 
-# Whether to add user controlled authorized_keys file to
-# monkeysphere-generated authorized_keys file.  Should be path to file
-# where '%h' will be replaced by the home directory of the user or
-# '%u' by the username.  To not add any user-controlled file, put "-"
-# FIXME: this usage of "-" contravenes the normal convention where "-"
-# means standard in/out.  Why not use "none" or "" instead?
+# Path to a user controlled authorized_keys file to be added to the
+# monkeysphere-generated authorized_keys file.  '%h' will be replaced
+# by the home directory of the user, and '%u' will by replaced by the
+# username of the user.  To not add any user-controlled file set this
+# variable to be the empty string, "".
 #RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index a45fff0..2f0b877 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -1,13 +1,13 @@
-# MonkeySphere system-wide client configuration file.
+# Monkeysphere system-wide client configuration file.
 
 # This is an sh-style shell configuration file.  Variable names should
-# be separated from their assignements by a single '=' and no spaces.
-# Environement variables with the same names as these variables but
-# prefeced by "MONKEYSPHERE_" will take precedence over the values
+# be separated from their assignments by a single '=' and no spaces.
+# Environment variables with the same names as these variables but
+# prefaced by "MONKEYSPHERE_" will take precedence over the values
 # specified here.
 
-# Log level.  Can be SILENT, ERROR, INFO, DEBUG, in increasing order
-# of verbosity.
+# Log level.  Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+# increasing order of verbosity.
 #LOG_LEVEL=INFO
 
 # GPG home directory.  If not specified either here or in the
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index fb71081..6ca6a4f 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -220,7 +220,7 @@ update_users() {
 	# add user-controlled authorized_keys file if specified
 	# translate ssh-style path variables
 	rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS")
-	if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then
+	if [ "$rawAuthorizedKeys" -a -s "$rawAuthorizedKeys" ] ; then
 	    # check permissions on the authorized_keys file path
 	    if check_key_file_permissions "$uname" "$rawAuthorizedKeys" ; then
 		log verbose "adding raw authorized_keys file... "
diff --git a/website/download.mdwn b/website/download.mdwn
index ae8ad9a..32ba9b7 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -18,26 +18,14 @@ verify the packages, you'll want to [add this key to your apt
 configuration after verifying its
 integrity](http://wiki.debian.org/SecureApt).
 
+To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will
+also need [version 2.6 of GnuTLS](/news/gnutls-2.6-enables-monkeysphere),
+which is available in Debian experimental.
+
 Once you've installed the packages, you might want to read up on how
 to get started [as a regular user](/getting-started-user) or [as a
 systems administrator](/getting-started-admin).
 
-## Enhancements ##
-
-As of 2008-08-22, If you run debian lenny you're very close to being
-able to run a fully monkeysphere-enabled system.  One gap in the
-system is that lenny's GnuTLS can't support the `monkeysphere
-subkey-to-ssh-agent` subcommand.
-
-You can install a patched version of GnuTLS to enable this feature of
-the Monkeysphere by adjusting the monkeysphere `sources.list` lines to
-include the `gnutls` component.  So they'd look like this instead:
-
-	deb http://archive.monkeysphere.info/debian experimental monkeysphere gnutls
-	deb-src http://archive.monkeysphere.info/debian experimental monkeysphere gnutls
-
-You can [read more about this offering](/news/modified-gnutls-2.4.x-available).
-
 ## Source ##
 
 For people who can't use the debian package, or folks who just want to