From c370bfe5946568db95a9589d891dfbc264383a1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= <anders.f.bjorklund@gmail.com>
Date: Sun, 7 Apr 2024 10:55:13 +0200
Subject: [PATCH 1/2] Look for ssh_authorized_keys without dashes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The documented spelling of ssh-authorized-keys is actually
invalid according to jsonschema, even if accepted by python.

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
---
 lima-init.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lima-init.sh b/lima-init.sh
index 515ddec..3889879 100755
--- a/lima-init.sh
+++ b/lima-init.sh
@@ -39,7 +39,8 @@ echo "${LIMA_CIDATA_USER} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/90-lima-users
 # Create authorized_keys
 LIMA_CIDATA_SSHDIR="${LIMA_CIDATA_HOMEDIR}"/.ssh
 mkdir -p -m 700 "${LIMA_CIDATA_SSHDIR}"
-awk '/ssh-authorized-keys/ {flag=1; next} /^ *$/ {flag=0} flag {sub(/^ +- /, ""); gsub(/^"|"$/,""); gsub("\\\\\"", "\""); print $0}' \
+# Lima currently uses "ssh-authorized-keys", which is invalid and should be "ssh_authorized_keys"
+awk '/ssh[-_]authorized[-_]keys/ {flag=1; next} /^ *$/ {flag=0} flag {sub(/^ +- /, ""); gsub(/^"|"$/,""); gsub("\\\\\"", "\""); print $0}' \
 	"${LIMA_CIDATA_MNT}"/user-data >"${LIMA_CIDATA_SSHDIR}"/authorized_keys
 LIMA_CIDATA_GID=$(id -g "${LIMA_CIDATA_USER}")
 chown -R "${LIMA_CIDATA_UID}:${LIMA_CIDATA_GID}" "${LIMA_CIDATA_SSHDIR}"

From 8472c775ed7034dda86ad575eca5150cc1f3e020 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= <anders.f.bjorklund@gmail.com>
Date: Fri, 12 Apr 2024 12:55:34 +0200
Subject: [PATCH 2/2] Use stricter pattern for ca-certs and ca_certs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
---
 lima-init.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lima-init.sh b/lima-init.sh
index 3889879..42ce5bb 100755
--- a/lima-init.sh
+++ b/lima-init.sh
@@ -128,7 +128,7 @@ fi
 LIMA_CA_CERTS=/usr/share/ca-certificates/lima-init-ca-certs.crt
 awk -f- "${LIMA_CIDATA_MNT}"/user-data <<'EOF' > ${LIMA_CA_CERTS}
 # Lima currently uses "ca-certs", which is deprecated and should be "ca_certs"
-/^ca.certs:/ {
+/^ca[-_]certs:/ {
     cacerts = 1
     next
 }