From 6e96819078f586f544c1fd89d032a2e4c7a80f69 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Tue, 29 Jan 2013 18:40:31 +0000 Subject: [PATCH] bin/sign: Include `known_hosts' entries in the signed bundle. Including the CA certificate. Useful, since otherwise it's hard to bootstrap. --- bin/sign | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/bin/sign b/bin/sign index dd60a9b..ecd139e 100755 --- a/bin/sign +++ b/bin/sign @@ -13,14 +13,17 @@ done ## Start a new output directory. rm -rf publish.new mkdir publish.new +exec 3publish.new/hosts.list +echo ":certificate-authority" >&4 for kt in $rawkeytypes; do cp ca/ca-$kt.pub publish.new/ read pub publish.new/ca-$kt.entry + echo "@cert-authority $scope $pub" | + tee publish.new/ca-$kt.entry >&4 + ssh-keygen -lv -fca/ca-$kt.pub | sed 's,^,| ,' >&4 done ## Sign the various host keys. -exec 3publish.new/hosts.list last=%%% while read line <&3; do @@ -39,18 +42,17 @@ while read line <&3; do ## If this is a different host, then start a new section of the list. case "$last" in - "%%%") echo "$host" >&4 ;; "$host") ;; - *) { echo; echo "$host"; } >&4 ;; + *) { echo; echo ":host $host"; } >&4 ;; esac last=$host ## Build a list of names for the host. for n in "$@"; do case "$n" in - .*) for h in $nicks; do names=${names:+$names,}$h$n,$h$n.$domain; done ;; + .*) for h in $nicks; do names=${names:+$names,}$h$n.$domain; done ;; *.* | *:*) names=${names:+$names,}$n ;; - *) nicks=${nicks:+$nicks }$n names=${names:+$names,}$n,$n.$domain ;; + *) nicks=${nicks:+$nicks }$n names=${names:+$names,}$n.$domain ;; esac done @@ -64,6 +66,7 @@ while read line <&3; do publish.new/$host-$kt.pub mv publish.new/$host-$kt-cert.pub \ publish.new/$host-$kt.cert + { printf "%s " $names; cat host/$host-$kt.pub; } >&4 ssh-keygen -lv -fhost/$host-$kt.pub | sed 's,^,| ,' >&4 done done -- 2.11.0