summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-08-18 08:47:50 -0700
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-08-18 08:47:50 -0700
commitd7d179a481d549a600e44d24d19df219ed497cfd (patch)
tree07945218020c103ffed243d230aa24667e37b71a
parent72a88981d0fbabb60b6094b43fb6e87b141e8b15 (diff)
parent26ad8fe480056709dacf9e06e8151de167a908ab (diff)
Merge commit 'dkg/master'
-rw-r--r--man/man1/monkeysphere.114
-rwxr-xr-xsrc/monkeysphere4
-rwxr-xr-xsrc/monkeysphere-server2
-rw-r--r--website/bugs/add-man-pages-to-website.mdwn12
-rw-r--r--website/bugs/install-seckey2sshagent-in-usr-bin.mdwn16
-rw-r--r--website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn12
-rw-r--r--website/index.mdwn2
-rw-r--r--website/why.mdwn4
8 files changed, 54 insertions, 12 deletions
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index fe4fd36..db35a38 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -52,12 +52,14 @@ ID, 1 if no matching keys were found at all, and 2 if matching keys
were found but none were acceptable. `a' may be used in place of
`update-authorized_keys'.
.TP
-.B gen-subkey KEYID
-Generate an authentication subkey. For the primary key with the
-specified key ID, generate a subkey with "authentication" capability
-that can be used for monkeysphere transactions. An expiration length
-can be specified with the `-e' or `--expire' option (prompt
-otherwise). `g' may be used in place of `gen-subkey'.
+.B gen-subkey [KEYID]
+Generate an authentication subkey for a private key in your GnuPG
+keyring. For the primary key with the specified key ID, generate a
+subkey with "authentication" capability that can be used for
+monkeysphere transactions. An expiration length can be specified with
+the `-e' or `--expire' option (prompt otherwise). If no key ID is
+specified, but only one key exists in the secret keyring, that key
+will be used. `g' may be used in place of `gen-subkey'.
.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
diff --git a/src/monkeysphere b/src/monkeysphere
index f959a38..303dc8d 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -39,7 +39,7 @@ MonkeySphere client tool.
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
update-authorized_keys (a) update authorized_keys file
- gen-subkey (g) KEYID generate an 'a' capable subkey
+ gen-subkey (g) [KEYID] generate an authentication subkey
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
help (h,?) this help
@@ -288,7 +288,7 @@ case $COMMAND in
gen_subkey "$@"
;;
- 'help'|'h'|'?')
+ '--help'|'help'|'-h'|'h'|'?')
usage
;;
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index fcd3114..6754b23 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -493,7 +493,7 @@ EOF
show_server_key
- echo "NOTE: User ID revoked, but revokation not published."
+ echo "NOTE: User ID revoked, but revocation not published."
echo "Run '$PGRM publish-key' to publish the revocation."
else
failure "Problem revoking user ID."
diff --git a/website/bugs/add-man-pages-to-website.mdwn b/website/bugs/add-man-pages-to-website.mdwn
new file mode 100644
index 0000000..4a8d2e2
--- /dev/null
+++ b/website/bugs/add-man-pages-to-website.mdwn
@@ -0,0 +1,12 @@
+[[meta title="Add man pages to web site"]]
+
+We should publish the various monkeysphere man pages in browsable form
+somewhere under http://monkeysphere.info/. Ideally, this would be
+updated automatically from the sources for the official man pages
+themselves.
+
+This strikes me as an ikiwiki subproject (implementing a man2html wiki
+compilation language perhaps?).
+
+Interestingly, [ikiwiki's own man page](http://ikiwiki.info/usage/)
+appears to be written in markdown and then converted to nroff.
diff --git a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn
index 5b19b13..0163727 100644
--- a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn
+++ b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn
@@ -25,3 +25,19 @@ part about verifying you to a server. Then it could say: if you're really
interested, you can run this hacky script but we make no guarantees.
-- Sir Jam Jam
+
+---
+
+I just realized that i think i can test for the presence of [GNU-dummy
+support in
+GnuTLS](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html),
+which means that we can cleanly test whether the proposed [handling of
+passphrase-locked secret
+keys](bugs/handle-passphrase-locked-secret-keys/) is functional. With
+that in mind, I'd like to propose that we could resolve this bug
+simply by adding a new subcommand: `monkeysphere authkey-to-agent`,
+which would fail in the absence of a functionally-patched GnuTLS.
+
+Would this proposal be sufficient to resolve this bug?
+
+--dkg
diff --git a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn
index 965f198..028c8f9 100644
--- a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn
+++ b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn
@@ -20,3 +20,15 @@ at least, would be for silent output to be the default and have a -v/--verbose
option to get the output. Or - maybe these should be environmental variables?
In any event - someway to suppress informational output would be a useful
improvement.
+
+------
+
+I'd be fine with silent mode as a default, with a more verbose mode
+accessible to the user who desires it.
+
+I'd prefer an environment variable (e.g. `MONKEYSPHERE_VERBOSE` or
+`MONKEYSPHERE_DEBUG`) over a command-line (e.g. `--verbose`) option,
+personally. It's more in keeping with the model we've used in general
+so far.
+
+--dkg
diff --git a/website/index.mdwn b/website/index.mdwn
index 495d963..6583e18 100644
--- a/website/index.mdwn
+++ b/website/index.mdwn
@@ -9,7 +9,7 @@ yourself and the servers you administer or connect to. OpenPGP keys
are tracked via GnuPG, and managed in the `known_hosts` and
`authorized_keys` files used by OpenSSH for connection authentication.
-[why you should be interested](/why) | [[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
+[why?](/why) | [[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
## Conceptual overview ##
diff --git a/website/why.mdwn b/website/why.mdwn
index 7f69614..3f6aa7c 100644
--- a/website/why.mdwn
+++ b/website/why.mdwn
@@ -36,8 +36,8 @@ you keep them from getting the big scary warning messages?
Have you ever wanted to allow a colleague key-based access to a
machine, *without* needing to have a copy of their public key on hand?
-Have you ever wanted to be able to revoke the ability of a key to
-authenticate across the entire infrastructure you manage, without
+Have you ever wanted to be able to revoke the ability of a user's key
+to authenticate across the entire infrastructure you manage, without
touching each host by hand?
## What's the connection? ##