set -e
. lib/func.sh
+orig_domain=$domain date=$(date +%Y-%m-%d)
## The key types are adorned with bit lengths. Work out the raw key type
## names.
## Start a new output directory.
rm -rf publish.new
mkdir publish.new
-exec 3<etc/hosts 4>publish.new/hosts.list
+exec 3<etc/hosts 4>publish.new/hosts.list 5>publish.new/known_hosts
echo ":certificate-authority" >&4
for kt in $rawkeytypes; do
cp ca/ca-$kt.pub publish.new/
## Sign the various host keys.
last=%%%
+echo >&5 "### BEGIN $domain KEYS (generated $date)"
while read line <&3; do
## Ignore comments and empty lines.
publish.new/$host-$kt.pub
mv publish.new/$host-$kt-cert.pub \
publish.new/$host-$kt.cert
- { printf "%s " $names; cat host/$host-$kt.pub; } >&4
+ for fd in 4 5; do
+ { printf "%s " $names; cat host/$host-$kt.pub; } >&$fd
+ done
ssh-keygen -lv -fhost/$host-$kt.pub | sed 's,^,| ,' >&4
done
done
-exec 3>&- 4>&-
+echo >&5 "### END $domain KEYS"
+exec 3>&- 4>&- 5>&-
## Sign the list.
run_gpg --armor -o publish.new/hosts.asc \