~mdw
/
ssh-ca
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bin/sign: Emit a `known_hosts' file in the correct form.
[ssh-ca]
/
bin
/
sign
diff --git
a/bin/sign
b/bin/sign
index
fbdadc6
..
f275355
100755
(executable)
--- a/
bin/sign
+++ b/
bin/sign
@@
-2,6
+2,7
@@
set -e
. lib/func.sh
set -e
. lib/func.sh
+orig_domain=$domain date=$(date +%Y-%m-%d)
## The key types are adorned with bit lengths. Work out the raw key type
## names.
## The key types are adorned with bit lengths. Work out the raw key type
## names.
@@
-13,7
+14,7
@@
done
## Start a new output directory.
rm -rf publish.new
mkdir publish.new
## Start a new output directory.
rm -rf publish.new
mkdir publish.new
-exec 3<etc/hosts 4>publish.new/hosts.list
+exec 3<etc/hosts 4>publish.new/hosts.list
5>publish.new/known_hosts
echo ":certificate-authority" >&4
for kt in $rawkeytypes; do
cp ca/ca-$kt.pub publish.new/
echo ":certificate-authority" >&4
for kt in $rawkeytypes; do
cp ca/ca-$kt.pub publish.new/
@@
-25,6
+26,7
@@
done
## Sign the various host keys.
last=%%%
## Sign the various host keys.
last=%%%
+echo >&5 "### BEGIN $domain KEYS (generated $date)"
while read line <&3; do
## Ignore comments and empty lines.
while read line <&3; do
## Ignore comments and empty lines.
@@
-70,11
+72,14
@@
while read line <&3; do
publish.new/$host-$kt.pub
mv publish.new/$host-$kt-cert.pub \
publish.new/$host-$kt.cert
publish.new/$host-$kt.pub
mv publish.new/$host-$kt-cert.pub \
publish.new/$host-$kt.cert
- { printf "%s " $names; cat host/$host-$kt.pub; } >&4
+ for fd in 4 5; do
+ { printf "%s " $names; cat host/$host-$kt.pub; } >&$fd
+ done
ssh-keygen -lv -fhost/$host-$kt.pub | sed 's,^,| ,' >&4
done
done
ssh-keygen -lv -fhost/$host-$kt.pub | sed 's,^,| ,' >&4
done
done
-exec 3>&- 4>&-
+echo >&5 "### END $domain KEYS"
+exec 3>&- 4>&- 5>&-
## Sign the list.
run_gpg --armor -o publish.new/hosts.asc \
## Sign the list.
run_gpg --armor -o publish.new/hosts.asc \