From c33b2a86d47a536b20bce8cb15ee5c23dd9eaec7 Mon Sep 17 00:00:00 2001
From: Jameson Rollins <jrollins@finestructure.net>
Date: Mon, 8 Mar 2010 23:36:45 -0500
Subject: fix my email address

---
 src/monkeysphere             | 2 +-
 src/share/ma/list_certifiers | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/monkeysphere b/src/monkeysphere
index e268058..7c92852 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -3,7 +3,7 @@
 # monkeysphere: Monkeysphere client tool
 #
 # The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 # Micah Anderson <micah@riseup.net>
diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers
index 38a3222..789eb9d 100644
--- a/src/share/ma/list_certifiers
+++ b/src/share/ma/list_certifiers
@@ -4,7 +4,7 @@
 # Monkeysphere authentication list-certifiers subcommand
 #
 # The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 #
-- 
cgit v1.2.3


From 8ab97c9c35f502005c23eb7adb3a8a0177f11630 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 00:36:57 -0500
Subject: keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER (Closes: MS
 #1997); finesse description of CHECK_KEYSERVER in monkeysphere.conf (see: MS
 #2014)

---
 changelog             | 2 ++
 etc/monkeysphere.conf | 8 ++++----
 src/monkeysphere      | 1 +
 3 files changed, 7 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/changelog b/changelog
index cba8b4e..e29cbaf 100644
--- a/changelog
+++ b/changelog
@@ -3,6 +3,8 @@ monkeysphere (0.29~pre1) UNRELEASED; urgency=low
   * Fix man page typo about monkeysphere authorized_keys location
   * Monkeysphere should work properly even if the user has "armor" in
     their gpg.conf (closes MS #1625)
+  * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER
+    environment variable (and defaults to true)
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 18 Feb 2010 12:38:43 -0500
 
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index bcda433..ce6e82a 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -23,10 +23,10 @@
 # interaction, including all ssh connections if you use the
 # monkeysphere ssh-proxycommand.  Leave unset for default behavior
 # (see KEYSERVER CHECKING in monkeysphere(1)), or set to true or false.
-# NOTE: setting CHECK_KEYSERVER to true will leak information about
-# the timing and frequency of your ssh connections to the maintainer
-# of the keyserver.
-#CHECK_KEYSERVER=
+# NOTE: setting CHECK_KEYSERVER explicitly to true will leak
+# information about the timing and frequency of your ssh connections
+# to the maintainer of the keyserver.
+#CHECK_KEYSERVER=true
 
 # The path to the SSH known_hosts file.
 #KNOWN_HOSTS=~/.ssh/known_hosts
diff --git a/src/monkeysphere b/src/monkeysphere
index 7c92852..a763151 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -276,6 +276,7 @@ case $COMMAND in
 	;;
 
     'keys-for-userid'|'u')
+	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
 	keys_for_userid "$@"
 	;;
 
-- 
cgit v1.2.3


From 24da4d0207c8d3c7586871dac3eea9d2a0b864c3 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 03:06:32 -0400
Subject: enable use of hkps (closes: MS #1749)

---
 man/man8/monkeysphere-authentication.8 | 5 +++++
 src/share/ma/setup                     | 1 +
 2 files changed, 6 insertions(+)

(limited to 'src')

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 8732157..ea9debd 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -177,6 +177,11 @@ false may expose users to abuse by other users on the system. (true)
 /etc/monkeysphere/monkeysphere\-authentication.conf
 System monkeysphere-authentication config file.
 .TP
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+If monkeysphere-authentication is configured to query an hkps
+keyserver, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+.TP
 /var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
 .TP
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 6c75fef..f965487 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -43,6 +43,7 @@ EOF
 # Edits will be overwritten.
 no-greeting
 list-options show-uid-validity
+keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt
 EOF
 
     # make sure the monkeysphere user owns everything in the sphere
-- 
cgit v1.2.3


From dc52882f7ecf895377bfbf65833c6a699be4ab28 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 09:50:57 -0400
Subject: warn if keyserver query fails (Closes: MS #1750)

---
 src/share/common | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/share/common b/src/share/common
index 37f5305..cabc378 100644
--- a/src/share/common
+++ b/src/share/common
@@ -581,6 +581,10 @@ gpg_fetch_userid() {
 	--search ="$userID" &>/dev/null
     returnCode="$?"
 
+    if [ "$returnCode" != 0 ] ; then
+        log error "Failure ($returnCode) searching keyserver $KEYSERVER for user id '$userID'"
+    fi
+
     return "$returnCode"
 }
 
-- 
cgit v1.2.3


From 733d920b94909b19022276f7288b70afa14713bd Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 10:07:46 -0400
Subject: cleaning up monkeysphere-host show-key output

---
 src/monkeysphere-host | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 12e7bad..d615230 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -268,7 +268,7 @@ multi_key() {
 
     for key in $keys ; do
 	if (( i++ > 0 )) ; then
-	    echo "##############################"
+	    printf "\n"
 	fi
 	"$cmd" "$key"
     done
@@ -309,8 +309,9 @@ show_key() {
     # FIXME: make no-show-keyring work so we don't have to do the grep'ing
     # FIXME: can we show uid validity somehow?
     gpg --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \
-	| grep -v "^${GNUPGHOME}/pubring.gpg$" \
-	| egrep -v '^-+$'
+        | grep -v "^${GNUPGHOME}/pubring.gpg$" \
+        | egrep -v '^-+$' \
+        | grep -v '^$'
 
     # list revokers, if there are any
     revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$fingerprint" \
@@ -320,7 +321,6 @@ show_key() {
 	for key in $revokers ; do
 	    echo "revoker: $key"
 	done
-	echo
     fi
 
     # list the pgp fingerprint
-- 
cgit v1.2.3


From 42f7fec024d11c2ff20299f73254eda5b06ed181 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 10:21:31 -0400
Subject: fixing an error message in monkeysphere-host

---
 src/monkeysphere-host | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index d615230..f5374bd 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -239,7 +239,7 @@ prompt_userid_exists() {
     if gpgOut=$(gpg_host_list_keys "=${userID}" 2>/dev/null) ; then
 	fingerprint=$(echo "$gpgOut" | grep '^fpr:' | cut -d: -f10)
 	if [ "$PROMPT" != "false" ] ; then
-	    printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$fingerprint" "$userID" >&2
+	    printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$userID" "$fingerprint" >&2
 	    read OK; OK=${OK:=N}
 	    if [ "${OK/y/Y}" != 'Y' ] ; then
 		failure "Service name not added."
-- 
cgit v1.2.3


From 39d013c4d307d6a844f8dc2deabf42adc0a8a388 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 10:46:18 -0400
Subject: avoid checking trustdb from monkeysphere-host (Closes: MS #1957)

---
 src/monkeysphere-host | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index f5374bd..2c19331 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -74,7 +74,7 @@ EOF
 
 # function to interact with the gpg keyring
 gpg_host() {
-    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --no-tty "$@"
+    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-auto-check-trust-db --no-greeting --quiet --no-tty "$@"
 }
 
 # list the info about the a key, in colon format, to stdout
-- 
cgit v1.2.3


From 3d46f5954da2bc9a2dd8d2ce35713136149c2983 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 16:09:42 -0400
Subject: fix typo

---
 src/monkeysphere-host | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 2c19331..a5db8c1 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -74,7 +74,7 @@ EOF
 
 # function to interact with the gpg keyring
 gpg_host() {
-    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-auto-check-trust-db --no-greeting --quiet --no-tty "$@"
+    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-auto-check-trustdb --no-greeting --quiet --no-tty "$@"
 }
 
 # list the info about the a key, in colon format, to stdout
-- 
cgit v1.2.3