make-secnet-sites: Without --pubkeys-install, write appropriate key

Rather than hoping that the first thing in the list is appropriate,
write out the first *key* we come across.

This is needed because we are going to introduce into the 'pub' list
things that are not keys.  We don't want to somehow try to write to a
.conf file something corresponding to `serial' or `pkg' or `pkgf'.

The `indefault' variable will tracks whether we are in the default
pubkey group.  Right now we don't understand pubkey groups so it is
just `True'.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/make-secnet-sites b/make-secnet-sites
index f90d150dd1b53dc5b9c41d6a4f1fc976c6f8e5ff..4d8aacdb9d2b01da078dc4092bbfa21470cd40ff 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -660,7 +660,21 @@ class sitelevel(level):
                        os.rename(pa+'~tmp',pa+'~update')
                        w.write("peer-keys \"%s\";\n"%pa);
                else:
-                       w.write("key %s;\n"%str(self.properties["pub"].list[0]))
+                       use = None
+                       indefault = True
+                       for k in self.properties["pub"].list:
+                               debugrepr('pub write', (use,indefault,k))
+                               if isinstance(k,pubkey):
+                                       if indefault:
+                                               use = k
+                                               break
+                                       if use is None:
+                                               use = k
+                               else:
+                                       raise RuntimeError('bad '+repr(k))
+                       if use is None:
+                               complain("site with no public key");
+                       w.write("key %s;\n"%str(use))
                self.output_props(w,ind+2)
                self.indent(w,ind+2)
                w.write("link netlink {\n");