## Start a new output directory.
rm -rf publish.new
mkdir publish.new
-mkdir publish.new/ssh-ca
for kt in $rawkeytypes; do
- cp ca/ca-$kt.pub publish.new/ssh-ca/
+ cp ca/ca-$kt.pub publish.new/
read pub <ca/ca-$kt.pub
- echo "$@cert-authority $scope $pub" >publish.new/ssh-ca/ca-$kt.entry
+ echo "$@cert-authority $scope $pub" >publish.new/ca-$kt.entry
done
## Sign the various host keys.
-exec 3<etc/hosts 4>publish.new/ssh-ca/hosts.list
+exec 3<etc/hosts 4>publish.new/hosts.list
last=%%%
while read line <&3; do
## Sign certificates.
for kt in $rawkeytypes; do
if [ ! -f host/$host-$kt.pub ]; then continue; fi
- cp host/$host-$kt.pub publish.new/ssh-ca/
+ cp host/$host-$kt.pub publish.new/
ssh-keygen -q -sca/ca-$kt \
-h -I"$cacomment:$host.$domain" -n$names \
-V$validity \
- publish.new/ssh-ca/$host-$kt.pub
- mv publish.new/ssh-ca/$host-$kt-cert.pub \
- publish.new/ssh-ca/$host-$kt.cert
- ssh-keygen -lv -fpublish.new/ssh-ca/$host-$kt.pub | sed 's,^,| ,' >&4
+ publish.new/$host-$kt.pub
+ mv publish.new/$host-$kt-cert.pub \
+ publish.new/$host-$kt.cert
+ ssh-keygen -lv -fpublish.new/$host-$kt.pub | sed 's,^,| ,' >&4
done
done
exec 3>&- 4>&-
## Sign the list.
-run_gpg --armor -o publish.new/ssh-ca/hosts.asc \
- --clearsign publish.new/ssh-ca/hosts.list
-rm publish.new/ssh-ca/hosts.list
+run_gpg --armor -o publish.new/hosts.asc \
+ --clearsign publish.new/hosts.list
+rm publish.new/hosts.list
## Include a copy of the public key.
-run_gpg --export --armor -o publish.new/ssh-ca/ca-gnupg.asc
-
-## Include a copy of the complete archive.
-(cd publish.new; tar czf ssh-ca.tar.gz ssh-ca/)
-mv publish.new/ssh-ca.tar.gz publish.new/ssh-ca/
+run_gpg --export --armor -o publish.new/ca-gnupg.asc
## Done.
-rm -rf publish
+rm -rf publish.old
+mv publish publish.old
mv publish.new publish
+rm -rf publish.old