-monkeysphere (0.4-1) UNRELEASED; urgency=low
+monkeysphere (0.4-1) experimental; urgency=low
- [Daniel Kahn Gillmor]
- * New version (switch UNRELEASED to experimental when ready)
+ [ Daniel Kahn Gillmor ]
+ * New version.
+ * Fixed return code error in openpgp2ssh
[ Jameson Graef Rollins ]
* Privilege separation: use monkeysphere user to handle maintenance of
* Add write permission check on authorized_keys, known_hosts, and
authorized_user_ids files.
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Thu, 10 Jul 2008 16:47:17 -0400
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400
monkeysphere (0.3-1) experimental; urgency=low
.TP
.B add-identity-certifier KEYID
Instruct system to trust user identity certifications made by KEYID.
-A certifier domain can be specified with the `-n' or `--domain'
-option. A certifier trust level can be specified with the `-t' or
-`--trust' option (possible values are `1' for `marginal' and `2' for
-`full' (default is `2')). A certifier trust depth can be specified
+Using the `-n' or `--domain' option allows you to indicate that you
+only trust the given KEYID to make identifications within a specific
+domain (e.g. "trust KEYID to certify user identities within the
+@example.org domain"). A certifier trust level can be specified with
+the `-t' or `--trust' option (possible values are `marginal' and
+`full' (default is `full')). A certifier trust depth can be specified
with the `-d' or `--depth' option (default is 1). `a' may be used in
place of `add-identity-certifier'.
.TP
err(0,"Translating public key\n");
ret = emit_public_openssh_from_pgp(&pgp_crt, fingerprint, fpr_size);
+ if (ret != 0)
+ return ret;
} else {
/* we have no idea what kind of key this is at all anyway! */
publish-key (p) publish server's host key to keyserver
add-identity-certifier (a) KEYID import and tsign a certification key
- -n|--domain DOMAIN domain of certifier ()
- -t|--trust TRUST trust level of certifier (2)
+ -n|--domain DOMAIN limit ID certifications to IDs in DOMAIN ()
+ -t|--trust TRUST trust level of certifier (full)
-d|--depth DEPTH trust depth for certifier (1)
remove-identity-certifier (r) KEYID remove a certification key
list-identity-certifiers (l) list certification keys
local keyID
local fingerprint
local ltsignCommand
+ local trustval
# set default values for trust depth and domain
domain=
- trust=2
+ trust=full
depth=1
# get options
# export the key to the host keyring
gpg_authentication "--export $keyID" | gpg_host --import
+ if [ "$trust" == marginal ]; then
+ trustval=1
+ elif [ "$trust" == full ]; then
+ trustval=2
+ else
+ failure "trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)"
+ fi
+
# ltsign command
# NOTE: *all* user IDs will be ltsigned
ltsignCommand=$(cat <<EOF
ltsign
y
-$trust
+$trustval
$depth
$domain
y
projects / monkeysphere.git / commitdiff