Add httpd/fingerprints.

2014-12-12 20:09:53 +00:00 · 2014-12-12 20:09:53 +00:00 · f564ccfe20
commit f564ccfe20
parent ad56c68d80
5 changed files with 97 additions and 2 deletions
--- a/playbooks/groups/proxies-miscellaneous.yml
+++ b/playbooks/groups/proxies-miscellaneous.yml
@ -18,3 +18,6 @@
    mimetype: image/vnd.microsoft.icon
    extensions:
    - .ico
+
+  - role: httpd/fingerprints
+    website: admin.fedoraproject.org
--- a/playbooks/groups/proxies.yml
+++ b/playbooks/groups/proxies.yml
@ -51,8 +51,6 @@
  #
  # - smolt::proxy -- note going to do this.  smolt is dead.  long live smolt.
  #
-  # - haproxy::proxy
-  # - fingerprints::proxy
  # - gather-easyfix::proxy
  # - fedmsg::proxy-crl
  # - review-stats::proxy
--- a/roles/httpd/fingerprints/files/fingerprints.conf
+++ b/roles/httpd/fingerprints/files/fingerprints.conf
@ -0,0 +1,2 @@
+Alias /fingerprints /srv/web/fingerprints.html
+Alias /ssh_known_hosts /etc/ssh/ssh_known_hosts
--- a/roles/httpd/fingerprints/files/fingerprints.html
+++ b/roles/httpd/fingerprints/files/fingerprints.html
@ -0,0 +1,77 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  
+
+  <head>
+    <title>Fedora SSH Fingerprints</title>
+    <link rel="stylesheet" type="text/css" media="screen" href="https://fedoraproject.org/static/css/fedora.css" />
+  </head>
+  <body>
+    <div id="wrapper">
+      <div id="head">
+        <h1><a href="http://fedoraproject.org/en/index">Fedora</a></h1>
+      </div>
+      <div id="sidebar">
+        <div id="nav">
+          <h2>Navigation</h2>
+          <ul>
+            <li id="nav-home"><a href="http://fedoraproject.org/en/index">Home</a></li>
+
+            <li id="nav-get"><a href="http://fedoraproject.org/en/get-fedora">Get Fedora</a></li>
+            <li id="nav-join"><a href="http://fedoraproject.org/en/join-fedora">Join Fedora</a></li>
+            <li id="nav-help"><a href="http://fedoraproject.org/en/get-help">Get Help</a></li>
+          </ul>
+        </div>
+      </div>
+      <div id="content">
+      <h1>Package Signing Keys</h1>
+      <p>
+        Please refer to the <a href="https://fedoraproject.org/keys">keys page</a> for updated information about package signing keys.
+      </p>
+      <h1>SSH Host Fingerprints</h1>
+    <p>
+       The current list of known fedora hosts can be found <a href="https://admin.fedoraproject.org/ssh_known_hosts">ssh_known_hosts</a> for information on how to use this file please refer to <a href="http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-single/">Community Services Infrastructure Standards, Security Policy</a>.
+    </p>
+      <p>
+        It is recommended that you only trust SSH Fingerprints from this page.
+      </p>
+      <h1>Fedora Build System (Koji) CA Infrastructure</h1>
+      <table>
+      <tr>
+        <th>Key Purpose</th>
+        <th>Identified As</th>
+        <th>Fingerprint</th>
+        <th>Last Updated (UTC)</th>
+      </tr>
+      <tr>
+        <td>Build System (koji)</td>
+        <td>Fedora Project CA</td>
+        <td>SHA1 Fingerprint=92:9C:BF:A0:5E:70:99:2C:2C:7A:2C:41:83:DC:09:74:E4:8F:D7:B4<BR>
+            MD5 Fingerprint=81:A3:96:95:E1:87:A3:8C:26:72:B5:0C:68:AE:26:E2</td>
+        <td>2008-08-22 00:00:00</td>
+      </tr>
+      </table>
+      <p>
+        The Fedora CA cert is available <a href="https://admin.fedoraproject.org/ca/cacert.pem">Here</a> and the Certificate Revokation List <a href="https://admin.fedoraproject.org/ca/crl.pem">Here</a>
+      </p>
+
+    </div>
+    </div>
+    <div id="bottom">
+      <div id="footer">
+        <p class="copy">
+        &copy; 2010 Red Hat, Inc. and others.  For comments or queries, please <a href="http://fedoraproject.org/en/contact">contact us</a>.
+        </p>
+        <p class="disclaimer">
+        The Fedora Project is maintained and driven by the community and sponsored by Red Hat.  This is a community maintained site.  Red Hat is not responsible for content.
+        </p>
+        <ul>
+          <li class="first"><a href="/en/sponsors">Sponsors</a></li>
+          <li><a href="http://fedoraproject.org/wiki/Legal">Legal</a></li>
+          <li><a href="http://fedoraproject.org/wiki/Legal/TrademarkGuidelines">Trademark Guidelines</a></li>
+        </ul>
+
+      </div>
+    </div>
+  </body>
+</html>
--- a/roles/httpd/fingerprints/tasks/main.yml
+++ b/roles/httpd/fingerprints/tasks/main.yml
@ -0,0 +1,15 @@
+copy: src=fingerprints.html dest=/srv/web/fingerprints.html
+notify:
+- restart httpd
+tags:
+- fingerprints
+- httpd
+- httpd/fingerprints
+
+copy: src=fingerprints.conf dest=/etc/httpd/conf.d/{{website}}/fingerprints.conf
+notify:
+- restart httpd
+tags:
+- fingerprints
+- httpd
+- httpd/fingerprints