From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 9 Nov 2008 22:51:24 +0000 (-0500)
Subject: Merge commit 'web/master'
X-Git-Tag: monkeysphere_0.20-1~6
X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=6bc022e40bca1b5cd4aa5878572faa3152a9195c;hp=7836f86d02a15f25941c098b065989678bfe72a2;p=monkeysphere.git

Merge commit 'web/master'
---

diff --git a/tests/basic b/tests/basic
index 289a1b7..c38a74b 100755
--- a/tests/basic
+++ b/tests/basic
@@ -13,10 +13,11 @@
 
 # all subcommands in this script should complete without failure:
 set -e
+# piped commands should return the code of the first non-zero return
+set -o pipefail
 
 ## make sure that the right tools are installed to run the test.  the
 ## test has *more* requirements than plain ol' monkeysphere:
-
 which socat || { echo "You must have socat installed to run this test." ; exit 1; }
 
 ## FIXME: other checks?
@@ -120,7 +121,6 @@ export MONKEYSPHERE_LOG_LEVEL=DEBUG
 
 export SSHD_CONFIG="$TEMPDIR"/sshd_config
 export SOCKET="$TEMPDIR"/ssh-socket
-export SSHD_PID=
 
 # Make sure $DISPLAY is set to convince ssh and monkeysphere to fall
 # back on $SSH_ASKPASS.  Make sure it's not set to the current actual
diff --git a/website/doc.mdwn b/website/doc.mdwn
index 56498e8..b60cf28 100644
--- a/website/doc.mdwn
+++ b/website/doc.mdwn
@@ -2,20 +2,16 @@
 
 # Documentation #
 
-## Dependencies ##
-
-Monkeysphere relies on:
-
- * [GnuTLS](http://gnutls.org/) version 2.4.0 or later
- * [OpenSSH](http://openssh.com/)
- * [GnuPG](http://gnupg.org/)
-
 ## Getting started ##
 
  * [Downloading and installing](/download)
  * Getting started as a [user](/getting-started-user)
  * Getting started as a [server admin](/getting-started-admin)
+
+## Under the hood ##
+
  * [Developing the monkeysphere](/community)
+ * [Technical details](/technical-details)
 
 ## References ##
 
diff --git a/website/download.mdwn b/website/download.mdwn
index 1f27fde..1a0f26e 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -2,10 +2,25 @@
 
 # Downloading and Installing #
 
+Once you've installed the packages, please see the [documentation
+page](/doc) to read up on how to get started [as a regular
+user](/getting-started-user) or [as a systems
+administrator](/getting-started-admin).
+
+## Dependencies ##
+
+Monkeysphere relies on:
+
+ * [GnuTLS](http://gnutls.org/)
+  * version 2.4 or later for general use
+  * [version 2.6 or later](/news/gnutls-2.6-enables-monkeysphere) to use the `monkeysphere subkey-to-ssh-agent` subcommand.
+ * [OpenSSH](http://openssh.com/)
+ * [GnuPG](http://gnupg.org/)
+
 ## Debian ##
 
-If you are running a Debian system, you can install Monkeysphere
-by following these directions:
+If you are running a [Debian](http://www.debian.org/) system, you can
+install Monkeysphere by following these directions:
 
 You can add this repo to your system by putting the following lines in
 `/etc/apt/sources.list.d/monkeysphere.list`:
@@ -13,23 +28,20 @@ You can add this repo to your system by putting the following lines in
 	deb http://archive.monkeysphere.info/debian experimental monkeysphere
 	deb-src http://archive.monkeysphere.info/debian experimental monkeysphere
 
-The repository is currently signed by the Monkeysphere archive
-signing key, key id EB8AF314 (fingerprint: `2E8D
-D26C 53F1 197D DF40 3E61 18E6 67F1 EB8A F314`).  To cryptographically
+The repository is currently signed by [The Monkeysphere archive
+signing key](/archive-key), key id EB8AF314 (fingerprint: `2E8D D26C
+53F1 197D DF40 3E61 18E6 67F1 EB8A F314`).  To cryptographically
 verify the packages, you'll want to [add this key to your apt
 configuration after verifying its integrity](/archive-key).
 
 To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will
-also need [version 2.6 of GnuTLS](/news/gnutls-2.6-enables-monkeysphere),
-which is available in Debian experimental.
-
-Once you've installed the packages, you might want to read up on how
-to get started [as a regular user](/getting-started-user) or [as a
-systems administrator](/getting-started-admin).
+also need [version 2.6 of
+GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is available in
+Debian experimental.
 
 ## FreeBSD ##
 
-There is [now a FreeBSD port available](/news/FreeBSD-port-available/)
+There is [now a FreeBSD port available](/news/FreeBSD-port-available)
 for the Monkeysphere.
 
 While the monkeysphere is not officially included in the ports tree
@@ -51,6 +63,12 @@ port with:
     cd /usr/ports/security/monkeysphere
     make && make install
 
+To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will
+also need [version 2.6 of
+GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is [slated to be
+available after the 7.1 ports slush is
+over](http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127330).
+
 ## Source ##
 
 For those that would like to download the source directly, [the source
diff --git a/website/features.mdwn b/website/features.mdwn
new file mode 100644
index 0000000..1aabda1
--- /dev/null
+++ b/website/features.mdwn
@@ -0,0 +1,4 @@
+[[meta title="Features"]]
+
+# Features #
+
diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn
index e0a2dab..5dcb0d6 100644
--- a/website/getting-started-user.mdwn
+++ b/website/getting-started-user.mdwn
@@ -20,6 +20,16 @@ done with a simple cronjob.  An example of crontab line to do this is:
 
 This would refresh your keychain every day at noon.
 
+Install the monkeysphere software on your system
+------------------------------------------------
+
+If you haven't installed monkeysphere yet, you will need to [download
+and install](/download) before continuing.
+
+Make sure that you have the GnuTLS library version 2.6 or later
+installed on your system. If you can't (or don't want to) upgrade to
+GnuTLS 2.6 or later, there are patches for GnuTLS 2.4 available in
+[the Monkeysphere git repo](/community).
 
 Keeping your `known_hosts` file in sync with your keyring
 -----------------------------------------------------------
@@ -93,10 +103,6 @@ you can feed your authentication subkey to your ssh agent by running:
 
 	$ monkeysphere subkey-to-ssh-agent
 
-If you can't (or don't want to) upgrade to GnuTLS 2.6 or later, there
-are patches for GnuTLS 2.4 available in [the Monkeysphere git
-repo](/community).
-
 FIXME: using the key with a single ssh connection?
 
 Establish trust
diff --git a/website/technical-details.mdwn b/website/technical-details.mdwn
new file mode 100644
index 0000000..902e356
--- /dev/null
+++ b/website/technical-details.mdwn
@@ -0,0 +1,28 @@
+[[meta title="Technical Details"]]
+
+# Technical Details #
+
+Under construction.
+
+## Host key verification ##
+
+When an ssh connection is initiated, the ssh client checks that the
+host key presented by the server matches one found in the connecting
+user's `known_hosts` file.  If so, the ssh client allows the
+connection to continue.  If not, the client asks the user if they
+would like to accept the host key for future session by asking the
+user to verify the host key's fingerprint.
+
+### Adding a server to the monkeysphere ###
+
+Servers are "monkeysphere enabled" by generating an OpenPGP
+authentication key for the server, translating the key into on ssh
+key, and publishing the host key to the Web of Trust.
+
+### Verifying a host key ###
+
+## User authentication ##
+
+### Adding an individual to the monkeysphere ###
+
+### Verifying a user key ###