summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Mark Wooding [Sun, 2 Jul 2017 22:02:32 +0000 (23:02 +0100)]
lib/func.sh: Ask for `gpg1' because the stoats got to plain `gpg'.
Mark Wooding [Sun, 2 Jul 2017 22:01:59 +0000 (23:01 +0100)]
bin/sign: Don't explicitly request a particular certificate version.
Mark Wooding [Mon, 6 Apr 2015 21:14:10 +0000 (22:14 +0100)]
bin/upload: Preserve timestamps.
Mark Wooding [Sun, 5 Apr 2015 10:40:15 +0000 (11:40 +0100)]
bin/upload: Add a `$publish_opts' parameter for special rsync effects.
Mark Wooding [Sat, 19 Jul 2014 17:12:26 +0000 (18:12 +0100)]
bin/sign: Don't continue processing after encountering a directive.
Mark Wooding [Sat, 19 Jul 2014 17:12:02 +0000 (18:12 +0100)]
bin/sign: Keep track of the original domain, for `known_hosts' banners.
Mark Wooding [Sat, 19 Jul 2014 16:59:40 +0000 (17:59 +0100)]
Don't track my local files.
Not sure why I ever thought this was a good idea.
Mark Wooding [Sat, 19 Jul 2014 16:53:57 +0000 (17:53 +0100)]
etc/hosts: Add entry for haze.
Mark Wooding [Mon, 21 Apr 2014 21:11:33 +0000 (22:11 +0100)]
etc/hosts: Move VPN hosts to ...:1.
Linux thinks that host addresses which coincide with network base
addresses are `anycast', and that this means that it shouldn't send
ICMP errors to them. This is obviously ridiculous. so move hosts to
address ...:1 to prevent this stupidity.
Mark Wooding [Mon, 21 Apr 2014 20:58:53 +0000 (21:58 +0100)]
etc/hosts: Note that strat provides www.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
etc/hosts: Fix wrong IPv6 addresses for jazz and stratocaster.
Oh, dear. This is quite bad.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
bin/sign: Emit a `known_hosts' file in the correct form.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
etc/hosts: Replacing IPv6 host routes with /112 networks.
Linux has a bug: it doesn't make route cache entries for remote hosts if
there's already a host route, and it only attaches path-MTU information
to cache entries. The result is that it doesn't handle ICMPv6 `packet
too big' messages properly for destinations with host routes.
I'm bodging this by replacing all of the host routes with tiny /112
networks. It's awful, but it seems to work. The convention is that the
`host part' of the net is always zero.
Mark Wooding [Thu, 17 Apr 2014 17:59:45 +0000 (18:59 +0100)]
etc/hosts: New service name `dyndns' for telecaster.
Mark Wooding [Sun, 9 Mar 2014 18:33:49 +0000 (18:33 +0000)]
etc/hosts: FTP service now handled by telecaster.
Mark Wooding [Fri, 7 Mar 2014 09:32:26 +0000 (09:32 +0000)]
vampire: Fix vampire's IPv6 address.
Collision with ibanez: potentially very bad.
Mark Wooding [Tue, 24 Sep 2013 17:30:35 +0000 (18:30 +0100)]
etc/config.sh: Publish through dedicated server account.
It makes life better operationally. Trust me.
Mark Wooding [Tue, 24 Sep 2013 17:30:22 +0000 (18:30 +0100)]
etc/hosts: Add jaguar.
Mark Wooding [Sat, 9 Feb 2013 17:38:42 +0000 (17:38 +0000)]
etc/config.sh, etc/hosts: Add satellite network.
Mark Wooding [Sat, 9 Feb 2013 17:37:50 +0000 (17:37 +0000)]
bin/sign: Allow domain to be set in the hosts file.
We extend our reach to other networks.
Mark Wooding [Tue, 29 Jan 2013 18:40:31 +0000 (18:40 +0000)]
bin/sign: Include `known_hosts' entries in the signed bundle.
Including the CA certificate. Useful, since otherwise it's hard to
bootstrap.
Mark Wooding [Tue, 29 Jan 2013 18:39:36 +0000 (18:39 +0000)]
bin/sign: Read fingerprint from master rather than publish directory.
It's the authoritative source.
Mark Wooding [Tue, 29 Jan 2013 18:38:21 +0000 (18:38 +0000)]
etc/hosts: Add terror.
Mark Wooding [Mon, 14 Jan 2013 02:02:59 +0000 (02:02 +0000)]
etc/config.sh: Moving archive to stratocaster.
Mark Wooding [Sun, 13 Jan 2013 19:59:58 +0000 (19:59 +0000)]
etc/hosts: Add orange.
Mark Wooding [Sat, 5 Jan 2013 08:34:51 +0000 (08:34 +0000)]
etc/hosts: Publish `jazz.iodine' identity.
Mark Wooding [Sat, 29 Dec 2012 04:20:40 +0000 (04:20 +0000)]
etc/hosts: Now stratocaster is the Git server.
Mark Wooding [Mon, 30 Apr 2012 08:59:14 +0000 (09:59 +0100)]
Include subnet-qualified names names for hosts.
Mark Wooding [Sun, 22 Apr 2012 10:23:16 +0000 (11:23 +0100)]
etc/hosts: Add nicknames for strat and tele.
Mark Wooding [Sun, 22 Apr 2012 10:22:58 +0000 (11:22 +0100)]
etc/hosts: Reformat entry for crybaby.
Mark Wooding [Sat, 21 Apr 2012 22:58:45 +0000 (23:58 +0100)]
Return of the virtual hosts.
Mark Wooding [Mon, 19 Mar 2012 02:47:09 +0000 (02:47 +0000)]
etc/config.sh: Ooops. Fix the skew to one hour, not one day.
Mark Wooding [Mon, 12 Mar 2012 17:24:29 +0000 (17:24 +0000)]
bin/sign: Stupid typo fix: include leading `@' in CA entry file.
Mark Wooding [Mon, 12 Mar 2012 17:19:00 +0000 (17:19 +0000)]
etc/hosts: Actually commit this.
Mark Wooding [Mon, 12 Mar 2012 17:18:02 +0000 (17:18 +0000)]
config.sh: Increase scope for new address ranges.
Mark Wooding [Mon, 12 Mar 2012 16:54:41 +0000 (16:54 +0000)]
etc/config.sh: Allow a little slack in the validity timing.
Mark Wooding [Sun, 26 Feb 2012 22:18:59 +0000 (22:18 +0000)]
bin/sign: Remove spurious initial blank line.
Mark Wooding [Sat, 11 Feb 2012 15:39:44 +0000 (15:39 +0000)]
bin/sign: Force use of v00 certificates.
Debian stable doesn't understand v01.
Mark Wooding [Mon, 5 Sep 2011 09:17:55 +0000 (10:17 +0100)]
bin/sign: More care with replacing the old publish directory.
Don't delete the old backup or try to rename if there isn't a good newer
version. It'll fail, and clobber the only good version we have.
Mark Wooding [Sun, 4 Sep 2011 18:46:44 +0000 (19:46 +0100)]
Rearrange the filesystem structure.
Remove the archive. Remove the pointless extra directory level. We're
going to use rsync instead of http.
Mark Wooding [Sat, 13 Aug 2011 22:45:48 +0000 (23:45 +0100)]
Major change of approach and rewrite.
Fetching keys from the various hosts is silly: we must actually already
have them, otherwise SSH will complain. Instead, assume that someone
has already arranged to collect the keys and put them in the host/
directory. There's now a script to sign new certificates for them and
stash them in publish/. There's another script to upload the publish/
directory to a webserver (or whatever).
Mark Wooding [Sun, 10 Jul 2011 22:17:11 +0000 (23:17 +0100)]
Minimal SSH certificate authority.