add dry-run to signpubkey

This commit is contained in:
Jakobus Schürz 2022-06-08 18:37:14 +02:00
parent e68261ca1a
commit ea90fa6718

View file

@ -4,7 +4,7 @@
usage() { usage() {
cat << EOF cat << EOF
Usage: $(dirname $0) [-n|--principals] <principal>[,<principal>[,<principal>[,...]]] [-V|--valid-time] <TIME> [-s|--serialnumber] <INT> [-S|-serialnumber-file] <filename> [-I|--identity] <identity> publickey Usage: $(dirname $0) [-n|--principals] <principal>[,<principal>[,<principal>[,...]]] [-V|--valid-time] <TIME> [-s|--serialnumber] <INT> [-S|-serialnumber-file] <filename> [-I|--identity] [--dry-run] <identity> publickey
EOF EOF
@ -12,7 +12,7 @@ EOF
} }
default_serialnumberfile="${HOME}/ssh-ca/serialnumbers/serialnumber" default_serialnumberfile="${HOME}/ssh-ca/serialnumbers/serialnumber"
set -- $(getopt -u -o hHn:V:s:S:I:tU --long help,host,user,principals:,valid-time:,serialnumber:,serialnumber-file:,identity:,hms -- "$@"|| exit $?) set -- $(getopt -u -o hHn:V:s:S:I:tU --long help,host,user,principals:,valid-time:,serialnumber:,serialnumber-file:,identity:,hms,dry-run -- "$@"|| exit $?)
while : ;do while : ;do
case $1 in case $1 in
@ -58,6 +58,10 @@ while : ;do
shift shift
hms=true hms=true
;; ;;
--dry-run)
DRY=true
shift
;;
--) --)
shift shift
break break
@ -74,7 +78,7 @@ done
[ -z "${identity+x}" ] && identity=${USER}@$(hostname -f) [ -z "${identity+x}" ] && identity=${USER}@$(hostname -f)
[ -z "${serialnumberfile+x}" ] && serialnumberfile=${default_serialnumberfile} [ -z "${serialnumberfile+x}" ] && serialnumberfile=${default_serialnumberfile}
[ -z "${serialnumber+x}" ] && serialnumber=$(sed -i -r 's/^([0-9]+)$/echo "$((\1+1))"/ge' "${serialnumberfile}"; cat "${serialnumberfile}" ) [ -z "${serialnumber+x}" ] && serialnumber=$(sed -i -r 's/^([0-9]+)$/echo "$((\1+1))"/ge' "${serialnumberfile}"; cat "${serialnumberfile}" )
[ -z "${principals+x}" ] && { echo "no principals given"; usage; exit 1; } [ -z "${principals+x}" ] && { echo "no principals given"; [ $DRY ] || usage; [ $DRY ] || exit 1; }
CABASE=~/ssh-ca CABASE=~/ssh-ca
host_or_user=user host_or_user=user
@ -88,8 +92,8 @@ esac
if ${hms:-false};then if ${hms:-false};then
echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1" echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1" [ $DRY ] || ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
else else
echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1" echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1" [ $DRY ] || ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
fi fi