bin/sign: Stupid typo fix: include leading `@' in CA entry file.

[ssh-ca] / bin / sign

diff --git a/bin/sign b/bin/sign
index 5e75ea9..17d7d22 100755 (executable)
--- a/bin/sign
+++ b/bin/sign
@@ -16,7 +16,7 @@ mkdir publish.new
 for kt in $rawkeytypes; do
   cp ca/ca-$kt.pub publish.new/
   read pub <ca/ca-$kt.pub
-  echo "$@cert-authority $scope $pub" >publish.new/ca-$kt.entry
+  echo "@cert-authority $scope $pub" >publish.new/ca-$kt.entry
 done
 
 ## Sign the various host keys.
@@ -37,7 +37,11 @@ while read line <&3; do
   names=""
 
   ## If this is a different host, then start a new section of the list.
-  case "$host" in "$last") ;; *) { echo; echo "$host"; } >&4 ;; esac
+  case "$last" in
+    "%%%") echo "$host" >&4 ;;
+    "$host") ;;
+    *) { echo; echo "$host"; } >&4 ;;
+  esac
   last=$host
 
   ## Build a list of names for the host.
@@ -53,7 +57,7 @@ while read line <&3; do
   for kt in $rawkeytypes; do
     if [ ! -f host/$host-$kt.pub ]; then continue; fi
     cp host/$host-$kt.pub publish.new/
-    ssh-keygen -q -sca/ca-$kt \
+    ssh-keygen -q -tv00 -sca/ca-$kt \
       -h -I"$cacomment:$host.$domain" -n$names \
       -V$validity \
       publish.new/$host-$kt.pub
@@ -73,7 +77,9 @@ rm publish.new/hosts.list
 run_gpg --export --armor -o publish.new/ca-gnupg.asc
 
 ## Done.
-rm -rf publish.old
-mv publish publish.old
+if [ -d publish ]; then
+  rm -rf publish.old
+  mv publish publish.old
+fi
 mv publish.new publish
 rm -rf publish.old