# use it, so look it up just to avoid the warning spam.
faiserver_host=$(chost $host) || faiserver_host=$host
-rsync -rlp --delete --relative --exclude /fai/config/basefiles/ fai/config root@$faiserver_host:/srv
+rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config root@$faiserver_host:/srv
scp -q ~/.ssh/home.pub \
ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
-rsync -r --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config
+rsync -rplt --delete $BASEFILE_DIR/*.gz root@$faiserver_host:/srv/fai/config/basefiles/
ssh root@$faiserver_host bash <<'EOF'
set -eE -o pipefail
-set -x
# make it the root because pxe-kexec only looks there.
# It wouldn't be too hard to change if we needed.
# We could also just dump things in /srv/tftp, but fai
changed=false
f=/srv/fai/nfsroot/root/.ssh/known_hosts
+install -d -m 700 /srv/fai/nfsroot/root/.ssh
# the known hosts entries that fai already sets up are like
# IP,HOSTNAME key_info...
# we are skipping the ip, because it doesn't block ssh
# with a prompt as long as you have the user supplied hostname,
# and i don't want to deal with getting it, it's not adding
# any important security in this case.
-if ! grep -xFq "$line" $f; then
+if ! grep -xFq "$line" $f &>/dev/null; then
changed=true
printf "%s\n" "$line" >>$f
fi