From 6b82585cc1d97bc8a5f2cacdfd0ffb61d007a626 Mon Sep 17 00:00:00 2001
From: Axel Beckert <abe@deuxchevaux.org>
Date: Sat, 4 Jul 2015 01:02:34 +0200
Subject: [PATCH] Report all SSH fingerprints of the created DomU, not only RSA
 one

---
 bin/xen-create-image | 35 ++++++++++++++++++++++++++---------
 debian/changelog     |  1 +
 2 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/bin/xen-create-image b/bin/xen-create-image
index eae810a..919a3c5 100755
--- a/bin/xen-create-image
+++ b/bin/xen-create-image
@@ -797,6 +797,7 @@ use Env;
 use File::Path qw/ mkpath /;
 use File::Temp qw/ tempdir /;
 use File::Copy qw/ mv cp /;
+use File::Slurp;
 use File::Which;
 use Getopt::Long;
 use Pod::Usage;
@@ -4119,21 +4120,35 @@ END
 
     exit $exitcode if $VERSION || $HELP || $MANUAL || $DUMPCONFIG;
 
-    my $host_rsa_key = '';
+    my %host_key = ();
     #
     #  Unmount the image if it is still mounted.
     #
     if ( defined($MOUNT_POINT) )
     {
         #
-        #  Before we unmount get the host's RSA key
+        #  Before we unmount get the host's SSH keys' fingerprints
         #
-        my $key_path .= $MOUNT_POINT;
-        $key_path .= '/etc/ssh/ssh_host_rsa_key.pub';
-        if ( `ssh-keygen -lf $key_path` =~ /^(\S+)\s+(\S+)/ ) {
-            $host_rsa_key = $2;
-        } else {
-            $host_rsa_key = "N/A";
+        my $key_dir = $MOUNT_POINT.'/etc/ssh';
+        my @pubkey_files =
+            grep { /^ssh_host_.*\.pub$/; } read_dir($key_dir);
+        foreach my $pubkey_file (@pubkey_files) {
+            my $pubkey_path = "$key_dir/$pubkey_file";
+            my $fingerprint_line = `ssh-keygen -lf "$pubkey_path"`;
+            if ($fingerprint_line =~ /^(\S+)\s+(\S+)/ ) {
+                my $fingerprint = $2;
+                my $algo = '[unspecified hashing algorithm]';
+                if ($fingerprint_line =~ /^\S+\s+\S+\s+\S+\s+\((\S+)\)/ ) {
+                    $algo = $1;
+                } elsif ($pubkey_file =~ /^ssh_host_(\S+)_key\.pub$/) {
+                    $algo = uc($1);
+                } elsif ($pubkey_file eq 'ssh_host_key.pub') {
+                    $algo = 'SSH1';
+                }
+                $host_key{$algo} = $fingerprint;
+            } else {
+                warn "Can't parse ssh-keygen output: $fingerprint_line";
+            }
         }
         unMountImage($MOUNT_POINT, $CONFIG{'FAIL'});
     }
@@ -4249,7 +4264,9 @@ END
            logprint( $IP_ADDRESSES );
         }
         logprint("\n");
-        logprint("RSA Fingerprint :  $host_rsa_key\n");
+        foreach my $algo (sort keys %host_key) {
+            logprint("SSH Fingerprint :  $host_key{$algo} ($algo)\n");
+        }
         logprint("Root Password   :  ");
         if ( $PASSWORD ) {
             logprint("$PASSWORD\n");
diff --git a/debian/changelog b/debian/changelog
index 4cdb3da..928257d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,6 +32,7 @@ xen-tools (4.5+dev-1) UNRELEASED; urgency=medium
     + Pass --yes to lvcreate only if LVM version is 2.02.99 or
       higher. Fixes regression introduced with 4.5 by the fix for #754517.
       - Add new (build-)dependency on libsort-versions-perl.
+    + Report all SSH fingerprints of the created DomU, not only RSA ones.
   * Update Vcs-* headers as Gitorious will close its doors in June.
   * Recommend debian-archive-keyring (for installing Debian DomUs on
     derivatives) and ubuntu-archive-keyring (for installing Ubuntu DomUs