summaryrefslogtreecommitdiff
path: root/system-profiles/openssh/known-hosts/ca-sign.gup
blob: f9aa379391ca87ae349526eca3b4832f2e8ac0f5 (plain)
1
2
3
4
5
6
7
8
9
10
11
#!/usr/bin/env zsh
set -eu

export TZ=UTC

keyFile=${2%"-cert.pub"}.pub
principalsFile=${keyFile:h}/host-principals
gup -u ${keyFile} ${principalsFile}
gup -u expiration

ssh-keygen -h -Us ../ca/ca.pub -I $(uuidgen) -z $(tai64dec) -V "-1d:$(cat expiration)" -n $(cat ${principalsFile}) -f $1 ${keyFile}