From 35f10e489d5b4019cb70414df34c643d96242619 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 9 Nov 2019 00:10:16 +0000 Subject: [PATCH] make-secnet-sites: pubkeys: Allow multiple Make `pubkey' listish, so you can specify several. It is still required. And only the first is used right now. A harmless side effect is to reorder the output: `key' entries now come before the more general properties. But we must update the expected test case output. Signed-off-by: Ian Jackson --- make-secnet-sites | 6 ++++-- mtest/e-basic.conf | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/make-secnet-sites b/make-secnet-sites index f6c3d22..b666351 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -391,7 +391,7 @@ keywords={ 'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"), 'restrict-nets':(networks,"Allowable networks"), 'networks':(networks,"Claimed networks"), - 'pubkey':(rsakey,"RSA public site key"), + 'pubkey':(listof(rsakey),"RSA public site key"), 'peer':(single_ipaddr,"Tunnel peer IP address"), 'address':(address,"External contact address and port"), 'mobile':(boolean,"Site is mobile"), @@ -511,7 +511,7 @@ class sitelevel(level): 'address':sp, 'networks':None, 'peer':None, - 'pubkey':(lambda n,v:"key %s;\n"%v), + 'pubkey':None, 'mobile':sp, }) require_properties={ @@ -531,6 +531,8 @@ class sitelevel(level): w.write("%s {\n"%(self.kname())) self.indent(w,ind+2) w.write("name \"%s\";\n"%(np,)) + self.indent(w,ind+2) + w.write("key %s;\n"%str(self.properties["pubkey"].list[0])) self.output_props(w,ind+2) self.indent(w,ind+2) w.write("link netlink {\n"); diff --git a/mtest/e-basic.conf b/mtest/e-basic.conf index 9a4fde8..5e228fe 100644 --- a/mtest/e-basic.conf +++ b/mtest/e-basic.conf @@ -1,6 +1,6 @@ # secnet sites file autogenerated by make-secnet-sites version 0.1.18 -# Tue Nov 19 01:02:50 2019 -# Command line: ./make-secnet-sites --no-conf-key-prefix test-example/sites ./mtest/d-basic/out.conf +# Sat Dec 7 17:16:13 2019 +# Command line: ./make-secnet-sites --no-conf-key-prefix test-example/sites /home/ian/things/Fvpn/secnet/mtest/d-basic/out.conf vpn-data { test-example { @@ -15,9 +15,9 @@ vpn-data { in { inside { name "test-example/in/inside"; + key rsa-public("65537","130064631890186713927887504218626486455931306300999583387009075747001546036643522074275473238061323169592347601185592753550279410171535737146240085267000508853176463710554801101055212967131924064664249613912656320653505750073021702169423354903540699008756137338575553686987244488914481168225136440872431691669"); address "[127.0.0.1]"; port 16910; mobile True; - key rsa-public("65537","130064631890186713927887504218626486455931306300999583387009075747001546036643522074275473238061323169592347601185592753550279410171535737146240085267000508853176463710554801101055212967131924064664249613912656320653505750073021702169423354903540699008756137338575553686987244488914481168225136440872431691669"); link netlink { routes "172.18.232.8/29"; ptp-address "172.18.232.9"; @@ -27,8 +27,8 @@ vpn-data { out { outside { name "test-example/out/outside"; - address "[::1]"; port 16900; key rsa-public("65537","129251483458784900555621175262818292872587807329014927540074484804119474262261383244074013537736576331652560727149001626325243856012659665194546933097292703586821422085819615124517093786704646988649444946154384037948502112302285511195679291084694375811092516151263088200304199780052361048758446082354317801941"); + address "[::1]"; port 16900; link netlink { routes "172.18.232.0/29"; ptp-address "172.18.232.1"; -- 2.30.2