('sig-file', '${base-dir}${sig-base}'),
('repos-file', '${base-dir}${repos-base}'),
('conf-file', '${base-dir}tripe-keys.conf'),
+ ('upload-hook', ': run upload hook'),
('kx', 'dh'),
('kx-param', lambda: {'dh': '-LS -b2048 -B256',
'ec': '-Cnist-p256'}[conf['kx']]),
('kx-expire', 'now + 1 year'),
('cipher', 'blowfish-cbc'),
('hash', 'sha256'),
+ ('master-keygen-flags', '-l'),
('mgf', '${hash}-mgf'),
('mac', lambda: '%s-hmac/%d' %
(conf['hash'],
def master_keys():
if not OS.path.exists('master'):
return
- for k in C.KeyFile('master'):
+ for k in C.KeyFile('master').itervalues():
if (k.type != 'tripe-keys-master' or
k.expiredp or
not k.tag.startswith('master-')):
seq = max_master_sequence() + 1
run('''key -kmaster add
-a${sig-genalg} !${sig-param}
- -e${sig-expire} -l -tmaster-%d tripe-keys-master
+ -e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
sig=${sig} hash=${sig-hash}''' % seq)
run('key -kmaster extract -f-secret repos/master.pub')
finally:
OS.chdir(cwd)
rmtree('tmp')
+ run('sh -c ${upload-hook}')
def cmd_update(args):
cwd = OS.getcwd()