diff options
author | Gordon GECOS <u@adam> | 2023-11-22 10:04:32 -0500 |
---|---|---|
committer | Gordon GECOS <u@adam> | 2023-11-22 10:04:32 -0500 |
commit | 18728c99f58e7dc5c6deefa9331e949e17faa9fb (patch) | |
tree | d82a3f00dfb07de12a45aa1e3cfaef678a7a101d | |
parent | 3095477fd53d405dd60c55a84e30f69dae98eef8 (diff) |
cleanups
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 32 | ||||
-rwxr-xr-x | src/extract-ed25519-pubkey (renamed from extract-ed25519-pubkey) | 0 |
3 files changed, 16 insertions, 17 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..69fa449 --- /dev/null +++ b/.gitignore | |||
@@ -0,0 +1 @@ | |||
_build/ | |||
@@ -1,43 +1,41 @@ | |||
1 | SHELL = bash | 1 | SHELL = bash |
2 | .DELETE_ON_ERROR: y | 2 | .DELETE_ON_ERROR: y |
3 | SUDO != [ "$$(id -u)" = 0 ] || echo sudo | 3 | ifneq ($(UID),0) |
4 | 4 | SUDO = sudo | |
5 | endif | ||
5 | .DEFAULT_TARGET = testall | 6 | .DEFAULT_TARGET = testall |
6 | 7 | ||
7 | target = testfile | 8 | target = _build/testfile |
8 | |||
9 | signature = $(target).sig | 9 | signature = $(target).sig |
10 | 10 | ||
11 | hostname != hostname | 11 | hostname != hostname |
12 | identity = root@$(hostname) | 12 | identity = root@$(hostname) |
13 | |||
14 | hostkey = /etc/ssh/ssh_host_ed25519_key | ||
15 | key = $(hostkey) | ||
16 | |||
13 | quoted_identity != printf %q $(identity) | 17 | quoted_identity != printf %q $(identity) |
14 | 18 | ||
15 | .PHONY: test validate | 19 | .PHONY: testall clean install |
20 | .PHONY: validate check-novalidate find-principals verify | ||
16 | 21 | ||
17 | testall: $(signature) check-novalidate find-principals verify | 22 | testall: $(signature) check-novalidate find-principals verify |
18 | |||
19 | validate: $(signature) verify | 23 | validate: $(signature) verify |
20 | 24 | ||
21 | testfile: | 25 | $(dir $(target)): |
26 | mkdir -p $@ | ||
27 | $(target): | $(dir $(target)) | ||
22 | echo hello world > $@ | 28 | echo hello world > $@ |
23 | 29 | ||
24 | hostkey = /etc/ssh/ssh_host_ed25519_key | ||
25 | key = $(hostkey) | ||
26 | |||
27 | %.sig: % | /usr/bin/ssh-keygen | 30 | %.sig: % | /usr/bin/ssh-keygen |
28 | $(SUDO) ssh-keygen -n file -I $(quoted_identity) -f $(key) -Y sign $^ | 31 | $(SUDO) ssh-keygen -n file -I $(quoted_identity) -f $(key) -Y sign $^ |
29 | $(MAKE) verify | 32 | $(MAKE) verify |
30 | 33 | ||
31 | dirs = $(dir $(hostkey)) | 34 | $(hostkey): | /usr/sbin/sshd /usr/bin/ssh-keygen |
32 | $(dirs): | ||
33 | mkdir -p $@ | ||
34 | |||
35 | $(hostkey): | /usr/sbin/sshd /usr/bin/ssh-keygen $(dir $(hostkey)) | ||
36 | test -e $@ || $(SUDO) ssh-keygen -t ed25519 -N '' -f $@ | 35 | test -e $@ || $(SUDO) ssh-keygen -t ed25519 -N '' -f $@ |
37 | 36 | ||
38 | .PHONY: check-novalidate verify find-principals clean | ||
39 | clean: | 37 | clean: |
40 | rm -f test test.sig | 38 | rm -rf _build |
41 | check-novalidate: $(signature) | /usr/bin/ssh-keygen | 39 | check-novalidate: $(signature) | /usr/bin/ssh-keygen |
42 | ssh-keygen -n file -s $(signature) -f $(key).pub \ | 40 | ssh-keygen -n file -s $(signature) -f $(key).pub \ |
43 | -Y $@ < $(target) | 41 | -Y $@ < $(target) |
diff --git a/extract-ed25519-pubkey b/src/extract-ed25519-pubkey index ed66db4..ed66db4 100755 --- a/extract-ed25519-pubkey +++ b/src/extract-ed25519-pubkey | |||