chiark / gitweb /
tripe-keys: Provide upload-hook for more complicated publishing.
authorMark Wooding <mdw@distorted.org.uk>
Sat, 5 Apr 2008 12:23:21 +0000 (13:23 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Sat, 5 Apr 2008 12:23:21 +0000 (13:23 +0100)
The existing arrangement of writing the updated files to a local directory
are satisfactory for simple situations, but it's not actually desirable
to handle sensitive cryptographic keys (e.g., the TrIPE master key!) on
the same machine as a public-facing web server.

The upload-hook can contain an arbitrary shell-command, though it'll
typically be an invocation of rsync or similar.

keys/tripe-keys.conf.5
keys/tripe-keys.in

index 70bd356..4dcda40 100644 (file)
@@ -112,6 +112,17 @@ default.  Usually set up automatically.
 .I hk-master
 The fingerprint of the current master signing key.  No default.  Usually
 set up automatically.
+.TP
+.I upload-hook
+A shell command to run by
+.B tripe-keys upload
+after it has successfully written the
+.I repos-file
+and
+.IR sig-file s.
+Default is
+.B ": run upload hook"
+which does nothing.
 .SS "Crypto parameters"
 .TP
 .I kx
index 58c3627..1167dea 100644 (file)
@@ -129,6 +129,7 @@ def conf_defaults():
                ('sig-file', '${base-dir}${sig-base}'),
                ('repos-file', '${base-dir}${repos-base}'),
                ('conf-file', '${base-dir}tripe-keys.conf'),
+               ('upload-hook', ': run upload hook'),
                ('kx', 'dh'),
                ('kx-param', lambda: {'dh': '-LS -b2048 -B256',
                                      'ec': '-Cnist-p256'}[conf['kx']]),
@@ -280,6 +281,7 @@ def cmd_upload(args):
   finally:
     OS.chdir(cwd)
     rmtree('tmp')
+  run('sh -c ${upload-hook}')
 
 def cmd_update(args):
   cwd = OS.getcwd()