chiark / gitweb /
make-secnet-sites: New --pubkeys-elide mode
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Sun, 1 Dec 2019 21:41:01 +0000 (21:41 +0000)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Sat, 15 Feb 2020 21:56:52 +0000 (21:56 +0000)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
README.make-secnet-sites
make-secnet-sites

index 413bcf8..aa4b216 100644 (file)
@@ -64,6 +64,12 @@ OPTIONS
                keys defined for any site, in the input.
                --pubkeys-single is the default.
 
+       --pubkeys-elide
+
+               In the sites.conf output, just write the peer-keys
+               entry referring to keys in PUBKEYS.  But do not write
+               public keys anywhere.
+
        --pubkeys-dir PUBKEYS
 
                Specifies the live pubkeys area pathname.
index 16b124c..6721156 100755 (executable)
@@ -282,6 +282,12 @@ class PkmInstall(PkmBase):
        def site_finish(self,confw):
                self._pw.close()
                os.rename(self._pa+'~tmp',self._pa+'~update')
+               PkmElide.site_finish(self,confw)
+
+class PkmElide(PkmBase):
+       opt = 'elide'
+       help = 'no public keys in sites.conf output nor in directory'
+       def site_finish(self,confw):
                confw.write("peer-keys \"%s\";\n"%self._pa);
 
 def parse_args():
@@ -314,6 +320,7 @@ def parse_args():
                        help=how().help)
        add_pkm(PkmInstall)
        add_pkm(PkmSingle)
+       add_pkm(PkmElide)
        ap.add_argument('--pubkeys-dir',  nargs=1,
                        help='public key directory',
                        default=['/var/lib/secnet/pubkeys'])