From ff32ceaae000fbc44eb54bd01fe4b7bd77995b37 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 12 Feb 2022 13:48:41 +0100
Subject: openssh: certificate authority

---
 system-profiles/openssh/ca/.gitignore       |   1 +
 system-profiles/openssh/ca/ca.pub           |   1 +
 system-profiles/openssh/ca/krl.bin          | Bin 0 -> 174 bytes
 system-profiles/openssh/ca/krl.bin.gup      |   6 ++++++
 system-profiles/openssh/ca/krl.contents.gup |   7 +++++++
 system-profiles/openssh/ca/krl/low-serial   |   1 +
 system-profiles/openssh/ca/krl/test-idents  |   1 +
 7 files changed, 17 insertions(+)
 create mode 100644 system-profiles/openssh/ca/.gitignore
 create mode 100644 system-profiles/openssh/ca/ca.pub
 create mode 100644 system-profiles/openssh/ca/krl.bin
 create mode 100755 system-profiles/openssh/ca/krl.bin.gup
 create mode 100644 system-profiles/openssh/ca/krl.contents.gup
 create mode 100644 system-profiles/openssh/ca/krl/low-serial
 create mode 100644 system-profiles/openssh/ca/krl/test-idents

(limited to 'system-profiles/openssh/ca')

diff --git a/system-profiles/openssh/ca/.gitignore b/system-profiles/openssh/ca/.gitignore
new file mode 100644
index 00000000..d6fbf779
--- /dev/null
+++ b/system-profiles/openssh/ca/.gitignore
@@ -0,0 +1 @@
+krl.contents
\ No newline at end of file
diff --git a/system-profiles/openssh/ca/ca.pub b/system-profiles/openssh/ca/ca.pub
new file mode 100644
index 00000000..7ca56060
--- /dev/null
+++ b/system-profiles/openssh/ca/ca.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztzi ca.yggdrasil
diff --git a/system-profiles/openssh/ca/krl.bin b/system-profiles/openssh/ca/krl.bin
new file mode 100644
index 00000000..3f04c994
Binary files /dev/null and b/system-profiles/openssh/ca/krl.bin differ
diff --git a/system-profiles/openssh/ca/krl.bin.gup b/system-profiles/openssh/ca/krl.bin.gup
new file mode 100755
index 00000000..30f3b9ba
--- /dev/null
+++ b/system-profiles/openssh/ca/krl.bin.gup
@@ -0,0 +1,6 @@
+#!/usr/bin/env zsh
+set -eu
+
+gup -u krl.contents
+
+xargs -0 -- ssh-keygen -h -Us ca.pub -k -z $(tai64dec) -f $1 <krl.contents
\ No newline at end of file
diff --git a/system-profiles/openssh/ca/krl.contents.gup b/system-profiles/openssh/ca/krl.contents.gup
new file mode 100644
index 00000000..7cc0426f
--- /dev/null
+++ b/system-profiles/openssh/ca/krl.contents.gup
@@ -0,0 +1,7 @@
+#!/usr/bin/env zsh
+set -eu
+
+find krl -type f -print0 > $1
+
+gup --always
+xargs -0 -- b2sum <$1 | gup --contents
diff --git a/system-profiles/openssh/ca/krl/low-serial b/system-profiles/openssh/ca/krl/low-serial
new file mode 100644
index 00000000..17b4924e
--- /dev/null
+++ b/system-profiles/openssh/ca/krl/low-serial
@@ -0,0 +1 @@
+serial: 1-4611686020072056302
diff --git a/system-profiles/openssh/ca/krl/test-idents b/system-profiles/openssh/ca/krl/test-idents
new file mode 100644
index 00000000..cf847c77
--- /dev/null
+++ b/system-profiles/openssh/ca/krl/test-idents
@@ -0,0 +1 @@
+id: edf5ee6e-a240-4eae-beb2-d4a40215f461
\ No newline at end of file
-- 
cgit v1.2.3