Merge pull request 'Renew CA certificate' (#14) from ca2023 into master

Reviewed-on: #14

scripts/sh/deploy_syscid_ca.sh

@@ -4,7 +4,7 @@ DISTRIB=$(awk -F= '/^NAME/{print $2}' /etc/os-release)
 echo "Detected $DISTRIB"
 CRT="/tmp/syscid-ca.crt"
 URL="https://web.syscid.com/syscid-ca.crt"
-FP_TRUST="SHA512 Fingerprint=A6:A8:43:7C:B9:1C:DF:07:E5:31:BD:76:11:ED:A6:91:A8:01:AF:21:9E:E7:6E:6B:79:8D:65:72:A3:68:00:9B:A9:1C:69:89:83:18:D7:EE:32:B2:60:C9:2F:54:75:37:46:0A:31:21:C7:F9:DE:07:C3:A3:99:FE:0E:2A:13:B5"
+FP_TRUST="SHA512 Fingerprint=53:85:72:A7:39:80:42:5B:54:19:7A:28:E8:A4:60:CE:6F:F3:D8:87:0D:6A:27:DE:00:05:C4:52:96:5B:BF:CB:BE:8D:39:C8:C3:76:59:8C:9C:DE:4C:C7:E8:10:1C:B9:6E:AF:82:36:5E:51:43:B3:B7:AE:B8:54:84:B8:4A:07"
 if [ "${DISTRIB}" = '"openSUSE Leap"' ] || [ "${DISTRIB}" = '"openSUSE Tumbleweed"' ]; then
 	STORE="/etc/pki/trust/anchors/"
 	/usr/bin/curl -kso $CRT $URL

scripts/sh/salt-keydiff.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+# Simple way to ensure a Salt minion's key matches before accepting it
+# Run `salt-call --local key.finger` on the minion and paste the output once prompted (this script should be run on the Salt master)
+# Georg Pfuetzenreuter <georg@lysergic.dev>
+set -Ceu
+
+minion="${1:-null}"
+NOCOLOR=`tput sgr0`
+
+if [ "$minion" = 'null' ]
+then
+        printf 'Please specify the minion to diff on\n'
+        exit 1
+fi
+
+key_salt=`salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]'`
+
+printf 'Enter fingerprint to diff against\n'
+read key_user
+
+
+if [ "$key_salt" = "$key_user" ]
+then
+        GREEN=`tput setaf 2`
+        printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
+        salt-key -a "$minion"
+elif [ ! "$key_salt" = "$key_user" ]
+then
+        RED=`tput setaf 1`
+        printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
+        exit 2
+fi