From 8c8a56816856f5f2688c812adda309d1fd1dfa09 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 3 Apr 2014 18:46:26 +0100
Subject: [PATCH] Publish SSHFP records in the DNS.

Machinery for fetching the fingerprints (relying on the existing CA) is
also included.  I'm checking in the fingerprint files because I want to
track how they evolve.
---
 artist.sshfp       |  2 ++
 crybaby.sshfp      |  2 ++
 distorted.lisp     | 84 +++++++++++++++++++++++++++---------------------------
 fender.sshfp       |  2 ++
 fetch-sshfp        | 24 ++++++++++++++++
 gibson.sshfp       |  2 ++
 ibanez.sshfp       |  2 ++
 jazz.sshfp         |  2 ++
 jem.sshfp          |  2 ++
 orange.sshfp       |  2 ++
 precision.sshfp    |  2 ++
 radius.sshfp       |  2 ++
 roadstar.sshfp     |  2 ++
 stratocaster.sshfp |  2 ++
 telecaster.sshfp   |  2 ++
 terror.sshfp       |  2 ++
 vampire.sshfp      |  2 ++
 17 files changed, 96 insertions(+), 42 deletions(-)
 create mode 100644 artist.sshfp
 create mode 100644 crybaby.sshfp
 create mode 100644 fender.sshfp
 create mode 100755 fetch-sshfp
 create mode 100644 gibson.sshfp
 create mode 100644 ibanez.sshfp
 create mode 100644 jazz.sshfp
 create mode 100644 jem.sshfp
 create mode 100644 orange.sshfp
 create mode 100644 precision.sshfp
 create mode 100644 radius.sshfp
 create mode 100644 roadstar.sshfp
 create mode 100644 stratocaster.sshfp
 create mode 100644 telecaster.sshfp
 create mode 100644 terror.sshfp
 create mode 100644 vampire.sshfp

diff --git a/artist.sshfp b/artist.sshfp
new file mode 100644
index 0000000..da88f62
--- /dev/null
+++ b/artist.sshfp
@@ -0,0 +1,2 @@
+artist IN SSHFP 1 1 a78d674bd082abd8cfd7535f0ef986ea058b234d
+artist IN SSHFP 2 1 e29b1a00c35d1d94b1242531247161cf7185aa1b
diff --git a/crybaby.sshfp b/crybaby.sshfp
new file mode 100644
index 0000000..81dbe49
--- /dev/null
+++ b/crybaby.sshfp
@@ -0,0 +1,2 @@
+crybaby IN SSHFP 1 1 e44cdab8f4100865cfb692a317208055d1c65206
+crybaby IN SSHFP 2 1 00831d629d23221f14c1d908fc88db4fd71acee8
diff --git a/distorted.lisp b/distorted.lisp
index 0806e78..1fca34e 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -105,25 +105,25 @@
   (evolution :alias evo)
 
   ;; Colocated services.
-  ((irc vox) (colo :svc jazz.colo)
-	     (jump :svc jazz.jump))
-  ((git www mail) (colo :svc stratocaster.colo)
-		  (jump :svc stratocaster.jump))
+  ((irc vox) (colo :svc jazz.colo :sshfp "jazz.sshfp")
+	     (jump :svc jazz.jump :sshfp "jazz.sshfp"))
+  ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster.sshfp")
+		  (jump :svc stratocaster.jump :sshfp "stratocaster.sshfp"))
   :svc #+view/inside stratocaster.colo
        #-view/inside stratocaster.jump
-  (cabal :svc stratocaster.colo)
-  ((db ftp) (colo :svc telecaster.colo)
-	    (jump :svc telecaster.jump))
+  (cabal :svc stratocaster.colo :sshfp "stratocaster.sshfp")
+  ((db ftp) (colo :svc telecaster.colo :sshfp "telecaster.sshfp")
+	    (jump :svc telecaster.jump :sshfp "telecaster.sshfp"))
 
   ;; Local services.
   ((rawk pifi) (unsafe :svc artist.unsafe)
 	       (dmz :svc artist.dmz))
-  (mirror (dmz :svc roadstar.dmz)
-	  (unsafe :svc roadstar.unsafe))
-  ((wiki bugs old-mail i2p) :svc vampire)
+  (mirror (dmz :svc roadstar.dmz :sshfp "roadstar.sshfp")
+	  (unsafe :svc roadstar.unsafe :sshfp "roadstar.sshfp"))
+  ((wiki bugs old-mail i2p) :svc vampire :sshfp "vampire.sshfp")
 
   ;; Internal services.
-  #+view/inside ((news lpr) :svc vampire.unsafe)
+  #+view/inside ((news lpr) :svc vampire.unsafe :sshfp "vampire.sshfp")
 
   ;; Anonymity services.
   (anon (colo :svc jazz.colo)
@@ -137,19 +137,19 @@
   ;; Colocated hosts.
   (colo :net colo)
   (jump :net jump)
-  (fender (colo :a fender.colo)
-	  (jump :a fender.jump))
-  (precision (colo :a precision.colo)
-	     (jump :a precision.jump))
-  (telecaster (colo :a telecaster.colo)
-	      (jump :a telecaster.jump))
+  (fender (colo :a fender.colo :sshfp "fender.sshfp")
+	  (jump :a fender.jump :sshfp "fender.sshfp"))
+  (precision (colo :a precision.colo :sshfp "precision.sshfp")
+	     (jump :a precision.jump :sshfp "precision.sshfp"))
+  (telecaster (colo :a telecaster.colo :sshfp "telecaster.sshfp")
+	      (jump :a telecaster.jump :sshfp "telecaster.sshfp"))
   (telecaster :alias tele)
-  (stratocaster (colo :a stratocaster.colo)
-		(jump :a stratocaster.jump))
+  (stratocaster (colo :a stratocaster.colo :sshfp "stratocaster.sshfp")
+		(jump :a stratocaster.jump :sshfp "stratocaster.sshfp"))
   (stratocaster :alias strat)
-  (jazz (colo :a jazz.colo)
-	(jump :a jazz.jump)
-	(iodine :a jazz.iodine))
+  (jazz (colo :a jazz.colo :sshfp "jazz.sshfp")
+	(jump :a jazz.jump :sshfp "jazz.sshfp")
+	(iodine :a jazz.iodine :sshfp "jazz.sshfp"))
 
   ;; Media server (on loan to Good Technology HSTG).
   (jaguar (jump :a jaguar.jump))
@@ -161,23 +161,23 @@
   (unsafe :net unsafe)
   (safe :net safe)
   (untrusted :net untrusted)
-  (vampire (unsafe :a vampire.unsafe)
-	   (dmz :a vampire.dmz)
-	   (safe :a vampire.safe)
-	   (untrusted :a vampire.untrusted))
-  (ibanez (unsafe :a ibanez.unsafe)
-	  (dmz :a ibanez.dmz))
-  (radius (unsafe :a radius.unsafe)
-	  (dmz :a radius.dmz)
-	  (safe :a radius.safe)
-	  (untrusted :a radius.untrusted))
-  (roadstar (unsafe :a roadstar.unsafe)
-	    (dmz :a roadstar.dmz))
-  (jem (unsafe :a jem.unsafe)
-       (dmz :a jem.dmz))
-  (artist (unsafe :a artist.unsafe)
-	  (dmz :a artist.dmz)
-	  (untrusted :a artist.untrusted))
+  (vampire (unsafe :a vampire.unsafe :sshfp "vampire.sshfp")
+	   (dmz :a vampire.dmz :sshfp "vampire.sshfp")
+	   (safe :a vampire.safe :sshfp "vampire.sshfp")
+	   (untrusted :a vampire.untrusted :sshfp "vampire.sshfp"))
+  (ibanez (unsafe :a ibanez.unsafe :sshfp "ibanez.sshfp")
+	  (dmz :a ibanez.dmz :sshfp "ibanez.sshfp"))
+  (radius (unsafe :a radius.unsafe :sshfp "radius.sshfp")
+	  (dmz :a radius.dmz :sshfp "radius.sshfp")
+	  (safe :a radius.safe :sshfp "radius.sshfp")
+	  (untrusted :a radius.untrusted :sshfp "radius.sshfp"))
+  (roadstar (unsafe :a roadstar.unsafe :sshfp "roadstar.sshfp")
+	    (dmz :a roadstar.dmz :sshfp "roadstar.sshfp"))
+  (jem (unsafe :a jem.unsafe :sshfp "jem.sshfp")
+       (dmz :a jem.dmz :sshfp "jem.sshfp"))
+  (artist (unsafe :a artist.unsafe :sshfp "artist.sshfp")
+	  (dmz :a artist.dmz :sshfp "artist.sshfp")
+	  (untrusted :a artist.untrusted :sshfp "artist.sshfp"))
 
   ;; DHCP hosts.
   (gibson :cname gibson.dhcp)
@@ -188,9 +188,9 @@
 
   ;; Virtual network.
   (vpn :net vpn)
-  (crybaby (vpn :a crybaby.vpn))
-  (terror (vpn :a terror.vpn))
-  (orange (vpn :a orange.vpn))
+  (crybaby (vpn :a crybaby.vpn :sshfp "crybaby.sshfp"))
+  (terror (vpn :a terror.vpn :sshfp "terror.sshfp"))
+  (orange (vpn :a orange.vpn :sshfp "orange.sshfp"))
   (iodine :net iodine)
 
   ;; ITS.
diff --git a/fender.sshfp b/fender.sshfp
new file mode 100644
index 0000000..9cdb1bb
--- /dev/null
+++ b/fender.sshfp
@@ -0,0 +1,2 @@
+fender IN SSHFP 1 1 8c4026eae04c6364cfe67eb5084920324652042c
+fender IN SSHFP 2 1 814f905c79291477e7c9e883e294983dc6809941
diff --git a/fetch-sshfp b/fetch-sshfp
new file mode 100755
index 0000000..21a14f2
--- /dev/null
+++ b/fetch-sshfp
@@ -0,0 +1,24 @@
+#! /bin/sh
+
+while read host; do
+  { ssh $host "ssh-keygen -r$host" >$host.sshfp.new
+    mv $host.sshfp.new $host.sshfp; }&
+done <<END
+ibanez
+radius
+roadstar
+jem
+artist
+fender
+precision
+telecaster
+stratocaster
+jazz
+gibson
+vampire
+terror
+crybaby
+orange
+END
+
+wait
diff --git a/gibson.sshfp b/gibson.sshfp
new file mode 100644
index 0000000..9702acb
--- /dev/null
+++ b/gibson.sshfp
@@ -0,0 +1,2 @@
+gibson IN SSHFP 1 1 f45858aa26bbe3536d9470ddece1eef06736983a
+gibson IN SSHFP 2 1 f724f3eb26e44336688a8b1e1f3c7ce9d714dddb
diff --git a/ibanez.sshfp b/ibanez.sshfp
new file mode 100644
index 0000000..a6222bc
--- /dev/null
+++ b/ibanez.sshfp
@@ -0,0 +1,2 @@
+ibanez IN SSHFP 1 1 349bea13ba34ac438db36844fd2ca106a6baf6fe
+ibanez IN SSHFP 2 1 7a0edae06c300d21e2831e82eb1d463170acde10
diff --git a/jazz.sshfp b/jazz.sshfp
new file mode 100644
index 0000000..3dbc29f
--- /dev/null
+++ b/jazz.sshfp
@@ -0,0 +1,2 @@
+jazz IN SSHFP 1 1 4a16f98c352b7bf1e64110d737b8f87710eda313
+jazz IN SSHFP 2 1 76dcdea88e88a967d9415f0d50ffe9b3b809094a
diff --git a/jem.sshfp b/jem.sshfp
new file mode 100644
index 0000000..b2863bf
--- /dev/null
+++ b/jem.sshfp
@@ -0,0 +1,2 @@
+jem IN SSHFP 1 1 c1ed9c2feb87a1785041345fc3cc8c729bd93628
+jem IN SSHFP 2 1 603850e1d31ea66f292cfb973d908ffa13ec82e4
diff --git a/orange.sshfp b/orange.sshfp
new file mode 100644
index 0000000..2e759b2
--- /dev/null
+++ b/orange.sshfp
@@ -0,0 +1,2 @@
+orange IN SSHFP 1 1 74929257f5f5a5607199837c61d206d52bfb65d3
+orange IN SSHFP 2 1 b1cb7d22f7bdb62eff2b8c449eb51434df92b7ab
diff --git a/precision.sshfp b/precision.sshfp
new file mode 100644
index 0000000..b345da2
--- /dev/null
+++ b/precision.sshfp
@@ -0,0 +1,2 @@
+precision IN SSHFP 1 1 b8b88a99dc112de90d7f4ede05fae8633c60b328
+precision IN SSHFP 2 1 54ca3fb6947f508317246da44806f495ff88b43b
diff --git a/radius.sshfp b/radius.sshfp
new file mode 100644
index 0000000..36433ea
--- /dev/null
+++ b/radius.sshfp
@@ -0,0 +1,2 @@
+radius IN SSHFP 1 1 e8aac3c8ead7d1e2faf11fdfa9b531362215a80e
+radius IN SSHFP 2 1 8469803a8658613ddacb341f74f31fac38dec521
diff --git a/roadstar.sshfp b/roadstar.sshfp
new file mode 100644
index 0000000..8665f71
--- /dev/null
+++ b/roadstar.sshfp
@@ -0,0 +1,2 @@
+roadstar IN SSHFP 1 1 011d0f3219d56ce08b95ee40b29a41b49b9b6e42
+roadstar IN SSHFP 2 1 844e6d2ab000f9bc40b4afc75c47d6f46e339d1a
diff --git a/stratocaster.sshfp b/stratocaster.sshfp
new file mode 100644
index 0000000..c5982bf
--- /dev/null
+++ b/stratocaster.sshfp
@@ -0,0 +1,2 @@
+stratocaster IN SSHFP 1 1 0be92da83c4029625c4e3a4b324fbcec4166087b
+stratocaster IN SSHFP 2 1 01b0172a6a803d9caef86b31afb83f1b919ec8ef
diff --git a/telecaster.sshfp b/telecaster.sshfp
new file mode 100644
index 0000000..a24a9c9
--- /dev/null
+++ b/telecaster.sshfp
@@ -0,0 +1,2 @@
+telecaster IN SSHFP 1 1 c17e05eeb9f79fe3ce27e38f4d7b54d241bd66c5
+telecaster IN SSHFP 2 1 27f899837c21c67d97a9d5b5e829cdec9315a65a
diff --git a/terror.sshfp b/terror.sshfp
new file mode 100644
index 0000000..5ac409b
--- /dev/null
+++ b/terror.sshfp
@@ -0,0 +1,2 @@
+terror IN SSHFP 1 1 223dbccfa9a3ef95bc66960762c6b0a9ba2e3a8f
+terror IN SSHFP 2 1 98daaf73aadbc4e53d32c49804b3803b8c3645a6
diff --git a/vampire.sshfp b/vampire.sshfp
new file mode 100644
index 0000000..3157e70
--- /dev/null
+++ b/vampire.sshfp
@@ -0,0 +1,2 @@
+vampire IN SSHFP 1 1 94ecfe432bf7d431a7cc558b03672cb3e1a05453
+vampire IN SSHFP 2 1 f09ff615b348f7ee2b8639f86f7d1e410a3501bb
-- 
2.11.0