sort SSHFP records so that DNS updates don't trigger spurrious zone changes

This commit is contained in:
Joshua Tauberer 2014-10-07 15:15:22 +00:00
parent 9210ebdb9f
commit bf9b770255

View file

@ -332,9 +332,11 @@ def build_sshfp_records():
} }
# Get our local fingerprints by running ssh-keyscan. The output looks # Get our local fingerprints by running ssh-keyscan. The output looks
# like the known_hosts file: hostname, keytype, fingerprint. # like the known_hosts file: hostname, keytype, fingerprint. The order
# of the output is arbitrary, so sort it to prevent spurrious updates
# to the zone file (that trigger bumping the serial number).
keys = shell("check_output", ["ssh-keyscan", "localhost"]) keys = shell("check_output", ["ssh-keyscan", "localhost"])
for key in keys.split("\n"): for key in sorted(keys.split("\n")):
if key.strip() == "" or key[0] == "#": continue if key.strip() == "" or key[0] == "#": continue
try: try:
host, keytype, pubkey = key.split(" ") host, keytype, pubkey = key.split(" ")