From 8c63c56d1a1be0d95f75044184bcd17b7b16d7c3 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 1 Dec 2019 21:41:01 +0000
Subject: [PATCH] make-secnet-sites: New --pubkeys-elide mode

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 README.make-secnet-sites | 6 ++++++
 make-secnet-sites        | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/README.make-secnet-sites b/README.make-secnet-sites
index 413bcf8..aa4b216 100644
--- a/README.make-secnet-sites
+++ b/README.make-secnet-sites
@@ -64,6 +64,12 @@ OPTIONS
 		keys defined for any site, in the input.
 		--pubkeys-single is the default.
 
+	--pubkeys-elide
+
+		In the sites.conf output, just write the peer-keys
+		entry referring to keys in PUBKEYS.  But do not write
+		public keys anywhere.
+
 	--pubkeys-dir PUBKEYS
 
 		Specifies the live pubkeys area pathname.
diff --git a/make-secnet-sites b/make-secnet-sites
index 16b124c..6721156 100755
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -282,6 +282,12 @@ class PkmInstall(PkmBase):
 	def site_finish(self,confw):
 		self._pw.close()
 		os.rename(self._pa+'~tmp',self._pa+'~update')
+		PkmElide.site_finish(self,confw)
+
+class PkmElide(PkmBase):
+	opt = 'elide'
+	help = 'no public keys in sites.conf output nor in directory'
+	def site_finish(self,confw):
 		confw.write("peer-keys \"%s\";\n"%self._pa);
 
 def parse_args():
@@ -314,6 +320,7 @@ def parse_args():
 			help=how().help)
 	add_pkm(PkmInstall)
 	add_pkm(PkmSingle)
+	add_pkm(PkmElide)
 	ap.add_argument('--pubkeys-dir',  nargs=1,
 			help='public key directory',
 			default=['/var/lib/secnet/pubkeys'])
-- 
2.30.2