6 ## The key types are adorned with bit lengths. Work out the raw key type
9 for kt
in $keytypes; do
10 rawkeytypes
="$rawkeytypes ${kt%:*}"
13 ## Start a new output directory.
16 for kt
in $rawkeytypes; do
17 cp ca
/ca-
$kt.pub publish.new
/
18 read pub
<ca
/ca-
$kt.pub
19 echo "@cert-authority $scope $pub" >publish.new
/ca-
$kt.entry
22 ## Sign the various host keys.
23 exec 3<etc
/hosts
4>publish.new
/hosts.list
25 while read line
<&3; do
27 ## Ignore comments and empty lines.
29 "#"* |
"") continue ;;
34 ## Read the host line.
40 ## If this is a different host, then start a new section of the list.
42 "%%%") echo "$host" >&4 ;;
44 *) { echo; echo "$host"; } >&4 ;;
48 ## Build a list of names for the host.
51 .
*) for h
in $nicks; do names
=${names:+$names,}$h$n,$h$n.
$domain; done ;;
52 *.
* |
*:*) names
=${names:+$names,}$n ;;
53 *) nicks
=${nicks:+$nicks }$n names
=${names:+$names,}$n,$n.
$domain ;;
58 for kt
in $rawkeytypes; do
59 if [ ! -f
host/$host-$kt.pub
]; then continue; fi
60 cp host/$host-$kt.pub publish.new
/
61 ssh-keygen
-q
-tv00
-sca
/ca-
$kt \
62 -h
-I
"$cacomment:$host.$domain" -n
$names \
64 publish.new
/$host-$kt.pub
65 mv publish.new
/$host-$kt-cert.pub \
66 publish.new
/$host-$kt.cert
67 ssh-keygen
-lv
-fpublish.new
/$host-$kt.pub |
sed 's,^,| ,' >&4
73 run_gpg
--armor
-o publish.new
/hosts.asc \
74 --clearsign publish.new
/hosts.list
75 rm publish.new
/hosts.list
77 ## Include a copy of the public key.
78 run_gpg
--export --armor
-o publish.new
/ca-gnupg.asc
81 if [ -d publish
]; then
83 mv publish publish.old
85 mv publish.new publish
~mdw / ssh-ca / blob