summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.txt14
-rw-r--r--VERSION.txt2
-rw-r--r--dehydrated/Makefile3
-rw-r--r--dehydrated/TODO3
-rwxr-xr-xdehydrated/bin/dehydrated-cron4
-rwxr-xr-xdehydrated/bin/dehydrated-nsupdate44
-rw-r--r--dehydrated/share/man/Makefile6
-rw-r--r--dehydrated/share/man/dehydrated-cron.1.rst3
-rw-r--r--dehydrated/share/man/dehydrated-nsupdate.1.rst3
-rwxr-xr-xgit/bin/git-repo-repack13
10 files changed, 81 insertions, 14 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 5b2fd5c..97096a2 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,17 @@
+2021-12-31 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+
+ * Releasing version 20211231.
+
+ [ Daniel Baumann ]
+ * Using long-options for dehydrated in its cronjob.
+ * Running dehydrated with keep-going to ensure as much certificates are fetched as possible.
+ * Adding support for kdigs out-of-tree json output to dehydrated-nsupdate.
+ * Updating dehydrated TODO file.
+ * Completing clean targets in dehydrated Makefile.
+ * Harmonizing dehydrated manpage Makefile.
+ * Adding reference to dehydrated.log in dehydrated-cron manpage.
+ * Simplifying quiet output handling in git-repo-repack.
+
2021-12-13 Daniel Baumann <daniel.baumann@open-infrastructure.net>
* Releasing version 20211213.
diff --git a/VERSION.txt b/VERSION.txt
index 6fc1d23..9e7c11d 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20211213
+20211231
diff --git a/dehydrated/Makefile b/dehydrated/Makefile
index 534adf8..eda0513 100644
--- a/dehydrated/Makefile
+++ b/dehydrated/Makefile
@@ -131,7 +131,8 @@ uninstall:
rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true
clean:
+ $(MAKE) -C share/man clean
-distclean:
+distclean: clean
reinstall: uninstall install
diff --git a/dehydrated/TODO b/dehydrated/TODO
index 2bce240..9295784 100644
--- a/dehydrated/TODO
+++ b/dehydrated/TODO
@@ -3,3 +3,6 @@ TODO
* use /etc/default for dehydrated-cron
* use /etc/default for dehydrated-hook
+ * maybe handling multiple different CNAMEs
+ (not sure if letsencrypt allows that, however, dehydrated-nsupdate only
+ processes one CNAME)
diff --git a/dehydrated/bin/dehydrated-cron b/dehydrated/bin/dehydrated-cron
index 8e7904c..62bbfd7 100755
--- a/dehydrated/bin/dehydrated-cron
+++ b/dehydrated/bin/dehydrated-cron
@@ -23,7 +23,7 @@ set -e
mkdir -p /var/log/dehydrated
-dehydrated -c >> /var/log/dehydrated/dehydrated.log
-dehydrated -gcd >> /var/log/dehydrated/dehydrated.log
+dehydrated --cron --keep-going >> /var/log/dehydrated/dehydrated.log
+dehydrated --cleanup-delete >> /var/log/dehydrated/dehydrated.log
chown -R root:adm /var/log/dehydrated
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index be773f8..0b93145 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -46,6 +46,19 @@ if command -v kdig > /dev/null 2>&1
then
# knot-dnsutils
DIG="kdig +noidn"
+
+ # out-of-tree json output support
+ if kdig +json > /dev/null 2>&1
+ then
+ DIG="${DIG} +json"
+ KDIG_JSON="true"
+
+ if ! command -v jq > /dev/null 2>&1
+ then
+ echo "'${HOOK}': need jq for knot-dnsutils with json output" >&2
+ exit 1
+ fi
+ fi
elif command -v dig > /dev/null 2>&1
then
# bind-dnsutils
@@ -79,7 +92,15 @@ do
done
# find txt record to update
-CNAME="$(${DIG} +nocomments +noquestion "_acme-challenge.${DOMAIN}" 2>&1 | grep -v '^;' | awk '/CNAME/ { print $5 }' | tail -n1)"
+case "${KDIG_JSON}" in
+ true)
+ CNAME="$(${DIG} "_acme-challenge.${DOMAIN}" | jq -r -M '.answer | .[] | .rdata' | tail -n1)"
+ ;;
+
+ *)
+ CNAME="$(${DIG} +nocomments +noquestion "_acme-challenge.${DOMAIN}" 2>&1 | grep -v '^;' | awk '/CNAME/ { print $5 }' | tail -n1)"
+ ;;
+esac
if [ -n "${CNAME}" ]
then
@@ -93,11 +114,28 @@ ZONE="${TXT_RECORD}"
while true
do
- NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')"
+ case "${KDIG_JSON}" in
+ true)
+ NAMESERVERS="$(${DIG} NS "${ZONE}" | jq -r -M '.answer | .[] | .rdata')"
+ ;;
+
+ *)
+ NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')"
+ ;;
+ esac
if [ -n "${NAMESERVERS}" ]
then
- ZONE="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $1 }' | tail -n1)"
+ case "${KDIG_JSON}" in
+ true)
+ ZONE="$(${DIG} NS "${ZONE}" | jq -r -M '.answer | .[] | .rdata' | tail -n1)"
+ ;;
+
+ *)
+ ZONE="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $1 }' | tail -n1)"
+ ;;
+ esac
+
break
else
ZONE="$(echo "${ZONE}" | cut -d '.' -f 2-)"
diff --git a/dehydrated/share/man/Makefile b/dehydrated/share/man/Makefile
index ff27677..7f7b3b8 100644
--- a/dehydrated/share/man/Makefile
+++ b/dehydrated/share/man/Makefile
@@ -35,8 +35,6 @@ all: build
build: man
-rebuild: clean build
-
man: man.in *.rst
@echo -n "Creating manpages... "
@@ -56,4 +54,6 @@ man: man.in *.rst
clean:
rm -f *.[0-9]
-.PHONY: all clean build rebuild man
+distclean: clean
+
+rebuild: clean build
diff --git a/dehydrated/share/man/dehydrated-cron.1.rst b/dehydrated/share/man/dehydrated-cron.1.rst
index d927f78..ad2f579 100644
--- a/dehydrated/share/man/dehydrated-cron.1.rst
+++ b/dehydrated/share/man/dehydrated-cron.1.rst
@@ -54,6 +54,9 @@ The following files are used:
/usr/bin/dehydrated-cron:
script that gets executed by cron.
+/var/log/dehydrated/dehydrated.log
+ logfile for dehydrated-cron.
+
See also
========
diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst
index b7e02a3..17a6203 100644
--- a/dehydrated/share/man/dehydrated-nsupdate.1.rst
+++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst
@@ -73,7 +73,8 @@ Features
| **dehydrated-nsupdate** removes records after succesfull verification.
| **bind9-dnsutils and knot-dnsutils support*
-| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot).
+| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot),
+| including support for kdigs out-of-tree json output.
| **IDN handling**
| **dehydrated-nsupdate** works with IDN domains by not expanding the punycode.
diff --git a/git/bin/git-repo-repack b/git/bin/git-repo-repack
index 58f909d..1d9d142 100755
--- a/git/bin/git-repo-repack
+++ b/git/bin/git-repo-repack
@@ -45,9 +45,16 @@ fi
for REPOSITORY in ${REPOSITORIES}
do
- [ "${QUIET}" ] || echo "================================================================================"
- [ "${QUIET}" ] || echo "${REPOSITORY}"
- [ "${QUIET}" ] || echo "================================================================================"
+ if [ "${QUIET}" != "true" ]
+ then
+
+cat << EOF
+================================================================================
+${REPOSITORY}
+================================================================================
+EOF
+
+ fi
cd "${REPOSITORY}"
git repack "${GIT_REPACK_OPTIONS}" -a -b -d -f -F