fix *all* install paths, including in man pages and transition scripts

3 files changed, 21 insertions, 20 deletions

diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 91a9b1c..1f174f1 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -188,7 +188,7 @@ ssh agent with subkey-to-ssh-agent.
 ~/.monkeysphere/monkeysphere.conf
 User monkeysphere config file.
 .TP
-/etc/monkeysphere/monkeysphere.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere.conf
 System-wide monkeysphere config file.
 .TP
 ~/.monkeysphere/authorized_user_ids
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index e9e24b0..5dfa92a 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -136,7 +136,7 @@ user authentication, the AuthorizedKeysFile parameter must be set in
 the sshd_config to point to the monkeysphere\-generated
 authorized_keys files:
 
-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+AuthorizedKeysFile __SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/%u
 
 It is recommended to add "monkeysphere\-authentication update\-users"
 to a system crontab, so that user keys are kept up-to-date, and key
@@ -179,18 +179,18 @@ false may expose users to abuse by other users on the system. (true)
 .SH FILES
 
 .TP
-/etc/monkeysphere/monkeysphere\-authentication.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication.conf
 System monkeysphere-authentication config file.
 .TP
-/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
 If monkeysphere-authentication is configured to query an hkps
 keyserver, it will use X.509 Certificate Authority certificates in
 this file to validate any X.509 certificates used by the keyserver.
 If the monkeysphere-authentication-x509 file is present, the
 monkeysphere-x509 file will be ignored.
 .TP
-/var/lib/monkeysphere/authorized_keys/USER
+__SYSDATADIR_PREFIX__/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
 .TP
 ~/.monkeysphere/authorized_user_ids
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index f3e0d43..4d96901 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -118,10 +118,10 @@ publication is not done by default.  The first step is to import the
 host's ssh key into a monkeysphere\-style OpenPGP certificate.  This
 is done with the import\-key command.  For example:
 
-# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key ssh://host.example.org
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key ssh://host.example.org
 
 On most systems, sshd's RSA secret key is stored at
-/etc/ssh/ssh_host_rsa_key.
+__SYSCONFDIR_PREFIX__/etc/ssh/ssh_host_rsa_key.
 
 See PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES for
 how to make sure your users can verify the ssh service offered by your
@@ -137,18 +137,19 @@ PEM\-encoded).  The first step is to import the web server's key into
 a monkeysphere\-style OpenPGP certificate.  This is done with the
 import\-key command.  For example:
 
-# monkeysphere\-host import\-key /etc/ssl/private/host.example.net\-key.pem https://host.example.net
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/host.example.net\-key.pem https://host.example.net
 
 If you don't know where the web server's key is stored on your
 machine, consult the configuration files for your web server.
 Debian\-based systems using the `ssl\-cert' packages often have a
 default self\-signed certificate stored in
-`/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if you're using that key,
-your users are getting browser warnings about it.  You can keep using
-the same key, but help them use the OpenPGP WoT to verify that it does
-belong to your web server by using something like:
+`__SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key' ; if
+you're using that key, your users are getting browser warnings about
+it.  You can keep using the same key, but help them use the OpenPGP
+WoT to verify that it does belong to your web server by using
+something like:
 
-# monkeysphere\-host import\-key /etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
+# monkeysphere\-host import\-key __SYSCONFDIR_PREFIX__/etc/ssl/private/ssl\-cert\-snakeoil.key https://$(hostname \-\-fqdn)
 
 If you offer multiple HTTPS websites using the same secret key, you
 should add the additional website names with the `add\-servicename'
@@ -188,7 +189,7 @@ ssh) or without seeing a nasty "security warning" in their browsers
 
 Note that \fBmonkeysphere\-host\fP currently caches a copy of all
 imported secret keys (stored in OpenPGP form for future manipulation)
-in /var/lib/monkeysphere/host/secring.gpg.  Cleartext backups of this
+in __SYSDATADIR_PREFIX__/monkeysphere/host/secring.gpg.  Cleartext backups of this
 file could expose secret key material if not handled sensitively.
 
 .SH ENVIRONMENT
@@ -209,22 +210,22 @@ If set to `false', never prompt the user for confirmation. (true)
 .SH FILES
 
 .TP
-/etc/monkeysphere/monkeysphere\-host.conf
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host.conf
 System monkeysphere\-host config file.
 .TP
-/var/lib/monkeysphere/host_keys.pub.pgp
+__SYSDATADIR_PREFIX__/monkeysphere/host_keys.pub.pgp
 A world\-readable copy of the host's OpenPGP certificates in ASCII
 armored format.  This includes the certificates (including the public
 keys, servicename\-based User IDs, and most recent relevant
 self\-signatures) corresponding to every key used by
 Monkeysphere\-enabled services on the host.
 .TP
-/var/lib/monkeysphere/host/
+__SYSDATADIR_PREFIX__/monkeysphere/host/
 A locked directory (readable only by the superuser) containing copies
 of all imported secret keys (this is the host's GNUPGHOME directory).
 .TP
-/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
-/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
+__SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
 If monkeysphere-host is configured to query an hkps keyserver for
 publish-keys, it will use X.509 Certificate Authority certificates in
 this file to validate any X.509 certificates used by the keyserver.