8 files changed, 226 insertions, 11 deletions
diff --git a/changelog b/changelog
index b9a9e21..4264fa4 120000
--- a/changelog
+++ b/changelog
@@ -1 +1 @@
-website/changelog
-\ No newline at end of file
+packaging/debian/changelog
+\ No newline at end of file
diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog
new file mode 100644
index 0000000..e833b1e
--- /dev/null
+++ b/doc/zimmerman/changelog
@@ -0,0 +1,19 @@
+******************************************************************************
+*                                                                            *
+*                       zimmerman system log                                 *
+*                                                                            *
+******************************************************************************
+*  Please add new entries in reverse chronological order whenever you make   *
+*  changes to this system (first command at top, last at bottom)             *
+******************************************************************************
+
+2008-11-15 - micah
+	* aptitude update && aptitude full-upgrade
+	* aptitude install sks
+	* cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \
+	  http://nynex.net/keydump/ -e robots=off
+	* install monkeysphere 0.21-2 package
+
+2008-11-15 - jamie
+  * aptitude install esmtp-run mailx
+	* edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 62f021e..3b7432b 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,3 +1,20 @@
+monkeysphere (0.22~pre-1) UNRELEASED; urgency=low
+
+  * New upstream release:
+  [ Jameson Rollins ]
+
+    - added info log output when a new key is added to known_hosts file.
+    - added some useful output to the ssh-proxycommand for "marginal"
+      cases where keys are found for host but do not have full validity.
+
+  [ Daniel Kahn Gillmor ]
+
+    - automatically output two copies of the host's public key: one
+    standard ssh public key file, and the other a minimal OpenPGP key with
+    just the latest valid self-sig.
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Sun, 16 Nov 2008 03:22:08 -0500
+
 monkeysphere (0.21-2) unstable; urgency=low
 
   * actually rmdir /var/lib/monkeysphere-* during prerm if possible.
diff --git a/src/common b/src/common
index 297e7f3..51b0470 100644
--- a/src/common
+++ b/src/common
@@ -639,7 +639,7 @@ process_user_id() {
 		;;
 	    'uid') # user ids
 		if [ "$lastKey" != pub ] ; then
-		    log verbose " - got a user ID after a sub key?!  user IDs should only follow primary keys!"
+		    log verbose " ! got a user ID after a sub key?!  user IDs should only follow primary keys!"
 		    continue
 		fi
 		# if an acceptable user ID was already found, skip
@@ -652,6 +652,8 @@ process_user_id() {
 		    if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
 			# mark user ID acceptable
 			uidOK=true
+		    else
+			log debug "  - unacceptable user ID validity ($validity)."
 		    fi
 		else
 		    continue
@@ -693,10 +695,12 @@ process_user_id() {
 		
 		# if sub key validity is not ok, skip
 		if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+		    log debug "  - unacceptable sub key validity ($validity)."
 		    continue
 		fi
 		# if sub key capability is not ok, skip
 		if ! check_capability "$usage" $requiredCapability ; then
+		    log debug "  - unacceptable sub key capability ($usage)."
 		    continue
 		fi
 
@@ -742,6 +746,7 @@ process_user_id() {
 process_host_known_hosts() {
     local host
     local userID
+    local noKey=
     local nKeys
     local nKeysOK
     local ok
@@ -768,8 +773,9 @@ process_host_known_hosts() {
             continue
         fi
 
-	# remove the old host key line, and note if removed
-	remove_line "$KNOWN_HOSTS" "$sshKey"
+	# remove any old host key line, and note if removed nothing is
+	# removed
+	remove_line "$KNOWN_HOSTS" "$sshKey" || noKey=true
 
 	# if key OK, add new host line
 	if [ "$ok" -eq '0' ] ; then
@@ -788,6 +794,11 @@ process_host_known_hosts() {
 	    else
 		ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
 	    fi
+
+	    # log if this is a new key to the known_hosts file
+	    if [ "$noKey" ] ; then
+		log info "* new key for $host added to known_hosts file."
+	    fi
 	fi
     done
 
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index e78903b..34b06b7 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -134,10 +134,10 @@ show_server_key() {
 
     # dumping to a file named ' ' so that the ssh-keygen output
     # doesn't claim any potentially bogus hostname(s):
-    tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
-    gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
+    tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
+    gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey"
     echo -n "ssh fingerprint: "
-    (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
+    ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }'
     rm -rf "$tmpkey"
     echo -n "OpenPGP fingerprint: "
     echo "$fingerprint"
@@ -399,7 +399,11 @@ EOF
     (umask 077 && \
 	gpg_host --export-secret-key "$fingerprint" | \
 	openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-    log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
+    log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
+    gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+    log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
 }
 
 # extend the lifetime of a host key:
diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index 6276092..b3dc562 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -14,13 +14,130 @@
 #  ProxyCommand monkeysphere-ssh-proxycommand %h %p
 
 ########################################################################
+PGRM=$(basename $0)
+
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/common" || exit 1
+
+########################################################################
+# FUNCTIONS
+########################################################################
 
 usage() {
-cat <<EOF >&2
+    cat <<EOF >&2
 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
 EOF
 }
 
+log() {
+    echo "$@" >&2
+}
+
+output_no_valid_key() {
+    local sshKeyOffered
+    local userID
+    local type
+    local validity
+    local keyid
+    local uidfpr
+    local usage
+    local sshKeyGPG
+    local tmpkey
+    local sshFingerprint
+    local gpgSigOut
+
+    userID="ssh://${HOSTP}"
+
+    log "-------------------- Monkeysphere warning -------------------"
+    log "Monkeysphere found OpenPGP keys for this hostname, but none had full validity."
+
+    # retrieve the actual ssh key
+    sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+    # FIXME: should we do any checks for failed keyscans, eg. host not
+    # found?
+
+    # get the gpg info for userid
+    gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+	--with-fingerprint --with-fingerprint \
+	="$userID" 2>/dev/null)
+
+    # find all 'pub' and 'sub' lines in the gpg output, which each
+    # represent a retrieved key for the user ID
+    echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+    while IFS=: read -r type validity keyid uidfpr usage ; do
+	case $type in
+	    'pub'|'sub')
+		# get the ssh key of the gpg key
+		sshKeyGPG=$(gpg2ssh "$keyid")
+
+		# if one of keys found matches the one offered by the
+		# host, then output info
+		if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+		    log "An OpenPGP key matching the ssh key offered by the host was found:"
+		    log
+
+		    # get the fingerprint of the ssh key
+		    tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+		    echo "$sshKeyGPG" > "$tmpkey"
+		    sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | \
+			awk '{ print $2 }')
+		    rm -rf "$tmpkey"
+
+		    # get the sigs for the matching key
+		    gpgSigOut=$(gpg --check-sigs \
+			--list-options show-uid-validity \
+			"$keyid")
+
+		    # output the sigs, but only those on the user ID
+		    # we are looking for
+		    echo "$gpgSigOut" | awk '
+{
+if (match($0,"^pub")) {	print; }
+if (match($0,"^uid")) { ok=0; }
+if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
+if (ok) { if (match($0,"^sig")) { print; } }
+}
+' >&2
+		    log
+
+		    # output the other user IDs for reference
+		    if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
+			log "Other user IDs on this key:"
+			echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2
+			log
+		    fi
+
+		    # output ssh fingerprint
+		    log "RSA key fingerprint is ${sshFingerprint}."
+
+		    # this whole process is in a "while read"
+		    # subshell.  the only way to get information out
+		    # of the subshell is to change the return code.
+		    # therefore we return 1 here to indicate that a
+		    # matching gpg key was found for the ssh key
+		    # offered by the host
+		    return 1
+		fi
+		;;
+	esac
+    done
+
+    # if no key match was made (and the "while read" subshell returned
+    # 1) output how many keys were found
+    if (($? != 1)) ; then
+	log "None of the found keys matched the key offered by the host."
+	log "Run the following command for more info about the found keys:"
+	log "gpg --check-sigs --list-options show-uid-validity =${userID}"
+	# FIXME: should we do anything extra here if the retrieved
+	# host key is actually in the known_hosts file and the ssh
+	# connection will succeed?  Should the user be warned?
+	# prompted?
+    fi
+
+    log "-------------------- ssh continues below --------------------"
+}
+
 ########################################################################
 
 # export the monkeysphere log level
@@ -35,7 +152,7 @@ HOST="$1"
 PORT="$2"
 
 if [ -z "$HOST" ] ; then
-    echo "Host not specified." >&2
+    log "Host not specified."
     usage
     exit 255
 fi
@@ -88,6 +205,39 @@ export MONKEYSPHERE_CHECK_KEYSERVER
 # update the known_hosts file for the host
 monkeysphere update-known_hosts "$HOSTP"
 
+# output on depending on the return of the update-known_hosts
+# subcommand, which is (ultimately) the return code of the
+# update_known_hosts function in common
+case $? in
+    0)
+	# acceptable host key found so continue to ssh
+	true
+	;;
+    1)
+	# no hosts at all found so also continue (drop through to
+	# regular ssh host verification)
+	true
+	;;
+    2)
+	# at least one *bad* host key (and no good host keys) was
+	# found, so output some usefull information
+	output_no_valid_key
+	;;
+    *)
+	# anything else drop through
+	true
+	;;
+esac
+
+# FIXME: what about the case where monkeysphere successfully finds a
+# valid key for the host and adds it to the known_hosts file, but a
+# different non-monkeysphere key for the host already exists in the
+# known_hosts, and it is this non-ms key that is offered by the host?
+# monkeysphere will succeed, and the ssh connection will succeed, and
+# the user will be left with the impression that they are dealing with
+# a OpenPGP/PKI host key when in fact they are not.  should we use
+# ssh-keyscan to compare the keys first?
+
 # exec a netcat passthrough to host for the ssh connection
 if [ -z "$NO_CONNECT" ] ; then
     if (which nc 2>/dev/null >/dev/null); then
diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn
index 0750354..62094bb 100644
--- a/website/bugs/useful_information.mdwn
+++ b/website/bugs/useful_information.mdwn
@@ -8,3 +8,17 @@ time seems to the monkeysphere very similar to a key re-added ten
 seconds after last login.
 
 Still, from a UI perspective, I want to know what monkeysphere is doing.
+
+------
+
+It looks like jrollins committed a change for reporting at INFO level
+when a host key gets added by the monkeysphere:
+2459fa3ea277d7b9289945748619eab1e3441e5c
+
+When i connect to a host whose key is not already present in my
+known_hosts file, i get the following to stderr:
+
+    ms: * new key for squeak.fifthhorseman.net added to known_hosts file.
+
+This doesn't fully close this bug, because we aren't notifying on key
+deletion, afaict.
diff --git a/website/download.mdwn b/website/download.mdwn
index e67d0dc..6d5a73f 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -75,7 +75,7 @@ For those that would like to download the source directly, [the source
 is available](/community) via [git](http://git.or.cz/).
 
 The [latest
-tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_.orig.tar.gz)
+tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz)
 is also available, and has these checksums:
 
 <pre>