Merge commit 'jrollins/master'

diff --combined src/share/common
index d151e859c5b3367316167e64e2acba7e4fcc21cb,745a86111292bd1ec08bb6a9479c424ca53c0b0e..653d58ba0154941887a340e7889b391079db1bae
--- 1/src/share/common
--- 2/src/share/common
+++ b/src/share/common
@@@ -1153,50 -1153,9 +1153,49 @@@ process_authorized_user_ids() 
  # takes a gpg key or keys on stdin, and outputs a list of
  # fingerprints, one per line:
  list_primary_fingerprints() {
-     local file="$1"
      local fake=$(msmktempdir)
      GNUPGHOME="$fake" gpg --no-tty --quiet --import
      GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \
        awk -F: '/^fpr:/{ print $10 }'
      rm -rf "$fake"
  }
 +
 +
 +check_cruft_file() {
 +    local loc="$1"
 +    local version="$2"
 +    
 +    if [ -e "$loc" ] ; then
 +      printf "! The file '%s' is no longer used by\n  monkeysphere (as of version %s), and can be removed.\n\n" "$loc" "$version" | log info
 +    fi
 +}
 +
 +check_upgrade_dir() {
 +    local loc="$1"
 +    local version="$2"
 +
 +    if [ -d "$loc" ] ; then
 +      printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n  %s/transitions/%s\n\n" "$loc" "$SYSSHAREDIR" "$version" | log info
 +    fi
 +}
 +
 +## look for cruft from old versions of the monkeysphere, and notice if
 +## upgrades have not been run:
 +report_cruft() {
 +    check_upgrade_dir "${SYSCONFIGDIR}/gnupg-host" 0.23
 +    check_upgrade_dir "${SYSCONFIGDIR}/gnupg-authentication" 0.23
 +
 +    check_cruft_file "${SYSCONFIGDIR}/gnupg-authentication.conf" 0.23
 +    check_cruft_file "${SYSCONFIGDIR}/gnupg-host.conf" 0.23
 +
 +    local found=
 +    for foo in "${SYSDATADIR}/backup-from-"*"-transition"  ; do
 +      if [ -d "$foo" ] ; then
 +          printf "! %s\n" "$foo" | log info
 +          found=true
 +      fi
 +    done
 +    if [ "$found" ] ; then
 +      printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info
 +    fi
 +}

diff --combined src/share/m/ssh_proxycommand
index 0a8150088a861cca963eb54f14c0f54645ad4103,d2b45278e1bd3c2e207b0895932f72e5659d0e9a..bd095889e528f61b0a75a503fcb5a12ba7942c57
--- 1/src/share/m/ssh_proxycommand
--- 2/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@@ -43,7 -43,7 +43,7 @@@ EO
      # found?
  
      # get the gpg info for userid
-     gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+     gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
        --with-fingerprint --with-fingerprint \
        ="$userID" 2>/dev/null)
  
@@@ -66,12 -66,12 +66,12 @@@ EO
  
                    sshKeyGPGFile=$(msmktempfile)
                    printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
 -                  sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" \
 +                  sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
                        awk '{ print $2 }')
                    rm -f "$sshKeyGPGFile"
  
                    # get the sigs for the matching key
-                   gpgSigOut=$(gpg --check-sigs \
+                   gpgSigOut=$(gpg_user --check-sigs \
                        --list-options show-uid-validity \
                        "$keyid")
  
@@@ -171,7 -171,7 +171,7 @@@ URI="ssh://${HOSTP}
  # CHECK_KEYSERVER variable in the monkeysphere.conf file.
  
  # if the host is in the gpg keyring...
- if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then
+ if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then
      # do not check the keyserver
      CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"}