make-secnet-sites: Do not permit "include" in simple sites files

Restrict the "include" directive to the "header" of -u (groupfile
update) mode.  Callers who are simply using make-secnet-sites to
transform a (possibly untrusted) sites file into a (to be trusted)
sites.conf file should not have to worry about includes.

"include" directives are already forbidden in group files.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/make-secnet-sites b/make-secnet-sites
index aa50344..966bb77 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -480,7 +480,7 @@ else:
                if len(sys.argv)>3:
                        print "Too many arguments"
                        sys.exit(1)
-               pfilepath(sys.argv[1],allow_include=True)
+               pfilepath(sys.argv[1])
                of=sys.stdout
                if len(sys.argv)>2:
                        of=open(sys.argv[2],'w')