Rename get_ca_comment_from_sk -> get_ca_sk_comment_from_pk

- Better explain what it does
- Don't fallback to public key fingerprint in function
- Use "cassh" as the fallback if the comment is empty
- Adjust manpage
This commit is contained in:
Lucas 2022-04-19 03:41:36 +00:00
parent 497363b31b
commit e7aeadfa32
2 changed files with 12 additions and 7 deletions

View File

@ -11,7 +11,7 @@
.\" along with this software. If not, see .\" along with this software. If not, see
.\" <http://creativecommons.org/publicdomain/zero/1.0/>. .\" <http://creativecommons.org/publicdomain/zero/1.0/>.
.\" .\"
.Dd March 01, 2022 .Dd April 19, 2022
.Dt CASSH 1 .Dt CASSH 1
.Os .Os
.Sh NAME .Sh NAME
@ -84,7 +84,11 @@ The recognized tokens are:
A literal A literal
.Sq % . .Sq % .
.It \&%C .It \&%C
The Certification Authority private key comment. The Certification Authority private key comment field as reported by
.Xr ssh-add 1 ,
or the string
.Sq cassh
if there is no comment reported.
.It %f .It %f
The basename of the public key being signed. The basename of the public key being signed.
.El .El

View File

@ -29,9 +29,9 @@ err()
exit 1 exit 1
} }
# Returns comment from the ssh-agent if any is returned, otherwise it # Returns the comment from the loaded secret key in ssh-agent, if any is
# returns the public key's fingerprint. # present.
get_ca_comment_from_sk() get_ca_sk_comment_from_pk()
{ {
ssh-keygen -lf "$1" | { ssh-keygen -lf "$1" | {
read -r pk_sz pk_fp pk_extra read -r pk_sz pk_fp pk_extra
@ -41,7 +41,7 @@ get_ca_comment_from_sk()
break break
fi fi
done) done)
echo "${_comment:-${pk_fp#*:}}" echo "${_comment:-}"
} }
} }
@ -135,7 +135,8 @@ main_issue()
fi fi
read -r serial <"$PATH_CA_SERIAL" read -r serial <"$PATH_CA_SERIAL"
_template_fmt_C=$(get_ca_comment_from_sk "$PATH_CA_PUB") ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
_template_fmt_C=${ca_comment:-cassh}
find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | { find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | {
while read -r pk; do while read -r pk; do
pkname=${pk%.pub} pkname=${pk%.pub}