X-Git-Url: https://git.distorted.org.uk/~mdw/ssh-ca/blobdiff_plain/a91e8fcb8d75260a28340c756894e9f507288fa3..50b96dc74e7abe55a72413083b32fe1c275198be:/bin/sign

diff --git a/bin/sign b/bin/sign
index e3ac0c9..5e75ea9 100755
--- a/bin/sign
+++ b/bin/sign
@@ -13,15 +13,14 @@ done
 ## Start a new output directory.
 rm -rf publish.new
 mkdir publish.new
-mkdir publish.new/ssh-ca
 for kt in $rawkeytypes; do
-  cp ca/ca-$kt.pub publish.new/ssh-ca/
+  cp ca/ca-$kt.pub publish.new/
   read pub <ca/ca-$kt.pub
-  echo "$@cert-authority $scope $pub" >publish.new/ssh-ca/ca-$kt.entry
+  echo "$@cert-authority $scope $pub" >publish.new/ca-$kt.entry
 done
 
 ## Sign the various host keys.
-exec 3<etc/hosts 4>publish.new/ssh-ca/hosts.list
+exec 3<etc/hosts 4>publish.new/hosts.list
 last=%%%
 while read line <&3; do
 
@@ -53,30 +52,28 @@ while read line <&3; do
   ## Sign certificates.
   for kt in $rawkeytypes; do
     if [ ! -f host/$host-$kt.pub ]; then continue; fi
-    cp host/$host-$kt.pub publish.new/ssh-ca/
+    cp host/$host-$kt.pub publish.new/
     ssh-keygen -q -sca/ca-$kt \
       -h -I"$cacomment:$host.$domain" -n$names \
       -V$validity \
-      publish.new/ssh-ca/$host-$kt.pub
-    mv publish.new/ssh-ca/$host-$kt-cert.pub \
-      publish.new/ssh-ca/$host-$kt.cert
-    ssh-keygen -lv -fpublish.new/ssh-ca/$host-$kt.pub | sed 's,^,| ,' >&4
+      publish.new/$host-$kt.pub
+    mv publish.new/$host-$kt-cert.pub \
+      publish.new/$host-$kt.cert
+    ssh-keygen -lv -fpublish.new/$host-$kt.pub | sed 's,^,| ,' >&4
   done
 done
 exec 3>&- 4>&-
 
 ## Sign the list.
-run_gpg --armor -o publish.new/ssh-ca/hosts.asc \
-  --clearsign publish.new/ssh-ca/hosts.list
-rm publish.new/ssh-ca/hosts.list
+run_gpg --armor -o publish.new/hosts.asc \
+  --clearsign publish.new/hosts.list
+rm publish.new/hosts.list
 
 ## Include a copy of the public key.
-run_gpg --export --armor -o publish.new/ssh-ca/ca-gnupg.asc
-
-## Include a copy of the complete archive.
-(cd publish.new; tar czf ssh-ca.tar.gz ssh-ca/)
-mv publish.new/ssh-ca.tar.gz publish.new/ssh-ca/
+run_gpg --export --armor -o publish.new/ca-gnupg.asc
 
 ## Done.
-rm -rf publish
+rm -rf publish.old
+mv publish publish.old
 mv publish.new publish
+rm -rf publish.old