From ff32ceaae000fbc44eb54bd01fe4b7bd77995b37 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 12 Feb 2022 13:48:41 +0100
Subject: openssh: certificate authority

---
 system-profiles/openssh/known-hosts/ca-sign.gup | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 system-profiles/openssh/known-hosts/ca-sign.gup

(limited to 'system-profiles/openssh/known-hosts/ca-sign.gup')

diff --git a/system-profiles/openssh/known-hosts/ca-sign.gup b/system-profiles/openssh/known-hosts/ca-sign.gup
new file mode 100644
index 00000000..512f0e84
--- /dev/null
+++ b/system-profiles/openssh/known-hosts/ca-sign.gup
@@ -0,0 +1,9 @@
+#!/usr/bin/env zsh
+set -eu
+
+keyFile=${2%"-cert.pub"}.pub
+principalsFile=${keyFile:h}/host-principals
+gup -u ${keyFile} ${principalsFile}
+gup -u expiration
+
+ssh-keygen -h -Us ../ca/ca.pub -I $(uuidgen) -z $(tai64dec) -V "-1d:$(cat expiration)" -n $(cat ${principalsFile}) -f $1 ${keyFile}
\ No newline at end of file
-- 
cgit v1.2.3