chiark / gitweb /
~mdw / tripe / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tripe-keys: Don't hard-code the `-l' flag when generating master keys.
[tripe] / keys / tripe-keys.in
diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index 1167dea00df123bf0bb35f1231db4f55f9ba5656..531e7492bad0f401beb6d3cf6917ae6cecdf989e 100644 (file)
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -136,6 +136,7 @@ def conf_defaults():
                ('kx-expire', 'now + 1 year'),
                ('cipher', 'blowfish-cbc'),
                ('hash', 'sha256'),
                ('kx-expire', 'now + 1 year'),
                ('cipher', 'blowfish-cbc'),
                ('hash', 'sha256'),
+               ('master-keygen-flags', '-l'),
                ('mgf', '${hash}-mgf'),
                ('mac', lambda: '%s-hmac/%d' %
                          (conf['hash'],
                ('mgf', '${hash}-mgf'),
                ('mac', lambda: '%s-hmac/%d' %
                          (conf['hash'],
@@ -219,7 +220,7 @@ def cmd_newmaster(args):
   seq = max_master_sequence() + 1
   run('''key -kmaster add
     -a${sig-genalg} !${sig-param}
   seq = max_master_sequence() + 1
   run('''key -kmaster add
     -a${sig-genalg} !${sig-param}
-    -e${sig-expire} -l -tmaster-%d tripe-keys-master
+    -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
     sig=${sig} hash=${sig-hash}''' % seq)
   run('key -kmaster extract -f-secret repos/master.pub')
 
     sig=${sig} hash=${sig-hash}''' % seq)
   run('key -kmaster extract -f-secret repos/master.pub')
 
Trivial IP Encryption: a simple VPN