Menu
▾
▴
astlinux-commits
|
From: <abe...@us...> - 2017-01-16 16:15:37
|
Revision: 8108
http://sourceforge.net/p/astlinux/code/8108
Author: abelbeck
Date: 2017-01-16 16:15:35 +0000 (Mon, 16 Jan 2017)
Log Message:
-----------
acme, version bump to official release 2.6.5
Modified Paths:
--------------
branches/1.0/package/acme/acme-client.sh
branches/1.0/package/acme/acme.mk
Modified: branches/1.0/package/acme/acme-client.sh
===================================================================
--- branches/1.0/package/acme/acme-client.sh 2017-01-16 14:33:46 UTC (rev 8107)
+++ branches/1.0/package/acme/acme-client.sh 2017-01-16 16:15:35 UTC (rev 8108)
@@ -86,9 +86,9 @@
for arg in $*; do
skip=0
case "$arg" in
- --installcronjob)
+ --installcronjob|--install-cronjob)
add_cron_entry ; skip=1 ;;
- --uninstallcronjob)
+ --uninstallcronjob|--uninstall-cronjob)
del_cron_entry ; skip=1 ;;
--install)
no_op_arg "$arg" ; skip=1 ;;
Modified: branches/1.0/package/acme/acme.mk
===================================================================
--- branches/1.0/package/acme/acme.mk 2017-01-16 14:33:46 UTC (rev 8107)
+++ branches/1.0/package/acme/acme.mk 2017-01-16 16:15:35 UTC (rev 8108)
@@ -4,7 +4,7 @@
#
################################################################################
-ACME_VERSION = 2.6.5-2017-01-13
+ACME_VERSION = 2.6.5
ACME_SOURCE = acme.sh-$(ACME_VERSION).tar.gz
ACME_SITE = http://files.astlinux-project.org
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-06-30 17:40:15
|
Revision: 8419
http://sourceforge.net/p/astlinux/code/8419
Author: abelbeck
Date: 2017-06-30 17:40:12 +0000 (Fri, 30 Jun 2017)
Log Message:
-----------
acme, version bump to 2.7.2, add David Kerr's 'ssh.sh' deploy script
Modified Paths:
--------------
branches/1.0/package/acme/acme.mk
Added Paths:
-----------
branches/1.0/package/acme/deploy/
branches/1.0/package/acme/deploy/astlinux.sh
branches/1.0/package/acme/deploy/ssh.sh
Removed Paths:
-------------
branches/1.0/package/acme/astlinux.sh
Modified: branches/1.0/package/acme/acme.mk
===================================================================
--- branches/1.0/package/acme/acme.mk 2017-06-28 14:01:02 UTC (rev 8418)
+++ branches/1.0/package/acme/acme.mk 2017-06-30 17:40:12 UTC (rev 8419)
@@ -4,27 +4,28 @@
#
################################################################################
-ACME_VERSION = 2.6.5
+ACME_VERSION = 2.7.2
ACME_SOURCE = acme.sh-$(ACME_VERSION).tar.gz
ACME_SITE = http://files.astlinux-project.org
-ACME_REMOVE_TARGET_DNSAPI = dns_myapi.sh $(if $(BR2_PACKAGE_BIND),,dns_nsupdate.sh) README.md
+ACME_REMOVE_TARGET_DNSAPI = dns_myapi.sh dns_lexicon.sh $(if $(BR2_PACKAGE_BIND),,dns_nsupdate.sh) README.md
##
-## curl -L -o dl/acme.sh-2.6.5-2017-01-13.tar.gz https://github.com/Neilpang/acme.sh/archive/master.tar.gz
-## ./scripts/upload-dl-pair dl/acme.sh-2.6.5-2017-01-13.tar.gz
+## curl -L -o dl/acme.sh-2.7.2.tar.gz https://github.com/Neilpang/acme.sh/archive/2.7.2.tar.gz
+## ./scripts/upload-dl-pair dl/acme.sh-2.7.2.tar.gz
##
define ACME_INSTALL_TARGET_CMDS
+ $(INSTALL) -D -m 0644 package/acme/deploy/astlinux.sh $(TARGET_DIR)/stat/etc/acme/deploy/astlinux.sh
+ $(INSTALL) -D -m 0644 package/acme/deploy/ssh.sh $(TARGET_DIR)/stat/etc/acme/deploy/ssh.sh
$(INSTALL) -D -m 0755 package/acme/acme-client.sh $(TARGET_DIR)/usr/sbin/acme-client
- $(INSTALL) -D -m 0755 package/acme/astlinux.sh $(TARGET_DIR)/stat/etc/acme/deploy/astlinux.sh
$(INSTALL) -D -m 0755 $(@D)/acme.sh $(TARGET_DIR)/stat/etc/acme/acme.sh
cp -a $(@D)/dnsapi $(TARGET_DIR)/stat/etc/acme/
ln -s /mnt/kd/acme $(TARGET_DIR)/etc/acme
# Remove non-required dnsapi files
rm -f $(addprefix $(TARGET_DIR)/stat/etc/acme/dnsapi/, $(ACME_REMOVE_TARGET_DNSAPI))
- # Make sure the dnsapi scripts are executable
- find $(TARGET_DIR)/stat/etc/acme/dnsapi/ -name '*.sh' -print0 | xargs -0 chmod 755
+ # Make the dnsapi scripts non-executable, they are sourced by acme.sh
+ find $(TARGET_DIR)/stat/etc/acme/dnsapi/ -name '*.sh' -print0 | xargs -0 chmod 644
endef
define ACME_UNINSTALL_TARGET_CMDS
Deleted: branches/1.0/package/acme/astlinux.sh
===================================================================
--- branches/1.0/package/acme/astlinux.sh 2017-06-28 14:01:02 UTC (rev 8418)
+++ branches/1.0/package/acme/astlinux.sh 2017-06-30 17:40:12 UTC (rev 8419)
@@ -1,93 +0,0 @@
-#!/usr/bin/env sh
-
-# acme.sh deploy script for AstLinux
-# This file name is "astlinux.sh"
-# So, here must be a method astlinux_deploy()
-# Which will be called by acme.sh to deploy the cert
-# returns 0 means success, otherwise error.
-
-. /etc/rc.conf
-
-#service_type
-astlinux_is_acme_service()
-{
- local service IFS
-
- unset IFS
- for service in $ACME_SERVICE; do
- if [ "$service" = "$1" ]; then
- return 0
- fi
- done
-
- return 1
-}
-
-######## Public functions #####################
-
-#domain keyfile certfile cafile fullchain
-astlinux_deploy() {
- _cdomain="$1"
- _ckey="$2"
- _ccert="$3"
- _cca="$4"
- _cfullchain="$5"
-
- _debug _cdomain "$_cdomain"
- _debug _ckey "$_ckey"
- _debug _ccert "$_ccert"
- _debug _cca "$_cca"
- _debug _cfullchain "$_cfullchain"
-
- if astlinux_is_acme_service lighttpd; then
- if [ -z "$HTTPSCERT" ]; then
- logger -s -t acme-client "Failed to deploy ACME certificates HTTPS, invalid HTTPSCERT path"
- else
- service lighttpd stop
- cat "$_ckey" "$_ccert" > "$HTTPSCERT"
- chmod 600 "$HTTPSCERT"
- if [ -n "$HTTPSCHAIN" ]; then
- if [ -f "$_cfullchain" ]; then
- cat "$_cfullchain" > "$HTTPSCHAIN"
- else
- rm -f "$HTTPSCHAIN"
- fi
- fi
- sleep 1
- service lighttpd init
- logger -s -t acme-client "New ACME certificates deployed for HTTPS and Lighttpd restarted"
- fi
- fi
-
- if astlinux_is_acme_service asterisk; then
- mkdir -p /mnt/kd/ssl/sip-tls/keys
- if [ -f "$_cfullchain" ]; then
- cat "$_cfullchain" > /mnt/kd/ssl/sip-tls/keys/server.crt
- else
- cat "$_ccert" > /mnt/kd/ssl/sip-tls/keys/server.crt
- fi
- cat "$_ckey" > /mnt/kd/ssl/sip-tls/keys/server.key
- chmod 600 /mnt/kd/ssl/sip-tls/keys/server.key
- asterisk -rx "core restart when convenient" >/dev/null 2>&1 &
- logger -s -t acme-client "New ACME certificates deployed for SIP-TLS and Asterisk restart when convenient requested"
- fi
-
- if astlinux_is_acme_service prosody; then
- service prosody stop
- mkdir -p /mnt/kd/prosody/certs
- if [ -f "$_cfullchain" ]; then
- cat "$_cfullchain" > /mnt/kd/prosody/certs/server.crt
- else
- cat "$_ccert" > /mnt/kd/prosody/certs/server.crt
- fi
- cat "$_ckey" > /mnt/kd/prosody/certs/server.key
- chmod 600 /mnt/kd/prosody/certs/server.key
- chown prosody:prosody /mnt/kd/prosody/certs/server.crt
- chown prosody:prosody /mnt/kd/prosody/certs/server.key
- sleep 1
- service prosody init
- logger -s -t acme-client "New ACME certificates deployed for XMPP and Prosody restarted"
- fi
-
- return 0
-}
Added: branches/1.0/package/acme/deploy/astlinux.sh
===================================================================
--- branches/1.0/package/acme/deploy/astlinux.sh (rev 0)
+++ branches/1.0/package/acme/deploy/astlinux.sh 2017-06-30 17:40:12 UTC (rev 8419)
@@ -0,0 +1,93 @@
+#!/usr/bin/env sh
+
+# acme.sh deploy script for AstLinux
+# This file name is "astlinux.sh"
+# So, here must be a method astlinux_deploy()
+# Which will be called by acme.sh to deploy the cert
+# returns 0 means success, otherwise error.
+
+. /etc/rc.conf
+
+#service_type
+astlinux_is_acme_service()
+{
+ local service IFS
+
+ unset IFS
+ for service in $ACME_SERVICE; do
+ if [ "$service" = "$1" ]; then
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+astlinux_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ if astlinux_is_acme_service lighttpd; then
+ if [ -z "$HTTPSCERT" ]; then
+ logger -s -t acme-client "Failed to deploy ACME certificates HTTPS, invalid HTTPSCERT path"
+ else
+ service lighttpd stop
+ cat "$_ckey" "$_ccert" > "$HTTPSCERT"
+ chmod 600 "$HTTPSCERT"
+ if [ -n "$HTTPSCHAIN" ]; then
+ if [ -f "$_cfullchain" ]; then
+ cat "$_cfullchain" > "$HTTPSCHAIN"
+ else
+ rm -f "$HTTPSCHAIN"
+ fi
+ fi
+ sleep 1
+ service lighttpd init
+ logger -s -t acme-client "New ACME certificates deployed for HTTPS and Lighttpd restarted"
+ fi
+ fi
+
+ if astlinux_is_acme_service asterisk; then
+ mkdir -p /mnt/kd/ssl/sip-tls/keys
+ if [ -f "$_cfullchain" ]; then
+ cat "$_cfullchain" > /mnt/kd/ssl/sip-tls/keys/server.crt
+ else
+ cat "$_ccert" > /mnt/kd/ssl/sip-tls/keys/server.crt
+ fi
+ cat "$_ckey" > /mnt/kd/ssl/sip-tls/keys/server.key
+ chmod 600 /mnt/kd/ssl/sip-tls/keys/server.key
+ asterisk -rx "core restart when convenient" >/dev/null 2>&1 &
+ logger -s -t acme-client "New ACME certificates deployed for SIP-TLS and Asterisk restart when convenient requested"
+ fi
+
+ if astlinux_is_acme_service prosody; then
+ service prosody stop
+ mkdir -p /mnt/kd/prosody/certs
+ if [ -f "$_cfullchain" ]; then
+ cat "$_cfullchain" > /mnt/kd/prosody/certs/server.crt
+ else
+ cat "$_ccert" > /mnt/kd/prosody/certs/server.crt
+ fi
+ cat "$_ckey" > /mnt/kd/prosody/certs/server.key
+ chmod 600 /mnt/kd/prosody/certs/server.key
+ chown prosody:prosody /mnt/kd/prosody/certs/server.crt
+ chown prosody:prosody /mnt/kd/prosody/certs/server.key
+ sleep 1
+ service prosody init
+ logger -s -t acme-client "New ACME certificates deployed for XMPP and Prosody restarted"
+ fi
+
+ return 0
+}
Added: branches/1.0/package/acme/deploy/ssh.sh
===================================================================
--- branches/1.0/package/acme/deploy/ssh.sh (rev 0)
+++ branches/1.0/package/acme/deploy/ssh.sh 2017-06-30 17:40:12 UTC (rev 8419)
@@ -0,0 +1,205 @@
+#!/usr/bin/env sh
+
+# Script to deploy certificates to remote server by SSH
+# Note that SSH must be able to login to remote host without a password...
+# SSH Keys must have been exchanged with the remote host. Validate and
+# test that you can login to USER@SERVER from the host running acme.sh before
+# using this script.
+#
+# The following variables exported from environment will be used.
+# If not set then values previously saved in domain.conf file are used.
+#
+# Only a username is required. All others are optional.
+#
+# The following examples are for QNAP NAS running QTS 4.2
+# export DEPLOY_SSH_CMD="" # defaults to ssh
+# export DEPLOY_SSH_USER="admin" # required
+# export DEPLOY_SSH_SERVER="qnap" # defaults to domain name
+# export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
+# export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
+# export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
+# export DEPLOY_SSH_FULLCHAIN=""
+# export DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
+# export DEPLOY_SSH_BACKUP="" # yes or no, default to yes
+#
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+ssh_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+ _cmdstr=""
+ _homedir='~'
+ _backupprefix="$_homedir/.acme_ssh_deploy/$_cdomain-backup"
+ _backupdir="$_backupprefix-$(_utc_date | tr ' ' '-')"
+
+ if [ -f "$DOMAIN_CONF" ]; then
+ # shellcheck disable=SC1090
+ . "$DOMAIN_CONF"
+ fi
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ # USER is required to login by SSH to remote host.
+ if [ -z "$DEPLOY_SSH_USER" ]; then
+ if [ -z "$Le_Deploy_ssh_user" ]; then
+ _err "DEPLOY_SSH_USER not defined."
+ return 1
+ fi
+ else
+ Le_Deploy_ssh_user="$DEPLOY_SSH_USER"
+ _savedomainconf Le_Deploy_ssh_user "$Le_Deploy_ssh_user"
+ fi
+
+ # SERVER is optional. If not provided then use _cdomain
+ if [ -n "$DEPLOY_SSH_SERVER" ]; then
+ Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER"
+ _savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server"
+ elif [ -z "$Le_Deploy_ssh_server" ]; then
+ Le_Deploy_ssh_server="$_cdomain"
+ fi
+
+ # CMD is optional. If not provided then use ssh
+ if [ -n "$DEPLOY_SSH_CMD" ]; then
+ Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD"
+ _savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd"
+ elif [ -z "$Le_Deploy_ssh_cmd" ]; then
+ Le_Deploy_ssh_cmd="ssh"
+ fi
+
+ # BACKUP is optional. If not provided then default to yes
+ if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then
+ Le_Deploy_ssh_backup="no"
+ elif [ -z "$Le_Deploy_ssh_backup" ]; then
+ Le_Deploy_ssh_backup="yes"
+ fi
+ _savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup"
+
+ _info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server"
+
+ # KEYFILE is optional.
+ # If provided then private key will be copied to provided filename.
+ if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
+ Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE"
+ _savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile"
+ fi
+ if [ -n "$Le_Deploy_ssh_keyfile" ]; then
+ if [ "$Le_Deploy_ssh_backup" = "yes" ]; then
+ # backup file we are about to overwrite.
+ _cmdstr="$_cmdstr cp $Le_Deploy_ssh_keyfile $_backupdir >/dev/null;"
+ fi
+ # copy new certificate into file.
+ _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile;"
+ _info "will copy private key to remote file $Le_Deploy_ssh_keyfile"
+ fi
+
+ # CERTFILE is optional.
+ # If provided then private key will be copied or appended to provided filename.
+ if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
+ Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE"
+ _savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile"
+ fi
+ if [ -n "$Le_Deploy_ssh_certfile" ]; then
+ _pipe=">"
+ if [ "$Le_Deploy_ssh_certfile" = "$Le_Deploy_ssh_keyfile" ]; then
+ # if filename is same as previous file then append.
+ _pipe=">>"
+ elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
+ # backup file we are about to overwrite.
+ _cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir >/dev/null;"
+ fi
+ # copy new certificate into file.
+ _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile;"
+ _info "will copy certificate to remote file $Le_Deploy_ssh_certfile"
+ fi
+
+ # CAFILE is optional.
+ # If provided then CA intermediate certificate will be copied or appended to provided filename.
+ if [ -n "$DEPLOY_SSH_CAFILE" ]; then
+ Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE"
+ _savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile"
+ fi
+ if [ -n "$Le_Deploy_ssh_cafile" ]; then
+ _pipe=">"
+ if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] \
+ || [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
+ # if filename is same as previous file then append.
+ _pipe=">>"
+ elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
+ # backup file we are about to overwrite.
+ _cmdstr="$_cmdstr cp $Le_Deploy_ssh_cafile $_backupdir >/dev/null;"
+ fi
+ # copy new certificate into file.
+ _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile;"
+ _info "will copy CA file to remote file $Le_Deploy_ssh_cafile"
+ fi
+
+ # FULLCHAIN is optional.
+ # If provided then fullchain certificate will be copied or appended to provided filename.
+ if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
+ Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN"
+ _savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain"
+ fi
+ if [ -n "$Le_Deploy_ssh_fullchain" ]; then
+ _pipe=">"
+ if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] \
+ || [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] \
+ || [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
+ # if filename is same as previous file then append.
+ _pipe=">>"
+ elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
+ # backup file we are about to overwrite.
+ _cmdstr="$_cmdstr cp $Le_Deploy_ssh_fullchain $_backupdir >/dev/null;"
+ fi
+ # copy new certificate into file.
+ _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain;"
+ _info "will copy fullchain to remote file $Le_Deploy_ssh_fullchain"
+ fi
+
+ # REMOTE_CMD is optional.
+ # If provided then this command will be executed on remote host.
+ if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
+ Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD"
+ _savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd"
+ fi
+ if [ -n "$Le_Deploy_ssh_remote_cmd" ]; then
+ _cmdstr="$_cmdstr $Le_Deploy_ssh_remote_cmd;"
+ _info "Will execute remote command $Le_Deploy_ssh_remote_cmd"
+ fi
+
+ if [ -z "$_cmdstr" ]; then
+ _err "No remote commands to excute. Failed to deploy certificates to remote server"
+ return 1
+ elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
+ # run cleanup on the backup directory, erase all older
+ # than 180 days (15552000 seconds).
+ _cmdstr="{ now=\"\$(date -u +%s)\"; for fn in $_backupprefix*; \
+do if [ -d \"\$fn\" ] && [ \"\$(expr \$now - \$(date -ur \$fn +%s) )\" -ge \"15552000\" ]; \
+then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; done; }; $_cmdstr"
+ # Alternate version of above... _cmdstr="find $_backupprefix* -type d -mtime +180 2>/dev/null | xargs rm -rf; $_cmdstr"
+ # Create our backup directory for overwritten cert files.
+ _cmdstr="mkdir -p $_backupdir; $_cmdstr"
+ _info "Backup of old certificate files will be placed in remote directory $_backupdir"
+ _info "Backup directories erased after 180 days."
+ fi
+
+ _debug "Remote commands to execute: $_cmdstr"
+ _info "Submitting sequence of commands to remote server by ssh"
+ # quotations in bash cmd below intended. Squash travis spellcheck error
+ # shellcheck disable=SC2029
+ $Le_Deploy_ssh_cmd -T "$Le_Deploy_ssh_user@$Le_Deploy_ssh_server" sh -c "'$_cmdstr'"
+ _ret="$?"
+
+ if [ "$_ret" != "0" ]; then
+ _err "Error code $_ret returned from $Le_Deploy_ssh_cmd"
+ fi
+
+ return $_ret
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-07-07 02:58:44
|
Revision: 8425
http://sourceforge.net/p/astlinux/code/8425
Author: abelbeck
Date: 2017-07-07 02:58:42 +0000 (Fri, 07 Jul 2017)
Log Message:
-----------
acme, add 'dns_dyn' DNS challenge validation script for Dyn Managed DNS API
Modified Paths:
--------------
branches/1.0/package/acme/acme.mk
Added Paths:
-----------
branches/1.0/package/acme/dnsapi/
branches/1.0/package/acme/dnsapi/dns_dyn.sh
Modified: branches/1.0/package/acme/acme.mk
===================================================================
--- branches/1.0/package/acme/acme.mk 2017-07-03 20:47:57 UTC (rev 8424)
+++ branches/1.0/package/acme/acme.mk 2017-07-07 02:58:42 UTC (rev 8425)
@@ -18,6 +18,7 @@
define ACME_INSTALL_TARGET_CMDS
$(INSTALL) -D -m 0644 package/acme/deploy/astlinux.sh $(TARGET_DIR)/stat/etc/acme/deploy/astlinux.sh
$(INSTALL) -D -m 0644 package/acme/deploy/ssh.sh $(TARGET_DIR)/stat/etc/acme/deploy/ssh.sh
+ $(INSTALL) -D -m 0644 package/acme/dnsapi/dns_dyn.sh $(TARGET_DIR)/stat/etc/acme/dnsapi/dns_dyn.sh
$(INSTALL) -D -m 0755 package/acme/acme-client.sh $(TARGET_DIR)/usr/sbin/acme-client
$(INSTALL) -D -m 0755 $(@D)/acme.sh $(TARGET_DIR)/stat/etc/acme/acme.sh
cp -a $(@D)/dnsapi $(TARGET_DIR)/stat/etc/acme/
Added: branches/1.0/package/acme/dnsapi/dns_dyn.sh
===================================================================
--- branches/1.0/package/acme/dnsapi/dns_dyn.sh (rev 0)
+++ branches/1.0/package/acme/dnsapi/dns_dyn.sh 2017-07-07 02:58:42 UTC (rev 8425)
@@ -0,0 +1,340 @@
+#!/usr/bin/env sh
+#
+# Dyn.com Domain API
+#
+# Author: Gerd Naschenweng
+# https://github.com/magicdude4eva
+#
+# Dyn Managed DNS API
+# https://help.dyn.com/dns-api-knowledge-base/
+#
+# It is recommended to add a "Dyn Managed DNS" user specific for API access.
+# The "Zones & Records Permissions" required by this script are:
+# --
+# RecordAdd
+# RecordUpdate
+# RecordDelete
+# RecordGet
+# ZoneGet
+# ZoneAddNode
+# ZoneRemoveNode
+# ZonePublish
+# --
+#
+# Pass credentials before "acme.sh --issue --dns dns_dyn ..."
+# --
+# export DYN_Customer="customer"
+# export DYN_Username="apiuser"
+# export DYN_Password="secret"
+# --
+
+DYN_API="https://api.dynect.net/REST"
+
+#REST_API
+######## Public functions #####################
+
+#Usage: add _acme-challenge.www.domain.com "Challenge-code"
+dns_dyn_add() {
+ fulldomain="$1"
+ txtvalue="$2"
+
+ DYN_Customer="${DYN_Customer:-$(_readaccountconf_mutable DYN_Customer)}"
+ DYN_Username="${DYN_Username:-$(_readaccountconf_mutable DYN_Username)}"
+ DYN_Password="${DYN_Password:-$(_readaccountconf_mutable DYN_Password)}"
+ if [ -z "$DYN_Customer" ] || [ -z "$DYN_Username" ] || [ -z "$DYN_Password" ]; then
+ DYN_Customer=""
+ DYN_Username=""
+ DYN_Password=""
+ _err "You must export variables: DYN_Customer, DYN_Username and DYN_Password"
+ return 1
+ fi
+
+ #save the config variables to the account conf file.
+ _saveaccountconf_mutable DYN_Customer "$DYN_Customer"
+ _saveaccountconf_mutable DYN_Username "$DYN_Username"
+ _saveaccountconf_mutable DYN_Password "$DYN_Password"
+
+ if ! _dyn_get_authtoken; then
+ return 1
+ fi
+
+ if [ -z "$_dyn_authtoken" ]; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_get_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_add_record; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_publish_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ _dyn_end_session
+
+ return 0
+}
+
+#Usage: fulldomain txtvalue
+#Remove the txt record after validation.
+dns_dyn_rm() {
+ fulldomain="$1"
+ txtvalue="$2"
+
+ DYN_Customer="${DYN_Customer:-$(_readaccountconf_mutable DYN_Customer)}"
+ DYN_Username="${DYN_Username:-$(_readaccountconf_mutable DYN_Username)}"
+ DYN_Password="${DYN_Password:-$(_readaccountconf_mutable DYN_Password)}"
+ if [ -z "$DYN_Customer" ] || [ -z "$DYN_Username" ] || [ -z "$DYN_Password" ]; then
+ DYN_Customer=""
+ DYN_Username=""
+ DYN_Password=""
+ _err "You must export variables: DYN_Customer, DYN_Username and DYN_Password"
+ return 1
+ fi
+
+ if ! _dyn_get_authtoken; then
+ return 1
+ fi
+
+ if [ -z "$_dyn_authtoken" ]; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_get_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_get_record_id; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if [ -z "$_dyn_record_id" ]; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_rm_record; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_publish_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ _dyn_end_session
+
+ return 0
+}
+
+#################### Private functions below ##################################
+
+#get Auth-Token
+_dyn_get_authtoken() {
+
+ _info "Start Dyn API Session"
+
+ data="{\"customer_name\":\"$DYN_Customer\", \"user_name\":\"$DYN_Username\", \"password\":\"$DYN_Password\"}"
+ dyn_url="$DYN_API/Session/"
+ method="POST"
+
+ _debug data "$data"
+ _debug dyn_url "$dyn_url"
+
+ export _H1="Content-Type: application/json"
+
+ response="$(_post "$data" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _dyn_authtoken="$(printf "%s\n" "$response" | _egrep_o '"token" *: *"[^"]*' | head -n 1 | sed 's#^"token" *: *"##')"
+ _info "Token received"
+ _debug _dyn_authtoken "$_dyn_authtoken"
+ return 0
+ fi
+
+ _dyn_authtoken=""
+ _err "get token failed"
+ return 1
+}
+
+#fulldomain=_acme-challenge.www.domain.com
+#returns
+# _dyn_zone=domain.com
+_dyn_get_zone() {
+ i=2
+ while true; do
+ domain="$(printf "%s" "$fulldomain" | cut -d . -f "$i-100")"
+ if [ -z "$domain" ]; then
+ break
+ fi
+
+ dyn_url="$DYN_API/Zone/$domain/"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_get "$dyn_url" "" "")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug dyn_url "$dyn_url"
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _dyn_zone="$domain"
+ return 0
+ fi
+ i=$(_math "$i" + 1)
+ done
+
+ _dyn_zone=""
+ _err "get zone failed"
+ return 1
+}
+
+#add TXT record
+_dyn_add_record() {
+
+ _info "Adding TXT record"
+
+ data="{\"rdata\":{\"txtdata\":\"$txtvalue\"},\"ttl\":\"300\"}"
+ dyn_url="$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/"
+ method="POST"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "$data" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _info "TXT Record successfully added"
+ return 0
+ fi
+
+ _err "add TXT record failed"
+ return 1
+}
+
+#publish the zone
+_dyn_publish_zone() {
+
+ _info "Publishing zone"
+
+ data="{\"publish\":\"true\"}"
+ dyn_url="$DYN_API/Zone/$_dyn_zone/"
+ method="PUT"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "$data" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _info "Zone published"
+ return 0
+ fi
+
+ _err "publish zone failed"
+ return 1
+}
+
+#get record_id of TXT record so we can delete the record
+_dyn_get_record_id() {
+
+ _info "Getting record_id of TXT record"
+
+ dyn_url="$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_get "$dyn_url" "" "")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _dyn_record_id="$(printf "%s\n" "$response" | _egrep_o "\"data\" *: *\[\"/REST/TXTRecord/$_dyn_zone/$fulldomain/[^\"]*" | head -n 1 | sed "s#^\"data\" *: *\[\"/REST/TXTRecord/$_dyn_zone/$fulldomain/##")"
+ _debug _dyn_record_id "$_dyn_record_id"
+ return 0
+ fi
+
+ _dyn_record_id=""
+ _err "getting record_id failed"
+ return 1
+}
+
+#delete TXT record
+_dyn_rm_record() {
+
+ _info "Deleting TXT record"
+
+ dyn_url="$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/$_dyn_record_id/"
+ method="DELETE"
+
+ _debug dyn_url "$dyn_url"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _info "TXT record successfully deleted"
+ return 0
+ fi
+
+ _err "delete TXT record failed"
+ return 1
+}
+
+#logout
+_dyn_end_session() {
+
+ _info "End Dyn API Session"
+
+ dyn_url="$DYN_API/Session/"
+ method="DELETE"
+
+ _debug dyn_url "$dyn_url"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "" "$dyn_url" "" "$method")"
+
+ _debug response "$response"
+
+ _dyn_authtoken=""
+ return 0
+}
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-08-12 12:55:45
|
Revision: 8478
http://sourceforge.net/p/astlinux/code/8478
Author: abelbeck
Date: 2017-08-12 12:55:43 +0000 (Sat, 12 Aug 2017)
Log Message:
-----------
acme, add DuckDNS support
Modified Paths:
--------------
branches/1.0/package/acme/acme.mk
Added Paths:
-----------
branches/1.0/package/acme/dnsapi/dns_duckdns.sh
Modified: branches/1.0/package/acme/acme.mk
===================================================================
--- branches/1.0/package/acme/acme.mk 2017-08-11 13:42:47 UTC (rev 8477)
+++ branches/1.0/package/acme/acme.mk 2017-08-12 12:55:43 UTC (rev 8478)
@@ -19,6 +19,7 @@
$(INSTALL) -D -m 0644 package/acme/deploy/astlinux.sh $(TARGET_DIR)/stat/etc/acme/deploy/astlinux.sh
$(INSTALL) -D -m 0644 package/acme/deploy/ssh.sh $(TARGET_DIR)/stat/etc/acme/deploy/ssh.sh
$(INSTALL) -D -m 0644 package/acme/dnsapi/dns_dyn.sh $(TARGET_DIR)/stat/etc/acme/dnsapi/dns_dyn.sh
+ $(INSTALL) -D -m 0644 package/acme/dnsapi/dns_duckdns.sh $(TARGET_DIR)/stat/etc/acme/dnsapi/dns_duckdns.sh
$(INSTALL) -D -m 0755 package/acme/acme-client.sh $(TARGET_DIR)/usr/sbin/acme-client
$(INSTALL) -D -m 0755 $(@D)/acme.sh $(TARGET_DIR)/stat/etc/acme/acme.sh
cp -a $(@D)/dnsapi $(TARGET_DIR)/stat/etc/acme/
Added: branches/1.0/package/acme/dnsapi/dns_duckdns.sh
===================================================================
--- branches/1.0/package/acme/dnsapi/dns_duckdns.sh (rev 0)
+++ branches/1.0/package/acme/dnsapi/dns_duckdns.sh 2017-08-12 12:55:43 UTC (rev 8478)
@@ -0,0 +1,128 @@
+#!/usr/bin/env sh
+
+#Created by RaidenII, to use DuckDNS's API to add/remove text records
+#06/27/2017
+
+# Pass credentials before "acme.sh --issue --dns dns_duckdns ..."
+# --
+# export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
+# --
+#
+# Due to the fact that DuckDNS uses StartSSL as cert provider, --insecure may need to be used with acme.sh
+
+DuckDNS_API="https://www.duckdns.org/update"
+
+######## Public functions #####################
+
+#Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_duckdns_add() {
+ fulldomain=$1
+ txtvalue=$2
+
+ DuckDNS_Token="${DuckDNS_Token:-$(_readaccountconf_mutable DuckDNS_Token)}"
+ if [ -z "$DuckDNS_Token" ]; then
+ _err "You must export variable: DuckDNS_Token"
+ _err "The token for your DuckDNS account is necessary."
+ _err "You can look it up in your DuckDNS account."
+ return 1
+ fi
+
+ # Now save the credentials.
+ _saveaccountconf_mutable DuckDNS_Token "$DuckDNS_Token"
+
+ # Unfortunately, DuckDNS does not seems to support lookup domain through API
+ # So I assume your credentials (which are your domain and token) are correct
+ # If something goes wrong, we will get a KO response from DuckDNS
+
+ if ! _duckdns_get_domain; then
+ return 1
+ fi
+
+ # Now add the TXT record to DuckDNS
+ _info "Trying to add TXT record"
+ if _duckdns_rest GET "domains=$_duckdns_domain&token=$DuckDNS_Token&txt=$txtvalue"; then
+ if [ "$response" = "OK" ]; then
+ _info "TXT record has been successfully added to your DuckDNS domain."
+ _info "Note that all subdomains under this domain uses the same TXT record."
+ return 0
+ else
+ _err "Errors happened during adding the TXT record, response=$response"
+ return 1
+ fi
+ else
+ _err "Errors happened during adding the TXT record."
+ return 1
+ fi
+}
+
+#Usage: fulldomain txtvalue
+#Remove the txt record after validation.
+dns_duckdns_rm() {
+ fulldomain=$1
+ txtvalue=$2
+
+ DuckDNS_Token="${DuckDNS_Token:-$(_readaccountconf_mutable DuckDNS_Token)}"
+ if [ -z "$DuckDNS_Token" ]; then
+ _err "You must export variable: DuckDNS_Token"
+ _err "The token for your DuckDNS account is necessary."
+ _err "You can look it up in your DuckDNS account."
+ return 1
+ fi
+
+ if ! _duckdns_get_domain; then
+ return 1
+ fi
+
+ # Now remove the TXT record from DuckDNS
+ _info "Trying to remove TXT record"
+ if _duckdns_rest GET "domains=$_duckdns_domain&token=$DuckDNS_Token&txt=&clear=true"; then
+ if [ "$response" = "OK" ]; then
+ _info "TXT record has been successfully removed from your DuckDNS domain."
+ return 0
+ else
+ _err "Errors happened during removing the TXT record, response=$response"
+ return 1
+ fi
+ else
+ _err "Errors happened during removing the TXT record."
+ return 1
+ fi
+}
+
+#################### Private functions below ##################################
+
+#fulldomain=_acme-challenge.domain.duckdns.org
+#returns
+# _duckdns_domain=domain
+_duckdns_get_domain() {
+
+ # We'll extract the domain/username from full domain
+ _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '[.][^.][^.]*[.]duckdns.org' | cut -d . -f 2)"
+
+ if [ -z "$_duckdns_domain" ]; then
+ _err "Error extracting the domain."
+ return 1
+ fi
+
+ return 0
+}
+
+#Usage: method URI
+_duckdns_rest() {
+ method=$1
+ param="$2"
+ _debug param "$param"
+ url="$DuckDNS_API?$param"
+ _debug url "$url"
+
+ # DuckDNS uses GET to update domain info
+ if [ "$method" = "GET" ]; then
+ response="$(_get "$url")"
+ else
+ _err "Unsupported method"
+ return 1
+ fi
+
+ _debug2 response "$response"
+ return 0
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X