From 22b987c57ad81d052ae96fc843f1bd3f3a1da00f Mon Sep 17 00:00:00 2001
From: Ricard Illa <rilla@monotremata.xyz>
Date: Sat, 10 Sep 2022 23:32:59 +0200
Subject: [PATCH] use ssh certificates

---
 rsync/entrypoint.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/rsync/entrypoint.sh b/rsync/entrypoint.sh
index f73bc09..928c1fd 100644
--- a/rsync/entrypoint.sh
+++ b/rsync/entrypoint.sh
@@ -18,6 +18,8 @@ if [ -z "$SSH_KEY" ]; then
     exit 1
 fi
 
+SSH_KEY_CERT="${SSH_KEY_CERT:-${PLUGIN_KEY_CERT}}"
+
 KNOWN_HOSTS="${KNOWN_HOSTS:=${PLUGIN_KNOWN_HOSTS}}"
 
 SOURCES="${SOURCES:-${PLUGIN_SOURCES}}"
@@ -38,10 +40,19 @@ ARGS=${ARGS:-${PLUGIN_ARGS}}
 # prepare SSH
 
 mkdir -p "$HOME/.ssh"
-keyfile="$HOME/.ssh/id_rsa"
+keyfile="$HOME/.ssh/user_key"
 echo "$SSH_KEY" > "$keyfile"
 chmod 0600 "$keyfile"
 
+echo 'Host *' > "$HOME/.ssh/config"
+echo "  IdentityFile $keyfile" >> "$HOME/.ssh/config"
+
+if [ -n "${SSH_KEY_CERT}" ]; then
+    certfile="$HOME/.ssh/user_key-cert.pub"
+    echo "${SSH_KEY_CERT}" > "$certfile"
+    echo "  CertificateFile $certfile" >> "$HOME/.ssh/config"
+fi
+
 known_hosts_file="${HOME}/.ssh/known_hosts"
 [ -n "${KNOWN_HOSTS}" ] && echo "${KNOWN_HOSTS}" >> "$known_hosts_file"
 [ -f "${known_hosts_file}" ] && chmod 0600 "$known_hosts_file"