sort SSHFP records so that DNS updates don't trigger spurrious zone changes
This commit is contained in:
parent
9210ebdb9f
commit
bf9b770255
1 changed files with 4 additions and 2 deletions
|
@ -332,9 +332,11 @@ def build_sshfp_records():
|
||||||
}
|
}
|
||||||
|
|
||||||
# Get our local fingerprints by running ssh-keyscan. The output looks
|
# Get our local fingerprints by running ssh-keyscan. The output looks
|
||||||
# like the known_hosts file: hostname, keytype, fingerprint.
|
# like the known_hosts file: hostname, keytype, fingerprint. The order
|
||||||
|
# of the output is arbitrary, so sort it to prevent spurrious updates
|
||||||
|
# to the zone file (that trigger bumping the serial number).
|
||||||
keys = shell("check_output", ["ssh-keyscan", "localhost"])
|
keys = shell("check_output", ["ssh-keyscan", "localhost"])
|
||||||
for key in keys.split("\n"):
|
for key in sorted(keys.split("\n")):
|
||||||
if key.strip() == "" or key[0] == "#": continue
|
if key.strip() == "" or key[0] == "#": continue
|
||||||
try:
|
try:
|
||||||
host, keytype, pubkey = key.split(" ")
|
host, keytype, pubkey = key.split(" ")
|
||||||
|
|
Loading…
Reference in a new issue