From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 5 Apr 2008 12:24:40 +0000 (+0100)
Subject: tripe-keys: Don't hard-code the `-l' flag when generating master keys.
X-Git-Tag: 1.0.0pre8~71
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/7858dfa0ff7fa6d3e94e4a05dbce52dd2415adc6?hp=b14ccd2f7a18d48b40b381b42934a3d97da3b99c

tripe-keys: Don't hard-code the `-l' flag when generating master keys.

It makes automated testing painful.  Instead, provide a configuration
parameter master-keygen-flags which defaults to -l but can be overridden
by people who know what they're doing.
---

diff --git a/keys/tripe-keys.conf.5 b/keys/tripe-keys.conf.5
index 4dcda40b..e43aec5e 100644
--- a/keys/tripe-keys.conf.5
+++ b/keys/tripe-keys.conf.5
@@ -109,6 +109,10 @@ and
 The sequence number of the master authority's current signing key.  No
 default.  Usually set up automatically.
 .TP
+.I master-keygen-flags
+Additional options for generating master keys.  Default is
+.RB ` -l '.
+.TP
 .I hk-master
 The fingerprint of the current master signing key.  No default.  Usually
 set up automatically.
diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index 1167dea0..531e7492 100644
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -136,6 +136,7 @@ def conf_defaults():
                ('kx-expire', 'now + 1 year'),
                ('cipher', 'blowfish-cbc'),
                ('hash', 'sha256'),
+               ('master-keygen-flags', '-l'),
                ('mgf', '${hash}-mgf'),
                ('mac', lambda: '%s-hmac/%d' %
                          (conf['hash'],
@@ -219,7 +220,7 @@ def cmd_newmaster(args):
   seq = max_master_sequence() + 1
   run('''key -kmaster add
     -a${sig-genalg} !${sig-param}
-    -e${sig-expire} -l -tmaster-%d tripe-keys-master
+    -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
     sig=${sig} hash=${sig-hash}''' % seq)
   run('key -kmaster extract -f-secret repos/master.pub')