From 50b96dc74e7abe55a72413083b32fe1c275198be Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 4 Sep 2011 19:46:44 +0100
Subject: [PATCH] Rearrange the filesystem structure.

Remove the archive.  Remove the pointless extra directory level.  We're
going to use rsync instead of http.
---
 bin/sign      | 33 +++++++++++++++------------------
 bin/upload    |  2 +-
 etc/config.sh |  2 +-
 3 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/bin/sign b/bin/sign
index e3ac0c9..5e75ea9 100755
--- a/bin/sign
+++ b/bin/sign
@@ -13,15 +13,14 @@ done
 ## Start a new output directory.
 rm -rf publish.new
 mkdir publish.new
-mkdir publish.new/ssh-ca
 for kt in $rawkeytypes; do
-  cp ca/ca-$kt.pub publish.new/ssh-ca/
+  cp ca/ca-$kt.pub publish.new/
   read pub <ca/ca-$kt.pub
-  echo "$@cert-authority $scope $pub" >publish.new/ssh-ca/ca-$kt.entry
+  echo "$@cert-authority $scope $pub" >publish.new/ca-$kt.entry
 done
 
 ## Sign the various host keys.
-exec 3<etc/hosts 4>publish.new/ssh-ca/hosts.list
+exec 3<etc/hosts 4>publish.new/hosts.list
 last=%%%
 while read line <&3; do
 
@@ -53,30 +52,28 @@ while read line <&3; do
   ## Sign certificates.
   for kt in $rawkeytypes; do
     if [ ! -f host/$host-$kt.pub ]; then continue; fi
-    cp host/$host-$kt.pub publish.new/ssh-ca/
+    cp host/$host-$kt.pub publish.new/
     ssh-keygen -q -sca/ca-$kt \
       -h -I"$cacomment:$host.$domain" -n$names \
       -V$validity \
-      publish.new/ssh-ca/$host-$kt.pub
-    mv publish.new/ssh-ca/$host-$kt-cert.pub \
-      publish.new/ssh-ca/$host-$kt.cert
-    ssh-keygen -lv -fpublish.new/ssh-ca/$host-$kt.pub | sed 's,^,| ,' >&4
+      publish.new/$host-$kt.pub
+    mv publish.new/$host-$kt-cert.pub \
+      publish.new/$host-$kt.cert
+    ssh-keygen -lv -fpublish.new/$host-$kt.pub | sed 's,^,| ,' >&4
   done
 done
 exec 3>&- 4>&-
 
 ## Sign the list.
-run_gpg --armor -o publish.new/ssh-ca/hosts.asc \
-  --clearsign publish.new/ssh-ca/hosts.list
-rm publish.new/ssh-ca/hosts.list
+run_gpg --armor -o publish.new/hosts.asc \
+  --clearsign publish.new/hosts.list
+rm publish.new/hosts.list
 
 ## Include a copy of the public key.
-run_gpg --export --armor -o publish.new/ssh-ca/ca-gnupg.asc
-
-## Include a copy of the complete archive.
-(cd publish.new; tar czf ssh-ca.tar.gz ssh-ca/)
-mv publish.new/ssh-ca.tar.gz publish.new/ssh-ca/
+run_gpg --export --armor -o publish.new/ca-gnupg.asc
 
 ## Done.
-rm -rf publish
+rm -rf publish.old
+mv publish publish.old
 mv publish.new publish
+rm -rf publish.old
diff --git a/bin/upload b/bin/upload
index ce8578d..948e3a7 100755
--- a/bin/upload
+++ b/bin/upload
@@ -5,4 +5,4 @@ set -e
 
 rsync \
   --recursive --delete-after --delay-updates \
-  publish/ssh-ca $publish_target
+  publish/ $publish_target
diff --git a/etc/config.sh b/etc/config.sh
index b27ec96..db7627d 100644
--- a/etc/config.sh
+++ b/etc/config.sh
@@ -10,7 +10,7 @@ keytypes="rsa:3072 dsa:1024"
 domain="distorted.org.uk"
 cacomment="ssh-ca@$domain"
 validity="-1d:+2d"
-publish_target="vampire.distorted.org.uk:/var/www/"
+publish_target="vampire.distorted.org.uk:/var/www/ssh-ca/"
 
 ## GnuPG defaults.
 gnupg_key_type=RSA gnupg_key_length=3072
-- 
2.11.0