6 ## The key types are adorned with bit lengths. Work out the raw key type
9 for kt
in $keytypes; do
10 rawkeytypes
="$rawkeytypes ${kt%:*}"
13 ## Start a new output directory.
16 mkdir publish.new
/ssh-ca
17 for kt
in $rawkeytypes; do
18 cp ca
/ca-
$kt.pub publish.new
/ssh-ca
/
19 read pub
<ca
/ca-
$kt.pub
20 echo "$@cert-authority $scope $pub" >publish.new
/ssh-ca
/ca-
$kt.entry
23 ## Sign the various host keys.
24 exec 3<etc
/hosts
4>publish.new
/ssh-ca
/hosts.list
26 while read line
<&3; do
28 ## Ignore comments and empty lines.
30 "#"* |
"") continue ;;
35 ## Read the host line.
40 ## If this is a different host, then start a new section of the list.
41 case "$host" in "$last") ;; *) { echo; echo "$host"; } >&4 ;; esac
44 ## Build a list of names for the host.
46 names
=${names:+$names,}$n
49 *) names
=${names:+$names,}$n.
$domain ;;
54 for kt
in $rawkeytypes; do
55 if [ ! -f
host/$host-$kt.pub
]; then continue; fi
56 cp host/$host-$kt.pub publish.new
/ssh-ca
/
57 ssh-keygen
-q
-sca
/ca-
$kt \
58 -h
-I
"$cacomment:$host.$domain" -n
$names \
60 publish.new
/ssh-ca
/$host-$kt.pub
61 mv publish.new
/ssh-ca
/$host-$kt-cert.pub \
62 publish.new
/ssh-ca
/$host-$kt.cert
63 ssh-keygen
-lv
-fpublish.new
/ssh-ca
/$host-$kt.pub |
sed 's,^,| ,' >&4
69 run_gpg
--armor
-o publish.new
/ssh-ca
/hosts.asc \
70 --clearsign publish.new
/ssh-ca
/hosts.list
71 rm publish.new
/ssh-ca
/hosts.list
73 ## Include a copy of the public key.
74 run_gpg
--export --armor
-o publish.new
/ssh-ca
/ca-gnupg.asc
76 ## Include a copy of the complete archive.
77 (cd publish.new
; tar czf ssh-ca.
tar.gz ssh-ca
/)
78 mv publish.new
/ssh-ca.
tar.gz publish.new
/ssh-ca
/
82 mv publish.new publish