From e0bc09679e0a82f568689ccf78178291f05338d6 Mon Sep 17 00:00:00 2001
From: Lucas <lucas@domain.invalid>
Date: Tue, 19 Apr 2022 04:05:49 +0000
Subject: [PATCH] - ssh-keygen will fail hard if it doesn't find what it needs,
 even when   quiet - Don't find "$PATH_PUBKEYS_DIR/" if it doesn't exist -
 Retrieve CA comment only inside find, when it's really needed - Quiet down
 ssh-keygen in get_ca_sk_comment_from_pk if ca.pub is not   present

---
 cassh.sh | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/cassh.sh b/cassh.sh
index 7a2be9e..d297165 100644
--- a/cassh.sh
+++ b/cassh.sh
@@ -33,7 +33,7 @@ err()
 # present.
 get_ca_sk_comment_from_pk()
 {
-	ssh-keygen -lf "$1" | {
+	ssh-keygen -lf "$1" 2>/dev/null | {
 		read -r pk_sz pk_fp pk_extra
 		_comment=$(ssh-add -l | while read -r sk_sz sk_fp sk_extra; do
 			if [ "X$sk_fp" = "X$pk_fp" ]; then
@@ -117,24 +117,18 @@ main_issue()
 		usage
 	fi
 
-	if [ ! -f "$PATH_CA_PUB" ]; then
-		err "no $PATH_CA_PUB found"
-	fi
-	if ! ssh-add $qflag $vflag -T "$PATH_CA_PUB"; then
-		err "can't use CA key"
-	fi
-	if [ ! -d "$PATH_PUBKEYS_DIR/" ]; then
-		err "no pubkeys directory found"
-	fi
-
 	if [ ! -f "$PATH_CA_SERIAL" ]; then
 		echo 0 >"$PATH_CA_SERIAL"
 	fi
 	read -r serial <"$PATH_CA_SERIAL"
 
-	ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
-	: ${ca_comment:=cassh}
+	if [ ! -d "$PATH_PUBKEYS_DIR" ]; then
+		exit 0
+	fi
 	find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | {
+		ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
+		: ${ca_comment:=cassh}
+
 		while read -r pk; do
 			pkname=${pk%.pub}
 			pkname=${pkname#$PATH_PUBKEYS_DIR/}