From 0beaa999dbd326a2c80a733913a36e64b917add6 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 13 Sep 2008 15:34:44 -0400
Subject: counting problems in monkeysphere-server diagnostics

---
 debian/changelog        |  5 ++++-
 src/monkeysphere-server | 23 ++++++++++++++++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 13872bf..32d5a19 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,10 +5,13 @@ monkeysphere (0.16~pre-1) UNRELEASED; urgency=low
     portability.
   * fixed busted lockfile arrangement, where empty file was being locked
   * portability fixes in the way we use date, mktemp, hostname, su
-  * stop using stat, since the syntax appears to be totally unportable
+  * stop using /usr/bin/stat, since the syntax appears to be totally
+    unportable
   * require GNU getopt, and test for getopt failures (look for getopt in
     /usr/local/bin first, since that's where FreeBSD's GNU-compatible
     getopt lives.
+  * monkeysphere-server diagnostics now counts problems and suggests a
+    re-run after they have been resolved.
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 11 Sep 2008 23:16:31 -0400
 
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 6798fab..a0dc33f 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -559,6 +559,7 @@ diagnostics() {
     local fingerprint
     local badhostkeys
     local sshd_config
+    local problemsfound=0
 
     # FIXME: what's the correct, cross-platform answer?
     sshd_config=/etc/ssh/sshd_config
@@ -571,19 +572,23 @@ diagnostics() {
 
     if ! id monkeysphere >/dev/null ; then
 	echo "! No monkeysphere user found!  Please create a monkeysphere system user."
+	problemsfound=$(($problemsfound+1))
     fi
 
     if ! [ -d "$VARLIB" ] ; then
 	echo "! no $VARLIB directory found.  Please create it."
+	problemsfound=$(($problemsfound+1))
     fi
 
     echo "Checking host GPG key..."
     if (( "$keysfound" < 1 )); then
 	echo "! No host key found."
 	echo " - Recommendation: run 'monkeysphere-server gen-key'"
+	problemsfound=$(($problemsfound+1))
     elif (( "$keysfound" > 1 )); then
 	echo "! More than one host key found?"
 	# FIXME: recommend a way to resolve this
+	problemsfound=$(($problemsfound+1))
     else
 	create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
 	expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
@@ -593,9 +598,11 @@ diagnostics() {
 	    if (( "$expire"  < "$curdate" )); then
 		echo "! Host key is expired."
 		echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+		problemsfound=$(($problemsfound+1))
 	    elif (( "$expire" < "$warndate" )); then
 		echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
 		echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+		problemsfound=$(($problemsfound+1))
 	    fi
 	fi
 
@@ -603,6 +610,7 @@ diagnostics() {
 	if [ "$create" ] && (( "$create" > "$curdate" )); then
 	    echo "! Host key was created in the future(?!). Is your clock correct?"
 	    echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+	    problemsfound=$(($problemsfound+1))
 	fi
 
         # check for UserID expiration:
@@ -614,14 +622,17 @@ diagnostics() {
 	    if [ "$create" ] && (( "$create" > "$curdate" )); then
 		echo "! User ID '$uid' was created in the future(?!).  Is your clock correct?"
 		echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+		problemsfound=$(($problemsfound+1))
 	    fi
 	    if [ "$expire" ] ; then
 		if (( "$expire" < "$curdate" )); then
 		    echo "! User ID '$uid' is expired."
-			# FIXME: recommend a way to resolve this
+		    # FIXME: recommend a way to resolve this
+		    problemsfound=$(($problemsfound+1))
 		elif (( "$expire" < "$warndate" )); then
 		    echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)		
 		    # FIXME: recommend a way to resolve this
+		    problemsfound=$(($problemsfound+1))
 		fi
 	    fi
 	done
@@ -641,20 +652,24 @@ diagnostics() {
 	echo "Checking host SSH key..."
 	if [ ! -s "${VARLIB}/ssh_host_rsa_key" ] ; then
 	    echo "! The host key as prepared for SSH (${VARLIB}/ssh_host_rsa_key) is missing or empty."
+	    problemsfound=$(($problemsfound+1))
 	else
 	    if [ $(ls -l "${VARLIB}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
 		echo "! Permissions seem wrong for ${VARLIB}/ssh_host_rsa_key -- should be 0600."
+		problemsfound=$(($problemsfound+1))
 	    fi
 
 	    # propose changes needed for sshd_config (if any)
 	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
 		echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
 		echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+		problemsfound=$(($problemsfound+1))
 	    fi
 	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
 		echo "! $sshd_config refers to some non-monkeysphere host keys:"
 		echo "$badhostkeys"
 		echo " - Recommendation: remove the above HostKey lines from $sshd_config"
+		problemsfound=$(($problemsfound+1))
 	    fi
 	fi
     fi
@@ -679,6 +694,12 @@ diagnostics() {
 	echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
 	echo "$badauthorizedkeys"
 	echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
+	problemsfound=$(($problemsfound+1))
+    fi
+
+    if [ "$problemsfound" -gt 0 ]; then
+	echo "When the above $problemsfound problem"$([ "$problemsfound" -eq 1 ] || echo "s")" are resolved, please re-run:"
+	echo "  monkeysphere-server diagnostics"
     fi
 }
 
-- 
cgit v1.2.3


From f197988f32461371452947cdfb310c8d9c367447 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 13 Sep 2008 16:11:36 -0400
Subject: invoking monkeysphere-server diagnostics at the end of the FreeBSD
 package installation.

---
 packaging/freebsd/pkg-install | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install
index b832190..92a4bbc 100755
--- a/packaging/freebsd/pkg-install
+++ b/packaging/freebsd/pkg-install
@@ -63,5 +63,6 @@ keyring $VARLIB/gnupg-host/pubring.gpg
 EOF
 	chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf
 
+	monkeysphere-server diagnostics
         ;;
 esac
-- 
cgit v1.2.3


From 988ed72a69dde1e5e0a028823fed0536cd926520 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 13 Sep 2008 16:12:25 -0400
Subject: fixing bugs in monkeysphere-server diagnostics.

---
 packaging/freebsd/distinfo | 6 +++---
 src/monkeysphere-server    | 7 ++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo
index 1a3b6c5..63bc25e 100644
--- a/packaging/freebsd/distinfo
+++ b/packaging/freebsd/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.16~pre.orig.tar.gz) = 7ec79824cf814c618b39e9bf33ff65b1
-SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = bce97a2b2f90bc85b81af374cc0d32dfb23c6b2c1f1b2145f8a4d4a5bb00645b
-SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 58595
+MD5 (monkeysphere_0.16~pre.orig.tar.gz) = 23be1e51f2046652985ff102018549db
+SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = 2caeb5ce39572400f09b66cf5df8d9f6fb7b84b3d0371c532337a29632018340
+SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 58689
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index a0dc33f..7401bf5 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -665,7 +665,7 @@ diagnostics() {
 		echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
 		problemsfound=$(($problemsfound+1))
 	    fi
-	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
+	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
 		echo "! $sshd_config refers to some non-monkeysphere host keys:"
 		echo "$badhostkeys"
 		echo " - Recommendation: remove the above HostKey lines from $sshd_config"
@@ -689,8 +689,9 @@ diagnostics() {
     if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then
 	echo "! $sshd_config does not point to monkeysphere authorized keys."
 	echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+	problemsfound=$(($problemsfound+1))
     fi
-    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
 	echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
 	echo "$badauthorizedkeys"
 	echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
@@ -698,7 +699,7 @@ diagnostics() {
     fi
 
     if [ "$problemsfound" -gt 0 ]; then
-	echo "When the above $problemsfound problem"$([ "$problemsfound" -eq 1 ] || echo "s")" are resolved, please re-run:"
+	echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
 	echo "  monkeysphere-server diagnostics"
     fi
 }
-- 
cgit v1.2.3


From 3c020c222ccd379fc3ec4c2a8ad5dc8fafa92d1c Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 17:21:16 -0400
Subject: touch up monkeysphere-server(8), include suggestion of allowing
 certifier identities from a file.

---
 man/man8/monkeysphere-server.8 | 61 ++++++++++++++++++++++--------------------
 1 file changed, 32 insertions(+), 29 deletions(-)

diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index f207e2c..c905f2f 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -130,51 +130,54 @@ is located:
 
 HostKey /var/lib/monkeysphere/ssh_host_rsa_key
 
-In order for users logging into the system to be able to verify the
+In order for users logging into the system to be able to identify the
 host via the monkeysphere, at least one person (e.g. a server admin)
-will need to sign the host's key.  This is done using standard key
-signing techniquies, usually by pulling the key from the keyserver,
-signing the key, and re-publishing the signature.  Once that is done,
-users logging into the host will be able to certify the host's key via
-the signature of the host admin.
+will need to sign the host's key.  This is done using standard OpenPGP
+keysigning techniques, usually: pul the key from the keyserver, verify
+and sign the key, and then re-publish the signature.  Once an admin's
+signature is published, users logging into the host can use it to
+validate the host's key.
 
 If the server will also handle user authentication through
 monkeysphere-generated authorized_keys files, the server must be told
-which keys will act as user certifiers.  This is done with the
-\fBadd-certifier\fP command:
-
-$ monkeysphere-server add-certifier KEYID
-
-where KEYID is the key ID of the server admin, or whoever's signature
-will be certifying users to the system.  Certifiers can be removed
-with the \fBremove-certifier\fP command, and listed with the
-\fBlist-certifiers\fP command.
-
-Remote user's will then be granted access to a local user account
-based on the appropriately signed and valid keys associated with user
-IDs listed in the authorized_user_ids file of the local user.  By
-default, the authorized_user_ids file for local users is found in
+which keys will act as identity certifiers.  This is done with the
+\fBadd-identity-certifier\fP command:
+
+$ monkeysphere-server add-identity-certifier KEYID
+
+where KEYID is the key ID of the server admin, or whoever's
+certifications should be acceptable to the system for the purposes of
+authenticating remote users.  You can run this command multiple times
+to indicate that multiple certifiers are trusted.  You may also
+specify a filename instead of a key ID, as long as the file contains a
+single OpenPGP public key.  Certifiers can be removed with the
+\fBremove-identity-certifier\fP command, and listed with the
+\fBlist-identity-certifiers\fP command.
+
+Remote users will then be granted access to a local account based on
+the appropriately-signed and valid keys associated with user IDs
+listed in that account's authorized_user_ids file.  By default, the
+authorized_user_ids file for an account is
 ~/.monkeysphere/authorized_user_ids.  This can be changed in the
 monkeysphere-server.conf file.
 
 The \fBupdate-users\fP command can then be used to generate
-authorized_keys file for local users based on the authorized user IDs
-listed in the various local user's authorized_user_ids file:
+authorized_keys file for local accounts based on the authorized user
+IDs listed in the account's authorized_user_ids file:
 
 $ monkeysphere-server update-users USER
 
-Not specifying a specific user will cause all users on the system to
-updated.  sshd can then use these monkeysphere generated
-authorized_keys files to grant access to user accounts for remote
-users.  You must also tell sshd to look at the monkeysphere-generated
-authorized_keys file for user authentication by setting the following
-in the sshd_config:
+Not specifying USER will cause all accounts on the system to updated.
+sshd can then use these monkeysphere generated authorized_keys files
+to grant access to user accounts for remote users.  You must also tell
+sshd to look at the monkeysphere-generated authorized_keys file for
+user authentication by setting the following in the sshd_config:
 
 AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
 
 It is recommended to add "monkeysphere-server update-users" to a
 system crontab, so that user keys are kept up-to-date, and key
-revocations and expirations can be processed in a timely manor.
+revocations and expirations can be processed in a timely manner.
 
 .SH ENVIRONMENT
 
-- 
cgit v1.2.3


From 12664ba44bd38efbfd9e6571b937035a5695cdaa Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 17:24:47 -0400
Subject: allow monkeysphere-server c+ to read from the filesystem.  Fix
 mistaken use of $TMPDIR, which was causing weird recursion problems with
 portable invocations of mktemp.

---
 src/monkeysphere-server | 48 ++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 38 insertions(+), 10 deletions(-)

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 7401bf5..a8cc211 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -188,25 +188,25 @@ update_users() {
 	fi
 
         # make temporary directory
-        TMPDIR=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+        TMPLOC=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
 
 	# trap to delete temporary directory on exit
-	trap "rm -rf $TMPDIR" EXIT
+	trap "rm -rf $TMPLOC" EXIT
 
         # create temporary authorized_user_ids file
-        TMP_AUTHORIZED_USER_IDS="${TMPDIR}/authorized_user_ids"
+        TMP_AUTHORIZED_USER_IDS="${TMPLOC}/authorized_user_ids"
         touch "$TMP_AUTHORIZED_USER_IDS"
 
         # create temporary authorized_keys file
-        AUTHORIZED_KEYS="${TMPDIR}/authorized_keys"
+        AUTHORIZED_KEYS="${TMPLOC}/authorized_keys"
         touch "$AUTHORIZED_KEYS"
 
         # set restrictive permissions on the temporary files
 	# FIXME: is there a better way to do this?
-        chmod 0700 "$TMPDIR"
+        chmod 0700 "$TMPLOC"
         chmod 0600 "$AUTHORIZED_KEYS"
         chmod 0600 "$TMP_AUTHORIZED_USER_IDS"
-        chown -R "$MONKEYSPHERE_USER" "$TMPDIR"
+        chown -R "$MONKEYSPHERE_USER" "$TMPLOC"
 
 	# if the authorized_user_ids file exists...
 	if [ -s "$authorizedUserIDs" ] ; then
@@ -243,7 +243,7 @@ update_users() {
 	mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}"
 
 	# destroy temporary directory
-	rm -rf "$TMPDIR"
+	rm -rf "$TMPLOC"
     done
 }
 
@@ -701,6 +701,8 @@ diagnostics() {
     if [ "$problemsfound" -gt 0 ]; then
 	echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
 	echo "  monkeysphere-server diagnostics"
+    else
+	echo "Everything seems to be in order!"
     fi
 }
 
@@ -755,12 +757,38 @@ add_certifier() {
 
     keyID="$1"
     if [ -z "$keyID" ] ; then
-	failure "You must specify the key ID of a key to add."
+	failure "You must specify the key ID of a key to add, or specify a file to read the key from."
+    fi
+    if [ -f "$keyID" ] ; then
+	echo "Reading key from file '$keyID':"
+	importinfo=$(gpg_authentication "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'"
+	# FIXME: if this is tried when the key database is not
+	# up-to-date, i got these errors (using set -x):
+
+# ++ su -m monkeysphere -c '\''gpg --import'\''
+# Warning: using insecure memory!
+# gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+# gpg: Total number processed: 1
+# gpg:               imported: 1  (RSA: 1)
+# gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied
+# gpg: failed to rebuild keyring cache: Permission denied
+# gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+# gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+# gpg: next trustdb check due at 2009-01-10'
+# + failure 'could not read key from '\''/root/dkg.gpg'\'''
+# + echo 'could not read key from '\''/root/dkg.gpg'\'''
+
+	keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ )
+	if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then
+	    failure "Expected there to be a single gpg key in the file."
+	fi
+    else
+        # get the key from the key server
+	gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
     fi
+
     export keyID
 
-    # get the key from the key server
-    gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'"
 
     # get the full fingerprint of a key ID
     fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \
-- 
cgit v1.2.3


From f81f2c89fac457574ce9a427af6c91ba85461d34 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 17:51:13 -0400
Subject: adding another FIXME of things worth adding to monkeysphere-server
 diagnostics.

---
 packaging/freebsd/distinfo | 6 +++---
 src/monkeysphere-server    | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo
index 63bc25e..d590579 100644
--- a/packaging/freebsd/distinfo
+++ b/packaging/freebsd/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.16~pre.orig.tar.gz) = 23be1e51f2046652985ff102018549db
-SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = 2caeb5ce39572400f09b66cf5df8d9f6fb7b84b3d0371c532337a29632018340
-SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 58689
+MD5 (monkeysphere_0.16~pre.orig.tar.gz) = bda65df4e378e72f3edf02936b2b5f34
+SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = d0c85ad5cdd9b7a61333adf56714e3b25f1bd619bbc40279db759347b17980fe
+SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59241
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index a8cc211..b1cacf9 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -683,6 +683,9 @@ diagnostics() {
 
 # FIXME:  make sure that at least one identity certifier exists
 
+# FIXME: look at the timestamps on the monkeysphere-generated
+# authorized_keys files -- warn if they seem out-of-date.
+
     echo
     echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
     # Ensure that User ID authentication is enabled:
-- 
cgit v1.2.3


From d454019309fb9887f40b2330866f26741b4e8078 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 19:43:57 -0400
Subject: The monkeysphere system user must have bash as its shell for the
 simple su invocation to work.  Do not try to explicitly preserve the
 environment across an su, as this is the default, and -m implies using the
 login shell of the superuser under FreeBSD.

---
 debian/monkeysphere.postinst  | 2 +-
 packaging/freebsd/distinfo    | 6 +++---
 packaging/freebsd/pkg-install | 2 +-
 src/monkeysphere-server       | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst
index d3c3b96..981c9df 100755
--- a/debian/monkeysphere.postinst
+++ b/debian/monkeysphere.postinst
@@ -11,7 +11,7 @@ if ! getent passwd monkeysphere >/dev/null ; then
     echo "adding monkeysphere user..."
     adduser --quiet --system --no-create-home --group \
 	--home "$VARLIB" \
-	--shell '/bin/sh' \
+	--shell '/bin/bash' \
 	--gecos 'monkeysphere authentication user,,,' \
 	monkeysphere
 fi
diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo
index d590579..26aa939 100644
--- a/packaging/freebsd/distinfo
+++ b/packaging/freebsd/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.16~pre.orig.tar.gz) = bda65df4e378e72f3edf02936b2b5f34
-SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = d0c85ad5cdd9b7a61333adf56714e3b25f1bd619bbc40279db759347b17980fe
-SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59241
+MD5 (monkeysphere_0.16~pre.orig.tar.gz) = e94bc8371adf8ce30c58ec040e436417
+SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = f8543778c6ae5a7a87dcb03e34980436f6d967edeb87ccfac2cc19c750f4e588
+SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59253
diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install
index 92a4bbc..6783ee8 100755
--- a/packaging/freebsd/pkg-install
+++ b/packaging/freebsd/pkg-install
@@ -38,7 +38,7 @@ POST-INSTALL)
                 echo "You already have a user \"${USER}\", so I will use it."
         else
                 if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \
-                        -d "$VARLIB" -s /bin/sh -c "monkeysphere authentication user,,,"
+                        -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,,"
                 then
                         echo "Added user \"${USER}\"."
                 else
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index b1cacf9..db3687b 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -67,7 +67,7 @@ EOF
 }
 
 su_monkeysphere_user() {
-    su -m "$MONKEYSPHERE_USER" -c "$@"
+    su "$MONKEYSPHERE_USER" -c "$@"
 }
 
 # function to interact with the host gnupg keyring
@@ -571,7 +571,7 @@ diagnostics() {
     warndate=$(advance_date $warnwindow +%s)
 
     if ! id monkeysphere >/dev/null ; then
-	echo "! No monkeysphere user found!  Please create a monkeysphere system user."
+	echo "! No monkeysphere user found!  Please create a monkeysphere system user with bash as its shell."
 	problemsfound=$(($problemsfound+1))
     fi
 
-- 
cgit v1.2.3


From b5e33d44a4a838b8212a156b28b186331e5e4adb Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 19:50:18 -0400
Subject: forcing monkeysphere shell to bash for FreeBSD.

---
 packaging/freebsd/distinfo    |  4 ++--
 packaging/freebsd/pkg-install | 12 ++++++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/distinfo
index 26aa939..b8ad49b 100644
--- a/packaging/freebsd/distinfo
+++ b/packaging/freebsd/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.16~pre.orig.tar.gz) = e94bc8371adf8ce30c58ec040e436417
-SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = f8543778c6ae5a7a87dcb03e34980436f6d967edeb87ccfac2cc19c750f4e588
+MD5 (monkeysphere_0.16~pre.orig.tar.gz) = c5c5211440e31d04df1f7904ec859fb9
+SHA256 (monkeysphere_0.16~pre.orig.tar.gz) = 77faf81cc51dff754ecb7122de26818b908e06ab4e0bdbd0320346dde53612cd
 SIZE (monkeysphere_0.16~pre.orig.tar.gz) = 59253
diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/pkg-install
index 6783ee8..940b796 100755
--- a/packaging/freebsd/pkg-install
+++ b/packaging/freebsd/pkg-install
@@ -22,6 +22,7 @@ POST-INSTALL)
         GROUP=${USER}
         UID=641
         GID=${UID}
+        SHELL=/usr/local/bin/bash
 
         if pw group show "${GROUP}" 2>/dev/null; then
                 echo "You already have a group \"${GROUP}\", so I will use it."
@@ -34,8 +35,15 @@ POST-INSTALL)
                 fi
         fi
 
-        if pw user show "${USER}" 2>/dev/null; then
-                echo "You already have a user \"${USER}\", so I will use it."
+        if oldshell=`pw user show "${USER}" 2>/dev/null`; then
+	    if [ x"$oldshell" != x"$SHELL" ]; then
+		echo "You already have a \"${USER}\" user, but its shell is '$oldshell'."
+		echo "This package requires that \"${USER}\"'s shell be '$SHELL'."
+		echo "You should fix this by hand and then re-install the package."
+		echo "   hint: pw usermod '$USER' -s '$SHELL'"
+		exit 1
+	    fi
+            echo "You already have a user \"${USER}\" with the proper shell, so I will use it."
         else
                 if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \
                         -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,,"
-- 
cgit v1.2.3


From 2fea7c86ef761141f00145702568ea2e3b86cd6b Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 20:50:00 -0400
Subject: documenting problems with the tarball generation process.

---
 Makefile                                         |  4 +++-
 website/bugs/make-tarball-is-not-idempotent.mdwn | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 website/bugs/make-tarball-is-not-idempotent.mdwn

diff --git a/Makefile b/Makefile
index 779bb1a..4ea3898 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,9 @@ debian-package: tarball
 	(cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us)
 	rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
 
-freebsd-distinfo: tarball
+# don't explicitly depend on the tarball, since our tarball
+# (re)generation is not idempotent even when no source changes.
+freebsd-distinfo: 
 	./utils/build-freebsd-distinfo
 
 clean:
diff --git a/website/bugs/make-tarball-is-not-idempotent.mdwn b/website/bugs/make-tarball-is-not-idempotent.mdwn
new file mode 100644
index 0000000..57012cb
--- /dev/null
+++ b/website/bugs/make-tarball-is-not-idempotent.mdwn
@@ -0,0 +1,12 @@
+[[ meta title="make tarball is not idempotent" ]]
+
+The current monkeysphere Makefile has a "tarball" target, which
+produces the "upstream tarball".  Unfortunately, it is not idempotent.
+That is, if you run it twice in a row (without changing any other
+source), the second .orig.tar.gz file is bytewise different from the
+first.
+
+We should fix this so that the tarball generated is the same at least
+as long as no local file has been touched.
+
+--dkg
-- 
cgit v1.2.3


From ac01e1d823ae8eb4353a50e40e8c8bceeaff227d Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 21:04:45 -0400
Subject: fixing titles in my recent bugs.

---
 website/bugs/make-tarball-is-not-idempotent.mdwn           | 2 +-
 website/bugs/postinst-clobbers-gpg.conf-settings.mdwn      | 2 +-
 website/bugs/setup-subcommand-for-monkeysphere-server.mdwn | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/bugs/make-tarball-is-not-idempotent.mdwn b/website/bugs/make-tarball-is-not-idempotent.mdwn
index 57012cb..03779c5 100644
--- a/website/bugs/make-tarball-is-not-idempotent.mdwn
+++ b/website/bugs/make-tarball-is-not-idempotent.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="make tarball is not idempotent" ]]
+[[meta title="make tarball is not idempotent" ]]
 
 The current monkeysphere Makefile has a "tarball" target, which
 produces the "upstream tarball".  Unfortunately, it is not idempotent.
diff --git a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
index 8f518c1..e58b9c7 100644
--- a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
+++ b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]]
+[[meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]]
 
 Do we want to allow the system administrator to make adjustments to
 the `gpg.conf` config files found in `/var/lib/monkeysphere`?  At the
diff --git a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
index 614e471..c491f8b 100644
--- a/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
+++ b/website/bugs/setup-subcommand-for-monkeysphere-server.mdwn
@@ -1,4 +1,4 @@
-[[ meta title="proposed new monkeysphere-server subcommand: setup" ]]
+[[meta title="proposed new monkeysphere-server subcommand: setup" ]]
 
 What if everything that's done in the package post-installation
 scripts (aside from maybe the creation of the monkeysphere user
-- 
cgit v1.2.3


From e98366cd478343b9c39ced4984874cd611ccb4ad Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 21:30:26 -0400
Subject: adding initial testsuite (totally unfinished!), bug report about
 genericizing filesystem locations.

---
 tests/basic                                        | 78 ++++++++++++++++++++++
 ...ericize-filesystem-locations-for-testsuite.mdwn | 28 ++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 tests/basic
 create mode 100644 website/bugs/genericize-filesystem-locations-for-testsuite.mdwn

diff --git a/tests/basic b/tests/basic
new file mode 100644
index 0000000..7d354f9
--- /dev/null
+++ b/tests/basic
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Tests to ensure that the monkeysphere is working
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Date: 2008-09-13 13:40:15-0400
+
+# these tests might be best run under fakeroot, particularly the
+# "server-side" tests.  Using fakeroot, they should be able to be run
+# as a non-privileged user.
+
+# NOTE: these tests have *not* themselves been tested yet
+# (2008-09-13).  Please exercise with caution!
+
+# these tests assume a commonly-trusted "Admin's key", a fake key
+# permanently stored in ./admin:
+
+gpgadmin() {
+    GNUPGHOME=./admin gpg "$@"
+}
+
+
+# cleanup:
+
+cleanup() {
+    rm -f ./ssh-socket
+
+    # FIXME: how should we clear out the temporary $VARLIB?
+
+    # FIXME: clear out ssh client config file and known hosts.
+}
+
+## set up some variables to ensure that we're operating strictly in
+## the tests, not system-wide:
+
+# FIXME: can we override $VARLIB ?
+# FIXME: can we override $ETC ?
+
+# Use the local copy of executables first, instead of system ones.
+# This should help us test without installing.
+export PATH=$(pwd)/../src:$(pwd)/../src/keytrans:$PATH
+export MONKEYSPHERE_SHARE=$(pwd)/../src
+
+# create a new host key, certify it with the "Admin's Key".
+
+echo | monkeysphere-server gen-key --expire 2d
+
+HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\  )
+
+monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import
+
+gpgadmin --sign-key "$HOSTKEYID"
+
+# FIXME: how can we test publish-key without flooding junk into the
+# keyservers?
+
+# indicate that the "Admin's" key is an identity certifier for the
+# host
+
+monkeysphere-server add-identity-certifier ./admin/pubkey.gpg
+
+# launch sshd with the new host key.
+
+mkfifo ./ssh-socket
+
+sshd -f ./sshd_config -i <>./ssh-socket
+
+# connect to sample sshd host key, using monkeysphere to verify the
+# identity before connection.
+
+## FIXME: implement!
+
+# create a new client side key, certify it with the "CA", use it to
+# log in.
+
+## FIXME: implement!
+
+
diff --git a/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn
new file mode 100644
index 0000000..1d70313
--- /dev/null
+++ b/website/bugs/genericize-filesystem-locations-for-testsuite.mdwn
@@ -0,0 +1,28 @@
+[[meta title="genericize all filesystem locations to enable test suite:" ]]
+
+I'm in the process of writing a testsuite for the monkeysphere so that
+we can verify that it actually performs all the basic expected duties
+properly.
+
+It occurs to me that lines like these:
+
+    ETC="/etc/monkeysphere"
+    VARLIB="/var/lib/monkeysphere"
+
+Actually make it very difficult to generically test the tool without
+it being installed system-wide.
+
+Is there any reason that we should not allow these directories to be
+overridden with environment variables in the same way that
+`/usr/share/monkeysphere/share` is handled?
+
+    SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"}
+
+I guess i'm proposing something like:
+
+    SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
+    SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+
+Thoughts?
+
+--dkg
-- 
cgit v1.2.3


From 86d072e02c75f1c0e84d4f5c51c2e034fa84de21 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Sep 2008 21:41:18 -0400
Subject: documenting trouble with two keyring arrangement.

---
 .../problems-with-root-owned-gpg-keyrings.mdwn     | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 website/bugs/problems-with-root-owned-gpg-keyrings.mdwn

diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
new file mode 100644
index 0000000..65268c5
--- /dev/null
+++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn
@@ -0,0 +1,24 @@
+[[meta title="Problems with root-owned gpg keyrings"]]
+
+`/var/lib/monkeysphere/gnupg-host/` is root-owned, and the public
+keyring in that directory is controlled by the superuser.
+
+We currently expect the `monkeysphere` user to read from (but not
+write to) that keyring.  But using a keyring in a directory that you
+don't control appears to trigger [a subtle bug in
+gpg](http://bugs.debian.org/361539) that has been unresolved for quite
+a long time.
+
+With some of the new error checking i'm doing in
+`monkeysphere-server`, typical operations that involve both keyrings
+as the non-privileged user can fail with an error message like:
+
+    gpg: failed to rebuild keyring cache: file open error
+
+Running the relevant operation a second time as the same user usually
+lets things go through without a failure, but this seems like it would
+be hiding a bug, rather than getting it fixed correctly.
+
+Are there other ways we can deal with this problem?
+
+--dkg
-- 
cgit v1.2.3