[PATCH 1/9] chiark live tree fixes including proposed sites bugfix
Ian Jackson
ijackson at chiark.greenend.org.uk
Wed Jul 11 01:09:57 BST 2012
These patches are in ~secnet/secnet-live.git on chiark:
1/9 netlink: Fix up link down behaviour
2/9 make-secnet-sites: Fix userv invocation after pfilepath
3/9 make-secnet-sites: Allow sites with no address
4/9 make-secnet-sites: New -P <prefix> option
5/9 make-secnet-sites: If definition found in wrong place, bomb out
6/9 make-secnet-sites: Actually include addresses in sites.conf
I'm proposing these additional patches to sort out some problems with
the way I was using `include':
7/9 make-secnet-sites: Do newline-trimming in pline()
8/9 make-secnet-sites: In -u mode, output file "dereferences" include directives
9/9] make-secnet-sites: Do not permit "include" in simple sites files
In particular, Steve was complaining that the generated sites file
contained an "include" directive which (a) means you can't process it
with any released version of secnet and (b) anyway a normal site admin
running make-secnet-sites should not have to trust the sites file
(to the extent of having to scrutinise it for includes).
I don't have time right now but in a test copy of ~secnet/sgo-vpn I
ran this
USERV_USER=ian USERV_GROUP=ian-rela ~/things/Fvpn/secnet.git/make-secnet-sites -u header groupfiles newsites ian-rela </dev/null
and it seemed to do the right thing.
The file "newsites" is below.
Thanks,
Ian.
# sites file autogenerated by make-secnet-sites
# generated Wed Jul 11 01:07:13 2012, invoked by ian
# use make-secnet-sites to turn this file into a
# valid /etc/secnet/sites.conf file
vpn sgo
contact steve at greenend.org.uk
dh 8db5f2c15ac96d9f3382d1ef4688fba14dc7908ae7dfd71a9cfe7f479a75d506dc53f159aeaf488bde073fe544bc91c099f101fcf60074f30c06e36263c03ca9e07931ce3fc235fe1171dc6d9316fb097bd4362891e2c36e234e7c16b038fd97b1f165c710e90537de66ee4f54001f5712b050d4e07de3fba07607b19b64f6c3 2
hash sha1
key-lifetime 72000000
restrict-nets 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12
setup-timeout 2000
setup-retries 5
location greenend Mgend
restrict-nets 192.168.73.0/24 172.19.71.0/24
location chiark secnet
restrict-nets 172.18.113.208/28 172.18.45.0/24 172.21.115.0/24 172.21.29.0/24 172.27.25.80/28 172.31.80.16/32 172.31.80.6/32 172.31.80.7/32 172.31.80.8/32 192.168.37.0/24 192.168.76.0/24 192.168.93.0/24 172.31.80.9/32 172.31.80.16/31 172.31.80.32/29
location perfection jmat-ns
restrict-nets 192.168.5.0/24
location stardust sgta-sd
restrict-nets 172.31.66.0/24
location empire Tempire
restrict-nets 172.16.22.0/24
location ecstacy dunc-xtc
restrict-nets 192.168.76.0/24
location lilac dame-lil
restrict-nets 192.168.93.0/24
location relativity ian-rela
restrict-nets 172.18.45.0/24
location anjou rich-avn
restrict-nets 172.17.207.0/24 172.31.59.0/25
location easel matthewv
restrict-nets 172.27.25.80/28
location burrow vcla-brw
restrict-nets 172.20.45.0/24
location rapun Tempire
restrict-nets 172.31.80.10/32 172.31.80.11/32
location ipltd stev-pub
restrict-nets 172.30.52.0/22
location badgers sion-net
restrict-nets 172.19.244.0/24
location panacea owen-dns
restrict-nets 192.168.1.0/24
location jmusa jmatthew
restrict-nets 192.168.131.0/24
location gallery gtaylor
restrict-nets 172.17.217.0/24
location ixion sgta-ixn
restrict-nets 172.31.80.2/31
location lemoncurd bjha-dd
restrict-nets 172.17.11.0/24
location virtue matthewv
restrict-nets 172.29.176.192/28
location pelham cjwa-pel
restrict-nets 172.20.153.0/24
location greysky sbleas
restrict-nets 172.16.249.0/24
location thyme jdamery
restrict-nets 172.27.21.0/24
location atreus sgta-ixn
restrict-nets 172.31.80.14/31
location excommunication ijac-exv
restrict-nets 172.18.218.0/24
end-definitions
# Section submitted by user stevee, Mon Jun 11 16:59:18 2012
# Checked by make-secnet-sites version 0.1.18
vpn sgo
location greenend
contact steve at greenend.org.uk
site sinister
networks 192.168.73.0/24
peer 192.168.73.73
address sinister.dynamic.greenend.org.uk 410
pubkey 1024 35 142982503868096218874861713282365059678627873984481457880430507120010850400504702632632743735995919032493811078069101443728064938518604011871397141029747105689310082778680675110366272191956450327164919190408487263157267830267376075547419528532762755363767018559182902601280415801934613813608200657376498960611
# Section submitted by user ijackson, Thu Apr 24 23:47:46 2008
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location excommunication
contact ijackson+excommunication-vpn at chiark.greenend.org.uk
site emerald
networks 172.18.218.0/24
peer 172.18.218.11
address excommunication.dynamic.greenend.org.uk 410
pubkey 1024 35 140140330328542611800768776564048756920532922679702433211185267618732339317309494277940847589770057285554469957412734720126249719061010541225270308485820564277786300219744090145710268363118782640220667516224329767745989052149026271633687684932195329469377592430156297863238196394532882568848856901877761448803
# Section submitted by user sbleas, Sun Jul 24 16:59:32 2005
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location greysky
contact sbleas at chiark.greenend.org.uk
site greysky
networks 172.16.249.0/24
peer 172.16.249.105
address greysky.dynamic.greenend.org.uk 410
pubkey 1024 35 127127562973458072013956521838509993176018348974866364590732071675333791729011602234570373309275738257663428277820156230049276461703651797721756193107918513366292430228959882513559077151595253974711791540876336402604533818479298306474727826719514368996354838075431106628205540730847897510174714028472046246947
# Section submitted by user sgtatham, Mon Oct 15 09:51:55 2001
# Checked by make-secnet-sites.py version 0.1.5
vpn sgo
location stardust
contact anakin at pobox.com
site judicator
networks 172.31.66.0/24
peer 172.31.66.254
address stardust.dynamic.greenend.org.uk 410
pubkey 1024 35 172103696521215386942519828460041746050840885934062292617904380279615471736075326145760322489758313543838103638966973721653333512954992808645100024939775711379889481486529488596638415567978529720299164391410297002238407954683095686146831539990746931773177959852388886583892047733901855723271374635031351724959
# Section submitted by user bjharris, Wed Oct 6 15:26:15 2004
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location lemoncurd
contact bjh21 at bjh21.me.uk
site rockall
networks 172.17.11.0/24
peer 172.17.11.60
address lemoncurd.org.uk 410
pubkey 1024 35 132151396510268534149505401089289240055627968580164854163798489423833024690387147792312076862053262724542284758806695232878898860150602283376136732357319353987641558111936289770024863287626090483891903304466468644900615672053832505822843597812177969878369217341333537807173313144275666943731678917609083577319
# Section submitted by user jmatthew, Wed Dec 31 17:33:42 2003
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location jmusa
contact john at matthews-net.org.uk
site usa-gw
networks 192.168.131.0/24
peer 192.168.131.11
address jmusa.dynamic.greenend.org.uk 410
pubkey 1024 35 142643431555554550472916261193128717981199292292504257783723748005140530544381817872610877087250995842428377481330886182161397412580727774142766085672635544039342810887416467355989319776669626403825020242609567013182851677637217123437741414362169489217937381371543282324472416822842829850640409774156852415619
# Section submitted by user cjwatson, Wed Jun 15 15:00:27 2005
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location pelham
contact cjwatson at chiark.greenend.org.uk
site riva
networks 172.20.153.0/24
peer 172.20.153.10
address riva.dynamic.greenend.org.uk 410
pubkey 1024 35 150012366428468594867083352773615114169539174921839743006410352678375470281904372418104180435366929816985289769210263068474248655047132242107403943281003608757467341308161831412815384316950515725027446003610950608601521981103370621812314178156457469223198123248433229369422402448995630381856566588155949836283
# Section submitted by user jdamery, Tue Aug 9 16:08:14 2005
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location thyme
contact jdamery at chiark.greenend.org.uk
site florimel
networks 172.27.21.0/24
peer 172.27.21.254
address thyme.dynamic.greenend.org.uk 410
pubkey 1024 35 160318659654793190913085833127499777734906806235496225999055026087085856348129353956290177650179664266447942757478049564033841320525562038598209224283761728290596323923257745190494231997864281274778223682956454764112695255284837266675307042166597326016979631610595618841042691817940562212521211242693199315489
# Section submitted by user gtaylor, Fri Jul 16 22:40:07 2004
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location gallery
contact gareth at tartarus.org
site hmm
networks 172.17.217.0/24
peer 172.17.217.60
address gallery.dynamic.greenend.org.uk 410
pubkey 1024 35 130958098339862227905167401600446158622074102462153051991122465660362552335477855627008108211455129080374721948440023448655511420869273792195458617450663877274526194847651505517926597314157802020132090442712003025595251851296479161499610157612158694554090010411921662616601901875331775155727155191398156304127
# Section submitted by user jmatthew, Wed Mar 6 00:52:29 2002
# Checked by make-secnet-sites.py version 0.1.10
vpn sgo
location perfection
contact john at matthews-net.org.uk
site nijinsky
address nijinsky.dynamic.greenend.org.uk 410
networks 192.168.5.0/24
peer 192.168.5.6
pubkey 1024 35 128487881270944914639894387086741587847238577932503703584182757008429388448547881228220638514218369598813290574301895104614010538549221379761288229500242233913704725858930469014371823580095468883518123786280810635743808658136214470344616744051666823002144177711188605565894144473112763128933101121830747767789
# Section submitted by user owend, Mon Feb 24 21:31:24 2003
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location panacea
contact owend at chiark.greenend.org.uk
site titus
networks 192.168.1.0/24
address titus.dynamic.greenend.org.uk 410
pubkey 1024 35 146225772119682547715902565190190643312756178641782659251896268987727101468304162035884567488029655760768307646333249877570668813143061197445149530457158125674840720104202993965202972760680655663057991630631396830006751250015740456156769595500824214983186619770455615107386517341802957624394513827742184347819 root at titus
peer 192.168.1.2
# Section submitted by user sgtatham, Wed May 14 10:53:13 2008
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location ixion
contact vpn-coordinator at tartarus.org
site ixion
address ixion.tartarus.org 410
peer 172.31.80.3
networks 172.31.80.2/31
pubkey 1024 35 135333718531590228378209512514588704905145163880290136458715219505633627524404094513841678384216092020068922682779012031026257466322004228051099195436852327776120623133459099558984695286392569159942323721178965470705931187002028531553053165265063371892878856840073984710117038421304936395808048725039337338333
vpn sgo
location atreus
contact vpn-coordinator at tartarus.org
site atreus
address atreus.tartarus.org 410
peer 172.31.80.15
networks 172.31.80.14/31
pubkey 2048 35 26386319295514409858007579671143345210262550781321846615285747099130268279668952404846339284499169134555099847799357608277227591276037359293661370358841589462282266129573226685051041853504652540984673273422688457397485784634165164842116489758018052457208727505964119927584194998773050611697605744817532136486200727234200187716841076605226473700556924701371915248196610024942422536365779412790936877712158535393641150340226374015237441125818584988914821922138222990391410104618536467064458838238178850491574569031670286794518285548203153812853983482745909664546888732246331952837152245416907880131592399740624837625679 vpn at atreus
# Section submitted by user siona, Tue Mar 6 15:26:24 2007
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location badgers
contact siona at chiark.greenend.org.uk
site fire
networks 172.19.244.0/24
address badgers.dynamic.greenend.org.uk 410
pubkey 1024 35 155731326790044739106090711115198879520777017954119343461361714460734416771081319121759446476640504789659086902138186665340305195172945901909900310053117781470765984941859407464659608317407019642408971547435723285606385928404216184987310688337736368714229386819003389465769973671939200231250948373943667618783
peer 172.19.244.99
# Section submitted by user matthewv, Tue Jun 14 23:58:30 2005
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location virtue
contact matthewv at chiark.greenend.org.uk
site favour
networks 172.29.176.192/28
peer 172.29.176.201
address virtue.dynamic.greenend.org.uk 410
pubkey 1024 35 112503312958985565044601916565591039668261902008656306950653005868251944371825751502535170935146665126841334356339197447356763943357119328264016284509802774866518883912993850804943785987907536554834455749153832655364691483663746573743535195732001171608892541084605865287636495507774192680506896016961914459489 root at favour
# Section submitted by user ryounger, Wed Aug 18 10:17:34 2004
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location burrow
contact secnet at impropriety.org.uk
site halfwit
networks 172.20.45.0/24
peer 172.20.45.5
address gratuitous.impropriety.org.uk 410
pubkey 1024 35 127352641627380578435435660403054326335938240273516567392207537544193320376266588030801778470343899472769835230025259387501364174492688866745690203025753623277631602353630366424977412655178660161681619060738333874667820132248434451494335570682903964699211302382298568449859032089815519068092320169359184327869
# Section submitted by user matthewv, Sun Sep 28 18:34:03 2003
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location empire
contact matthew at sel.cam.ac.uk
site ming
networks 172.16.22.0/24
peer 172.16.22.13
address principate.dynamic.greenend.org.uk 410
pubkey 1024 35 165071423440701853363893560927297586228481194931512496542471628738409407818304132718956517427644298614855393881984527589004690615381645469433292776002869535128726273661260726105285810230324344055069927329237731699020935099041474392961091014739925575121643707013549314129040478488901732049671622188637347370207 root at ming
location rapun
contact matthew at sel.cam.ac.uk
site rapun
networks 172.31.80.10/32 172.31.80.11/32
peer 172.31.80.11
address rapun.sel.cam.ac.uk 410
pubkey 1024 35 110270723853336412341894163820357195263465313079948732046687371982689615145227226613429024584939303872015256345044383540183538141602818556714430216405752101698535466750482451177171172758971229602031319939166399398348347460470456866963642044943707321634031462625903404176360162676176173043391403157175328752941 root at rapun
# Section submitted by user richard, Sun Nov 7 19:04:00 2004
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location anjou
contact rjk at greenend.org.uk
site curator
networks 172.17.207.0/24 172.31.59.0/25
peer 172.17.207.5
address anjou.dynamic.greenend.org.uk 410
pubkey 1024 35 126679595520726979962622623759738370463752210336129637076258076196879436564166661212563050995716520919538643180560139625301713248103546058087333945717388003337678713651877892744210348471418393000853911928130371606672166647819375096598657243179753326942738703579072996316084163949055081621109198792950913566211
# Section submitted by user secnet, Sun Jan 25 01:02:34 2009
# Checked by make-secnet-sites version 0.1.16
vpn sgo
location chiark
contact secnet at chiark.greenend.org.uk
site chiark
address chiark.greenend.org.uk 410
peer 172.31.80.9
networks 172.18.113.208/28 172.18.45.0/24 172.21.115.0/24 172.21.29.0/24 172.27.25.80/28 172.31.80.16/32 172.31.80.6/32 172.31.80.7/32 172.31.80.8/32 192.168.37.0/24 192.168.76.0/24 192.168.93.0/24 172.31.80.9/32 172.31.80.16/31 172.31.80.32/29
pubkey 1024 35 142727529003925298656414420811632378296524497304179619105191015695357742460158797298827122878793501199537822285205911063864424908425497400229865955603317464754223907562647708278695773351548155481372989733141442122782882941206619661017696209688431601952580912499262706702512738421030425164121104288841795045999
# Section submitted by user stevee, Mon Jun 11 16:55:59 2012
# Checked by make-secnet-sites version 0.1.18
vpn sgo
location ipltd
contact sde at individualpubs.co.uk
site milton
networks 172.30.52.0/26
peer 172.30.52.6
address secnet.milton.individualpubs.co.uk 410
pubkey 1024 35 103819683786502279159773330747756109037427621165612669180913116723484974798517151020219076696223565051950604312958723900086139489285136070607005094488463441604213796768394056033874614632549577685465750180452079996642629208303123736605483212526511140263433658278815863739598311601242327016449392967024651067677
site coalheavers
networks 172.30.52.64/26
peer 172.30.52.70
address secnet.coalheavers.individualpubs.co.uk 410
pubkey 1024 35 135676368852737967437118969944190656621895450779572854299434593799576233093728022502592982033078082239800524997353214277607157638686306335983729691307532604146507728225690090305603227497792215610967466079745015364320300371659179811698561112006015921077424715318938054911612614715186892195550649032922742357509
site pembury
networks 172.30.52.128/26
peer 172.30.52.134
address secnet.pembury.individualpubs.co.uk 410
pubkey 1024 35 135525422562501888354767840299070718142012758186740632284460383406541465758525767102354019639464074754127240487452770551812776120512972462336217880604213678326093583625722118836188663760477198688887962650569041800520651662368580343843125044148901520945763806762233073800091138914859139497232003400493786138701
site whitelion
networks 172.30.52.192/26
peer 172.30.52.195
address secnet.whitelion.individualpubs.co.uk 410
pubkey 2048 35 24124139906411201483430278998300459346209181648588447838634557473142617326423094637990065615759268365532640262961154697003807788851304489778519423758311870419548451871707772625498983141615243082831954873299173351953696658284454997879609771415443088351129606246814125151516261656288221577912973789619169557736317647851013036620799821434567147815969576152166310449831742853072340641498081658794736455209830298796160236847261150100692846950792810183472852288888570587958978145794567121577380059457530519109467738632952725917803462199473750997853636055980188980138986295315951838415412566846884835372246283753195840399233
site naisby
networks 172.30.53.0/26
peer 172.30.53.3
address naisby.dyndns.org 410
pubkey 2048 35 23496932390846350006988903273689995529605442595208449496301215214523257298821956734082626831127389971279867860463844649591040499106920038765516079670943890056365922077683038785706450274752934070275306274191551501736910294338834719075780904166624029759273201802692626111603586293804720140640964242329171023597889018301623638755140852348589391468473507370043341996406876751101754876344216323889569939599454387958504841498748817044562980800841577617550578480358187232109759349388659009098602911245715834839842658839182515701957178993870897460382235435783478519228534063317662378085748664828760472728036858318519344109081
site devonshire
networks 172.30.53.64/26
peer 172.30.53.68
address secnet.devonshire.individualpubs.co.uk 410
pubkey 2048 35 26902315040175593876256072038553120405966707330340750045690511223604564174210548351097919706705196291563374405464944675832933762514612014430798579204912629788133854670914760043124561374006860857753208885380137932505841804168687042795885528925329290637064880998723072594595620494154932978564225048482665706091738179497298576789227621740933384149568004124773711339763311587023507505687967197728606354605301193857428240189843122718523671591383502512529001928606700076149721477047380958711196992296863152608864037365881801156117520321893534754079819993485727497061246464085753706365619156594774785738135258589182774229261
site ur
networks 172.30.53.128/26
peer 172.30.53.131
address secnet.individualpubs.co.uk 410
pubkey 2048 35 20355897268737979684293048877574689021779035982345049009043820324200673860803727671821805138175619321066286905115257692769641390216302303558362771479303888730136308693168090233787044931146610841460852125505817950606485287552708042330205630231876476137513837506224118220485195333892166862957470534693004159419697888019261430352441090651910400489629389805959091845431611665235399586623269467846243675164591334264439954249654404693615749690231508561586018669034812321971389933439432195577966285485733406158092316156495578419065480152327544896885831898721783706047292395415649760584201984481444598038744208243190513273603 root at ur
site waterbeach
networks 172.30.53.192/26
peer 172.30.53.194
address milton.individualpubs.co.uk 410
pubkey 2048 65537 22562158633121890206224570825426894540624603287907174899301268915349732481472165595198818947985200977756775390893863893888581373092922323295580736109937512156762797804505458433699834203987969541987844291075715312951629005274714558611767348648628228408305639290929676149407305052065714142854475924384362457569426063603805301794551497061718847913631785376232441553705533999150961829592246931361481449559498692064213954939958902797961047065924888489078058430227403503544022488904082958500903518314590365158800680918050913620772661052981864887185846946527361166335491313276846416237504316473788961715718243151128748257731 sde at vulcan
# Section submitted by user ian, Wed Jul 11 01:07:13 2012
# Checked by make-secnet-sites version 0.1.18
# end of sites file
More information about the sgo-software-discuss
mailing list