make-secnet-sites: pubkeys: Allow multiple

Make `pubkey' listish, so you can specify several.  It is still
required.  And only the first is used right now.

A harmless side effect is to reorder the output: `key' entries now
come before the more general properties.  But we must update the
expected test case output.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/make-secnet-sites b/make-secnet-sites
index f6c3d22b91f923591a3ea4cffd04dbd5e44ac24c..b666351e9e05917f62367bb2048012bbf7336b05 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -391,7 +391,7 @@ keywords={
  'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"),
  'restrict-nets':(networks,"Allowable networks"),
  'networks':(networks,"Claimed networks"),
- 'pubkey':(rsakey,"RSA public site key"),
+ 'pubkey':(listof(rsakey),"RSA public site key"),
  'peer':(single_ipaddr,"Tunnel peer IP address"),
  'address':(address,"External contact address and port"),
  'mobile':(boolean,"Site is mobile"),
@@ -511,7 +511,7 @@ class sitelevel(level):
         'address':sp,
         'networks':None,
         'peer':None,
-        'pubkey':(lambda n,v:"key %s;\n"%v),
+        'pubkey':None,
         'mobile':sp,
        })
        require_properties={
@@ -531,6 +531,8 @@ class sitelevel(level):
                w.write("%s {\n"%(self.kname()))
                self.indent(w,ind+2)
                w.write("name \"%s\";\n"%(np,))
+               self.indent(w,ind+2)
+               w.write("key %s;\n"%str(self.properties["pubkey"].list[0]))
                self.output_props(w,ind+2)
                self.indent(w,ind+2)
                w.write("link netlink {\n");

diff --git a/mtest/e-basic.conf b/mtest/e-basic.conf
index 9a4fde8faf474e32c2af86fd950d9bf349e20c00..5e228fe613b93ea015fd1759697806cc85ee9c38 100644 (file)
--- a/mtest/e-basic.conf
+++ b/mtest/e-basic.conf
@@ -1,6 +1,6 @@
 # secnet sites file autogenerated by make-secnet-sites version 0.1.18
-# Tue Nov 19 01:02:50 2019
-# Command line: ./make-secnet-sites --no-conf-key-prefix test-example/sites ./mtest/d-basic/out.conf
+# Sat Dec  7 17:16:13 2019
+# Command line: ./make-secnet-sites --no-conf-key-prefix test-example/sites /home/ian/things/Fvpn/secnet/mtest/d-basic/out.conf
 
 vpn-data {
   test-example {
@@ -15,9 +15,9 @@ vpn-data {
     in {
       inside {
         name "test-example/in/inside";
+        key rsa-public("65537","130064631890186713927887504218626486455931306300999583387009075747001546036643522074275473238061323169592347601185592753550279410171535737146240085267000508853176463710554801101055212967131924064664249613912656320653505750073021702169423354903540699008756137338575553686987244488914481168225136440872431691669");
         address "[127.0.0.1]"; port 16910;
         mobile True;
-        key rsa-public("65537","130064631890186713927887504218626486455931306300999583387009075747001546036643522074275473238061323169592347601185592753550279410171535737146240085267000508853176463710554801101055212967131924064664249613912656320653505750073021702169423354903540699008756137338575553686987244488914481168225136440872431691669");
         link netlink {
           routes "172.18.232.8/29";
           ptp-address "172.18.232.9";
@@ -27,8 +27,8 @@ vpn-data {
     out {
       outside {
         name "test-example/out/outside";
-        address "[::1]"; port 16900;
         key rsa-public("65537","129251483458784900555621175262818292872587807329014927540074484804119474262261383244074013537736576331652560727149001626325243856012659665194546933097292703586821422085819615124517093786704646988649444946154384037948502112302285511195679291084694375811092516151263088200304199780052361048758446082354317801941");
+        address "[::1]"; port 16900;
         link netlink {
           routes "172.18.232.0/29";
           ptp-address "172.18.232.1";