From cc45c7363cf606e433a2c289de4bfa2dfe585c62 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 23 Jul 2008 00:09:21 -0400
Subject: [PATCH] monkeysphere-server add-identity-certifier --trust now takes
 textual values (marginal, full) instead of numeric (1,2).  updated
 documentation as well.

---
 man/man8/monkeysphere-server.8 | 10 ++++++----
 src/monkeysphere-server        | 17 +++++++++++++----
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index e9784b6..3a50aac 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -54,10 +54,12 @@ place of `publish-key'.
 .TP
 .B add-identity-certifier KEYID
 Instruct system to trust user identity certifications made by KEYID.
-A certifier domain can be specified with the `-n' or `--domain'
-option.  A certifier trust level can be specified with the `-t' or
-`--trust' option (possible values are `1' for `marginal' and `2' for
-`full' (default is `2')).  A certifier trust depth can be specified
+Using the `-n' or `--domain' option allows you to indicate that you
+only trust the given KEYID to make identifications within a specific
+domain (e.g. "trust KEYID to certify user identities within the
+@example.org domain").  A certifier trust level can be specified with
+the `-t' or `--trust' option (possible values are `marginal' and
+`full' (default is `full')).  A certifier trust depth can be specified
 with the `-d' or `--depth' option (default is 1).  `a' may be used in
 place of `add-identity-certifier'.
 .TP
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 6534fa1..4d7acc6 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -47,8 +47,8 @@ subcommands:
   publish-key (p)                       publish server's host key to keyserver
 
   add-identity-certifier (a) KEYID      import and tsign a certification key
-    -n|--domain DOMAIN                    domain of certifier ()
-    -t|--trust TRUST                      trust level of certifier (2)
+    -n|--domain DOMAIN                    limit ID certifications to IDs in DOMAIN ()
+    -t|--trust TRUST                      trust level of certifier (full)
     -d|--depth DEPTH                      trust depth for certifier (1)
   remove-identity-certifier (r) KEYID   remove a certification key
   list-identity-certifiers (l)          list certification keys
@@ -383,10 +383,11 @@ add_certifier() {
     local keyID
     local fingerprint
     local ltsignCommand
+    local trustval
 
     # set default values for trust depth and domain
     domain=
-    trust=2
+    trust=full
     depth=1
 
     # get options
@@ -450,12 +451,20 @@ add_certifier() {
     # export the key to the host keyring
     gpg_authentication "--export $keyID" | gpg_host --import
 
+    if [ "$trust" == marginal ]; then
+	trustval=1
+    elif [ "$trust" == full ]; then
+	trustval=2
+    else
+	failure "trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)"
+    fi
+
     # ltsign command
     # NOTE: *all* user IDs will be ltsigned
     ltsignCommand=$(cat <<EOF
 ltsign
 y
-$trust
+$trustval
 $depth
 $domain
 y
-- 
2.25.1