Compare commits
4 Commits
6017c6bbd2
...
de13f4d352
Author | SHA1 | Date |
---|---|---|
nervuri | de13f4d352 | |
nervuri | 9528ed10ef | |
nervuri | f3f4f72d9c | |
nervuri | fa6221e91a |
|
@ -25,7 +25,7 @@ To install them in Debian, run: `sudo apt install openssl idn torsocks` and `pip
|
|||
|
||||
`./main.sh` will run all scripts. For the [trust stores repo](https://tildegit.org/nervuri/trust-stores), I use `time ./main.sh >log-stdout 2>log-stderr`. For 893 hosts, the command takes around 80 minutes to complete with Tor verification and 45 minutes without.
|
||||
|
||||
`get-certs.sh` accepts `tor` as an optional argument, to double-check certificates using the Tor network. If you have `torsocks` installed, this option will automatically be used when you run `./main.sh`.
|
||||
`get-certs.sh` accepts `tor` as an optional argument, to double-check certificates using the Tor network. This option will automatically be used when you run `./main.sh`.
|
||||
|
||||
All trust store generators accept certificate expiry boundaries as arguments. Ex:
|
||||
|
||||
|
|
|
@ -90,8 +90,9 @@ while read -r host; do
|
|||
>&2 echo "$host_and_port - connection failed"
|
||||
fi
|
||||
|
||||
# If "tor" option is used, then connect again via Tor,
|
||||
# to check if we get the same cert from a different network perspective.
|
||||
# If the "tor" option is used and the current host is not an onion
|
||||
# service, then connect again via Tor, to check if we get the same
|
||||
# cert from a different network perspective.
|
||||
mismatch=0
|
||||
if [ "${1:-}" = 'tor' ] && [ -n "${host##*.onion}" ]; then
|
||||
|
||||
|
|
39
get-hosts.sh
39
get-hosts.sh
|
@ -27,18 +27,32 @@ if [ -z "$hosts2" ]; then
|
|||
>&2 echo "lupa-capsules.txt download failed."
|
||||
exit 1
|
||||
fi
|
||||
#hosts3=$(agunua --binary --maximum-time 20 \
|
||||
# gemini://auragem.space/search/capsules 2>/dev/null \
|
||||
# | grep "gemini://" | cut -d ' ' -f 2 | cut -d '/' -f 3)
|
||||
#if [ -z "$hosts3" ]; then
|
||||
# >&2 echo "geminispace.info/known-hosts download failed."
|
||||
# exit 1
|
||||
#fi
|
||||
|
||||
# Concatenate hosts files.
|
||||
hosts="$hosts1
|
||||
$hosts2"
|
||||
#$hosts3"
|
||||
|
||||
# Prepare temporary file.
|
||||
tempfile=$(mktemp)
|
||||
# Delete temporary file on exit.
|
||||
finish() {
|
||||
rm -f "$tempfile"
|
||||
}
|
||||
trap finish EXIT
|
||||
|
||||
echo "$hosts" | while read -r line; do
|
||||
# Remove redundant ":1965" port from each line that has it.
|
||||
line="${line%:1965}"
|
||||
# Remove redundant "." from the end of each hostname that has it.
|
||||
line="${line%.}"
|
||||
# Hostname to lowercase.
|
||||
line=$(echo "$line" | tr '[:upper:]' '[:lower:]')
|
||||
# Add cleaned up hostnames to temporary file.
|
||||
echo "$line" >> "$tempfile"
|
||||
done
|
||||
|
||||
# Get hosts back from temporary file.
|
||||
hosts=$(cat "$tempfile")
|
||||
|
||||
# Remove empty lines; convert punycode to unicode; sort entries; remove duplicates.
|
||||
hosts=$(echo "$hosts" | awk NF | idn --allow-unassigned --idna-to-unicode | sort -fu)
|
||||
|
@ -59,16 +73,9 @@ if [ -z "$hosts" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Save to temporary file.
|
||||
tempfile=$(mktemp)
|
||||
# Save to temporary file again.
|
||||
echo "$hosts" > "$tempfile"
|
||||
|
||||
# Delete temporary file on exit.
|
||||
finish() {
|
||||
rm -f "$tempfile"
|
||||
}
|
||||
trap finish EXIT
|
||||
|
||||
# Check connection to host.
|
||||
# $1: "" or "tor"
|
||||
# $2: host[:port]
|
||||
|
|
9
main.sh
9
main.sh
|
@ -20,7 +20,8 @@ if ! command -v agunua >/dev/null; then
|
|||
exit 1
|
||||
fi
|
||||
if ! command -v torsocks >/dev/null; then
|
||||
>&2 echo '"torsocks" not installed! [optional]'
|
||||
>&2 echo '"torsocks" not installed! [required]'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Go where this script is.
|
||||
|
@ -32,11 +33,7 @@ echo '=== get hosts ==='
|
|||
./get-hosts.sh
|
||||
|
||||
echo '=== get certs ==='
|
||||
if command -v torsocks >/dev/null; then
|
||||
./get-certs.sh tor
|
||||
else
|
||||
./get-certs.sh
|
||||
fi
|
||||
./get-certs.sh tor
|
||||
|
||||
echo '=== prune old certs ==='
|
||||
./prune-old-certs.sh
|
||||
|
|
27
test-hosts
27
test-hosts
|
@ -1,15 +1,16 @@
|
|||
gemini.circumlunar.space
|
||||
pureXO.mom
|
||||
[purexo.mom]
|
||||
89.47.164.70
|
||||
[89.47.164.70]
|
||||
89.47.164.70:1965
|
||||
[89.47.164.70]:1965
|
||||
2a02:7b40:592f:a446::1
|
||||
[2a02:7b40:592f:a446::1]
|
||||
[2a02:7b40:592f:a446::1]:1965
|
||||
protonirockerxow.onion:443
|
||||
wikipedia.geminet.org
|
||||
wikipedia.geminet.org:1966
|
||||
geminiprotocol.net
|
||||
rawTEXT.club
|
||||
[rawtext.club]
|
||||
185.52.1.48
|
||||
[185.52.1.48]
|
||||
185.52.1.48:1965
|
||||
[185.52.1.48]:1965
|
||||
2a00:d880:11::187
|
||||
[2a00:d880:11::187]
|
||||
[2a00:d880:11::187]:1965
|
||||
protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion:443
|
||||
gemini.thegonz.net:1965
|
||||
gemini.thegonz.net
|
||||
gemini.thegonz.net:3965
|
||||
gémeaux.bortzmeyer.org
|
||||
xn--gmeaux-bva.bortzmeyer.org
|
||||
|
|
Loading…
Reference in New Issue