make-secnet-sites: Provide --output-version option

This will be used to have make-secnet-sites produce
backward-compatible output for older readers.

This is mostly going to be used for a filtering mode, where
make-secnet sites will copy its input to its output downgrading things
as it goes.

It is also going to have the effect of limiting the secnet.conf file
output when --pubkeys-install is not specified, so that the peer key
that appears in the generated sites.conf is the old-style
pre-negotiation RSA key, as demanded by the spec.

The users of this variable, and the whole --pubkeys-install option,
and the filtering mode, are yet to come.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/README.make-secnet-sites b/README.make-secnet-sites
index 0545c4bd293fd3d8477d45c795efc97ed94e84d9..71a0e0f1e9c58a076b4c06bb0e7967762487467e 100644 (file)
--- a/README.make-secnet-sites
+++ b/README.make-secnet-sites
@@ -36,6 +36,16 @@ USAGE
 
 OPTIONS
 
+       --output-version NUMBER
+
+               Write backward-compatible sites file output,
+               targeting a particular sites format.  Values of
+               NUMBER that are understood are:
+                   1   The original format, pre signing key
+                       negotiation.
+               If NUMBER is higher than make-secnet-sites supports,
+               it writes out what it can.
+
        --debug | -D
 
                Increase amount of debugging output.

diff --git a/make-secnet-sites b/make-secnet-sites
index 6cb131e126689130a755ac67421a4f4f875fd1e9..a51b53d992e22943960463575a03dd42a1b1a44c 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -76,6 +76,8 @@ from argparseactionnoyes import ActionNoYes
 
 VERSION="0.1.18"
 
+max_version = 1
+
 from sys import version_info
 if version_info.major == 2:  # for python2
     import codecs
@@ -243,6 +245,7 @@ def parse_args():
        global prefix
        global key_prefix
        global debug_level
+       global output_version
 
        ap = argparse.ArgumentParser(description='process secnet sites files')
        ap.add_argument('--userv', '-u', action='store_true',
@@ -250,6 +253,9 @@ def parse_args():
        ap.add_argument('--conf-key-prefix', action=ActionNoYes,
                        default=True,
                 help='prefix conf file key names derived from sites data')
+       ap.add_argument('--output-version', nargs=1, type=int,
+                       help='sites file output version',
+                       default=[max_version])
        ap.add_argument('--prefix', '-P', nargs=1,
                        help='set prefix')
        ap.add_argument('--debug', '-D', action='count', default=0)
@@ -260,6 +266,7 @@ def parse_args():
        service = 1 if av.userv else 0
        prefix = '' if av.prefix is None else av.prefix[0]
        key_prefix = av.conf_key_prefix
+       output_version = av.output_version[0]
        if service:
                if len(av.arg)!=4:
                        print("Wrong number of arguments")