Commit bf9b7702 authored by Joshua Tauberer's avatar Joshua Tauberer

sort SSHFP records so that DNS updates don't trigger spurrious zone changes

parent 9210ebdb
...@@ -332,9 +332,11 @@ def build_sshfp_records(): ...@@ -332,9 +332,11 @@ def build_sshfp_records():
} }
# Get our local fingerprints by running ssh-keyscan. The output looks # Get our local fingerprints by running ssh-keyscan. The output looks
# like the known_hosts file: hostname, keytype, fingerprint. # like the known_hosts file: hostname, keytype, fingerprint. The order
# of the output is arbitrary, so sort it to prevent spurrious updates
# to the zone file (that trigger bumping the serial number).
keys = shell("check_output", ["ssh-keyscan", "localhost"]) keys = shell("check_output", ["ssh-keyscan", "localhost"])
for key in keys.split("\n"): for key in sorted(keys.split("\n")):
if key.strip() == "" or key[0] == "#": continue if key.strip() == "" or key[0] == "#": continue
try: try:
host, keytype, pubkey = key.split(" ") host, keytype, pubkey = key.split(" ")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment