From 0d972f6c99f90630c97f355a17005dc15235a237 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 31 Dec 2021 10:20:29 +0100
Subject: Merging upstream version 20211231.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 CHANGELOG.txt                                  | 14 ++++++++
 VERSION.txt                                    |  2 +-
 dehydrated/Makefile                            |  3 +-
 dehydrated/TODO                                |  3 ++
 dehydrated/bin/dehydrated-cron                 |  4 +--
 dehydrated/bin/dehydrated-nsupdate             | 44 ++++++++++++++++++++++++--
 dehydrated/share/man/Makefile                  |  6 ++--
 dehydrated/share/man/dehydrated-cron.1.rst     |  3 ++
 dehydrated/share/man/dehydrated-nsupdate.1.rst |  3 +-
 git/bin/git-repo-repack                        | 13 ++++++--
 10 files changed, 81 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 5b2fd5c..97096a2 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,17 @@
+2021-12-31	Daniel Baumann <daniel.baumann@open-infrastructure.net>
+
+	* Releasing version 20211231.
+
+	[ Daniel Baumann ]
+	* Using long-options for dehydrated in its cronjob.
+	* Running dehydrated with keep-going to ensure as much certificates are fetched as possible.
+	* Adding support for kdigs out-of-tree json output to dehydrated-nsupdate.
+	* Updating dehydrated TODO file.
+	* Completing clean targets in dehydrated Makefile.
+	* Harmonizing dehydrated manpage Makefile.
+	* Adding reference to dehydrated.log in dehydrated-cron manpage.
+	* Simplifying quiet output handling in git-repo-repack.
+
 2021-12-13	Daniel Baumann <daniel.baumann@open-infrastructure.net>
 
 	* Releasing version 20211213.
diff --git a/VERSION.txt b/VERSION.txt
index 6fc1d23..9e7c11d 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20211213
+20211231
diff --git a/dehydrated/Makefile b/dehydrated/Makefile
index 534adf8..eda0513 100644
--- a/dehydrated/Makefile
+++ b/dehydrated/Makefile
@@ -131,7 +131,8 @@ uninstall:
 	rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true
 
 clean:
+	$(MAKE) -C share/man clean
 
-distclean:
+distclean: clean
 
 reinstall: uninstall install
diff --git a/dehydrated/TODO b/dehydrated/TODO
index 2bce240..9295784 100644
--- a/dehydrated/TODO
+++ b/dehydrated/TODO
@@ -3,3 +3,6 @@ TODO
 
   * use /etc/default for dehydrated-cron
   * use /etc/default for dehydrated-hook
+  * maybe handling multiple different CNAMEs
+    (not sure if letsencrypt allows that, however, dehydrated-nsupdate only
+    processes one CNAME)
diff --git a/dehydrated/bin/dehydrated-cron b/dehydrated/bin/dehydrated-cron
index 8e7904c..62bbfd7 100755
--- a/dehydrated/bin/dehydrated-cron
+++ b/dehydrated/bin/dehydrated-cron
@@ -23,7 +23,7 @@ set -e
 
 mkdir -p /var/log/dehydrated
 
-dehydrated -c >> /var/log/dehydrated/dehydrated.log
-dehydrated -gcd >> /var/log/dehydrated/dehydrated.log
+dehydrated --cron --keep-going >> /var/log/dehydrated/dehydrated.log
+dehydrated --cleanup-delete >> /var/log/dehydrated/dehydrated.log
 
 chown -R root:adm /var/log/dehydrated
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index be773f8..0b93145 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -46,6 +46,19 @@ if command -v kdig > /dev/null 2>&1
 then
 	# knot-dnsutils
 	DIG="kdig +noidn"
+
+	# out-of-tree json output support
+	if kdig +json > /dev/null 2>&1
+	then
+		DIG="${DIG} +json"
+		KDIG_JSON="true"
+
+		if ! command -v jq > /dev/null 2>&1
+		then
+			echo "'${HOOK}': need jq for knot-dnsutils with json output" >&2
+			exit 1
+		fi
+	fi
 elif command -v dig > /dev/null 2>&1
 then
 	# bind-dnsutils
@@ -79,7 +92,15 @@ do
 done
 
 # find txt record to update
-CNAME="$(${DIG} +nocomments +noquestion "_acme-challenge.${DOMAIN}" 2>&1 | grep -v '^;' | awk '/CNAME/ { print $5 }' | tail -n1)"
+case "${KDIG_JSON}" in
+	true)
+		CNAME="$(${DIG} "_acme-challenge.${DOMAIN}" | jq -r -M '.answer | .[] | .rdata' | tail -n1)"
+		;;
+
+	*)
+		CNAME="$(${DIG} +nocomments +noquestion "_acme-challenge.${DOMAIN}" 2>&1 | grep -v '^;' | awk '/CNAME/ { print $5 }' | tail -n1)"
+		;;
+esac
 
 if [ -n "${CNAME}" ]
 then
@@ -93,11 +114,28 @@ ZONE="${TXT_RECORD}"
 
 while true
 do
-	NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')"
+	case "${KDIG_JSON}" in
+		true)
+			NAMESERVERS="$(${DIG} NS "${ZONE}" | jq -r -M '.answer | .[] | .rdata')"
+			;;
+
+		*)
+			NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')"
+			;;
+	esac
 
 	if [ -n "${NAMESERVERS}" ]
 	then
-		ZONE="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $1 }' | tail -n1)"
+		case "${KDIG_JSON}" in
+			true)
+				ZONE="$(${DIG} NS "${ZONE}" | jq -r -M '.answer | .[] | .rdata' | tail -n1)"
+				;;
+
+			*)
+				ZONE="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $1 }' | tail -n1)"
+				;;
+		esac
+
 		break
 	else
 		ZONE="$(echo "${ZONE}" | cut -d '.' -f 2-)"
diff --git a/dehydrated/share/man/Makefile b/dehydrated/share/man/Makefile
index ff27677..7f7b3b8 100644
--- a/dehydrated/share/man/Makefile
+++ b/dehydrated/share/man/Makefile
@@ -35,8 +35,6 @@ all: build
 
 build: man
 
-rebuild: clean build
-
 man: man.in *.rst
 	@echo -n "Creating manpages... "
 
@@ -56,4 +54,6 @@ man: man.in *.rst
 clean:
 	rm -f *.[0-9]
 
-.PHONY: all clean build rebuild man
+distclean: clean
+
+rebuild: clean build
diff --git a/dehydrated/share/man/dehydrated-cron.1.rst b/dehydrated/share/man/dehydrated-cron.1.rst
index d927f78..ad2f579 100644
--- a/dehydrated/share/man/dehydrated-cron.1.rst
+++ b/dehydrated/share/man/dehydrated-cron.1.rst
@@ -54,6 +54,9 @@ The following files are used:
 /usr/bin/dehydrated-cron:
   script that gets executed by cron.
 
+/var/log/dehydrated/dehydrated.log
+  logfile for dehydrated-cron.
+
 See also
 ========
 
diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst
index b7e02a3..17a6203 100644
--- a/dehydrated/share/man/dehydrated-nsupdate.1.rst
+++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst
@@ -73,7 +73,8 @@ Features
 | **dehydrated-nsupdate** removes records after succesfull verification.
 
 | **bind9-dnsutils and knot-dnsutils support*
-| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot).
+| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot),
+| including support for kdigs out-of-tree json output.
 
 | **IDN handling**
 | **dehydrated-nsupdate** works with IDN domains by not expanding the punycode.
diff --git a/git/bin/git-repo-repack b/git/bin/git-repo-repack
index 58f909d..1d9d142 100755
--- a/git/bin/git-repo-repack
+++ b/git/bin/git-repo-repack
@@ -45,9 +45,16 @@ fi
 
 for REPOSITORY in ${REPOSITORIES}
 do
-	[ "${QUIET}" ] || echo "================================================================================"
-	[ "${QUIET}" ] || echo "${REPOSITORY}"
-	[ "${QUIET}" ] || echo "================================================================================"
+	if [ "${QUIET}" != "true" ]
+	then
+
+cat << EOF
+================================================================================
+${REPOSITORY}
+================================================================================
+EOF
+
+	fi
 
 	cd "${REPOSITORY}"
 	git repack "${GIT_REPACK_OPTIONS}" -a -b -d -f -F
-- 
cgit v1.2.3