From c1338b131aa7a1a44fd0aea8c02951f14178af97 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 Sep 2021 09:14:33 +0200 Subject: Merging upstream version 20210905. Signed-off-by: Daniel Baumann --- CHANGELOG.txt | 10 ++++ VERSION.txt | 2 +- dehydrated/TODO | 2 +- dehydrated/bin/dehydrated-hook | 115 +++++++++++++++++++++++++++++++++++++ dehydrated/bin/dehydrated-hook.d | 115 ------------------------------------- dehydrated/bin/dehydrated-nsupdate | 8 ++- git/bin/git-hook | 32 +++++++++++ git/bin/git-hook.d | 32 ----------- 8 files changed, 166 insertions(+), 150 deletions(-) create mode 100755 dehydrated/bin/dehydrated-hook delete mode 100755 dehydrated/bin/dehydrated-hook.d create mode 100755 git/bin/git-hook delete mode 100755 git/bin/git-hook.d diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 9aeb844..605761f 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,13 @@ +2021-09-05 Daniel Baumann + + * Releasing version 20210905. + + [ Daniel Baumann ] + * Renaming dehydrated-hook.d to dehydrated-hook for consistency. + * Renaming giit-hook.d to git-hook for consistency. + * Updating dehydrated todo file. + * Adding tsig keyfile support to dehydrated-nsupdate. + 2021-09-04 Daniel Baumann * Releasing version 20210904. diff --git a/VERSION.txt b/VERSION.txt index fd5abf1..7633bd1 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20210904 +20210905 diff --git a/dehydrated/TODO b/dehydrated/TODO index 0025e8a..bd980cc 100644 --- a/dehydrated/TODO +++ b/dehydrated/TODO @@ -1,4 +1,4 @@ TODO ==== - * add hmac/tsig support + * write manpages diff --git a/dehydrated/bin/dehydrated-hook b/dehydrated/bin/dehydrated-hook new file mode 100755 index 0000000..4e7b7ff --- /dev/null +++ b/dehydrated/bin/dehydrated-hook @@ -0,0 +1,115 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2021 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +HOOKS="/etc/dehydrated/hook.d" + +deploy_challenge () +{ + export DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" + + run-parts --regex '^deploy_challenge.*' "${HOOKS}" +} + +clean_challenge () +{ + export DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" + + run-parts --regex '^clean_challenge.*' "${HOOKS}" +} + +sync_cert () +{ + export KEYFILE="${1}" CERTFILE="${2}" FULLCHAINFILE="${3}" CHAINFILE="${4}" REQUESTFILE="${5}" + + run-parts --regex '^sync_cert.*' "${HOOKS}" +} + +deploy_cert () +{ + export DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}" + + run-parts --regex '^deploy_cert.*' "${HOOKS}" +} + +deploy_ocsp () +{ + export DOMAIN="${1}" OCSPFILE="${2}" TIMESTAMP="${3}" + + run-parts --regex '^deploy_ocsp.*' "${HOOKS}" +} + +unchanged_cert () +{ + export DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" + + run-parts --regex '^unchanged_cert.*' "${HOOKS}" +} + +invalid_challenge () +{ + export DOMAIN="${1}" RESPONSE="${2}" + + run-parts --regex '^invalid_challenge.*' "${HOOKS}" +} + +request_failure () +{ + export STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}" HEADERS="${4}" + + run-parts --regex '^request_failure.*' "${HOOKS}" +} + +generate_csr () +{ + export DOMAIN="${1}" CERTDIR="${2}" ALTNAMES="${3}" + + run-parts --regex '^generate_csr.*' "${HOOKS}" +} + +startup_hook () +{ + run-parts --regex '^startup_hook.*' "${HOOKS}" +} + +exit_hook () +{ + export ERROR="${1:-}" + + run-parts --regex '^exit_hook.*' "${HOOKS}" +} + +HANDLER="${1}" + +if [ -z "${HANDLER}" ] +then + echo "Usage: ${0} HANDLER" >&2 + exit 1 +fi + +shift + +case "${HANDLER}" in + deploy_challenge|clean_challenge|sync_cert|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook) + "${HANDLER}" "${@}" + ;; +esac diff --git a/dehydrated/bin/dehydrated-hook.d b/dehydrated/bin/dehydrated-hook.d deleted file mode 100755 index 4e7b7ff..0000000 --- a/dehydrated/bin/dehydrated-hook.d +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/sh - -# Open Infrastructure: service-tools - -# Copyright (C) 2014-2021 Daniel Baumann -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -set -e - -HOOKS="/etc/dehydrated/hook.d" - -deploy_challenge () -{ - export DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" - - run-parts --regex '^deploy_challenge.*' "${HOOKS}" -} - -clean_challenge () -{ - export DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" - - run-parts --regex '^clean_challenge.*' "${HOOKS}" -} - -sync_cert () -{ - export KEYFILE="${1}" CERTFILE="${2}" FULLCHAINFILE="${3}" CHAINFILE="${4}" REQUESTFILE="${5}" - - run-parts --regex '^sync_cert.*' "${HOOKS}" -} - -deploy_cert () -{ - export DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}" - - run-parts --regex '^deploy_cert.*' "${HOOKS}" -} - -deploy_ocsp () -{ - export DOMAIN="${1}" OCSPFILE="${2}" TIMESTAMP="${3}" - - run-parts --regex '^deploy_ocsp.*' "${HOOKS}" -} - -unchanged_cert () -{ - export DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" - - run-parts --regex '^unchanged_cert.*' "${HOOKS}" -} - -invalid_challenge () -{ - export DOMAIN="${1}" RESPONSE="${2}" - - run-parts --regex '^invalid_challenge.*' "${HOOKS}" -} - -request_failure () -{ - export STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}" HEADERS="${4}" - - run-parts --regex '^request_failure.*' "${HOOKS}" -} - -generate_csr () -{ - export DOMAIN="${1}" CERTDIR="${2}" ALTNAMES="${3}" - - run-parts --regex '^generate_csr.*' "${HOOKS}" -} - -startup_hook () -{ - run-parts --regex '^startup_hook.*' "${HOOKS}" -} - -exit_hook () -{ - export ERROR="${1:-}" - - run-parts --regex '^exit_hook.*' "${HOOKS}" -} - -HANDLER="${1}" - -if [ -z "${HANDLER}" ] -then - echo "Usage: ${0} HANDLER" >&2 - exit 1 -fi - -shift - -case "${HANDLER}" in - deploy_challenge|clean_challenge|sync_cert|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook) - "${HANDLER}" "${@}" - ;; -esac diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index ec8cf7f..7b6ea34 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -103,6 +103,11 @@ do fi done +if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] +then + NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}" +fi + NAMESERVERS="$(${DIG} +short NS "${ZONE}")" # update nameservers @@ -110,11 +115,12 @@ for NAMESERVER in ${NAMESERVERS} do echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." +# shellcheck disable=SC2086 echo "server ${NAMESERVER} zone ${ZONE} ttl 0 update ${HOOK_ACTION} ${TXT_RECORD} 0 TXT ${TOKEN_VALUE} -send" | "${NSUPDATE}" +send" | "${NSUPDATE}" ${NSUPDATE_OPTIONS} echo " done." done diff --git a/git/bin/git-hook b/git/bin/git-hook new file mode 100755 index 0000000..b6928d9 --- /dev/null +++ b/git/bin/git-hook @@ -0,0 +1,32 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2021 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +HOOKS="${0}.d" + +for HOOK in "${HOOKS}"/* +do + if [ -x "${HOOK}" ] + then + "${HOOK}" "${@}" || true + fi +done diff --git a/git/bin/git-hook.d b/git/bin/git-hook.d deleted file mode 100755 index b6928d9..0000000 --- a/git/bin/git-hook.d +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# Open Infrastructure: service-tools - -# Copyright (C) 2014-2021 Daniel Baumann -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -set -e - -HOOKS="${0}.d" - -for HOOK in "${HOOKS}"/* -do - if [ -x "${HOOK}" ] - then - "${HOOK}" "${@}" || true - fi -done -- cgit v1.2.3