From 5fadec09dcd44c4dcad657a0f3d96878b592b77b Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Thu, 10 Jul 2008 14:30:21 -0400
Subject: [PATCH] Update man pages, and tweak default error return code.

---
 man/man1/monkeysphere.1        | 28 ++++++++++++++++++++++++++--
 man/man8/monkeysphere-server.8 | 32 ++++++++++++++++++++++++++++++--
 src/common                     |  8 ++------
 src/monkeysphere               | 12 ++++++------
 src/monkeysphere-server        | 16 ++++++----------
 5 files changed, 70 insertions(+), 26 deletions(-)

diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 07cd3ea..05376d0 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -53,13 +53,37 @@ none were acceptable.  `a' may be used in place of
 .B gen-subkey KEYID
 Generate an authentication subkey.  For the primary key with the
 specified key ID, generate a subkey with "authentication" capability
-that can be used for monkeysphere transactions.  `g' may be used in
-place of `gen-subkey'.
+that can be used for monkeysphere transactions.  An expiration length
+can be specified with the `-e' or `--expire' option (prompt
+otherwise).  `g' may be used in place of `gen-subkey'.
 .TP
 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.
 
+.SH ENVIRONMENT
+
+The following environment variables will override those specified in
+the monkeysphere.conf configuration file (defaults in parentheses):
+.TP
+MONKEYSPHERE_GNUPGHOME, GNUPGHOME
+GnuPG home directory (~/.gnupg).
+.TP
+MONKEYSPHERE_KEYSERVER
+OpenPGP keyserver to use (subkeys.pgp.net).
+.TP
+MONKEYSPHERE_CHECK_KEYSERVER
+Whether or not to check keyserver when making gpg queries (`true').
+.TP
+MONKEYSPHERE_KNOWN_HOSTS
+Path to ssh known_hosts file (~/.ssh/known_hosts).
+.TP
+MONKEYSPHERE_HASH_KNOWN_HOSTS
+Whether or not to hash to the known_hosts file entries (`true').
+.TP
+MONKEYSPHERE_AUTHORIZED_KEYS
+Path to ssh authorized_keys file (~/.ssh/authorized_keys).
+
 .SH FILES
 
 .TP
diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index f33ffea..0e699b9 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -38,7 +38,11 @@ used in place of `update-users'.
 .B gen-key [HOSTNAME]
 Generate a OpenPGP key pair for the host.  If HOSTNAME is not
 specified, then the system fully-qualified domain name will be user.
-`g' may be used in place of `gen-key'.
+An alternate key bit length can be specified with the `-l' or
+`--length' option (default 2048).  An expiration length can be
+specified with the `-e' or `--expire' option (prompt otherwise).  A
+key revoker fingerprint can be specified with the `-r' or `--revoker'
+option.  `g' may be used in place of `gen-key'.
 .TP
 .B show-fingerprint
 Show the fingerprint for the host's OpenPGP key.  `f' may be used in place of
@@ -50,7 +54,11 @@ place of `publish-key'.
 .TP
 .B add-identity-certifier KEYID
 Instruct system to trust user identity certifications made by KEYID.
-`a' may be used in place of `add-identity-certifier'.
+A certifier domain can be specified with the `-n' or `--domain'
+option.  A certifier trust level can be specified with the `-t' or
+`--trust' option (default is `full').  A certifier trust depth can be
+specified with the `-d' or `--depth' option (default is 1).  `a' may
+be used in place of `add-identity-certifier'.
 .TP
 .B remove-identity-certifier KEYID
 Instruct system to ignore user identity certifications made by KEYID.
@@ -125,6 +133,26 @@ It is recommended to add "monkeysphere-server update-users" to a
 system crontab, so that user keys are kept up-to-date, and key
 revokations and expirations can be processed in a timely manor.
 
+.SH ENVIRONMENT
+
+The following environment variables will override those specified in
+the monkeysphere-server.conf configuration file (defaults in
+parentheses):
+.TP
+MONKEYSPHERE_KEYSERVER
+OpenPGP keyserver to use (subkeys.pgp.net).
+.TP
+MONKEYSPHERE_AUTHORIZED_USER_IDS
+Path to user authorized_user_ids file
+(%h/.config/monkeysphere/authorized_user_ids).
+.TP
+MONKEYSPHERE_RAW_AUTHORIZED_KEYS
+Path to user-controlled authorized_keys file.  `-' means not to add
+user-controlled file (%h/.ssh/authorized_keys).
+.TP
+MONKEYSPHERE_MONKEYSPHERE_USER
+User to control authentication keychain (monkeypshere).
+
 .SH FILES
 
 .TP
diff --git a/src/common b/src/common
index 5d43fa4..240de38 100644
--- a/src/common
+++ b/src/common
@@ -20,14 +20,10 @@ export ETC
 ########################################################################
 ### UTILITY FUNCTIONS
 
-error() {
-    log "$1"
-    ERR=${2:-'1'}
-}
-
+# failure function.  exits with code 255, unless specified otherwise.
 failure() {
     echo "$1" >&2
-    exit ${2:-'1'}
+    exit ${2:-'255'}
 }
 
 # write output to stderr
diff --git a/src/monkeysphere b/src/monkeysphere
index 59b7e4a..a25fd6a 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -22,7 +22,7 @@ DATE=$(date -u '+%FT%T')
 unset GREP_OPTIONS
 
 # default return code
-ERR=0
+RETURN=0
 
 ########################################################################
 # FUNCTIONS
@@ -30,7 +30,7 @@ ERR=0
 
 usage() {
 cat <<EOF
-usage: $PGRM <subcommand> [args]
+usage: $PGRM <subcommand> [options] [args]
 MonkeySphere client tool.
 
 subcommands:
@@ -208,7 +208,7 @@ case $COMMAND in
         # those hosts
 	if [ "$1" ] ; then
 	    update_known_hosts "$@"
-	    ERR="$?"
+	    RETURN="$?"
 
         # otherwise, if no hosts are specified, process every host
         # in the user's known_hosts file
@@ -218,7 +218,7 @@ case $COMMAND in
 	    fi
 
 	    process_known_hosts
-	    ERR="$?"
+	    RETURN="$?"
 	fi
 	;;
 
@@ -232,7 +232,7 @@ case $COMMAND in
 
 	# process authorized_user_ids file
 	process_authorized_user_ids "$AUTHORIZED_USER_IDS"
-	ERR="$?"
+	RETURN="$?"
 	;;
 
     'gen-subkey'|'g')
@@ -253,4 +253,4 @@ Type '$PGRM help' for usage."
         ;;
 esac
 
-exit "$ERR"
+exit "$RETURN"
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index b7e82d8..9205b1d 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -25,7 +25,7 @@ DATE=$(date -u '+%FT%T')
 unset GREP_OPTIONS
 
 # default return code
-ERR=0
+RETURN=0
 
 ########################################################################
 # FUNCTIONS
@@ -33,7 +33,7 @@ ERR=0
 
 usage() {
 cat <<EOF
-usage: $PGRM <subcommand> [args]
+usage: $PGRM <subcommand> [options] [args]
 MonkeySphere server admin tool.
 
 subcommands:
@@ -123,7 +123,7 @@ update_users() {
     for uname in $unames ; do
 	# check all specified users exist
 	if ! getent passwd "$uname" >/dev/null ; then
-	    error "----- unknown user '$uname' -----"
+	    log "----- unknown user '$uname' -----"
 	    continue
 	fi
 
@@ -176,7 +176,7 @@ update_users() {
 	    # user
 	    su_monkeysphere_user \
 		". ${SHARE}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS"
-	    ERR="$?"
+	    RETURN="$?"
 	fi
 
 	# add user-controlled authorized_keys file path if specified
@@ -332,16 +332,12 @@ add_certifier() {
     gpg_host --export-ownertrust | gpg_authentication "--import-ownertrust"
 
     # get the key from the key server
-    gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'"
+    gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'" || failure
 
     # get the full fingerprint of a key ID
     fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint $keyID" | \
 	grep '^fpr:' | grep "$keyID" | cut -d: -f10)
 
-    if [ -z "$fingerprint" ] ; then
-	failure "Could not find key \"${keyID}\"."
-    fi
-
     echo "key found:"
     gpg_authentication "--fingerprint $fingerprint"
 
@@ -538,4 +534,4 @@ Type '$PGRM help' for usage."
         ;;
 esac
 
-exit "$ERR"
+exit "$RETURN"
-- 
2.25.1