diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2022-06-14 11:48:44 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2022-06-14 12:00:04 +0000 |
commit | d252334934fb9f2ef0c6195f807d8fa78b4410eb (patch) | |
tree | d39927e699cef304bb6f8669d1989f4f407aa6cc | |
parent | Adding upstream version 20220609. (diff) | |
download | open-infrastructure-service-tools-d252334934fb9f2ef0c6195f807d8fa78b4410eb.tar.xz open-infrastructure-service-tools-d252334934fb9f2ef0c6195f807d8fa78b4410eb.zip |
Adding upstream version 20220614.upstream/20220614
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | CHANGELOG.txt | 22 | ||||
-rw-r--r-- | Makefile | 95 | ||||
-rw-r--r-- | VERSION.txt | 2 | ||||
-rw-r--r-- | apache/Makefile | 2 | ||||
-rw-r--r-- | dehydrated/TODO | 4 | ||||
-rwxr-xr-x | dehydrated/bin/dehydrated-nsupdate | 44 | ||||
-rwxr-xr-x | dehydrated/share/hooks/exit_hook.service-reload | 8 | ||||
-rw-r--r-- | dehydrated/share/man/dehydrated-cron.1.rst | 36 | ||||
-rw-r--r-- | dehydrated/share/man/dehydrated-hook.1.rst | 49 | ||||
-rw-r--r-- | dehydrated/share/man/dehydrated-nsupdate.1.rst | 127 | ||||
-rwxr-xr-x | dnsdist/bin/dnsdist-console | 4 | ||||
-rwxr-xr-x | git/bin/git-checkout-branches | 2 | ||||
-rwxr-xr-x | git/bin/git-whoami | 24 | ||||
-rwxr-xr-x | git/share/hooks/post-update.d/irker-notification | 4 | ||||
-rwxr-xr-x | irker/bin/irkerhook-debian | 1 | ||||
-rwxr-xr-x | linux/bin/linux-i40e | 25 |
16 files changed, 323 insertions, 126 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 8289f87..db062f2 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,25 @@ +2022-06-14 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220614. + + [ Daniel Baumann ] + * Only restarting kresd in dehydrated exit_hook.service-reload if tls is configured. + * Adding test target in apache-tools makefile. + * Adding top-level makefile. + * Adding quotes arround some variables in dehydrated-tools to prevent globbing and word splitting. + * Adding quotes arround some variables in dnsdist-tools to prevent globbing and word splitting. + * Adding quotes arround some variables in linux-tools to prevent globbing and word splitting. + * Removing unused color definitions in linux-tools. + * Adding shellcheck exception in irker-tools for variable sourced from configuration file. + * Using read -r to not mangle backslashes in git-tools. + * Adding quotes arround some variables in git-tools to prevent globbing and word splitting. + * Changing default value handling for variables in git-whoami to more portable format. + * Consistently using curly braces for variables in git-whoami. + * Adding support for individual TSIG files per record, zone, and nameserver rather than having one global key for all updates in dehydrated-nsupdate. + * Handling comments in TSIG keyfiles in dehydrated-nsupdate to support disabling TSIG for individual records. + * Completing existing dehydrated-tools manpages. + * Updating dehydrated-tools TODO file. + 2022-06-09 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20220609. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..3c55809 --- /dev/null +++ b/Makefile @@ -0,0 +1,95 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +SHELL := sh -e + +VERSION := $(shell cat VERSION.txt) +TOOLS := $(shell find . -mindepth 1 -maxdepth 1 -type d -and -not -name ".git*" -and -not -name debian) + +all: build + +test: + @for TOOL in $(TOOLS); \ + do \ + echo "Processing $${TOOL}..."; \ + make -C $${TOOL} test; \ + echo; \ + done + +build: + @for TOOL in $(TOOLS); \ + do \ + echo "Processing $${TOOL}..."; \ + make -C $${TOOL} build; \ + echo; \ + done + +install: build + @for TOOL in $(TOOLS); \ + do \ + echo "Processing $${TOOL}..."; \ + make -C $${TOOL} install; \ + echo; \ + done + +uninstall: + @for TOOL in $(TOOLS); \ + do \ + echo "Processing $${TOOL}..."; \ + make -C $${TOOL} uninstall; \ + echo; \ + done + +clean: + @for TOOL in $(TOOLS); \ + do \ + echo "Processing $${TOOL}..."; \ + make -C $${TOOL} clean; \ + echo; \ + done + +distclean: + rm -rf service-tools-$(VERSION) + + @for TOOL in $(TOOLS); \ + do \ + echo "Processing $${TOOL}..."; \ + make -C $${TOOL} distclean; \ + echo; \ + done + +reinstall: uninstall install + +release: distclean + mkdir service-tools-$(VERSION) + find . -mindepth 1 -maxdepth 1 -and -not -name ".git*" -and -not -name debian -and -not -name service-tools-$(VERSION) -exec cp \-a {} service-tools-$(VERSION) \; + + for FORMAT in xz lzip; \ + do \ + EXTENSION=$$(echo $${FORMAT} | cut -b-2); \ + tar --$${FORMAT} -cf ../service-tools-$(VERSION).tar.$${EXTENSION} service-tools-$(VERSION); \ + sha512sum ../service-tools-$(VERSION).tar.$${EXTENSION} > ../service-tools-$(VERSION).tar.$${EXTENSION}.sha512; \ + gpg --default-key 0xB62C61A10B93195F --armor -b ../service-tools-$(VERSION).tar.$${EXTENSION}; \ + mv ../service-tools-$(VERSION).tar.$${EXTENSION}.asc ../service-tools-$(VERSION).tar.$${EXTENSION}.sig; \ + done + + rm -rf service-tools-$(VERSION) + +upload: + scp ../service-tools-$(VERSION).* get.open-infrastructure.net:/srv/get.open-infrastructure.net/files/software/service-tools/upstream diff --git a/VERSION.txt b/VERSION.txt index 2b282de..f6e8eb7 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20220609 +20220614 diff --git a/apache/Makefile b/apache/Makefile index c31a4cb..70b9a35 100644 --- a/apache/Makefile +++ b/apache/Makefile @@ -25,6 +25,8 @@ PROGRAM = apache-icons all: build +test: + build: share/man/*.rst $(MAKE) -C share/man diff --git a/dehydrated/TODO b/dehydrated/TODO index 1576ab5..9af54a5 100644 --- a/dehydrated/TODO +++ b/dehydrated/TODO @@ -1,9 +1,7 @@ TODO ==== + * add manpages for individual dehydrated hooks * use /etc/default for dehydrated-cron * use /etc/default for dehydrated-hook - * maybe handling multiple different CNAMEs - (not sure if letsencrypt allows that, however, dehydrated-nsupdate only - processes one CNAME) * use settings from _dehydrated.$domain.$tld diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index 96c95eb..05027ab 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -109,12 +109,12 @@ NAMESERVERS_IPV4="" for NAMESERVER in ${NAMESERVERS} do - if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ] + if [ -n "$(${DIG} +nocomments +noquestion +short AAAA "${NAMESERVER}")" ] then NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}" fi - if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ] + if [ -n "$(${DIG} +nocomments +noquestion +short A "${NAMESERVER}")" ] then NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}" fi @@ -133,16 +133,44 @@ then NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}" fi -NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)" +NAMESERVERS="$(echo "${NAMESERVERS}" | sed -e 's| |\n|g' | sort -u -V)" # update nameservers -if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] -then - NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}" -fi - for NAMESERVER in ${NAMESERVERS} do + if [ -e "/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" ] + then + # specific key per record + KEY="/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" + elif [ -e "/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" ] + then + # specific key per zone + KEY="/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" + elif [ -e "/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" ] + then + # specific key per nameserver + KEY="/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" + elif [ -e "/etc/dehydrated/tsig.key" ] + then + # global key (filesystem) + KEY="/etc/dehydrated/tsig.key" + elif [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] + then + # global key (conffile) + KEY="${TSIG_KEYFILE}" + else + # no key + KEY="" + fi + + # ignoring comments to allow empty keyfiles to disable TSIG individually + TSIG="$(grep -sv '^#' "${KEY}" || true)" + + if [ -n "${KEY}" ] && [ -n "${TSIG}" ] + then + NSUPDATE_OPTIONS="-k ${KEY}" + fi + echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." # shellcheck disable=SC2086 diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload index ebe2d23..486c62f 100755 --- a/dehydrated/share/hooks/exit_hook.service-reload +++ b/dehydrated/share/hooks/exit_hook.service-reload @@ -27,17 +27,17 @@ echo " + Reloading services..." for SERVICE in ${SERVICES} do - if service ${SERVICE} status > /dev/null 2>&1 + if service "${SERVICE}" status > /dev/null 2>&1 then echo -n " + ${SERVICE}:" - service ${SERVICE} reload || service ${SERVICE} restart + service "${SERVICE}" reload || service "${SERVICE}" restart echo " done." fi done -if service kresd@1 status > /dev/null 2>&1 +if grep -r -qs '^net.tls' /etc/knot-resolver/* && service kresd@1 status > /dev/null 2>&1 then NUMBER="$(systemctl | grep -c 'kresd@[0-9].service')" @@ -48,7 +48,7 @@ then for NUMBER in $(seq 1 "${NUMBER}") do echo -n " #${NUMBER}" - service kresd@${NUMBER} restart + service kresd@"${NUMBER}" restart done echo " done." diff --git a/dehydrated/share/man/dehydrated-cron.1.rst b/dehydrated/share/man/dehydrated-cron.1.rst index c060127..cd93a30 100644 --- a/dehydrated/share/man/dehydrated-cron.1.rst +++ b/dehydrated/share/man/dehydrated-cron.1.rst @@ -36,12 +36,25 @@ Synopsis Description =========== -**dehydrated** is a client for ACME-based Certificate Authorities, such as -LetsEncrypt. It can be used to request and obtain TLS certificates from an -ACME-based certificate authority. +**dehydrated** is a client for ACME-based Certificate Authorities, such as LetsEncrypt. It can be used to request and obtain TLS certificates from an ACME-based certificate authority. + +The **dehydrated-cron** script runs dehydrated once per day and on system reboot for an automatic certificate renewal. + +It uses the dehydrated '--keep-going' option to keep going after encountering an error while creating/renewing multiple certificates. Afterwards it also removes all unused certificates by using the dehydrated '--cleanup-delete' option. + +Usage +===== + +Installation +------------ + +| sudo ln -s /usr/bin/dehydrated-cron /etc/cron.d/dehydrated + +Removal +------- + +| sudo rm -f /etc/cron.d/dehydrated -The **dehydrated-cron** script runs dehydrated once per day and on system -reboot for an automatic certificate renewal. Files ===== @@ -67,21 +80,16 @@ See also Homepage ======== -More information about service-tools and the Open Infrastructure project can be -found on the homepage (https://open-infrastructure.net). +More information about service-tools and the Open Infrastructure project can be found on the homepage (https://open-infrastructure.net). Contact ======= -Bug reports, feature requests, help, patches, support and everything else are -welcome on the Open Infrastructure Software Mailing List -<software@lists.open-infrastructure.net>. +Bug reports, feature requests, help, patches, support and everything else are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. -Debian specific bugs can also be reported in the Debian Bug Tracking System -(https://bugs.debian.org). +Debian specific bugs can also be reported in the Debian Bug Tracking System (https://bugs.debian.org). Authors ======= -service-tools were written by Daniel Baumann -<daniel.baumann@open-infrastructure.net> and others. +service-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/dehydrated/share/man/dehydrated-hook.1.rst b/dehydrated/share/man/dehydrated-hook.1.rst index 607be92..de63127 100644 --- a/dehydrated/share/man/dehydrated-hook.1.rst +++ b/dehydrated/share/man/dehydrated-hook.1.rst @@ -36,43 +36,45 @@ Synopsis Description =========== -**dehydrated** is a client for ACME-based Certificate Authorities, such as -LetsEncrypt. It can be used to request and obtain TLS certificates from an -ACME-based certificate authority. +**dehydrated** is a client for ACME-based Certificate Authorities, such as LetsEncrypt. It can be used to request and obtain TLS certificates from an ACME-based certificate authority. -The **dehydrated-hook** makes it possible to run multiple scripts in every -stage within the process of creating, signing and deploying a certificate. +The **dehydrated-hook** makes it possible to run multiple scripts in every stage within the process of creating, signing and deploying a certificate. -Scripts need to be placed in /etc/dehydrated/hook.d and need to be prefixed -with the name of the handler, e.g. exit_hook.example1 or exit_hook.example2.sh +Scripts need to be placed in /etc/dehydrated/hook.d and need to be prefixed with the name of the handler, e.g. exit_hook.example1 or exit_hook.example2.sh Handlers ======== The following **dehydrated** handlers are available: +| | deploy_challenge - | clean_challenge - | sync_cert - | deploy_cert - | deploy_ocsp - | unchanged_cert - | invalid_challenge - | request_failure - | generate_csr - | startup_hook - | exit_hook +Usage +===== + +Installation +------------ + +| sudo echo HOOK="/usr/bin/dehydrated-hook" > /etc/dehydrated/conf.d/zz-hook.sh +| sudo mkdir -p /etc/dehydrated/hook.d + +Removal +------- + +| sudo rm -f /etc/dehydrated/conf.d/zz-hook.sh +| sudo rmdir /etc/dehydrated/hook.d + Files ===== @@ -91,21 +93,16 @@ See also Homepage ======== -More information about service-tools and the Open Infrastructure project can be -found on the homepage (https://open-infrastructure.net). +More information about service-tools and the Open Infrastructure project can be found on the homepage (https://open-infrastructure.net). Contact ======= -Bug reports, feature requests, help, patches, support and everything else are -welcome on the Open Infrastructure Software Mailing List -<software@lists.open-infrastructure.net>. +Bug reports, feature requests, help, patches, support and everything else are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. -Debian specific bugs can also be reported in the Debian Bug Tracking System -(https://bugs.debian.org). +Debian specific bugs can also be reported in the Debian Bug Tracking System (https://bugs.debian.org). Authors ======= -service-tools were written by Daniel Baumann -<daniel.baumann@open-infrastructure.net> and others. +service-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst index db58d5c..059a269 100644 --- a/dehydrated/share/man/dehydrated-nsupdate.1.rst +++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst @@ -36,15 +36,12 @@ Synopsis Description =========== -**dehydrated** is a client for ACME-based Certificate Authorities, such as -LetsEncrypt. It can be used to request and obtain TLS certificates from an -ACME-based certificate authority. +**dehydrated** is a client for ACME-based Certificate Authorities, such as LetsEncrypt. It can be used to request and obtain TLS certificates from an ACME-based certificate authority. -The **dehydrated-nsupdate** hook implements the dns-01 verification. It is -typically run together with **dehydrated-hook** as: +The **dehydrated-nsupdate** hook implements the dns-01 verification. It is typically run together with **dehydrated-hook** as: +| | /etc/dehydrated/hook.d/deploy_challenge.nsupdate - | /etc/dehydrated/hook.d/clean_challenge.nsupdate Features @@ -52,32 +49,87 @@ Features **dehydrated-nsupdate** has the following features: -| **automatic nameserver detection** -| **dehydrated-nsupdate** automatically finds and updates all authoritative -| nameservers for a given record by looking up the records in the DNS by itself, -| supporting IPv6-only, IPv4-only, and dual-stacked environments. +Automatic nameserver detection (IPv4 and IPv6) +---------------------------------------------- + +dehydrated-nsupdate automatically finds and updates all authoritative nameservers for a given record by looking up the records in the DNS by itself, supporting IPv6-only, IPv4-only, and dual-stacked environments. + +Proper CNAME support +-------------------- + +dehydrated-nsupdate follows CNAMEs delegating the TXT record update to another zone. + +Handling nameserver subzone shortcuts +------------------------------------- + +dehydrated-nsupdate correctly handles authoritative nameserver answers that (wrongly) give shortcut answers for their own zones when using multiple authoritative subzones on the same nameservers. + +TSIG support +------------ -| **proper CNAME support** -| **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to -| another zone. +dehydrated-nsupdate uses TSIG, if provided, to authenticate itself to the nameserver. Additionally to a global TSIG to be used for all record updates, separate TSIGs can individually be specified per record, per zone, and per nameserver. -| **handling nameserver subzone shortcuts** -| **dehydrated-nsupdate** correctly handles authoritative nameserver -| answers that give shortcut answers for their own zones when using -| multiple subzones. +Proper removal of TXT records +----------------------------- -| **TSIG support** -| **dehydrated-nsupdate** uses TSIG, if provided, to authenticate -| itself to the nameserver. +dehydrated-nsupdate removes records after succesfull verification. + +bind9-dnsutils and knot-dnsutils support +---------------------------------------- + +dehydrated-nsupdate works with both nsupdate (bind9) and knsupdate (knot). + +IDN handling +------------ + +dehydrated-nsupdate works with IDN domains by not expanding the punycode to update the correct records. + +Usage +===== -| **proper removal of TXT records** -| **dehydrated-nsupdate** removes records after succesfull verification. +dehydrated-hook(1) is a prerequisite for dehydrated-nsupdate. -| **bind9-dnsutils and knot-dnsutils support* -| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot). +Installation +------------ -| **IDN handling** -| **dehydrated-nsupdate** works with IDN domains by not expanding the punycode. +| sudo echo CHALLENGETYPE="dns-01" > /etc/dehydrated/conf.d/zz-challengetype.sh +| sudo ln -s /usr/bin/dehydrated-nsupdate /etc/dehydrated/hook.d/deploy_challenge.nsupdate +| sudo ln -s /usr/bin/dehydrated-nsupdate /etc/dehydrated/hook.d/clean_challenge.nsupdate + +Removal +------- + +| sudo rm -f /etc/dehydrated/conf.d/zz-challengetype.sh +| sudo rm -f /etc/dehydrated/hook.d/deploy_challenge.nsupdate +| sudo rm -f /etc/dehydrated/hook.d/clean_challenge.nsupdate + +Configuration +============= + +Depending on the nameserver requirements, dehydrated-nsupdate can send record updates either unauthenticated or using a TSIG (recommended). + +A TSIG file consists of one single line containing the key (nsupdate/knsupdate do not allow comments), e.g.: + +| +| hmac-sha512:example:/LXPy6U8HAWA+QmvulZWm0owsQgNf8qJ5MNLTvirzvVtDb+PzLKoBmVHjnL6TUffkvRYa7Do448dSIrAuJ1G/A== + +Instead of using a global TSIG for all record update, specific TSIGs can be used individually per record, zone, and nameserver. + +The lookup hierarchy is the following (earliest match wins): + +| +| /etc/dehydrated/tsig/${record}.key +| /etc/dehydrated/tsig/${zone}.key +| /etc/dehydrated/tsig/${nameserver}.key +| /etc/dehydrated/tsig.key +| +| TSIG_KEYFILE variable in /etc/default/dehydrated-nsupdate/* +| TSIG_KEYFILE variable in /etc/default/dehydrated-nsupdate + +In order to explicitly not use a TSIG for a specific record, zone, or nameserver, an empty keyfile or a keyfile with only comments can be used, e.g.: + +| +| echo "# disabled" > /etc/dehydrated/tsig/ns1.example.org.key Files ===== @@ -85,11 +137,13 @@ Files The following files are used: /etc/dehydrated/tsig.key: - default location for the TSIG key to be used. + default location for global TSIG key to be used. + +/etc/dehydrated/tsig/${record}.key, /etc/dehydrated/tsig/${zone}.key, /etc/dehydrated/tsig/${nameserver}.key: + default locations for specific TSIG keys to be used individually per record, zone, or nameserver. -/etc/default/dehydrated-nsupdate, /etc/default/dehydrated-nsupdate.d/*: - configuration file, currently only used for TSIG_KEYFILE variable pointing - to the tsig.key file to be used (default: /etc/dehydrated/tsig.key). +/etc/default/dehydrated-nsupdate, /etc/default/dehydrated-nsupdate.d/\*: + configuration file, currently only used for TSIG_KEYFILE variable pointing to the location of the global TSIG key to be used (default: /etc/dehydrated/tsig.key). See also ======== @@ -101,21 +155,16 @@ See also Homepage ======== -More information about service-tools and the Open Infrastructure project can be -found on the homepage (https://open-infrastructure.net). +More information about service-tools and the Open Infrastructure project can be found on the homepage (https://open-infrastructure.net). Contact ======= -Bug reports, feature requests, help, patches, support and everything else are -welcome on the Open Infrastructure Software Mailing List -<software@lists.open-infrastructure.net>. +Bug reports, feature requests, help, patches, support and everything else are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. -Debian specific bugs can also be reported in the Debian Bug Tracking System -(https://bugs.debian.org). +Debian specific bugs can also be reported in the Debian Bug Tracking System (https://bugs.debian.org). Authors ======= -service-tools were written by Daniel Baumann -<daniel.baumann@open-infrastructure.net> and others. +service-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/dnsdist/bin/dnsdist-console b/dnsdist/bin/dnsdist-console index 8667533..8fcd3b0 100755 --- a/dnsdist/bin/dnsdist-console +++ b/dnsdist/bin/dnsdist-console @@ -21,7 +21,7 @@ set -e -PROGRAM="$(basename ${0})" +PROGRAM="$(basename "${0}")" Usage () { @@ -57,4 +57,4 @@ then Usage fi -dnsdist ${OPTIONS} +dnsdist "${OPTIONS}" diff --git a/git/bin/git-checkout-branches b/git/bin/git-checkout-branches index c0c586c..220386f 100755 --- a/git/bin/git-checkout-branches +++ b/git/bin/git-checkout-branches @@ -29,7 +29,7 @@ do BRANCH="$(echo "${REMOTE_BRANCH}" | cut -d/ -f 2-)" case "${BRANCH}" in - HEAD|${CURRENT_BRANCH}) + HEAD|"${CURRENT_BRANCH}") continue ;; esac diff --git a/git/bin/git-whoami b/git/bin/git-whoami index 9cab9bc..50f432a 100755 --- a/git/bin/git-whoami +++ b/git/bin/git-whoami @@ -10,24 +10,24 @@ set -e get_email() { - git config user.email || ( [ -n "$EMAIL" ] && echo "$EMAIL" ) || echo "$(id -nu)@$(hostname --fqdn)" + git config user.email || ( [ -n "${EMAIL}" ] && echo "${EMAIL}" ) || echo "$(id -nu)@$(hostname --fqdn)" } get_name() { - git config user.name || getent passwd $(id -un) | cut -d : -f 5 | cut -d , -f 1 + git config user.name || getent passwd "$(id -un)" | cut -d : -f 5 | cut -d , -f 1 } -: ${GIT_AUTHOR_NAME=$(get_name)} -: ${GIT_COMMITTER_NAME=$(get_name)} -: ${GIT_AUTHOR_EMAIL=$(get_email)} -: ${GIT_COMMITTER_EMAIL=$(get_email)} +GIT_AUTHOR_NAME="${GIT_AUTHOR_NAME:-$(get_name)}" +GIT_AUTHOR_EMAIL="${GIT_AUTHOR_EMAIL:-$(get_email)}" +GIT_COMMITTER_NAME="${GIT_COMMITER_NAME:-$(get_name)}" +GIT_COMMITTER_EMAIL="${GIT_COMMITER_EMAIL:-$(get_email)}" -author="$GIT_AUTHOR_NAME <$GIT_AUTHOR_EMAIL>" -commit="$GIT_COMMITTER_NAME <$GIT_COMMITTER_EMAIL>" +author="$GIT_AUTHOR_NAME <${GIT_AUTHOR_EMAIL}>" +commit="$GIT_COMMITTER_NAME <${GIT_COMMITTER_EMAIL}>" -if [ "$author" = "$commit" ]; then - echo "$author" +if [ "${author}" = "${commit}" ]; then + echo "${author}" else - echo "Author: $author" - echo "Commit: $commit" + echo "Author: ${author}" + echo "Commit: ${commit}" fi diff --git a/git/share/hooks/post-update.d/irker-notification b/git/share/hooks/post-update.d/irker-notification index 1ad6f54..7c712db 100755 --- a/git/share/hooks/post-update.d/irker-notification +++ b/git/share/hooks/post-update.d/irker-notification @@ -28,7 +28,7 @@ fi echo "sending IRC notification" -while read OLD NEW REFNAME +while read -r OLD NEW REFNAME do - irkerhook --refname=${REFNAME} $(git rev-list --reverse ${OLD}..${NEW}) + irkerhook --refname="${REFNAME}" "$(git rev-list --reverse "${OLD}".."${NEW}")" done diff --git a/irker/bin/irkerhook-debian b/irker/bin/irkerhook-debian index a0f6d52..ce8dfb4 100755 --- a/irker/bin/irkerhook-debian +++ b/irker/bin/irkerhook-debian @@ -40,6 +40,7 @@ fi echo "sending IRC notification" +# shellcheck disable=SC2153 for IRC_CHANNEL in ${IRC_CHANNELS} do irk "${IRC_CHANNEL}" "${MESSAGE}" diff --git a/linux/bin/linux-i40e b/linux/bin/linux-i40e index 2c8f322..ffe17b3 100755 --- a/linux/bin/linux-i40e +++ b/linux/bin/linux-i40e @@ -21,13 +21,10 @@ set -e -PROGRAM="$(basename ${0})" +PROGRAM="$(basename "${0}")" RED="\033[1;33;31m" GREEN="\033[1;33;32m" -YELLOW="\033[1;33;33m" -BLUE="\033[1;33;34m" -WHITE="\033[1;33;37m" NORMAL="\033[0m" Ethtool_get () @@ -36,9 +33,9 @@ Ethtool_get () FLAG="${2}" TARGET_VALUE="${3}" - if ethtool --show-priv-flags ${DEVICE} | awk '{ print $1 }' | grep -qs "^${FLAG}$" + if ethtool --show-priv-flags "${DEVICE}" | awk '{ print $1 }' | grep -qs "^${FLAG}$" then - CURRENT_VALUE="$(ethtool --show-priv-flags ${DEVICE} | awk "/^${FLAG} / { print \$3 }")" + CURRENT_VALUE="$(ethtool --show-priv-flags "${DEVICE}" | awk "/^${FLAG} / { print \$3 }")" if [ "${CURRENT_VALUE}" = "${TARGET_VALUE}" ] then @@ -55,10 +52,10 @@ Ethtool_set () FLAG="${2}" VALUE="${3}" - if ethtool --show-priv-flags ${DEVICE} | awk '{ print $1 }' | grep -qs "^${FLAG}$" + if ethtool --show-priv-flags "${DEVICE}" | awk '{ print $1 }' | grep -qs "^${FLAG}$" then echo -n " ${FLAG}" - ethtool --set-priv-flags ${DEVICE} ${FLAG} ${VALUE} + ethtool --set-priv-flags "${DEVICE}" "${FLAG}" "${VALUE}" echo -n "=${VALUE}" fi } @@ -83,8 +80,8 @@ Start () for DEVICE in ${DEVICES} do echo -n "Configuring ${DEVICE}:" - Ethtool_set ${DEVICE} disable-fw-lldp on - Ethtool_set ${DEVICE} link-down-on-close on + Ethtool_set "${DEVICE}" disable-fw-lldp on + Ethtool_set "${DEVICE}" link-down-on-close on echo done } @@ -96,8 +93,8 @@ Stop () for DEVICE in ${DEVICES} do echo -n "Deconfiguring ${DEVICE}:" - Ethtool_set ${DEVICE} disable-fw-lldp off - Ethtool_set ${DEVICE} link-down-on-close off + Ethtool_set "${DEVICE}" disable-fw-lldp off + Ethtool_set "${DEVICE}" link-down-on-close off echo done } @@ -107,8 +104,8 @@ Status () for DEVICE in ${DEVICES} do echo -n "${DEVICE}:" - Ethtool_get ${DEVICE} disable-fw-lldp on - Ethtool_get ${DEVICE} link-down-on-close on + Ethtool_get "${DEVICE}" disable-fw-lldp on + Ethtool_get "${DEVICE}" link-down-on-close on echo done } |