From c8d0d475e4f79f48877048fc6dfb45e1b28c5404 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 11 Jun 2022 13:49:31 -0400 Subject: [PATCH 01/66] deploy api script to upload certs to proxmox using proxmox api --- deploy/proxmoxve.sh | 123 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 deploy/proxmoxve.sh diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh new file mode 100644 index 00000000..8a5893b7 --- /dev/null +++ b/deploy/proxmoxve.sh @@ -0,0 +1,123 @@ +#!/usr/bin/env bash + +# Deploy certificates to a proxmox virtual environment node using the API. +# +# Environment variables that can be set are: +# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to +# _cdomain. +# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on. +# Defaults to 8006. +# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to. +# Defaults to the host portion of the server +# domain name. +# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root. +# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates +# with. Defaults to pam. +# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the +# user account. Defaults to acme. +# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. + +proxmoxve_deploy(){ + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # "Sane" defaults. + _target_hostname="$_cdomain" + if [ ! -z "$DEPLOY_PROXMOXVE_SERVER" ];then + _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + fi + + _target_port="8006" + if [ ! -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" + fi + + if [ ! -z "$DEPLOY_PROXMOXVE_NODE_NAME" ];then + _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" + else + _node_name=$(echo "$_target_hostname"|cut -d. -f1) + fi + + # Complete URL. + _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" + + # More "sane" defaults. + _proxmoxve_user="root" + if [ ! -z "$_proxmoxve_user" ];then + _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" + fi + + _proxmoxve_user_realm="pam" + if [ ! -z "$DEPLOY_PROXMOXVE_USER_REALM" ];then + _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" + fi + + _proxmoxve_api_token_name="acme" + if [ ! -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" + fi + + # This is required. + _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + if [ -z "$_proxmoxve_api_token_key" ];then + _err "API key not provided." + return 1 + fi + + # PVE API Token header value. Used in "Authorization: PVEAPIToken". + _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" + + # Generate the data file curl will pass as the data. + _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" + _proxmoxve_temp_data_file="$_proxmoxve_temp_data/body.json" + # We delete this directory at the end of the script to avoid any conflicts. + if [ ! -d "$_proxmoxve_temp_data" ];then + mkdir -p "$_proxmoxve_temp_data" + # Set to 700 since this file will contain the private key contents. + chmod 700 "$_proxmoxve_temp_data" + fi + # Ugly. I hate putting heredocs inside functions because heredocs don't account + # for whitespace correctly but it _does_ work and is several times cleaner + # than anything else I had here. + # + # This creates a temporary data file that curl will use as the data being + # posted to the webserver. + cat << HEREDOC > "$_proxmoxve_temp_data_file" +{ + "certificates": "$(cat $_cfullchain|tr '\n' ':'|sed 's/:/\\n/g')", + "key": "$(cat $_ckey|tr '\n' ':'|sed 's/:/\\n/g')", + "node":"$_node_name", + "restart":"1", + "force":"1" +} +HEREDOC + + # Push certificates to server. + # + # --insecure is to ignore certificate errors. + # --fail is to fail the script if the http return code is not 200. + if curl -X "POST" --header "Content-Type: application/json" \ + --header "Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" \ + --data "@${_proxmoxve_temp_data_file}" \ + --insecure --fail \ + "${_target_url}" + then + _info "Successfully updated certificate for $_cdomain." + rm -r "$_proxmoxve_temp_data" + return 0 + else + _err "Unable to update certificate for $_cdomain." + rm -r "$_proxmoxve_temp_data" + return 1 + fi + +} From 6652138d3e2965ddadfbfd9d385e98973f7a4cc0 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 22:33:38 -0400 Subject: [PATCH 02/66] fixed per shellcheck's preference for `-n` instead of `! -z` --- deploy/proxmoxve.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 8a5893b7..c783d248 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -32,16 +32,16 @@ proxmoxve_deploy(){ # "Sane" defaults. _target_hostname="$_cdomain" - if [ ! -z "$DEPLOY_PROXMOXVE_SERVER" ];then + if [ -n "$DEPLOY_PROXMOXVE_SERVER" ];then _target_hostname="$DEPLOY_PROXMOXVE_SERVER" fi _target_port="8006" - if [ ! -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + if [ -n "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" fi - if [ ! -z "$DEPLOY_PROXMOXVE_NODE_NAME" ];then + if [ -n "$DEPLOY_PROXMOXVE_NODE_NAME" ];then _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" else _node_name=$(echo "$_target_hostname"|cut -d. -f1) @@ -52,17 +52,17 @@ proxmoxve_deploy(){ # More "sane" defaults. _proxmoxve_user="root" - if [ ! -z "$_proxmoxve_user" ];then + if [ -n "$_proxmoxve_user" ];then _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" fi _proxmoxve_user_realm="pam" - if [ ! -z "$DEPLOY_PROXMOXVE_USER_REALM" ];then + if [ -n "$DEPLOY_PROXMOXVE_USER_REALM" ];then _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" fi _proxmoxve_api_token_name="acme" - if [ ! -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + if [ -n "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi From 4351110082cd3cfc6a11891f4296bf5c32468da5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 22:38:06 -0400 Subject: [PATCH 03/66] properly quoted variable names --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index c783d248..664a04cd 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -93,8 +93,8 @@ proxmoxve_deploy(){ # posted to the webserver. cat << HEREDOC > "$_proxmoxve_temp_data_file" { - "certificates": "$(cat $_cfullchain|tr '\n' ':'|sed 's/:/\\n/g')", - "key": "$(cat $_ckey|tr '\n' ':'|sed 's/:/\\n/g')", + "certificates": "$(cat "$_cfullchain"|tr '\n' ':'|sed 's/:/\\n/g')", + "key": "$(cat "$_ckey"|tr '\n' ':'|sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" From 6d640982885c849172656ddcb68d01c98dbacea5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 23:46:09 -0400 Subject: [PATCH 04/66] shell check war warning against unnecessary use of cat --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 664a04cd..459c909a 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -93,8 +93,8 @@ proxmoxve_deploy(){ # posted to the webserver. cat << HEREDOC > "$_proxmoxve_temp_data_file" { - "certificates": "$(cat "$_cfullchain"|tr '\n' ':'|sed 's/:/\\n/g')", - "key": "$(cat "$_ckey"|tr '\n' ':'|sed 's/:/\\n/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" From 7be758697133b15cd4f8410df8e114252eeb4198 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 18 Jun 2022 15:01:38 +0800 Subject: [PATCH 05/66] Update proxmoxve.sh --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 459c909a..30f8b0b6 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh # Deploy certificates to a proxmox virtual environment node using the API. # From 5f3cb9019b6fa182837fe1f9c97f8e2106e86d9b Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 12:18:33 -0400 Subject: [PATCH 06/66] fixed to use _post function instead of curl --- deploy/proxmoxve.sh | 34 ++++++++++------------------------ 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 459c909a..a7f11d20 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -85,13 +85,13 @@ proxmoxve_deploy(){ # Set to 700 since this file will contain the private key contents. chmod 700 "$_proxmoxve_temp_data" fi - # Ugly. I hate putting heredocs inside functions because heredocs don't account - # for whitespace correctly but it _does_ work and is several times cleaner - # than anything else I had here. + # Ugly. I hate putting heredocs inside functions because heredocs don't + # account for whitespace correctly but it _does_ work and is several times + # cleaner than anything else I had here. # - # This creates a temporary data file that curl will use as the data being - # posted to the webserver. - cat << HEREDOC > "$_proxmoxve_temp_data_file" + # This dumps the json payload to a variable that should be passable to the + # _psot function. + _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", @@ -100,24 +100,10 @@ proxmoxve_deploy(){ "force":"1" } HEREDOC - +) # Push certificates to server. - # - # --insecure is to ignore certificate errors. - # --fail is to fail the script if the http return code is not 200. - if curl -X "POST" --header "Content-Type: application/json" \ - --header "Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" \ - --data "@${_proxmoxve_temp_data_file}" \ - --insecure --fail \ - "${_target_url}" - then - _info "Successfully updated certificate for $_cdomain." - rm -r "$_proxmoxve_temp_data" - return 0 - else - _err "Unable to update certificate for $_cdomain." - rm -r "$_proxmoxve_temp_data" - return 1 - fi + export _HTTPS_INSECURE=1 + export ="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" + _post "$_json_payload" "$_target_url" } From daffc4e6a4818da714ee73f4ed25a824b931f466 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 12:21:14 -0400 Subject: [PATCH 07/66] typo, using _H1 to provide header keys. --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index a7f11d20..fafa3cb4 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -103,7 +103,7 @@ HEREDOC ) # Push certificates to server. export _HTTPS_INSECURE=1 - export ="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" + export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" _post "$_json_payload" "$_target_url" } From ca41ea2d5c792178d1f434ccfb0723825d139244 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:40:05 -0400 Subject: [PATCH 08/66] added _getdeployconf to set all of the environment variables --- deploy/proxmoxve.sh | 50 ++++++++++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index fafa3cb4..7cc0b850 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -31,50 +31,72 @@ proxmoxve_deploy(){ _debug _cfullchain "$_cfullchain" # "Sane" defaults. - _target_hostname="$_cdomain" - if [ -n "$DEPLOY_PROXMOXVE_SERVER" ];then + _getdeployconf DEPLOY_PROXMOXVE_SERVER + if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + else + _target_hostname="$_cdomain" fi + _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" - _target_port="8006" - if [ -n "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT + if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then + _target_port="8006" + else _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" fi + _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" - if [ -n "$DEPLOY_PROXMOXVE_NODE_NAME" ];then - _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" - else + _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME + if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then _node_name=$(echo "$_target_hostname"|cut -d. -f1) + else + _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" fi + _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" # Complete URL. _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" + _debug TARGET_URL "$_target_url" # More "sane" defaults. - _proxmoxve_user="root" - if [ -n "$_proxmoxve_user" ];then + _getdeployconf DEPLOY_PROXMOXVE_USER + if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then + _proxmoxve_user="root" + else _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" fi + _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user" - _proxmoxve_user_realm="pam" - if [ -n "$DEPLOY_PROXMOXVE_USER_REALM" ];then + _getdeployconf DEPLOY_PROXMOXVE_USER_REALM + if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then + _proxmoxve_user_realm="pam" + else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" fi + _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" - _proxmoxve_api_token_name="acme" - if [ -n "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then + _proxmoxve_api_token_name="acme" + else _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi + _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" # This is required. - _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY if [ -z "$_proxmoxve_api_token_key" ];then _err "API key not provided." return 1 + else + _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi + _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key # PVE API Token header value. Used in "Authorization: PVEAPIToken". _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" + _debug2 "Auth Header" _proxmoxve_header_api_token # Generate the data file curl will pass as the data. _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" From 35cf98fff2e69c8afabce3f8444e1c94ed0f9da5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:41:38 -0400 Subject: [PATCH 09/66] sensititive things debugged at a higher level --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 7cc0b850..2c99ab9f 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -25,7 +25,7 @@ proxmoxve_deploy(){ _cfullchain="$5" _debug _cdomain "$_cdomain" - _debug _ckey "$_ckey" + _debug2 _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" From 3cc283cbee2b3ac0997ee0b5a0c1793b0647efd8 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:44:25 -0400 Subject: [PATCH 10/66] not generating files any more --- deploy/proxmoxve.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 2c99ab9f..80be4a3c 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -98,15 +98,6 @@ proxmoxve_deploy(){ _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" _debug2 "Auth Header" _proxmoxve_header_api_token - # Generate the data file curl will pass as the data. - _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" - _proxmoxve_temp_data_file="$_proxmoxve_temp_data/body.json" - # We delete this directory at the end of the script to avoid any conflicts. - if [ ! -d "$_proxmoxve_temp_data" ];then - mkdir -p "$_proxmoxve_temp_data" - # Set to 700 since this file will contain the private key contents. - chmod 700 "$_proxmoxve_temp_data" - fi # Ugly. I hate putting heredocs inside functions because heredocs don't # account for whitespace correctly but it _does_ work and is several times # cleaner than anything else I had here. From 37031721dd23db54900e7d9f0a20f00f7903b667 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:52:18 -0400 Subject: [PATCH 11/66] typo --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 80be4a3c..b15f06df 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -86,7 +86,7 @@ proxmoxve_deploy(){ # This is required. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY - if [ -z "$_proxmoxve_api_token_key" ];then + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ];then _err "API key not provided." return 1 else From 76fe5d8831dbf0a8169f607430a3dd061971840d Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:39:32 -0400 Subject: [PATCH 12/66] those where flipped by mistake --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index b15f06df..2366b34d 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -33,9 +33,9 @@ proxmoxve_deploy(){ # "Sane" defaults. _getdeployconf DEPLOY_PROXMOXVE_SERVER if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then - _target_hostname="$DEPLOY_PROXMOXVE_SERVER" - else _target_hostname="$_cdomain" + else + _target_hostname="$DEPLOY_PROXMOXVE_SERVER" fi _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" From 7900c493af1d035a79c54c8ad429350d7acc8041 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:43:25 -0400 Subject: [PATCH 13/66] debugging for the payload --- deploy/proxmoxve.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 2366b34d..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -114,6 +114,8 @@ proxmoxve_deploy(){ } HEREDOC ) + _debug2 Payload "$_json_payload" + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From a5d5113be34bace02dc9370bed102187aa52e7fe Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:55:12 -0400 Subject: [PATCH 14/66] seems like the escaped new lines aren't remaining escaped new lines with the new version of curl --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..9b01b7c0 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -107,7 +107,7 @@ proxmoxve_deploy(){ _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", - "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" @@ -115,7 +115,7 @@ proxmoxve_deploy(){ HEREDOC ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From 4e625c18dc233a77517bb4be830acc0924972ce0 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:56:46 -0400 Subject: [PATCH 15/66] Revert "seems like the escaped new lines aren't remaining escaped new lines with the new version of curl" This reverts commit a5d5113be34bace02dc9370bed102187aa52e7fe. --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 9b01b7c0..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -107,7 +107,7 @@ proxmoxve_deploy(){ _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", - "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" @@ -115,7 +115,7 @@ proxmoxve_deploy(){ HEREDOC ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From 149310e1ecdec3343757296cab9ebf6975693d5d Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:58:15 -0400 Subject: [PATCH 16/66] '+' are being converted to ' ' at some point --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..a7123bf1 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -106,7 +106,7 @@ proxmoxve_deploy(){ # _psot function. _json_payload=$(cat << HEREDOC { - "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g' -e 's/+/\+/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", From c0da80158005bb40f793f639c12a2d604dbddb7e Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 17:00:36 -0400 Subject: [PATCH 17/66] Revert "'+' are being converted to ' ' at some point" This reverts commit 149310e1ecdec3343757296cab9ebf6975693d5d. --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index a7123bf1..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -106,7 +106,7 @@ proxmoxve_deploy(){ # _psot function. _json_payload=$(cat << HEREDOC { - "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g' -e 's/+/\+/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", From b876128635542d12e7214619994bf1c1947c7fc5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sun, 19 Jun 2022 01:46:10 -0400 Subject: [PATCH 18/66] forced content-type to json --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..f003d2b6 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -119,6 +119,6 @@ HEREDOC # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" - _post "$_json_payload" "$_target_url" + _post "$_json_payload" "$_target_url" "" POST "application/json" } From b3b4811b2c4b9fa875d4744da6152422f55d1c20 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sun, 19 Jun 2022 22:01:56 -0400 Subject: [PATCH 19/66] added savedeployconf to preserve environment variables usedi in initial deployments --- deploy/proxmoxve.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 5f44a147..40012c75 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -36,6 +36,7 @@ proxmoxve_deploy(){ _target_hostname="$_cdomain" else _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + _savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER" fi _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" @@ -44,6 +45,7 @@ proxmoxve_deploy(){ _target_port="8006" else _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" + _savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT" fi _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" @@ -52,6 +54,7 @@ proxmoxve_deploy(){ _node_name=$(echo "$_target_hostname"|cut -d. -f1) else _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" + _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" fi _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" @@ -65,14 +68,16 @@ proxmoxve_deploy(){ _proxmoxve_user="root" else _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" + _savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER" fi - _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user" + _debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user" _getdeployconf DEPLOY_PROXMOXVE_USER_REALM if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then _proxmoxve_user_realm="pam" else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" + _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALMz" fi _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" @@ -81,6 +86,7 @@ proxmoxve_deploy(){ _proxmoxve_api_token_name="acme" else _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" + _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" @@ -91,6 +97,7 @@ proxmoxve_deploy(){ return 1 else _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key From 688a2341273df7c6efda960fcc854c3697805786 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Wed, 22 Jun 2022 18:56:25 +0200 Subject: [PATCH 20/66] Added new 'dns' provider script for https://dns.services --- dnsapi/dns_dnsservices.sh | 239 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 239 insertions(+) create mode 100755 dnsapi/dns_dnsservices.sh diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh new file mode 100755 index 00000000..d5654793 --- /dev/null +++ b/dnsapi/dns_dnsservices.sh @@ -0,0 +1,239 @@ +#!/usr/bin/env sh + +#This file name is "dns_dnsservices.sh" +#Script for Danish DNS registra and DNS hosting provider https://dns.services +# +#Author: Bjarke Bruun +#Report Bugs here: https://github.com/bbruun/acme.sh + +# Global variable to connect to the DNS Services API +DNSServices_API=https://dns.services/api + +######## Public functions ##################### + +#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_dnsservices_add() { + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to create ACME DNS challenge" + _debug2 add_fulldomain "$fulldomain" + _debug2 add_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + #save the credentials to the account conf file. + _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" + _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" + + if ! _contains "$DnsServices_Username" "@"; then + _err "It seems that the username variable DnsServices_Username has not been set/left blank" + _err "or is not a valid email. Please correct and try again." + return 1 + fi + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + if ! createRecord "$fulldomain" "${txtvalue}"; then + _err "Error creating TXT record in domain $fulldomain in $rootZoneName" + return 1 + fi + + _debug2 challenge-created "Created $fulldomain" + return 0 +} + +#Usage: fulldomain txtvalue +#Description: Remove the txt record after validation. +dns_dnsservices_rm() { + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _debug rm_fulldomain "$fulldomain" + _debug rm_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" + + if ! deleteRecord "${fulldomain}" "${txtvalue}"; then + _err "Error removing record: $fulldomain TXT ${txtvalue}" + return 1 + fi + + return 0 +} + +#################### Private functions below ################################## + +_setup_headers() { + # Set up API Headers for _get() and _post() + # The _add or _rm must have been called before to work + + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + _err "Could not setup BASIC authentication headers, they are missing" + return 1 + fi + + DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" + export _H1="Authorization: Basic $DnsServiceCredentials" + export _H2="Content-Type: application/json" + + # Just return if headers are set + return 0 +} + +_get_root() { + domain=$1 + _debug2 _get_root "Get the root domain of ${domain} for DNS API" + + # Setup _get() and _post() headers + #_setup_headers + + result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") + _debug2 _get_root "Got the following root domain(s) $result" + _debug2 _get_root "- JSON: $result" + + if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then + checkMultiZones="true" + _debug2 _get_root "- multiple zones found" + else + checkMultiZones="false" + + fi + + # Find/isolate the root zone to work with in createRecord() and deleteRecord() + rootZone="" + if [ "$checkMultiZones" == "true" ]; then + rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do + if [[ "$zone" =~ "$domain" ]]; then + _debug2 _get_root "- trying to figure out if $zone is in $domain" + echo "$zone" + break + fi + done) + else + rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + _debug2 _get_root "- only found 1 domain in API: $rootZone" + fi + + if [ -z "$rootZone" ]; then + _err "Could not find root domain for $domain - is it correctly typed?" + return 1 + fi + + # Setup variables used by other functions to communicate with DNS Services API + zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + rootZoneName="$rootZone" + subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" + subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" + rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) + rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + + _debug2 _get_root "Root zone name : $rootZoneName" + _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" + _debug2 _get_root "Root zone service ID: $rootZoneServiceID" + _debug2 _get_root "Sub domain : $subDomainName" + + _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" + return 0 + +} + +createRecord() { + fulldomain=$1 + txtvalue="$2" + + # Get root domain information - needed for DNS Services API communication + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi + + _debug2 createRecord "CNAME TXT value is: $txtvalue" + + # Prepare data to send to API + data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" + + _debug2 createRecord "data to API: $data" + result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") + _debug2 createRecord "result from API: $result" + + if [ "$(echo "$result" | grep '"success":true')" == "" ]; then + _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" + _err "$result" + return 1 + fi + + _info "Record \"$fulldomain TXT $txtvalue\" has been created" + return 0 + +} + +deleteRecord() { + fulldomain=$1 + txtvalue=$2 + + if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then + _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" + return 1 + fi + + _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi + + result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" + recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + _debug2 deleteRecord "recordInfo=$recordInfo" + recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + + if [ -z "$recordID" ]; then + _info "Record $fulldomain TXT $txtvalue not found or already deleted" + return 0 + else + _debug2 deleteRecord "Found recordID=$recordID" + fi + + _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" + _debug2 deleteRecord "API Delete result \"$result\"" + + # Return OK regardless + return 0 + +} From 799f509ba9f90e6a6d5b84eaf1d7c6d9730cdbd6 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Wed, 22 Jun 2022 23:19:12 -0400 Subject: [PATCH 21/66] typo --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 40012c75..c156b3a3 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -77,7 +77,7 @@ proxmoxve_deploy(){ _proxmoxve_user_realm="pam" else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" - _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALMz" + _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM" fi _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" From d6eebf82bea04335c9cc98b9e98b8080f59aa33e Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 07:57:05 +0200 Subject: [PATCH 22/66] Removed a few empty lines --- dnsapi/dns_dnsservices.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index d5654793..1869bf65 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -170,7 +170,6 @@ _get_root() { _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" return 0 - } createRecord() { @@ -199,7 +198,6 @@ createRecord() { _info "Record \"$fulldomain TXT $txtvalue\" has been created" return 0 - } deleteRecord() { @@ -235,5 +233,4 @@ deleteRecord() { # Return OK regardless return 0 - } From dc882e6279783efd8b6f3afa99093feff27fb56d Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 08:06:28 +0200 Subject: [PATCH 23/66] Removed empty space --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 1869bf65..f49d8328 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -11,7 +11,7 @@ DNSServices_API=https://dns.services/api ######## Public functions ##################### -#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dnsservices_add() { fulldomain=$1 txtvalue=$2 From 668894fc4d1b2e7b8af4db57a6e5c454f05bfda5 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 23 Jun 2022 14:08:24 +0800 Subject: [PATCH 24/66] Update proxmoxve.sh --- deploy/proxmoxve.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index c156b3a3..91f02e10 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -51,7 +51,7 @@ proxmoxve_deploy(){ _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then - _node_name=$(echo "$_target_hostname"|cut -d. -f1) + _node_name=$(echo "$_target_hostname" | cut -d. -f1) else _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" @@ -92,7 +92,7 @@ proxmoxve_deploy(){ # This is required. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY - if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ];then + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then _err "API key not provided." return 1 else @@ -111,7 +111,8 @@ proxmoxve_deploy(){ # # This dumps the json payload to a variable that should be passable to the # _psot function. - _json_payload=$(cat << HEREDOC + _json_payload=$( + cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", @@ -120,9 +121,9 @@ proxmoxve_deploy(){ "force":"1" } HEREDOC -) + ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From a386826808ae7e7dd2191c8f73ca716cf108067d Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 23 Jun 2022 14:11:36 +0800 Subject: [PATCH 25/66] Update proxmoxve.sh --- deploy/proxmoxve.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 91f02e10..742c977d 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -17,7 +17,7 @@ # user account. Defaults to acme. # `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. -proxmoxve_deploy(){ +proxmoxve_deploy() { _cdomain="$1" _ckey="$2" _ccert="$3" @@ -112,10 +112,10 @@ proxmoxve_deploy(){ # This dumps the json payload to a variable that should be passable to the # _psot function. _json_payload=$( - cat << HEREDOC + cat < Date: Thu, 23 Jun 2022 14:12:53 +0800 Subject: [PATCH 26/66] Update proxmoxve.sh --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 742c977d..216a8fc7 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -115,7 +115,7 @@ proxmoxve_deploy() { cat < Date: Thu, 23 Jun 2022 08:31:40 +0200 Subject: [PATCH 27/66] Code formatting (shfmt) --- dnsapi/dns_dnsservices.sh | 330 +++++++++++++++++++------------------- 1 file changed, 165 insertions(+), 165 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index f49d8328..a131a165 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh #This file name is "dns_dnsservices.sh" -#Script for Danish DNS registra and DNS hosting provider https://dns.services +#Script for Danish DNS registra and DNS hosting provider https://dns.services # #Author: Bjarke Bruun #Report Bugs here: https://github.com/bbruun/acme.sh @@ -13,224 +13,224 @@ DNSServices_API=https://dns.services/api #Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dnsservices_add() { - fulldomain=$1 - txtvalue=$2 + fulldomain=$1 + txtvalue=$2 - _info "Using dns.services to create ACME DNS challenge" - _debug2 add_fulldomain "$fulldomain" - _debug2 add_txtvalue "$txtvalue" + _info "Using dns.services to create ACME DNS challenge" + _debug2 add_fulldomain "$fulldomain" + _debug2 add_txtvalue "$txtvalue" - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi - # Setup GET/POST/DELETE headers - _setup_headers + # Setup GET/POST/DELETE headers + _setup_headers - #save the credentials to the account conf file. - _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" - _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" + #save the credentials to the account conf file. + _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" + _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" - if ! _contains "$DnsServices_Username" "@"; then - _err "It seems that the username variable DnsServices_Username has not been set/left blank" - _err "or is not a valid email. Please correct and try again." - return 1 - fi + if ! _contains "$DnsServices_Username" "@"; then + _err "It seems that the username variable DnsServices_Username has not been set/left blank" + _err "or is not a valid email. Please correct and try again." + return 1 + fi - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi - if ! createRecord "$fulldomain" "${txtvalue}"; then - _err "Error creating TXT record in domain $fulldomain in $rootZoneName" - return 1 - fi + if ! createRecord "$fulldomain" "${txtvalue}"; then + _err "Error creating TXT record in domain $fulldomain in $rootZoneName" + return 1 + fi - _debug2 challenge-created "Created $fulldomain" - return 0 + _debug2 challenge-created "Created $fulldomain" + return 0 } #Usage: fulldomain txtvalue #Description: Remove the txt record after validation. dns_dnsservices_rm() { - fulldomain=$1 - txtvalue=$2 + fulldomain=$1 + txtvalue=$2 - _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" - _debug rm_fulldomain "$fulldomain" - _debug rm_txtvalue "$txtvalue" + _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _debug rm_fulldomain "$fulldomain" + _debug rm_txtvalue "$txtvalue" - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi - # Setup GET/POST/DELETE headers - _setup_headers - - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi + # Setup GET/POST/DELETE headers + _setup_headers - _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" - - if ! deleteRecord "${fulldomain}" "${txtvalue}"; then - _err "Error removing record: $fulldomain TXT ${txtvalue}" - return 1 - fi + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi - return 0 + _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" + + if ! deleteRecord "${fulldomain}" "${txtvalue}"; then + _err "Error removing record: $fulldomain TXT ${txtvalue}" + return 1 + fi + + return 0 } #################### Private functions below ################################## _setup_headers() { - # Set up API Headers for _get() and _post() - # The _add or _rm must have been called before to work + # Set up API Headers for _get() and _post() + # The _add or _rm must have been called before to work - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - _err "Could not setup BASIC authentication headers, they are missing" - return 1 - fi + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + _err "Could not setup BASIC authentication headers, they are missing" + return 1 + fi - DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" - export _H1="Authorization: Basic $DnsServiceCredentials" - export _H2="Content-Type: application/json" + DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" + export _H1="Authorization: Basic $DnsServiceCredentials" + export _H2="Content-Type: application/json" - # Just return if headers are set - return 0 + # Just return if headers are set + return 0 } _get_root() { - domain=$1 - _debug2 _get_root "Get the root domain of ${domain} for DNS API" + domain=$1 + _debug2 _get_root "Get the root domain of ${domain} for DNS API" - # Setup _get() and _post() headers - #_setup_headers + # Setup _get() and _post() headers + #_setup_headers - result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") - _debug2 _get_root "Got the following root domain(s) $result" - _debug2 _get_root "- JSON: $result" + result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") + _debug2 _get_root "Got the following root domain(s) $result" + _debug2 _get_root "- JSON: $result" - if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then - checkMultiZones="true" - _debug2 _get_root "- multiple zones found" - else - checkMultiZones="false" + if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then + checkMultiZones="true" + _debug2 _get_root "- multiple zones found" + else + checkMultiZones="false" - fi + fi - # Find/isolate the root zone to work with in createRecord() and deleteRecord() - rootZone="" - if [ "$checkMultiZones" == "true" ]; then - rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do - if [[ "$zone" =~ "$domain" ]]; then - _debug2 _get_root "- trying to figure out if $zone is in $domain" - echo "$zone" - break - fi - done) - else - rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) - _debug2 _get_root "- only found 1 domain in API: $rootZone" - fi + # Find/isolate the root zone to work with in createRecord() and deleteRecord() + rootZone="" + if [ "$checkMultiZones" == "true" ]; then + rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do + if [[ "$zone" =~ "$domain" ]]; then + _debug2 _get_root "- trying to figure out if $zone is in $domain" + echo "$zone" + break + fi + done) + else + rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + _debug2 _get_root "- only found 1 domain in API: $rootZone" + fi - if [ -z "$rootZone" ]; then - _err "Could not find root domain for $domain - is it correctly typed?" - return 1 - fi + if [ -z "$rootZone" ]; then + _err "Could not find root domain for $domain - is it correctly typed?" + return 1 + fi - # Setup variables used by other functions to communicate with DNS Services API - zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") - rootZoneName="$rootZone" - subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" - subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) - rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + # Setup variables used by other functions to communicate with DNS Services API + zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + rootZoneName="$rootZone" + subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" + subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" + rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) + rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) - _debug2 _get_root "Root zone name : $rootZoneName" - _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" - _debug2 _get_root "Root zone service ID: $rootZoneServiceID" - _debug2 _get_root "Sub domain : $subDomainName" + _debug2 _get_root "Root zone name : $rootZoneName" + _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" + _debug2 _get_root "Root zone service ID: $rootZoneServiceID" + _debug2 _get_root "Sub domain : $subDomainName" - _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" - return 0 + _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" + return 0 } createRecord() { - fulldomain=$1 - txtvalue="$2" - - # Get root domain information - needed for DNS Services API communication - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain - fi + fulldomain=$1 + txtvalue="$2" - _debug2 createRecord "CNAME TXT value is: $txtvalue" + # Get root domain information - needed for DNS Services API communication + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi - # Prepare data to send to API - data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" + _debug2 createRecord "CNAME TXT value is: $txtvalue" - _debug2 createRecord "data to API: $data" - result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") - _debug2 createRecord "result from API: $result" + # Prepare data to send to API + data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" - if [ "$(echo "$result" | grep '"success":true')" == "" ]; then - _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" - _err "$result" - return 1 - fi + _debug2 createRecord "data to API: $data" + result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") + _debug2 createRecord "result from API: $result" - _info "Record \"$fulldomain TXT $txtvalue\" has been created" - return 0 + if [ "$(echo "$result" | grep '"success":true')" == "" ]; then + _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" + _err "$result" + return 1 + fi + + _info "Record \"$fulldomain TXT $txtvalue\" has been created" + return 0 } deleteRecord() { - fulldomain=$1 - txtvalue=$2 + fulldomain=$1 + txtvalue=$2 - if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then - _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" - return 1 - fi + if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then + _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" + return 1 + fi - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain - fi + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi - result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" - _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" + recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + _debug2 deleteRecord "recordInfo=$recordInfo" + recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" - if [ -z "$recordID" ]; then - _info "Record $fulldomain TXT $txtvalue not found or already deleted" - return 0 - else - _debug2 deleteRecord "Found recordID=$recordID" - fi + if [ -z "$recordID" ]; then + _info "Record $fulldomain TXT $txtvalue not found or already deleted" + return 0 + else + _debug2 deleteRecord "Found recordID=$recordID" + fi - _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" - result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" - _debug2 deleteRecord "API Delete result \"$result\"" + _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" + _debug2 deleteRecord "API Delete result \"$result\"" - # Return OK regardless - return 0 + # Return OK regardless + return 0 } From 2f97c789ddc9f6d1689bd8726608e70ad0594af5 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 09:14:17 +0200 Subject: [PATCH 28/66] Code formatting (shellcheck/shfmt) --- dnsapi/dns_dnsservices.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index a131a165..bf56c16b 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -137,9 +137,9 @@ _get_root() { # Find/isolate the root zone to work with in createRecord() and deleteRecord() rootZone="" - if [ "$checkMultiZones" == "true" ]; then + if [ "$checkMultiZones" = "true" ]; then rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do - if [[ "$zone" =~ "$domain" ]]; then + if [ "$(echo "$domain" | grep "$zone")" != "" ]; then _debug2 _get_root "- trying to figure out if $zone is in $domain" echo "$zone" break @@ -178,7 +178,7 @@ createRecord() { # Get root domain information - needed for DNS Services API communication if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain + _get_root "$fulldomain" fi _debug2 createRecord "CNAME TXT value is: $txtvalue" @@ -190,7 +190,7 @@ createRecord() { result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") _debug2 createRecord "result from API: $result" - if [ "$(echo "$result" | grep '"success":true')" == "" ]; then + if [ "$(echo "$result" | grep '"success":true')" = "" ]; then _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" _err "$result" return 1 @@ -204,7 +204,7 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then + if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" return 1 fi @@ -212,13 +212,13 @@ deleteRecord() { _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain + _get_root "$fulldomain" fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From 56a686d3e06c13d867bd7cce2b5e5babbf4c28ab Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 09:21:20 +0200 Subject: [PATCH 29/66] Code formatting (shfmt) --- dnsapi/dns_dnsservices.sh | 322 +++++++++++++++++++------------------- 1 file changed, 161 insertions(+), 161 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index bf56c16b..a7a646c2 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -13,224 +13,224 @@ DNSServices_API=https://dns.services/api #Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dnsservices_add() { - fulldomain=$1 - txtvalue=$2 + fulldomain=$1 + txtvalue=$2 - _info "Using dns.services to create ACME DNS challenge" - _debug2 add_fulldomain "$fulldomain" - _debug2 add_txtvalue "$txtvalue" + _info "Using dns.services to create ACME DNS challenge" + _debug2 add_fulldomain "$fulldomain" + _debug2 add_txtvalue "$txtvalue" - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi - # Setup GET/POST/DELETE headers - _setup_headers + # Setup GET/POST/DELETE headers + _setup_headers - #save the credentials to the account conf file. - _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" - _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" + #save the credentials to the account conf file. + _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" + _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" - if ! _contains "$DnsServices_Username" "@"; then - _err "It seems that the username variable DnsServices_Username has not been set/left blank" - _err "or is not a valid email. Please correct and try again." - return 1 - fi + if ! _contains "$DnsServices_Username" "@"; then + _err "It seems that the username variable DnsServices_Username has not been set/left blank" + _err "or is not a valid email. Please correct and try again." + return 1 + fi - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi - if ! createRecord "$fulldomain" "${txtvalue}"; then - _err "Error creating TXT record in domain $fulldomain in $rootZoneName" - return 1 - fi + if ! createRecord "$fulldomain" "${txtvalue}"; then + _err "Error creating TXT record in domain $fulldomain in $rootZoneName" + return 1 + fi - _debug2 challenge-created "Created $fulldomain" - return 0 + _debug2 challenge-created "Created $fulldomain" + return 0 } #Usage: fulldomain txtvalue #Description: Remove the txt record after validation. dns_dnsservices_rm() { - fulldomain=$1 - txtvalue=$2 + fulldomain=$1 + txtvalue=$2 - _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" - _debug rm_fulldomain "$fulldomain" - _debug rm_txtvalue "$txtvalue" + _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _debug rm_fulldomain "$fulldomain" + _debug rm_txtvalue "$txtvalue" - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi - # Setup GET/POST/DELETE headers - _setup_headers + # Setup GET/POST/DELETE headers + _setup_headers - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi - _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" + _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" - if ! deleteRecord "${fulldomain}" "${txtvalue}"; then - _err "Error removing record: $fulldomain TXT ${txtvalue}" - return 1 - fi + if ! deleteRecord "${fulldomain}" "${txtvalue}"; then + _err "Error removing record: $fulldomain TXT ${txtvalue}" + return 1 + fi - return 0 + return 0 } #################### Private functions below ################################## _setup_headers() { - # Set up API Headers for _get() and _post() - # The _add or _rm must have been called before to work + # Set up API Headers for _get() and _post() + # The _add or _rm must have been called before to work - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - _err "Could not setup BASIC authentication headers, they are missing" - return 1 - fi + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + _err "Could not setup BASIC authentication headers, they are missing" + return 1 + fi - DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" - export _H1="Authorization: Basic $DnsServiceCredentials" - export _H2="Content-Type: application/json" + DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" + export _H1="Authorization: Basic $DnsServiceCredentials" + export _H2="Content-Type: application/json" - # Just return if headers are set - return 0 + # Just return if headers are set + return 0 } _get_root() { - domain=$1 - _debug2 _get_root "Get the root domain of ${domain} for DNS API" + domain=$1 + _debug2 _get_root "Get the root domain of ${domain} for DNS API" - # Setup _get() and _post() headers - #_setup_headers + # Setup _get() and _post() headers + #_setup_headers - result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") - _debug2 _get_root "Got the following root domain(s) $result" - _debug2 _get_root "- JSON: $result" + result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") + _debug2 _get_root "Got the following root domain(s) $result" + _debug2 _get_root "- JSON: $result" - if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then - checkMultiZones="true" - _debug2 _get_root "- multiple zones found" - else - checkMultiZones="false" + if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then + checkMultiZones="true" + _debug2 _get_root "- multiple zones found" + else + checkMultiZones="false" - fi + fi - # Find/isolate the root zone to work with in createRecord() and deleteRecord() - rootZone="" - if [ "$checkMultiZones" = "true" ]; then - rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do - if [ "$(echo "$domain" | grep "$zone")" != "" ]; then - _debug2 _get_root "- trying to figure out if $zone is in $domain" - echo "$zone" - break - fi - done) - else - rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) - _debug2 _get_root "- only found 1 domain in API: $rootZone" - fi + # Find/isolate the root zone to work with in createRecord() and deleteRecord() + rootZone="" + if [ "$checkMultiZones" = "true" ]; then + rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do + if [ "$(echo "$domain" | grep "$zone")" != "" ]; then + _debug2 _get_root "- trying to figure out if $zone is in $domain" + echo "$zone" + break + fi + done) + else + rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + _debug2 _get_root "- only found 1 domain in API: $rootZone" + fi - if [ -z "$rootZone" ]; then - _err "Could not find root domain for $domain - is it correctly typed?" - return 1 - fi + if [ -z "$rootZone" ]; then + _err "Could not find root domain for $domain - is it correctly typed?" + return 1 + fi - # Setup variables used by other functions to communicate with DNS Services API - zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") - rootZoneName="$rootZone" - subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" - subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) - rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + # Setup variables used by other functions to communicate with DNS Services API + zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + rootZoneName="$rootZone" + subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" + subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" + rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) + rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) - _debug2 _get_root "Root zone name : $rootZoneName" - _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" - _debug2 _get_root "Root zone service ID: $rootZoneServiceID" - _debug2 _get_root "Sub domain : $subDomainName" + _debug2 _get_root "Root zone name : $rootZoneName" + _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" + _debug2 _get_root "Root zone service ID: $rootZoneServiceID" + _debug2 _get_root "Sub domain : $subDomainName" - _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" - return 0 + _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" + return 0 } createRecord() { - fulldomain=$1 - txtvalue="$2" + fulldomain=$1 + txtvalue="$2" - # Get root domain information - needed for DNS Services API communication - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root "$fulldomain" - fi + # Get root domain information - needed for DNS Services API communication + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root "$fulldomain" + fi - _debug2 createRecord "CNAME TXT value is: $txtvalue" + _debug2 createRecord "CNAME TXT value is: $txtvalue" - # Prepare data to send to API - data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" + # Prepare data to send to API + data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" - _debug2 createRecord "data to API: $data" - result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") - _debug2 createRecord "result from API: $result" + _debug2 createRecord "data to API: $data" + result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") + _debug2 createRecord "result from API: $result" - if [ "$(echo "$result" | grep '"success":true')" = "" ]; then - _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" - _err "$result" - return 1 - fi + if [ "$(echo "$result" | grep '"success":true')" = "" ]; then + _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" + _err "$result" + return 1 + fi - _info "Record \"$fulldomain TXT $txtvalue\" has been created" - return 0 + _info "Record \"$fulldomain TXT $txtvalue\" has been created" + return 0 } deleteRecord() { - fulldomain=$1 - txtvalue=$2 + fulldomain=$1 + txtvalue=$2 - if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then - _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" - return 1 - fi + if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then + _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" + return 1 + fi - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root "$fulldomain" - fi + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root "$fulldomain" + fi - result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" - _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" + recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + _debug2 deleteRecord "recordInfo=$recordInfo" + recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" - if [ -z "$recordID" ]; then - _info "Record $fulldomain TXT $txtvalue not found or already deleted" - return 0 - else - _debug2 deleteRecord "Found recordID=$recordID" - fi + if [ -z "$recordID" ]; then + _info "Record $fulldomain TXT $txtvalue not found or already deleted" + return 0 + else + _debug2 deleteRecord "Found recordID=$recordID" + fi - _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" - result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" - _debug2 deleteRecord "API Delete result \"$result\"" + _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" + _debug2 deleteRecord "API Delete result \"$result\"" - # Return OK regardless - return 0 + # Return OK regardless + return 0 } From 3bd4d32b8d4446d59002db1d8f376736f66fb57d Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 11:48:39 +0200 Subject: [PATCH 30/66] Updated bug report URL --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index a7a646c2..9525007a 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -4,7 +4,7 @@ #Script for Danish DNS registra and DNS hosting provider https://dns.services # #Author: Bjarke Bruun -#Report Bugs here: https://github.com/bbruun/acme.sh +#Report Bugs here: https://github.com/Neilpang/acme.sh/issues # Global variable to connect to the DNS Services API DNSServices_API=https://dns.services/api From 543c4423a2283b906dfb790733050e353d9e7f3b Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Fri, 24 Jun 2022 07:42:00 +0200 Subject: [PATCH 31/66] Added bug report link to dns_dnsservices.sh --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 9525007a..6abf8ceb 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -4,7 +4,7 @@ #Script for Danish DNS registra and DNS hosting provider https://dns.services # #Author: Bjarke Bruun -#Report Bugs here: https://github.com/Neilpang/acme.sh/issues +#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 # Global variable to connect to the DNS Services API DNSServices_API=https://dns.services/api From 789ebb899001faaf1e3d8e545c295fb4aea34226 Mon Sep 17 00:00:00 2001 From: nil <1993plus@gmail.com> Date: Fri, 1 Jul 2022 09:12:06 +0000 Subject: [PATCH 32/66] Fix dns_huaweicloud provider 1. Fix huaweicloud api use iam account get token fail. 2. Default use ap-southeast-1 project name, don't need query project id. --- dnsapi/dns_huaweicloud.sh | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index ac3ede65..916ce5a3 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -2,7 +2,8 @@ # HUAWEICLOUD_Username # HUAWEICLOUD_Password -# HUAWEICLOUD_ProjectID +# HUAWEICLOUD_DomainName + iam_api="https://iam.myhuaweicloud.com" dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work @@ -14,6 +15,8 @@ dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work # # Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html # +# About "DomainName" parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html +# dns_huaweicloud_add() { fulldomain=$1 @@ -21,16 +24,16 @@ dns_huaweicloud_add() { HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" - HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" # Check information - if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then _err "Not enough information provided to dns_huaweicloud!" return 1 fi unset token # Clear token - token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" if [ -z "${token}" ]; then # Check token _err "dns_api(dns_huaweicloud): Error getting token." return 1 @@ -56,7 +59,7 @@ dns_huaweicloud_add() { # Do saving work if all succeeded _saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" _saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" - _saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}" + _saveaccountconf_mutable HUAWEICLOUD_DomainName "${HUAWEICLOUD_DomainName}" return 0 } @@ -72,16 +75,16 @@ dns_huaweicloud_rm() { HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" - HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" # Check information - if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then _err "Not enough information provided to dns_huaweicloud!" return 1 fi unset token # Clear token - token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" if [ -z "${token}" ]; then # Check token _err "dns_api(dns_huaweicloud): Error getting token." return 1 @@ -253,7 +256,7 @@ _rm_record() { _get_token() { _username=$1 _password=$2 - _project=$3 + _domain_name=$3 _debug "Getting Token" body="{ @@ -267,14 +270,14 @@ _get_token() { \"name\": \"${_username}\", \"password\": \"${_password}\", \"domain\": { - \"name\": \"${_username}\" + \"name\": \"${_domain_name}\" } } } }, \"scope\": { \"project\": { - \"id\": \"${_project}\" + \"name\": \"ap-southeast-1\" } } } @@ -287,3 +290,4 @@ _get_token() { printf "%s" "${_token}" return 0 } + From a46e51e8db9a25ef146fcf2e699142152d25cae1 Mon Sep 17 00:00:00 2001 From: nil <1993plus@gmail.com> Date: Sat, 2 Jul 2022 01:22:46 +0000 Subject: [PATCH 33/66] Update format code. --- dnsapi/dns_huaweicloud.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 916ce5a3..ceda9258 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -4,7 +4,6 @@ # HUAWEICLOUD_Password # HUAWEICLOUD_DomainName - iam_api="https://iam.myhuaweicloud.com" dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work @@ -290,4 +289,3 @@ _get_token() { printf "%s" "${_token}" return 0 } - From a364ab4ea7fffd2512a6650b9ab83829d2e62a40 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Wed, 6 Jul 2022 12:10:19 +0200 Subject: [PATCH 34/66] Added '.' to 'DNS Services' as that is the correct provider name --- dnsapi/dns_dnsservices.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 6abf8ceb..feb4e73f 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -6,7 +6,7 @@ #Author: Bjarke Bruun #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 -# Global variable to connect to the DNS Services API +# Global variable to connect to the DNS.Services API DNSServices_API=https://dns.services/api ######## Public functions ##################### @@ -155,7 +155,7 @@ _get_root() { return 1 fi - # Setup variables used by other functions to communicate with DNS Services API + # Setup variables used by other functions to communicate with DNS.Services API zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") rootZoneName="$rootZone" subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" @@ -176,7 +176,7 @@ createRecord() { fulldomain=$1 txtvalue="$2" - # Get root domain information - needed for DNS Services API communication + # Get root domain information - needed for DNS.Services API communication if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then _get_root "$fulldomain" fi From 444b111a62ec8e7f48cd93aaefdc78816d7ff32e Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 09:40:18 +0200 Subject: [PATCH 35/66] Fixed acmetest for domain acmetestXyzRandomName.github-test. that was explicitly disallowed as it is not _acme-challenge --- dnsapi/dns_dnsservices.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index feb4e73f..89ed0210 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -204,7 +204,8 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then + # Fix for acmetest to limit acme.sh to only work on _acme-challenge and acmeTestXYzRandomName in GitHub actions + if [ "$(echo "$fulldomain" | grep "_acme-challenge\|acmetestXyzRandomName.github-test")" = "" ]; then _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" return 1 fi From eba788e8c9879ca5c9383df9ea4c438415490cdb Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 10:59:25 +0200 Subject: [PATCH 36/66] Removed check for _acme-challenge and acmetestXyzRandomName.github-test sub-domain --- dnsapi/dns_dnsservices.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 89ed0210..788c9680 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -204,12 +204,6 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - # Fix for acmetest to limit acme.sh to only work on _acme-challenge and acmeTestXYzRandomName in GitHub actions - if [ "$(echo "$fulldomain" | grep "_acme-challenge\|acmetestXyzRandomName.github-test")" = "" ]; then - _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" - return 1 - fi - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then From 0afabc60aefa1d4e3dd7dc58a87458869d143526 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 15:00:12 +0200 Subject: [PATCH 37/66] Changed 'grep -E' to '_egrep_o' --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 788c9680..2190d3c6 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,7 +213,7 @@ deleteRecord() { result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o() "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From 1b3e1a7abea9ca7b7f8e077d114aad83416f8304 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 15:05:12 +0200 Subject: [PATCH 38/66] Changed 'grep -E' to '_egrep_o' 'removed ()' --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 2190d3c6..6acb13da 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,7 +213,7 @@ deleteRecord() { result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o() "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From 2cbf1259a8f6e4987e44bb4f14fe20bb2c3f13c4 Mon Sep 17 00:00:00 2001 From: Jordan ERNST Date: Thu, 7 Jul 2022 17:20:23 +0200 Subject: [PATCH 39/66] Fix for ECC certificates --- deploy/mailcow.sh | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 3492cea4..51c71892 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -44,24 +44,14 @@ mailcow_deploy() { return 1 fi - # ECC or RSA - length=$(_readdomainconf Le_Keylength) - if _isEccKey "$length"; then - _info "ECC key type detected" - _cert_name_prefix="ecdsa-" - else - _info "RSA key type detected" - _cert_name_prefix="" - fi - _info "Copying key and cert" - _real_key="$_ssl_path/${_cert_name_prefix}key.pem" + _real_key="$_ssl_path/key.pem" if ! cat "$_ckey" >"$_real_key"; then _err "Error: write key file to: $_real_key" return 1 fi - _real_fullchain="$_ssl_path/${_cert_name_prefix}cert.pem" + _real_fullchain="$_ssl_path/cert.pem" if ! cat "$_cfullchain" >"$_real_fullchain"; then _err "Error: write cert file to: $_real_fullchain" return 1 From c8d17bc3633c2923504065d12aaf232322239fc1 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 20:30:48 +0200 Subject: [PATCH 40/66] Re-commit (removed non-needed #'tag) --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 6acb13da..3e004ec4 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -2,7 +2,7 @@ #This file name is "dns_dnsservices.sh" #Script for Danish DNS registra and DNS hosting provider https://dns.services -# + #Author: Bjarke Bruun #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 From 5ff095786116aea232954ae07872953b4a6147c4 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Fri, 8 Jul 2022 07:49:20 +0200 Subject: [PATCH 41/66] Added empty new line to trigger workflow --- dnsapi/dns_dnsservices.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 3e004ec4..300d0e51 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -229,3 +229,4 @@ deleteRecord() { # Return OK regardless return 0 } + From 41801a60ad2c59ac22bef807b84d845cc1d7d3b7 Mon Sep 17 00:00:00 2001 From: Ry3nlNaToR <49639150+Ry3nlNaToR@users.noreply.github.com> Date: Sat, 9 Jul 2022 14:30:18 +0100 Subject: [PATCH 42/66] Also restart postfix --- deploy/mailcow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 3492cea4..aa29ae9d 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -67,7 +67,7 @@ mailcow_deploy() { return 1 fi - DEFAULT_MAILCOW_RELOAD="docker restart \$(docker ps --quiet --filter name=nginx-mailcow --filter name=dovecot-mailcow)" + DEFAULT_MAILCOW_RELOAD="docker restart \$(docker ps --quiet --filter name=nginx-mailcow --filter name=dovecot-mailcow --filter name=postfix-mailcow)" _reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}" _info "Run reload: $_reload" From 4d8b661d51489d3f9f3ea139cd5844ed1f250ddb Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 17:38:26 +0200 Subject: [PATCH 43/66] dns_world4you: Fix cookie parsing issue Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index bcf256ff..a8d312ad 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -160,24 +160,25 @@ _login() { username="$WORLD4YOU_USERNAME" password="$WORLD4YOU_PASSWORD" csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') - sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + _parse_sessid export _H1="Cookie: W4YSESSID=$sessid" export _H2="X-Requested-With: XMLHttpRequest" body="_username=$username&_password=$password&_csrf_token=$csrf_token" ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded') unset _H2 + _debug ret "$ret" if _contains "$ret" "\"success\":true"; then _info "Successfully logged in" - sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + _parse_sessid else _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" return 1 fi } -# Usage _get_paketnr
+# Usage: _get_paketnr _get_paketnr() { fqdn="$1" form="$2" @@ -200,3 +201,8 @@ _get_paketnr() { PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _tail_n 1 | sed "s|.*$WORLD4YOU_API/\\([0-9]*\\)/.*|\\1|") return 0 } + +# Usage: _parse_sessid +_parse_sessid() { + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | _tail_n 1 | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') +} From 68c2478e0e205a5eb4de1ad62ed30d5d4c1421a2 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 18:55:36 +0200 Subject: [PATCH 44/66] dns_world4you: Handle already logged in sessions Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index a8d312ad..5cb77402 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -49,7 +49,7 @@ dns_world4you_add() { ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') _resethttp - if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then + if _contains "$(_head_n 1 <"$HTTP_HEADER")" '302'; then res=$(_get "$WORLD4YOU_API/$paketnr/dns") if _contains "$res" "successfully"; then return 0 @@ -66,7 +66,7 @@ dns_world4you_add() { return 1 fi else - _err "$(_head_n 3 <"$HTTP_HEADER")" + _err "$(_head_n 1 <"$HTTP_HEADER")" _err "View $HTTP_HEADER for debugging" return 1 fi @@ -113,7 +113,7 @@ dns_world4you_rm() { ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns/record/delete" '' POST 'application/x-www-form-urlencoded') _resethttp - if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then + if _contains "$(_head_n 1 <"$HTTP_HEADER")" '302'; then res=$(_get "$WORLD4YOU_API/$paketnr/dns") if _contains "$res" "successfully"; then return 0 @@ -130,7 +130,7 @@ dns_world4you_rm() { return 1 fi else - _err "$(_head_n 3 <"$HTTP_HEADER")" + _err "$(_head_n 1 <"$HTTP_HEADER")" _err "View $HTTP_HEADER for debugging" return 1 fi @@ -155,11 +155,22 @@ _login() { _saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" _saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD" + _resethttp + export ACME_HTTP_NO_REDIRECTS=1 + page=$(_get "$WORLD4YOU_API/login") + _resethttp + + if _contains "$(_head_n 1 <"$HTTP_HEADER")" '302'; then + _info "Already logged in" + _parse_sessid + return 0 + fi + _info "Logging in..." username="$WORLD4YOU_USERNAME" password="$WORLD4YOU_PASSWORD" - csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') + csrf_token=$(echo "$page" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') _parse_sessid export _H1="Cookie: W4YSESSID=$sessid" From a8f71f79feff9ee3fd4b07352a36b3274f0cf3cb Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 19:25:31 +0200 Subject: [PATCH 45/66] dns_world4you: Update error handling Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 5cb77402..e3fff426 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -66,8 +66,8 @@ dns_world4you_add() { return 1 fi else - _err "$(_head_n 1 <"$HTTP_HEADER")" - _err "View $HTTP_HEADER for debugging" + msg=$(echo "$ret" | grep '"form-error-message"' | sed 's/^.*
\([^<]*\)<\/div>.*$/\1/') + _err "Unable to add record: my.world4you.com: $msg" return 1 fi } @@ -130,8 +130,8 @@ dns_world4you_rm() { return 1 fi else - _err "$(_head_n 1 <"$HTTP_HEADER")" - _err "View $HTTP_HEADER for debugging" + msg=$(echo "$ret" | grep "form-error-message" | sed 's/^.*
\([^<]*\)<\/div>.*$/\1/') + _err "Unable to remove record: my.world4you.com: $msg" return 1 fi } @@ -184,7 +184,8 @@ _login() { _info "Successfully logged in" _parse_sessid else - _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" + msg=$(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/') + _err "Unable to log in: my.world4you.com: $msg" return 1 fi } From ed15ff0515eb2c3a708e211b8ff412966f771648 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 20:30:41 +0200 Subject: [PATCH 46/66] dns_world4you: Fix upper case fqdn issues Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index e3fff426..0e14b9e8 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -12,7 +12,7 @@ RECORD='' # Usage: dns_world4you_add dns_world4you_add() { - fqdn="$1" + fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') value="$2" _info "Using world4you to add record" _debug fulldomain "$fqdn" @@ -74,7 +74,7 @@ dns_world4you_add() { # Usage: dns_world4you_rm dns_world4you_rm() { - fqdn="$1" + fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') value="$2" _info "Using world4you to remove record" _debug fulldomain "$fqdn" From 29f12ddaf4920cebc5444d8c31996a433e4868e3 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 22:22:12 +0200 Subject: [PATCH 47/66] dns_world4you: Improve error message handling Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 0e14b9e8..67e6d118 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -54,7 +54,7 @@ dns_world4you_add() { if _contains "$res" "successfully"; then return 0 else - msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>\|^\s*//g') + msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>//g' | sed 's/^\s*//g') if [ "$msg" = '' ]; then _err "Unable to add record: Unknown error" echo "$ret" >'error-01.html' @@ -118,7 +118,7 @@ dns_world4you_rm() { if _contains "$res" "successfully"; then return 0 else - msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>\|^\s*//g') + msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>//g' | sed 's/^\s*//g') if [ "$msg" = '' ]; then _err "Unable to remove record: Unknown error" echo "$ret" >'error-01.html' From 80d30bdd30f192cdd9b003d903e20b1f874c72e6 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 14:08:37 +0200 Subject: [PATCH 48/66] Removed empty new line to trigger workflow --- dnsapi/dns_dnsservices.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 300d0e51..3e004ec4 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -229,4 +229,3 @@ deleteRecord() { # Return OK regardless return 0 } - From c1ba4f1b55faad5e2991592cf538681b478f11ad Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 16:43:34 +0200 Subject: [PATCH 49/66] Added forced _log to debug deletion of records in GH Actions --- dnsapi/dns_dnsservices.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 3e004ec4..78588ada 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -64,7 +64,7 @@ dns_dnsservices_rm() { fulldomain=$1 txtvalue=$2 - _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _info "Using dns.services to remove DNS record $fulldomain TXT $txtvalue" _debug rm_fulldomain "$fulldomain" _debug rm_txtvalue "$txtvalue" @@ -204,7 +204,7 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + _log deleteRecord "Deleting $fulldomain TXT $txtvalue record" if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then _get_root "$fulldomain" From df199c5788972aec58e40a1e9e05e844bfe15f7c Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 18:11:55 +0200 Subject: [PATCH 50/66] Updated API call for OpenBSD sed and tr as newlines does not work there --- dnsapi/dns_dnsservices.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 78588ada..d591ce3b 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -156,12 +156,13 @@ _get_root() { fi # Setup variables used by other functions to communicate with DNS.Services API - zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + #zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + zoneInfo=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g') rootZoneName="$rootZone" subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) - rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + rootZoneDomainID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g') + rootZoneServiceID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"service_id":")([^"]*)"(.*)$,\2,g') _debug2 _get_root "Root zone name : $rootZoneName" _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" @@ -190,7 +191,7 @@ createRecord() { result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") _debug2 createRecord "result from API: $result" - if [ "$(echo "$result" | grep '"success":true')" = "" ]; then + if [ "$(echo "$result" | _egrep_o "\"success\":true")" = "" ]; then _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" _err "$result" return 1 @@ -211,7 +212,7 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + recordInfo="$(echo "$result" | tr '}' '\n' | _egrep_o "\"name\":\"${fulldomain}" | _egrep_o "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" From ae71a5abf629b937e23e06410a41ac45a009a575 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 18:16:03 +0200 Subject: [PATCH 51/66] Added debug for API result --- dnsapi/dns_dnsservices.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index d591ce3b..f87509c2 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -157,13 +157,14 @@ _get_root() { # Setup variables used by other functions to communicate with DNS.Services API #zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") - zoneInfo=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g') + zoneInfo=$(echo "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g' | grep "\"$rootZone\"") rootZoneName="$rootZone" subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g') - rootZoneServiceID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"service_id":")([^"]*)"(.*)$,\2,g') + rootZoneDomainID=$(echo "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g') + rootZoneServiceID=$(echo "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"service_id":")([^"]*)"(.*)$,\2,g') + _debug2 _zoneInfo "Zone info from API : $zoneInfo" _debug2 _get_root "Root zone name : $rootZoneName" _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" _debug2 _get_root "Root zone service ID: $rootZoneServiceID" From b1b336804d624287cf885c61a16f925ca4569255 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 16:26:45 +0200 Subject: [PATCH 52/66] Fixed a missed 'grep -o' to _egrep_o() --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index f87509c2..82e9b5c5 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -146,7 +146,7 @@ _get_root() { fi done) else - rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + rootZone=$(echo "$result" | _egrep_o '"name":"[^"]*' | cut -d'"' -f4) _debug2 _get_root "- only found 1 domain in API: $rootZone" fi From e4387e4aad97f1296ef49681433afb2ac95a75e8 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:04:28 +0200 Subject: [PATCH 53/66] Updated delete function --- dnsapi/dns_dnsservices.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 82e9b5c5..f2a7608e 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,9 +213,10 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | _egrep_o "\"name\":\"${fulldomain}" | _egrep_o "\"content\":\"" | grep "${txtvalue}")" - _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" + recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" + recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" + recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" @@ -225,8 +226,10 @@ deleteRecord() { fi _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + _log "curl DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" _debug2 deleteRecord "API Delete result \"$result\"" + _log "curl API Delete result \"$result\"" # Return OK regardless return 0 From 5f44c195e99d1e415d2f490412347dbf2e52dc15 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:10:20 +0200 Subject: [PATCH 54/66] Removed unused variable --- dnsapi/dns_dnsservices.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index f2a7608e..9d913d39 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -215,8 +215,8 @@ deleteRecord() { result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" - recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" - recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" + #recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" + #recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From e5aeff50dc52febc6b44e22e258950732a2049e1 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:20:24 +0200 Subject: [PATCH 55/66] Removed spaces (shfmt) --- dnsapi/dns_dnsservices.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 9d913d39..71ed705d 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,10 +213,8 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" - recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" - #recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" - #recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" + recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" + recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From bcc967933926d71507a06eca2497fd7223a717d4 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:21:38 +0200 Subject: [PATCH 56/66] Removed spaces (shfmt) (missed one) --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 71ed705d..9f2220fe 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,7 +213,7 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" + recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then From e2eb685d76311761b5516830b81093892ab73375 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 13 Jul 2022 21:06:57 +0800 Subject: [PATCH 57/66] upgrade FreeBSD 13.1 --- .github/workflows/DNS.yml | 2 +- .github/workflows/FreeBSD.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 5f6cdac9..720cfaab 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -188,7 +188,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.4 + - uses: vmactions/freebsd-vm@v0.1.7 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 4d310f05..6f8797db 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.5 + - uses: vmactions/freebsd-vm@v0.1.7 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 3a29e0345852733b5690d8e40f9110330d009b41 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Thu, 14 Jul 2022 11:25:59 +0200 Subject: [PATCH 58/66] dns_world4you: Use _lower_case instead of tr Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 67e6d118..a0a83c37 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -12,7 +12,7 @@ RECORD='' # Usage: dns_world4you_add dns_world4you_add() { - fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') + fqdn=$(echo "$1" | _lower_case) value="$2" _info "Using world4you to add record" _debug fulldomain "$fqdn" @@ -74,7 +74,7 @@ dns_world4you_add() { # Usage: dns_world4you_rm dns_world4you_rm() { - fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') + fqdn=$(echo "$1" | _lower_case) value="$2" _info "Using world4you to remove record" _debug fulldomain "$fqdn" From 19790e9011bba37365e80adebfd27ae12d2322e5 Mon Sep 17 00:00:00 2001 From: Maxime-J Date: Thu, 14 Jul 2022 10:54:37 +0000 Subject: [PATCH 59/66] dns_ovh: save OVH_CK in all cases --- dnsapi/dns_ovh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index b382e52f..2252f03a 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -118,6 +118,7 @@ _initAuth() { #return and wait for retry. return 1 fi + _saveaccountconf OVH_CK "$OVH_CK" _info "Checking authentication" @@ -235,7 +236,6 @@ _ovh_authentication() { _secure_debug consumerKey "$consumerKey" OVH_CK="$consumerKey" - _saveaccountconf OVH_CK "$OVH_CK" _info "Please open this link to do authentication: $(__green "$validationUrl")" From c0097497be609609743f861a49005ae9c2666b3f Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 17 Jul 2022 11:48:58 +0800 Subject: [PATCH 60/66] Upgrade FreeBSD version https://github.com/vmactions/freebsd-vm --- .github/workflows/FreeBSD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 6f8797db..027b7caf 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.7 + - uses: vmactions/freebsd-vm@v0.1.8 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From ddabc38e3f8be529dc5e4b466c380f0ceb63d018 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 17 Jul 2022 11:49:58 +0800 Subject: [PATCH 61/66] upgrade OpenBSD https://github.com/vmactions/openbsd-vm --- .github/workflows/OpenBSD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 2b974a81..0d3465de 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.1 + - uses: vmactions/openbsd-vm@v0.0.4 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 3e628f267805caf8c5b3271fe53abb8bd3a73055 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 17 Jul 2022 11:53:23 +0800 Subject: [PATCH 62/66] Upgrade NetBSD https://github.com/vmactions/netbsd-vm --- .github/workflows/DNS.yml | 6 +++--- .github/workflows/NetBSD.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 720cfaab..b9389438 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -188,7 +188,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.7 + - uses: vmactions/freebsd-vm@v0.1.8 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -270,7 +270,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.1 + - uses: vmactions/openbsd-vm@v0.0.4 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg_add socat curl @@ -310,7 +310,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.1 + - uses: vmactions/netbsd-vm@v0.0.2 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index d5a98586..609d1131 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.1 + - uses: vmactions/netbsd-vm@v0.0.2 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 0717f8591c89a32dd6c474b4cfe28aac7d493e86 Mon Sep 17 00:00:00 2001 From: Aleksandr Kunin Date: Sun, 17 Jul 2022 21:15:47 +0700 Subject: [PATCH 63/66] Update to Vultr Api v2 - change endpoints - change Api-Key header to Authorization: Bearer --- dnsapi/dns_vultr.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_vultr.sh b/dnsapi/dns_vultr.sh index 84857966..bd925fdb 100644 --- a/dnsapi/dns_vultr.sh +++ b/dnsapi/dns_vultr.sh @@ -3,10 +3,10 @@ # #VULTR_API_KEY=000011112222333344445555666677778888 -VULTR_Api="https://api.vultr.com/v1" +VULTR_Api="https://api.vultr.com/v2" ######## Public functions ##################### - +# #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_vultr_add() { fulldomain=$1 @@ -31,14 +31,14 @@ dns_vultr_add() { _debug _domain "$_domain" _debug 'Getting txt records' - _vultr_rest GET "dns/records?domain=$_domain" + _vultr_rest GET "domains/$_domain/records" if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then _err 'Error' return 1 fi - if ! _vultr_rest POST 'dns/create_record' "domain=$_domain&name=$_sub_domain&data=\"$txtvalue\"&type=TXT"; then + if ! _vultr_rest POST "domains/$_domain/records" "{\"name\":\"$_sub_domain\",\"data\":\"$txtvalue\",\"type\":\"TXT\"}"; then _err "$response" return 1 fi @@ -71,14 +71,14 @@ dns_vultr_rm() { _debug _domain "$_domain" _debug 'Getting txt records' - _vultr_rest GET "dns/records?domain=$_domain" + _vultr_rest GET "domains/$_domain/records" if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then _err 'Error' return 1 fi - _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)" + _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'id' | cut -d : -f 2)" _debug _record_id "$_record_id" if [ "$_record_id" ]; then _info "Successfully retrieved the record id for ACME challenge." @@ -87,7 +87,7 @@ dns_vultr_rm() { return 0 fi - if ! _vultr_rest POST 'dns/delete_record' "domain=$_domain&RECORDID=$_record_id"; then + if ! _vultr_rest DELETE "domains/$_domain/records/$_record_id"; then _err "$response" return 1 fi @@ -112,11 +112,11 @@ _get_root() { return 1 fi - if ! _vultr_rest GET "dns/list"; then + if ! _vultr_rest GET "domains"; then return 1 fi - if printf "%s\n" "$response" | grep '^\[.*\]' >/dev/null; then + if printf "%s\n" "$response" | grep '^\{.*\}' >/dev/null; then if _contains "$response" "\"domain\":\"$_domain\""; then _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" return 0 @@ -141,8 +141,8 @@ _vultr_rest() { api_key_trimmed=$(echo $VULTR_API_KEY | tr -d '"') - export _H1="Api-Key: $api_key_trimmed" - export _H2='Content-Type: application/x-www-form-urlencoded' + export _H1="Authorization: Bearer $api_key_trimmed" + export _H2='Content-Type: application/json' if [ "$m" != "GET" ]; then _debug data "$data" From bc920949cba1eb73cbb2f5fd38e2d489096e054d Mon Sep 17 00:00:00 2001 From: Grigory Starinkin Date: Mon, 18 Jul 2022 10:50:50 +0100 Subject: [PATCH 64/66] Add Slack App notification hook Slack Incoming webhooks is a legacy custom integration - an outdated way for teams to integrate with Slack. These integrations lack newer features and they will be deprecated and possibly removed in the future. Slack team do not recommend their use. Instead, it's suggested to use Slack apps. --- notify/slack_app.sh | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 notify/slack_app.sh diff --git a/notify/slack_app.sh b/notify/slack_app.sh new file mode 100755 index 00000000..5b012a41 --- /dev/null +++ b/notify/slack_app.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env sh + +#Support Slack APP notifications + +#SLACK_APP_CHANNEL="" +#SLACK_APP_TOKEN="" + +slack_app_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" + + SLACK_APP_CHANNEL="${SLACK_APP_CHANNEL:-$(_readaccountconf_mutable SLACK_APP_CHANNEL)}" + if [ -n "$SLACK_APP_CHANNEL" ]; then + _saveaccountconf_mutable SLACK_APP_CHANNEL "$SLACK_APP_CHANNEL" + fi + + SLACK_APP_TOKEN="${SLACK_APP_TOKEN:-$(_readaccountconf_mutable SLACK_APP_TOKEN)}" + if [ -n "$SLACK_APP_TOKEN" ]; then + _saveaccountconf_mutable SLACK_APP_TOKEN "$SLACK_APP_TOKEN" + fi + + _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" + _data="{\"text\": \"$_content\", " + if [ -n "$SLACK_APP_CHANNEL" ]; then + _data="$_data\"channel\": \"$SLACK_APP_CHANNEL\", " + fi + _data="$_data\"mrkdwn\": \"true\"}" + + export _H1="Authorization: Bearer $SLACK_APP_TOKEN" + + SLACK_APP_API_URL="https://slack.com/api/chat.postMessage" + if _post "$_data" "$SLACK_APP_API_URL" "" "POST" "application/json; charset=utf-8"; then + SLACK_APP_RESULT_OK=$(echo "$response" | _egrep_o 'ok" *: *true') + if [ "$?" = "0" ] && [ "$SLACK_APP_RESULT_OK" ]; then + _info "slack send success." + return 0 + fi + fi + _err "slack send error." + _err "$response" + return 1 +} From d8a4e47a130fd87953bf9c495d3fcc1897848a89 Mon Sep 17 00:00:00 2001 From: Grigory Starinkin Date: Mon, 18 Jul 2022 17:20:25 +0100 Subject: [PATCH 65/66] disable "$response is referenced but not assigned" warning the variable is assigned by the `_post` call --- notify/slack_app.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/notify/slack_app.sh b/notify/slack_app.sh index 5b012a41..84d4733a 100755 --- a/notify/slack_app.sh +++ b/notify/slack_app.sh @@ -32,6 +32,7 @@ slack_app_send() { SLACK_APP_API_URL="https://slack.com/api/chat.postMessage" if _post "$_data" "$SLACK_APP_API_URL" "" "POST" "application/json; charset=utf-8"; then + # shellcheck disable=SC2154 SLACK_APP_RESULT_OK=$(echo "$response" | _egrep_o 'ok" *: *true') if [ "$?" = "0" ] && [ "$SLACK_APP_RESULT_OK" ]; then _info "slack send success." From 328dbd57d426c64ebead7318a22827e958c053bc Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 24 Jul 2022 16:20:44 +0800 Subject: [PATCH 66/66] fix for solaris --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3d65612f..ef37f163 100755 --- a/acme.sh +++ b/acme.sh @@ -1196,7 +1196,7 @@ _createkey() { _is_idn() { _is_idn_d="$1" _debug2 _is_idn_d "$_is_idn_d" - _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '0-9' | tr -d 'a-z' | tr -d 'A-Z' | tr -d '*.,-_') + _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d [0-9] | tr -d [a-z] | tr -d [A-Z] | tr -d '*.,-_') _debug2 _idn_temp "$_idn_temp" [ "$_idn_temp" ] }