summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2022-06-14 11:48:44 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2022-06-14 12:00:04 +0000
commitd252334934fb9f2ef0c6195f807d8fa78b4410eb (patch)
treed39927e699cef304bb6f8669d1989f4f407aa6cc
parentAdding upstream version 20220609. (diff)
downloadopen-infrastructure-service-tools-d252334934fb9f2ef0c6195f807d8fa78b4410eb.tar.xz
open-infrastructure-service-tools-d252334934fb9f2ef0c6195f807d8fa78b4410eb.zip
Adding upstream version 20220614.upstream/20220614
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--CHANGELOG.txt22
-rw-r--r--Makefile95
-rw-r--r--VERSION.txt2
-rw-r--r--apache/Makefile2
-rw-r--r--dehydrated/TODO4
-rwxr-xr-xdehydrated/bin/dehydrated-nsupdate44
-rwxr-xr-xdehydrated/share/hooks/exit_hook.service-reload8
-rw-r--r--dehydrated/share/man/dehydrated-cron.1.rst36
-rw-r--r--dehydrated/share/man/dehydrated-hook.1.rst49
-rw-r--r--dehydrated/share/man/dehydrated-nsupdate.1.rst127
-rwxr-xr-xdnsdist/bin/dnsdist-console4
-rwxr-xr-xgit/bin/git-checkout-branches2
-rwxr-xr-xgit/bin/git-whoami24
-rwxr-xr-xgit/share/hooks/post-update.d/irker-notification4
-rwxr-xr-xirker/bin/irkerhook-debian1
-rwxr-xr-xlinux/bin/linux-i40e25
16 files changed, 323 insertions, 126 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 8289f87..db062f2 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,25 @@
+2022-06-14 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+
+ * Releasing version 20220614.
+
+ [ Daniel Baumann ]
+ * Only restarting kresd in dehydrated exit_hook.service-reload if tls is configured.
+ * Adding test target in apache-tools makefile.
+ * Adding top-level makefile.
+ * Adding quotes arround some variables in dehydrated-tools to prevent globbing and word splitting.
+ * Adding quotes arround some variables in dnsdist-tools to prevent globbing and word splitting.
+ * Adding quotes arround some variables in linux-tools to prevent globbing and word splitting.
+ * Removing unused color definitions in linux-tools.
+ * Adding shellcheck exception in irker-tools for variable sourced from configuration file.
+ * Using read -r to not mangle backslashes in git-tools.
+ * Adding quotes arround some variables in git-tools to prevent globbing and word splitting.
+ * Changing default value handling for variables in git-whoami to more portable format.
+ * Consistently using curly braces for variables in git-whoami.
+ * Adding support for individual TSIG files per record, zone, and nameserver rather than having one global key for all updates in dehydrated-nsupdate.
+ * Handling comments in TSIG keyfiles in dehydrated-nsupdate to support disabling TSIG for individual records.
+ * Completing existing dehydrated-tools manpages.
+ * Updating dehydrated-tools TODO file.
+
2022-06-09 Daniel Baumann <daniel.baumann@open-infrastructure.net>
* Releasing version 20220609.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..3c55809
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,95 @@
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+SHELL := sh -e
+
+VERSION := $(shell cat VERSION.txt)
+TOOLS := $(shell find . -mindepth 1 -maxdepth 1 -type d -and -not -name ".git*" -and -not -name debian)
+
+all: build
+
+test:
+ @for TOOL in $(TOOLS); \
+ do \
+ echo "Processing $${TOOL}..."; \
+ make -C $${TOOL} test; \
+ echo; \
+ done
+
+build:
+ @for TOOL in $(TOOLS); \
+ do \
+ echo "Processing $${TOOL}..."; \
+ make -C $${TOOL} build; \
+ echo; \
+ done
+
+install: build
+ @for TOOL in $(TOOLS); \
+ do \
+ echo "Processing $${TOOL}..."; \
+ make -C $${TOOL} install; \
+ echo; \
+ done
+
+uninstall:
+ @for TOOL in $(TOOLS); \
+ do \
+ echo "Processing $${TOOL}..."; \
+ make -C $${TOOL} uninstall; \
+ echo; \
+ done
+
+clean:
+ @for TOOL in $(TOOLS); \
+ do \
+ echo "Processing $${TOOL}..."; \
+ make -C $${TOOL} clean; \
+ echo; \
+ done
+
+distclean:
+ rm -rf service-tools-$(VERSION)
+
+ @for TOOL in $(TOOLS); \
+ do \
+ echo "Processing $${TOOL}..."; \
+ make -C $${TOOL} distclean; \
+ echo; \
+ done
+
+reinstall: uninstall install
+
+release: distclean
+ mkdir service-tools-$(VERSION)
+ find . -mindepth 1 -maxdepth 1 -and -not -name ".git*" -and -not -name debian -and -not -name service-tools-$(VERSION) -exec cp \-a {} service-tools-$(VERSION) \;
+
+ for FORMAT in xz lzip; \
+ do \
+ EXTENSION=$$(echo $${FORMAT} | cut -b-2); \
+ tar --$${FORMAT} -cf ../service-tools-$(VERSION).tar.$${EXTENSION} service-tools-$(VERSION); \
+ sha512sum ../service-tools-$(VERSION).tar.$${EXTENSION} > ../service-tools-$(VERSION).tar.$${EXTENSION}.sha512; \
+ gpg --default-key 0xB62C61A10B93195F --armor -b ../service-tools-$(VERSION).tar.$${EXTENSION}; \
+ mv ../service-tools-$(VERSION).tar.$${EXTENSION}.asc ../service-tools-$(VERSION).tar.$${EXTENSION}.sig; \
+ done
+
+ rm -rf service-tools-$(VERSION)
+
+upload:
+ scp ../service-tools-$(VERSION).* get.open-infrastructure.net:/srv/get.open-infrastructure.net/files/software/service-tools/upstream
diff --git a/VERSION.txt b/VERSION.txt
index 2b282de..f6e8eb7 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20220609
+20220614
diff --git a/apache/Makefile b/apache/Makefile
index c31a4cb..70b9a35 100644
--- a/apache/Makefile
+++ b/apache/Makefile
@@ -25,6 +25,8 @@ PROGRAM = apache-icons
all: build
+test:
+
build: share/man/*.rst
$(MAKE) -C share/man
diff --git a/dehydrated/TODO b/dehydrated/TODO
index 1576ab5..9af54a5 100644
--- a/dehydrated/TODO
+++ b/dehydrated/TODO
@@ -1,9 +1,7 @@
TODO
====
+ * add manpages for individual dehydrated hooks
* use /etc/default for dehydrated-cron
* use /etc/default for dehydrated-hook
- * maybe handling multiple different CNAMEs
- (not sure if letsencrypt allows that, however, dehydrated-nsupdate only
- processes one CNAME)
* use settings from _dehydrated.$domain.$tld
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index 96c95eb..05027ab 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -109,12 +109,12 @@ NAMESERVERS_IPV4=""
for NAMESERVER in ${NAMESERVERS}
do
- if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ]
+ if [ -n "$(${DIG} +nocomments +noquestion +short AAAA "${NAMESERVER}")" ]
then
NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}"
fi
- if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ]
+ if [ -n "$(${DIG} +nocomments +noquestion +short A "${NAMESERVER}")" ]
then
NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}"
fi
@@ -133,16 +133,44 @@ then
NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}"
fi
-NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)"
+NAMESERVERS="$(echo "${NAMESERVERS}" | sed -e 's| |\n|g' | sort -u -V)"
# update nameservers
-if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
-then
- NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}"
-fi
-
for NAMESERVER in ${NAMESERVERS}
do
+ if [ -e "/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" ]
+ then
+ # specific key per record
+ KEY="/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key"
+ elif [ -e "/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" ]
+ then
+ # specific key per zone
+ KEY="/etc/dehydrated/tsig/$(basename "${ZONE}" .).key"
+ elif [ -e "/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" ]
+ then
+ # specific key per nameserver
+ KEY="/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key"
+ elif [ -e "/etc/dehydrated/tsig.key" ]
+ then
+ # global key (filesystem)
+ KEY="/etc/dehydrated/tsig.key"
+ elif [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
+ then
+ # global key (conffile)
+ KEY="${TSIG_KEYFILE}"
+ else
+ # no key
+ KEY=""
+ fi
+
+ # ignoring comments to allow empty keyfiles to disable TSIG individually
+ TSIG="$(grep -sv '^#' "${KEY}" || true)"
+
+ if [ -n "${KEY}" ] && [ -n "${TSIG}" ]
+ then
+ NSUPDATE_OPTIONS="-k ${KEY}"
+ fi
+
echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..."
# shellcheck disable=SC2086
diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload
index ebe2d23..486c62f 100755
--- a/dehydrated/share/hooks/exit_hook.service-reload
+++ b/dehydrated/share/hooks/exit_hook.service-reload
@@ -27,17 +27,17 @@ echo " + Reloading services..."
for SERVICE in ${SERVICES}
do
- if service ${SERVICE} status > /dev/null 2>&1
+ if service "${SERVICE}" status > /dev/null 2>&1
then
echo -n " + ${SERVICE}:"
- service ${SERVICE} reload || service ${SERVICE} restart
+ service "${SERVICE}" reload || service "${SERVICE}" restart
echo " done."
fi
done
-if service kresd@1 status > /dev/null 2>&1
+if grep -r -qs '^net.tls' /etc/knot-resolver/* && service kresd@1 status > /dev/null 2>&1
then
NUMBER="$(systemctl | grep -c 'kresd@[0-9].service')"
@@ -48,7 +48,7 @@ then
for NUMBER in $(seq 1 "${NUMBER}")
do
echo -n " #${NUMBER}"
- service kresd@${NUMBER} restart
+ service kresd@"${NUMBER}" restart
done
echo " done."
diff --git a/dehydrated/share/man/dehydrated-cron.1.rst b/dehydrated/share/man/dehydrated-cron.1.rst
index c060127..cd93a30 100644
--- a/dehydrated/share/man/dehydrated-cron.1.rst
+++ b/dehydrated/share/man/dehydrated-cron.1.rst
@@ -36,12 +36,25 @@ Synopsis
Description
===========
-**dehydrated** is a client for ACME-based Certificate Authorities, such as
-LetsEncrypt. It can be used to request and obtain TLS certificates from an
-ACME-based certificate authority.
+**dehydrated** is a client for ACME-based Certificate Authorities, such as LetsEncrypt. It can be used to request and obtain TLS certificates from an ACME-based certificate authority.
+
+The **dehydrated-cron** script runs dehydrated once per day and on system reboot for an automatic certificate renewal.
+
+It uses the dehydrated '--keep-going' option to keep going after encountering an error while creating/renewing multiple certificates. Afterwards it also removes all unused certificates by using the dehydrated '--cleanup-delete' option.
+
+Usage
+=====
+
+Installation
+------------
+
+| sudo ln -s /usr/bin/dehydrated-cron /etc/cron.d/dehydrated
+
+Removal
+-------
+
+| sudo rm -f /etc/cron.d/dehydrated
-The **dehydrated-cron** script runs dehydrated once per day and on system
-reboot for an automatic certificate renewal.
Files
=====
@@ -67,21 +80,16 @@ See also
Homepage
========
-More information about service-tools and the Open Infrastructure project can be
-found on the homepage (https://open-infrastructure.net).
+More information about service-tools and the Open Infrastructure project can be found on the homepage (https://open-infrastructure.net).
Contact
=======
-Bug reports, feature requests, help, patches, support and everything else are
-welcome on the Open Infrastructure Software Mailing List
-<software@lists.open-infrastructure.net>.
+Bug reports, feature requests, help, patches, support and everything else are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
-Debian specific bugs can also be reported in the Debian Bug Tracking System
-(https://bugs.debian.org).
+Debian specific bugs can also be reported in the Debian Bug Tracking System (https://bugs.debian.org).
Authors
=======
-service-tools were written by Daniel Baumann
-<daniel.baumann@open-infrastructure.net> and others.
+service-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others.
diff --git a/dehydrated/share/man/dehydrated-hook.1.rst b/dehydrated/share/man/dehydrated-hook.1.rst
index 607be92..de63127 100644
--- a/dehydrated/share/man/dehydrated-hook.1.rst
+++ b/dehydrated/share/man/dehydrated-hook.1.rst
@@ -36,43 +36,45 @@ Synopsis
Description
===========
-**dehydrated** is a client for ACME-based Certificate Authorities, such as
-LetsEncrypt. It can be used to request and obtain TLS certificates from an
-ACME-based certificate authority.
+**dehydrated** is a client for ACME-based Certificate Authorities, such as LetsEncrypt. It can be used to request and obtain TLS certificates from an ACME-based certificate authority.
-The **dehydrated-hook** makes it possible to run multiple scripts in every
-stage within the process of creating, signing and deploying a certificate.
+The **dehydrated-hook** makes it possible to run multiple scripts in every stage within the process of creating, signing and deploying a certificate.
-Scripts need to be placed in /etc/dehydrated/hook.d and need to be prefixed
-with the name of the handler, e.g. exit_hook.example1 or exit_hook.example2.sh
+Scripts need to be placed in /etc/dehydrated/hook.d and need to be prefixed with the name of the handler, e.g. exit_hook.example1 or exit_hook.example2.sh
Handlers
========
The following **dehydrated** handlers are available:
+|
| deploy_challenge
-
| clean_challenge
-
| sync_cert
-
| deploy_cert
-
| deploy_ocsp
-
| unchanged_cert
-
| invalid_challenge
-
| request_failure
-
| generate_csr
-
| startup_hook
-
| exit_hook
+Usage
+=====
+
+Installation
+------------
+
+| sudo echo HOOK="/usr/bin/dehydrated-hook" > /etc/dehydrated/conf.d/zz-hook.sh
+| sudo mkdir -p /etc/dehydrated/hook.d
+
+Removal
+-------
+
+| sudo rm -f /etc/dehydrated/conf.d/zz-hook.sh
+| sudo rmdir /etc/dehydrated/hook.d
+
Files
=====
@@ -91,21 +93,16 @@ See also
Homepage
========
-More information about service-tools and the Open Infrastructure project can be
-found on the homepage (https://open-infrastructure.net).
+More information about service-tools and the Open Infrastructure project can be found on the homepage (https://open-infrastructure.net).
Contact
=======
-Bug reports, feature requests, help, patches, support and everything else are
-welcome on the Open Infrastructure Software Mailing List
-<software@lists.open-infrastructure.net>.
+Bug reports, feature requests, help, patches, support and everything else are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
-Debian specific bugs can also be reported in the Debian Bug Tracking System
-(https://bugs.debian.org).
+Debian specific bugs can also be reported in the Debian Bug Tracking System (https://bugs.debian.org).
Authors
=======
-service-tools were written by Daniel Baumann
-<daniel.baumann@open-infrastructure.net> and others.
+service-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others.
diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst
index db58d5c..059a269 100644
--- a/dehydrated/share/man/dehydrated-nsupdate.1.rst
+++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst
@@ -36,15 +36,12 @@ Synopsis
Description
===========
-**dehydrated** is a client for ACME-based Certificate Authorities, such as
-LetsEncrypt. It can be used to request and obtain TLS certificates from an
-ACME-based certificate authority.
+**dehydrated** is a client for ACME-based Certificate Authorities, such as LetsEncrypt. It can be used to request and obtain TLS certificates from an ACME-based certificate authority.
-The **dehydrated-nsupdate** hook implements the dns-01 verification. It is
-typically run together with **dehydrated-hook** as:
+The **dehydrated-nsupdate** hook implements the dns-01 verification. It is typically run together with **dehydrated-hook** as:
+|
| /etc/dehydrated/hook.d/deploy_challenge.nsupdate
-
| /etc/dehydrated/hook.d/clean_challenge.nsupdate
Features
@@ -52,32 +49,87 @@ Features
**dehydrated-nsupdate** has the following features:
-| **automatic nameserver detection**
-| **dehydrated-nsupdate** automatically finds and updates all authoritative
-| nameservers for a given record by looking up the records in the DNS by itself,
-| supporting IPv6-only, IPv4-only, and dual-stacked environments.
+Automatic nameserver detection (IPv4 and IPv6)
+----------------------------------------------
+
+dehydrated-nsupdate automatically finds and updates all authoritative nameservers for a given record by looking up the records in the DNS by itself, supporting IPv6-only, IPv4-only, and dual-stacked environments.
+
+Proper CNAME support
+--------------------
+
+dehydrated-nsupdate follows CNAMEs delegating the TXT record update to another zone.
+
+Handling nameserver subzone shortcuts
+-------------------------------------
+
+dehydrated-nsupdate correctly handles authoritative nameserver answers that (wrongly) give shortcut answers for their own zones when using multiple authoritative subzones on the same nameservers.
+
+TSIG support
+------------
-| **proper CNAME support**
-| **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to
-| another zone.
+dehydrated-nsupdate uses TSIG, if provided, to authenticate itself to the nameserver. Additionally to a global TSIG to be used for all record updates, separate TSIGs can individually be specified per record, per zone, and per nameserver.
-| **handling nameserver subzone shortcuts**
-| **dehydrated-nsupdate** correctly handles authoritative nameserver
-| answers that give shortcut answers for their own zones when using
-| multiple subzones.
+Proper removal of TXT records
+-----------------------------
-| **TSIG support**
-| **dehydrated-nsupdate** uses TSIG, if provided, to authenticate
-| itself to the nameserver.
+dehydrated-nsupdate removes records after succesfull verification.
+
+bind9-dnsutils and knot-dnsutils support
+----------------------------------------
+
+dehydrated-nsupdate works with both nsupdate (bind9) and knsupdate (knot).
+
+IDN handling
+------------
+
+dehydrated-nsupdate works with IDN domains by not expanding the punycode to update the correct records.
+
+Usage
+=====
-| **proper removal of TXT records**
-| **dehydrated-nsupdate** removes records after succesfull verification.
+dehydrated-hook(1) is a prerequisite for dehydrated-nsupdate.
-| **bind9-dnsutils and knot-dnsutils support*
-| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot).
+Installation
+------------
-| **IDN handling**
-| **dehydrated-nsupdate** works with IDN domains by not expanding the punycode.
+| sudo echo CHALLENGETYPE="dns-01" > /etc/dehydrated/conf.d/zz-challengetype.sh
+| sudo ln -s /usr/bin/dehydrated-nsupdate /etc/dehydrated/hook.d/deploy_challenge.nsupdate
+| sudo ln -s /usr/bin/dehydrated-nsupdate /etc/dehydrated/hook.d/clean_challenge.nsupdate
+
+Removal
+-------
+
+| sudo rm -f /etc/dehydrated/conf.d/zz-challengetype.sh
+| sudo rm -f /etc/dehydrated/hook.d/deploy_challenge.nsupdate
+| sudo rm -f /etc/dehydrated/hook.d/clean_challenge.nsupdate
+
+Configuration
+=============
+
+Depending on the nameserver requirements, dehydrated-nsupdate can send record updates either unauthenticated or using a TSIG (recommended).
+
+A TSIG file consists of one single line containing the key (nsupdate/knsupdate do not allow comments), e.g.:
+
+|
+| hmac-sha512:example:/LXPy6U8HAWA+QmvulZWm0owsQgNf8qJ5MNLTvirzvVtDb+PzLKoBmVHjnL6TUffkvRYa7Do448dSIrAuJ1G/A==
+
+Instead of using a global TSIG for all record update, specific TSIGs can be used individually per record, zone, and nameserver.
+
+The lookup hierarchy is the following (earliest match wins):
+
+|
+| /etc/dehydrated/tsig/${record}.key
+| /etc/dehydrated/tsig/${zone}.key
+| /etc/dehydrated/tsig/${nameserver}.key
+| /etc/dehydrated/tsig.key
+|
+| TSIG_KEYFILE variable in /etc/default/dehydrated-nsupdate/*
+| TSIG_KEYFILE variable in /etc/default/dehydrated-nsupdate
+
+In order to explicitly not use a TSIG for a specific record, zone, or nameserver, an empty keyfile or a keyfile with only comments can be used, e.g.:
+
+|
+| echo "# disabled" > /etc/dehydrated/tsig/ns1.example.org.key
Files
=====
@@ -85,11 +137,13 @@ Files
The following files are used:
/etc/dehydrated/tsig.key:
- default location for the TSIG key to be used.
+ default location for global TSIG key to be used.
+
+/etc/dehydrated/tsig/${record}.key, /etc/dehydrated/tsig/${zone}.key, /etc/dehydrated/tsig/${nameserver}.key:
+ default locations for specific TSIG keys to be used individually per record, zone, or nameserver.
-/etc/default/dehydrated-nsupdate, /etc/default/dehydrated-nsupdate.d/*:
- configuration file, currently only used for TSIG_KEYFILE variable pointing
- to the tsig.key file to be used (default: /etc/dehydrated/tsig.key).
+/etc/default/dehydrated-nsupdate, /etc/default/dehydrated-nsupdate.d/\*:
+ configuration file, currently only used for TSIG_KEYFILE variable pointing to the location of the global TSIG key to be used (default: /etc/dehydrated/tsig.key).
See also
========
@@ -101,21 +155,16 @@ See also
Homepage
========
-More information about service-tools and the Open Infrastructure project can be
-found on the homepage (https://open-infrastructure.net).
+More information about service-tools and the Open Infrastructure project can be found on the homepage (https://open-infrastructure.net).
Contact
=======
-Bug reports, feature requests, help, patches, support and everything else are
-welcome on the Open Infrastructure Software Mailing List
-<software@lists.open-infrastructure.net>.
+Bug reports, feature requests, help, patches, support and everything else are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
-Debian specific bugs can also be reported in the Debian Bug Tracking System
-(https://bugs.debian.org).
+Debian specific bugs can also be reported in the Debian Bug Tracking System (https://bugs.debian.org).
Authors
=======
-service-tools were written by Daniel Baumann
-<daniel.baumann@open-infrastructure.net> and others.
+service-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others.
diff --git a/dnsdist/bin/dnsdist-console b/dnsdist/bin/dnsdist-console
index 8667533..8fcd3b0 100755
--- a/dnsdist/bin/dnsdist-console
+++ b/dnsdist/bin/dnsdist-console
@@ -21,7 +21,7 @@
set -e
-PROGRAM="$(basename ${0})"
+PROGRAM="$(basename "${0}")"
Usage ()
{
@@ -57,4 +57,4 @@ then
Usage
fi
-dnsdist ${OPTIONS}
+dnsdist "${OPTIONS}"
diff --git a/git/bin/git-checkout-branches b/git/bin/git-checkout-branches
index c0c586c..220386f 100755
--- a/git/bin/git-checkout-branches
+++ b/git/bin/git-checkout-branches
@@ -29,7 +29,7 @@ do
BRANCH="$(echo "${REMOTE_BRANCH}" | cut -d/ -f 2-)"
case "${BRANCH}" in
- HEAD|${CURRENT_BRANCH})
+ HEAD|"${CURRENT_BRANCH}")
continue
;;
esac
diff --git a/git/bin/git-whoami b/git/bin/git-whoami
index 9cab9bc..50f432a 100755
--- a/git/bin/git-whoami
+++ b/git/bin/git-whoami
@@ -10,24 +10,24 @@
set -e
get_email() {
- git config user.email || ( [ -n "$EMAIL" ] && echo "$EMAIL" ) || echo "$(id -nu)@$(hostname --fqdn)"
+ git config user.email || ( [ -n "${EMAIL}" ] && echo "${EMAIL}" ) || echo "$(id -nu)@$(hostname --fqdn)"
}
get_name() {
- git config user.name || getent passwd $(id -un) | cut -d : -f 5 | cut -d , -f 1
+ git config user.name || getent passwd "$(id -un)" | cut -d : -f 5 | cut -d , -f 1
}
-: ${GIT_AUTHOR_NAME=$(get_name)}
-: ${GIT_COMMITTER_NAME=$(get_name)}
-: ${GIT_AUTHOR_EMAIL=$(get_email)}
-: ${GIT_COMMITTER_EMAIL=$(get_email)}
+GIT_AUTHOR_NAME="${GIT_AUTHOR_NAME:-$(get_name)}"
+GIT_AUTHOR_EMAIL="${GIT_AUTHOR_EMAIL:-$(get_email)}"
+GIT_COMMITTER_NAME="${GIT_COMMITER_NAME:-$(get_name)}"
+GIT_COMMITTER_EMAIL="${GIT_COMMITER_EMAIL:-$(get_email)}"
-author="$GIT_AUTHOR_NAME <$GIT_AUTHOR_EMAIL>"
-commit="$GIT_COMMITTER_NAME <$GIT_COMMITTER_EMAIL>"
+author="$GIT_AUTHOR_NAME <${GIT_AUTHOR_EMAIL}>"
+commit="$GIT_COMMITTER_NAME <${GIT_COMMITTER_EMAIL}>"
-if [ "$author" = "$commit" ]; then
- echo "$author"
+if [ "${author}" = "${commit}" ]; then
+ echo "${author}"
else
- echo "Author: $author"
- echo "Commit: $commit"
+ echo "Author: ${author}"
+ echo "Commit: ${commit}"
fi
diff --git a/git/share/hooks/post-update.d/irker-notification b/git/share/hooks/post-update.d/irker-notification
index 1ad6f54..7c712db 100755
--- a/git/share/hooks/post-update.d/irker-notification
+++ b/git/share/hooks/post-update.d/irker-notification
@@ -28,7 +28,7 @@ fi
echo "sending IRC notification"
-while read OLD NEW REFNAME
+while read -r OLD NEW REFNAME
do
- irkerhook --refname=${REFNAME} $(git rev-list --reverse ${OLD}..${NEW})
+ irkerhook --refname="${REFNAME}" "$(git rev-list --reverse "${OLD}".."${NEW}")"
done
diff --git a/irker/bin/irkerhook-debian b/irker/bin/irkerhook-debian
index a0f6d52..ce8dfb4 100755
--- a/irker/bin/irkerhook-debian
+++ b/irker/bin/irkerhook-debian
@@ -40,6 +40,7 @@ fi
echo "sending IRC notification"
+# shellcheck disable=SC2153
for IRC_CHANNEL in ${IRC_CHANNELS}
do
irk "${IRC_CHANNEL}" "${MESSAGE}"
diff --git a/linux/bin/linux-i40e b/linux/bin/linux-i40e
index 2c8f322..ffe17b3 100755
--- a/linux/bin/linux-i40e
+++ b/linux/bin/linux-i40e
@@ -21,13 +21,10 @@
set -e
-PROGRAM="$(basename ${0})"
+PROGRAM="$(basename "${0}")"
RED="\033[1;33;31m"
GREEN="\033[1;33;32m"
-YELLOW="\033[1;33;33m"
-BLUE="\033[1;33;34m"
-WHITE="\033[1;33;37m"
NORMAL="\033[0m"
Ethtool_get ()
@@ -36,9 +33,9 @@ Ethtool_get ()
FLAG="${2}"
TARGET_VALUE="${3}"
- if ethtool --show-priv-flags ${DEVICE} | awk '{ print $1 }' | grep -qs "^${FLAG}$"
+ if ethtool --show-priv-flags "${DEVICE}" | awk '{ print $1 }' | grep -qs "^${FLAG}$"
then
- CURRENT_VALUE="$(ethtool --show-priv-flags ${DEVICE} | awk "/^${FLAG} / { print \$3 }")"
+ CURRENT_VALUE="$(ethtool --show-priv-flags "${DEVICE}" | awk "/^${FLAG} / { print \$3 }")"
if [ "${CURRENT_VALUE}" = "${TARGET_VALUE}" ]
then
@@ -55,10 +52,10 @@ Ethtool_set ()
FLAG="${2}"
VALUE="${3}"
- if ethtool --show-priv-flags ${DEVICE} | awk '{ print $1 }' | grep -qs "^${FLAG}$"
+ if ethtool --show-priv-flags "${DEVICE}" | awk '{ print $1 }' | grep -qs "^${FLAG}$"
then
echo -n " ${FLAG}"
- ethtool --set-priv-flags ${DEVICE} ${FLAG} ${VALUE}
+ ethtool --set-priv-flags "${DEVICE}" "${FLAG}" "${VALUE}"
echo -n "=${VALUE}"
fi
}
@@ -83,8 +80,8 @@ Start ()
for DEVICE in ${DEVICES}
do
echo -n "Configuring ${DEVICE}:"
- Ethtool_set ${DEVICE} disable-fw-lldp on
- Ethtool_set ${DEVICE} link-down-on-close on
+ Ethtool_set "${DEVICE}" disable-fw-lldp on
+ Ethtool_set "${DEVICE}" link-down-on-close on
echo
done
}
@@ -96,8 +93,8 @@ Stop ()
for DEVICE in ${DEVICES}
do
echo -n "Deconfiguring ${DEVICE}:"
- Ethtool_set ${DEVICE} disable-fw-lldp off
- Ethtool_set ${DEVICE} link-down-on-close off
+ Ethtool_set "${DEVICE}" disable-fw-lldp off
+ Ethtool_set "${DEVICE}" link-down-on-close off
echo
done
}
@@ -107,8 +104,8 @@ Status ()
for DEVICE in ${DEVICES}
do
echo -n "${DEVICE}:"
- Ethtool_get ${DEVICE} disable-fw-lldp on
- Ethtool_get ${DEVICE} link-down-on-close on
+ Ethtool_get "${DEVICE}" disable-fw-lldp on
+ Ethtool_get "${DEVICE}" link-down-on-close on
echo
done
}