From a8344dc2b57f9f115a921be57e27239272a9568b Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 7 Mar 2021 13:24:03 +0200
Subject: fix: install private part of generated host key, not public

---
 src/cloudinit.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/cloudinit.rs b/src/cloudinit.rs
index 842baa7..ccf98eb 100644
--- a/src/cloudinit.rs
+++ b/src/cloudinit.rs
@@ -215,6 +215,7 @@ impl Hostkeys {
         let ed25519_cert = spec.ed25519_host_cert.clone();
 
         if rsa.is_some() || dsa.is_some() || ecdsa.is_some() || ed25519.is_some() {
+            debug!("At least one host key specified");
             Ok(Some(Self {
                 rsa_private: rsa,
                 rsa_certificate: rsa_cert,
@@ -227,15 +228,17 @@ impl Hostkeys {
             }))
         } else if spec.generate_host_certificate {
             if spec.ca_key.is_none() {
+                debug!("No CA key specified");
                 return Err(CloudInitError::NoCAKey);
             }
             if let Some(filename) = &spec.ca_key {
+                debug!("Generating host key and certificate");
                 let ca = CaKey::from_file(&filename)?;
                 let pair = KeyPair::generate(KeyKind::Ed25519)?;
                 let cert = ca.certify_host(&pair, &spec.name)?;
                 debug!("generated Ed25519 host certificate {:?}", cert);
                 Ok(Some(Self {
-                    ed25519_private: Some(pair.public().to_string()),
+                    ed25519_private: Some(pair.private().to_string()),
                     ed25519_certificate: Some(cert.to_string()),
                     ..Self::default()
                 }))
@@ -243,6 +246,7 @@ impl Hostkeys {
                 Ok(None)
             }
         } else {
+            debug!("No host keys specified, no host certificate wanted");
             Ok(None)
         }
     }
-- 
cgit v1.2.1