6 files changed, 50 insertions, 17 deletions

diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 54ea673..d34f0de 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -151,14 +151,15 @@ EOF
 # core ltsigns the newly imported certifier key
 log debug "executing core ltsign script..."
 if echo "$ltsignCommand" | \
-    gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+    gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \
+     2>&1 | log debug ; then
 
     # transfer the new sigs back to the sphere keyring
     gpg_core_sphere_sig_transfer
 
     # update the sphere trustdb
     log debug "updating sphere trustdb..."
-    gpg_sphere "--check-trustdb"
+    gpg_sphere "--check-trustdb" 2>&1 | log debug
 
     log info "Identity certifier added."
 else
diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers
index 5a0388e..a02487d 100644
--- a/src/share/ma/list_certifiers
+++ b/src/share/ma/list_certifiers
@@ -18,6 +18,9 @@ list_certifiers() {
 local keys
 local key
 local authfpr
+local keyfpr
+local uid
+local printedfpr
 
 # find trusted keys in sphere keychain
 log debug "finding trusted keys..."
@@ -37,19 +40,48 @@ authgrip=$(core_fingerprint | cut -b 25-40)
 
 gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \
     cut -f 1,2,5,8,9,10 -d: | \
-    egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
+    egrep '^(fpr:::::|uat:|uid:|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
     while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
     case $type in
 	'fpr') # this is a new key
 	    keyfpr=$fpr
+	    uid=
+	    printedfpr=no
 	    ;;
-	'sig') # print all trust signatures, including regexes if present
-	    trustdepth=${trustparams%% *}
-	    trustlevel=${trustparams##* }
+	'uid') # here comes a user id (if we don't have a key, or the
+	       # uid has no calculated validity, we will not bother
+	       # with it):
+	    if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
+		uid="$fpr"
+	    else
+		uid=
+	    fi
+	    ;;
+	'uat') # this is a user attribute. DETAILS.gz states that the
+	       # 10th field is the number of user attribute
+	       # subpackets, followed by the total number of bytes of
+	       # the subpackets:
+	    if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
+		uid=$(printf "%d JPEG(?) image(s), total %d bytes" \
+		    "${fpr%% *}" "${fpr##* }")
+	    else
+		uid=
+	    fi
+	    ;;
+	'sig') # print all trust signatures, including regexes if
+	       # present, assuming that
+	    if [ "$keyfpr" ] && [ "$uid" ] ; then
+		trustdepth=${trustparams%% *}
+		trustlevel=${trustparams##* }
+		if [ "$printedfpr" = no ] ; then
+		    printf "%s:\n" "$keyfpr"
+		    printedfpr=yes
+		fi
 
 	    # FIXME: this is clumsy and not human-friendly.  we should
 	    # print out more human-readable information, if possible.
-	    printf "%s:%d:%d:%s\n" "$keyfpr" "$trustdepth" "$trustlevel" "$trustdomain"
+		printf " :%s:%d:%d:%s\n" "$uid" "$trustdepth" "$trustlevel" "$trustdomain"
+	    fi
 	    ;;
     esac
 done
diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier
index 8271ae0..10aa67b 100644
--- a/src/share/ma/remove_certifier
+++ b/src/share/ma/remove_certifier
@@ -36,7 +36,6 @@ else
 fi
 
 # delete the requested key from the sphere keyring
-# FIXME: should this be a revokation instead of a removal?
 if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then
     # delete key from core keyring as well
     gpg_core --delete-key --batch --yes "0x${keyID}!"
@@ -44,7 +43,6 @@ if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then
     # update the trustdb for the authentication keyring
     gpg_sphere "--check-trustdb"
 
-    log info ""
     log info "Identity certifier removed."
 else
     failure "Problem removing identity certifier."
diff --git a/src/share/ma/setup b/src/share/ma/setup
index f59187b..a17e4f2 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -59,7 +59,7 @@ EOF
 	log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
 	PEM2OPENPGP_USAGE_FLAGS=certify \
 	    PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
-	    | gpg_core --import \
+	    | gpg_core --import 2>&1 | log debug \
 	    || failure "Could not import new key for Monkeysphere authentication trust core"
 
 	# get fingerprint of core key.  should definitely not be empty at this point
@@ -75,17 +75,17 @@ EOF
 
     # export the core key to the sphere keyring
     log debug "exporting core pub key to sphere keyring..."
-    gpg_core --export | gpg_sphere --import
+    gpg_core --quiet --export | gpg_sphere "--quiet --import"
 
     # ensure that the authentication sphere checker has absolute ownertrust on the expected key.
     log debug "setting ultimate owner trust on core key in gpg_sphere..."
-    printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
-    gpg_sphere --export-ownertrust | log debug
+    printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust"
+    gpg_sphere "--export-ownertrust" 2>&1 | log debug
 
     # check the owner trust
     log debug "checking gpg_sphere owner trust set properly..."
     local ORIG_TRUST
-    if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
+    if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then
 	if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
 	    failure "Monkeysphere authentication trust sphere should explicitly trust the core.  It does not have proper ownertrust settings."
 	fi
@@ -98,7 +98,7 @@ EOF
     # our preferences are reasonable (i.e. 3 marginal OR 1 fully
     # trusted certifications are sufficient to grant full validity.
     log debug "checking trust model for authentication ..."
-    local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \
+    local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \
 	| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
     log debug "sphere trust model: $TRUST_MODEL"
     if [ "$TRUST_MODEL" != '1:3:1' ] ; then
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index d14fc13..557bb7f 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -46,7 +46,7 @@ chmod 700 "${GNUPGHOME_HOST}"
 log verbose "importing ssh key..."
 # translate ssh key to a private key
 PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
-    | gpg_host --import
+    | gpg_host --import 2>&1 | log debug
 
 # load the new host fpr into the fpr variable.  this is so we can
 # create the gpg pub key file.  we have to do this from the secret key
@@ -57,6 +57,8 @@ load_fingerprint_secret
 # export to gpg public key to file
 update_gpg_pub_file
 
+log info "host key imported:"
+
 # show info about new key
 show_key
 
diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire
index 14d2501..ae7c13a 100644
--- a/src/share/mh/set_expire
+++ b/src/share/mh/set_expire
@@ -30,7 +30,7 @@ else
     log debug "extending without prompting."
 fi
 
-log info "setting host key expiration to ${extendTo}:"
+log info "setting host key expiration to ${extendTo}."
 
 log debug "executing host expire script..."
 gpg_host_edit expire <<EOF