('sig-file', '${base-dir}${sig-base}'),
('repos-file', '${base-dir}${repos-base}'),
('conf-file', '${base-dir}tripe-keys.conf'),
+ ('upload-hook', ': run upload hook'),
('kx', 'dh'),
('kx-param', lambda: {'dh': '-LS -b2048 -B256',
'ec': '-Cnist-p256'}[conf['kx']]),
('kx-expire', 'now + 1 year'),
('cipher', 'blowfish-cbc'),
('hash', 'sha256'),
+ ('master-keygen-flags', '-l'),
('mgf', '${hash}-mgf'),
('mac', lambda: '%s-hmac/%d' %
(conf['hash'],
seq = max_master_sequence() + 1
run('''key -kmaster add
-a${sig-genalg} !${sig-param}
- -e${sig-expire} -l -tmaster-%d tripe-keys-master
+ -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
sig=${sig} hash=${sig-hash}''' % seq)
run('key -kmaster extract -f-secret repos/master.pub')
finally:
OS.chdir(cwd)
rmtree('tmp')
+ run('sh -c ${upload-hook}')
def cmd_update(args):
cwd = OS.getcwd()