Merge "veyron/services/mgmt/node/impl: add self-installation functionality to node manager."
diff --git a/lib/netconfig/ipaux_other.go b/lib/netconfig/ipaux_other.go
index 23496f0..2826424 100644
--- a/lib/netconfig/ipaux_other.go
+++ b/lib/netconfig/ipaux_other.go
@@ -1,4 +1,4 @@
-// +build !linux,!bsd
+// +build !linux,!darwin,!dragonfly,!freebsd,!netbsd,!openbsd
 // TODO(bprosnitz) Should change for nacl?
 
 package netconfig
diff --git a/services/identity/blesser/macaroon.go b/services/identity/blesser/macaroon.go
index 5233788..9fc7798 100644
--- a/services/identity/blesser/macaroon.go
+++ b/services/identity/blesser/macaroon.go
@@ -66,5 +66,12 @@
 	if len(m.Caveats) == 0 {
 		m.Caveats = []security.Caveat{security.UnconstrainedUse()}
 	}
-	return ctx.LocalPrincipal().Bless(ctx.RemoteBlessings().PublicKey(), ctx.LocalBlessings(), m.Name, m.Caveats[0], m.Caveats[1:]...)
+	// TODO(ashankar,toddw): After the old security model is ripped out and the VDL configuration
+	// files have the scheme to translate between "wire" types and "in-memory" types, this should just
+	// become return ctx.LocalPrincipal().....
+	blessings, err := ctx.LocalPrincipal().Bless(ctx.RemoteBlessings().PublicKey(), ctx.LocalBlessings(), m.Name, m.Caveats[0], m.Caveats[1:]...)
+	if err != nil {
+		return nil, err
+	}
+	return security.MarshalBlessings(blessings), nil
 }
diff --git a/services/identity/blesser/macaroon_test.go b/services/identity/blesser/macaroon_test.go
index 8ea499a..0a907c8 100644
--- a/services/identity/blesser/macaroon_test.go
+++ b/services/identity/blesser/macaroon_test.go
@@ -39,10 +39,13 @@
 	m = BlessingMacaroon{Creation: time.Now(), Name: "user", Caveats: []security.Caveat{cOnlyMethodFoo}}
 	if result, err := blesser.Bless(context, newMacaroon(t, key, m)); err != nil || result == nil {
 		t.Errorf("Got (%v, %v)", result, err)
-	} else if _, ok := result.(security.Blessings); !ok {
+	} else if _, ok := result.(security.WireBlessings); !ok {
 		t.Errorf("Got %T, want security.Blessings", result)
 	} else {
-		b := result.(security.Blessings)
+		b, err := security.NewBlessings(result.(security.WireBlessings))
+		if err != nil {
+			t.Fatalf("Unable to decode response into a security.Blessings object: %v", err)
+		}
 		if !reflect.DeepEqual(b.PublicKey(), user.PublicKey()) {
 			t.Errorf("Received blessing for public key %v. Client:%v, Blesser:%v", b.PublicKey(), user.PublicKey(), provider.PublicKey())
 		}
diff --git a/services/identity/blesser/oauth.go b/services/identity/blesser/oauth.go
index be6dd9f..320e370 100644
--- a/services/identity/blesser/oauth.go
+++ b/services/identity/blesser/oauth.go
@@ -132,7 +132,7 @@
 	if err != nil {
 		return nil, "", err
 	}
-	return blessing, email, nil
+	return security.MarshalBlessings(blessing), email, nil
 }
 
 // DEPRECATED