tripe-keys: Provide upload-hook for more complicated publishing.

The existing arrangement of writing the updated files to a local directory
are satisfactory for simple situations, but it's not actually desirable
to handle sensitive cryptographic keys (e.g., the TrIPE master key!) on
the same machine as a public-facing web server.

The upload-hook can contain an arbitrary shell-command, though it'll
typically be an invocation of rsync or similar.

diff --git a/keys/tripe-keys.conf.5 b/keys/tripe-keys.conf.5
index 70bd356ea33e4825376425291c2cac2cd8bacb2c..4dcda40b9f2f7f0dce62934d6533a86f67633ff8 100644 (file)
--- a/keys/tripe-keys.conf.5
+++ b/keys/tripe-keys.conf.5
@@ -112,6 +112,17 @@ default.  Usually set up automatically.
 .I hk-master
 The fingerprint of the current master signing key.  No default.  Usually
 set up automatically.
+.TP
+.I upload-hook
+A shell command to run by
+.B tripe-keys upload
+after it has successfully written the
+.I repos-file
+and
+.IR sig-file s.
+Default is
+.B ": run upload hook"
+which does nothing.
 .SS "Crypto parameters"
 .TP
 .I kx

diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in
index 58c362792ed95a93166a6363eba2ee2bd49a304c..1167dea00df123bf0bb35f1231db4f55f9ba5656 100644 (file)
--- a/keys/tripe-keys.in
+++ b/keys/tripe-keys.in
@@ -129,6 +129,7 @@ def conf_defaults():
                ('sig-file', '${base-dir}${sig-base}'),
                ('repos-file', '${base-dir}${repos-base}'),
                ('conf-file', '${base-dir}tripe-keys.conf'),
+               ('upload-hook', ': run upload hook'),
                ('kx', 'dh'),
                ('kx-param', lambda: {'dh': '-LS -b2048 -B256',
                                      'ec': '-Cnist-p256'}[conf['kx']]),
@@ -280,6 +281,7 @@ def cmd_upload(args):
   finally:
     OS.chdir(cwd)
     rmtree('tmp')
+  run('sh -c ${upload-hook}')
 
 def cmd_update(args):
   cwd = OS.getcwd()