for kt in $rawkeytypes; do
cp ca/ca-$kt.pub publish.new/
read pub <ca/ca-$kt.pub
- echo "$@cert-authority $scope $pub" >publish.new/ca-$kt.entry
+ echo "@cert-authority $scope $pub" >publish.new/ca-$kt.entry
done
## Sign the various host keys.
set -- $line
host=$1
names=""
+ nicks=""
## If this is a different host, then start a new section of the list.
- case "$host" in "$last") ;; *) { echo; echo "$host"; } >&4 ;; esac
+ case "$last" in
+ "%%%") echo "$host" >&4 ;;
+ "$host") ;;
+ *) { echo; echo "$host"; } >&4 ;;
+ esac
last=$host
## Build a list of names for the host.
for n in "$@"; do
- names=${names:+$names,}$n
case "$n" in
- *.* | *:*) ;;
- *) names=${names:+$names,}$n.$domain ;;
+ .*) for h in $nicks; do names=${names:+$names,}$h$n,$h$n.$domain; done ;;
+ *.* | *:*) names=${names:+$names,}$n ;;
+ *) nicks=${nicks:+$nicks }$n names=${names:+$names,}$n,$n.$domain ;;
esac
done
for kt in $rawkeytypes; do
if [ ! -f host/$host-$kt.pub ]; then continue; fi
cp host/$host-$kt.pub publish.new/
- ssh-keygen -q -sca/ca-$kt \
+ ssh-keygen -q -tv00 -sca/ca-$kt \
-h -I"$cacomment:$host.$domain" -n$names \
-V$validity \
publish.new/$host-$kt.pub