From c9fb510e23e466f2b040c8325ec96fe68b2cb8d4 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 7 Dec 2019 17:37:41 +0000
Subject: [PATCH] make-secnet-sites: Without --pubkeys-install, write
 appropriate key

Rather than hoping that the first thing in the list is appropriate,
write out the first *key* we come across.

This is needed because we are going to introduce into the 'pub' list
things that are not keys.  We don't want to somehow try to write to a
.conf file something corresponding to `serial' or `pkg' or `pkgf'.

The `indefault' variable will tracks whether we are in the default
pubkey group.  Right now we don't understand pubkey groups so it is
just `True'.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 make-secnet-sites | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/make-secnet-sites b/make-secnet-sites
index f90d150..4d8aacd 100755
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -660,7 +660,21 @@ class sitelevel(level):
 			os.rename(pa+'~tmp',pa+'~update')
 			w.write("peer-keys \"%s\";\n"%pa);
 		else:
-			w.write("key %s;\n"%str(self.properties["pub"].list[0]))
+			use = None
+			indefault = True
+			for k in self.properties["pub"].list:
+				debugrepr('pub write', (use,indefault,k))
+				if isinstance(k,pubkey):
+					if indefault:
+						use = k
+						break
+					if use is None:
+						use = k
+				else:
+					raise RuntimeError('bad '+repr(k))
+			if use is None:
+				complain("site with no public key");
+			w.write("key %s;\n"%str(use))
 		self.output_props(w,ind+2)
 		self.indent(w,ind+2)
 		w.write("link netlink {\n");
-- 
2.30.2