From e7aeadfa326368ce7b10e149144dccad1012f9e1 Mon Sep 17 00:00:00 2001 From: Lucas Date: Tue, 19 Apr 2022 03:41:36 +0000 Subject: [PATCH] Rename get_ca_comment_from_sk -> get_ca_sk_comment_from_pk - Better explain what it does - Don't fallback to public key fingerprint in function - Use "cassh" as the fallback if the comment is empty - Adjust manpage --- cassh.1 | 8 ++++++-- cassh.sh | 11 ++++++----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/cassh.1 b/cassh.1 index aa4400d..4582abc 100644 --- a/cassh.1 +++ b/cassh.1 @@ -11,7 +11,7 @@ .\" along with this software. If not, see .\" . .\" -.Dd March 01, 2022 +.Dd April 19, 2022 .Dt CASSH 1 .Os .Sh NAME @@ -84,7 +84,11 @@ The recognized tokens are: A literal .Sq % . .It \&%C -The Certification Authority private key comment. +The Certification Authority private key comment field as reported by +.Xr ssh-add 1 , +or the string +.Sq cassh +if there is no comment reported. .It %f The basename of the public key being signed. .El diff --git a/cassh.sh b/cassh.sh index f3ea2b0..845d9ac 100644 --- a/cassh.sh +++ b/cassh.sh @@ -29,9 +29,9 @@ err() exit 1 } -# Returns comment from the ssh-agent if any is returned, otherwise it -# returns the public key's fingerprint. -get_ca_comment_from_sk() +# Returns the comment from the loaded secret key in ssh-agent, if any is +# present. +get_ca_sk_comment_from_pk() { ssh-keygen -lf "$1" | { read -r pk_sz pk_fp pk_extra @@ -41,7 +41,7 @@ get_ca_comment_from_sk() break fi done) - echo "${_comment:-${pk_fp#*:}}" + echo "${_comment:-}" } } @@ -135,7 +135,8 @@ main_issue() fi read -r serial <"$PATH_CA_SERIAL" - _template_fmt_C=$(get_ca_comment_from_sk "$PATH_CA_PUB") + ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB") + _template_fmt_C=${ca_comment:-cassh} find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | { while read -r pk; do pkname=${pk%.pub}