From 3db26648ab2387c853b27f8f42ee0e3a0d927cb5 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 15 Jun 2023 12:26:12 +0200
Subject: [SS*S] tmate now requires SHA256 fingerprints in its config file

---
 satellit_installer/static_files/system/root/.tmate.conf |  4 ++--
 satellit_upgrader/updater.template.sh                   | 16 ++++------------
 2 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/satellit_installer/static_files/system/root/.tmate.conf b/satellit_installer/static_files/system/root/.tmate.conf
index 6059b8d..537f52c 100644
--- a/satellit_installer/static_files/system/root/.tmate.conf
+++ b/satellit_installer/static_files/system/root/.tmate.conf
@@ -1,5 +1,5 @@
 set -g tmate-server-host "tmate.ruf.uni-freiburg.de"
 set -g tmate-server-port 2222
-set -g tmate-server-rsa-fingerprint   "d7:d7:06:d0:b6:0d:75:a1:ad:ec:69:18:b3:a3:c0:4a"
-set -g tmate-server-ecdsa-fingerprint "4f:c9:81:f1:1a:20:7d:6f:97:12:f2:a9:0f:f4:c5:6c"
+set -g tmate-server-rsa-fingerprint SHA256:pyT0YTJ+2c6AHD4QtUC1GEA9SFFYba74x2T1VZJ6zpc
+set -g tmate-server-ed25519-fingerprint SHA256:ZuTqO8YZrdgzjskHhfNd65es4HEx5rKBRZj/e/iBLrg
 set -g tmate-identity ""
diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh
index 71d8097..287b3d2 100644
--- a/satellit_upgrader/updater.template.sh
+++ b/satellit_upgrader/updater.template.sh
@@ -843,18 +843,10 @@ if ! which tmate &> /dev/null && (( MAJOR >= 9 )); then
 	if ! aptinst tmate; then
 		pwarning "Could not install tmate. Easy remote assistance will not be available."
 	fi
-	echo "Writing config..."
-	cat > /root/.tmate.conf <<-JUSTANOTHERDOC
-		set -g tmate-server-host "tmate.ruf.uni-freiburg.de"
-		set -g tmate-server-port 2222
-		set -g tmate-server-rsa-fingerprint   "d7:d7:06:d0:b6:0d:75:a1:ad:ec:69:18:b3:a3:c0:4a"
-		set -g tmate-server-ecdsa-fingerprint "4f:c9:81:f1:1a:20:7d:6f:97:12:f2:a9:0f:f4:c5:6c"
-		set -g tmate-identity ""
-	JUSTANOTHERDOC
-
-	if which tmate &> /dev/null; then
-		echo "tmate installation complete!"
-	fi
+fi
+if (( MAJOR >= 11 )); then
+	# Fingerprints now need to be SHA256, maybe an old sat got dist-upgraded and still has MD5s in that file
+	diffcp "system" "/root/.tmate.conf" "Updating tmate config..."
 fi
 
 # ******************* make sure ssh keypair exists *********
-- 
cgit v1.2.3-55-g7522