commit
4adb525513
|
@ -0,0 +1,16 @@
|
|||
name: shellcheck
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
formatCheck:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install Shellcheck
|
||||
run: sudo apt-get install -y shellcheck
|
||||
- name: DoShellcheck
|
||||
run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK"
|
||||
- name: Install shfmt
|
||||
run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
|
||||
- name: shfmt
|
||||
run: ~/shfmt -l -w -i 2 . ; git diff --exit-code && echo "shfmt OK"
|
|
@ -1,9 +1,10 @@
|
|||
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)
|
||||
|
||||
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a>
|
||||
[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||
[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
|
||||
[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
|
||||
|
||||
![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg)
|
||||
|
||||
acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial
|
||||
|
||||
|
|
85
acme.sh
85
acme.sh
|
@ -1077,11 +1077,11 @@ _isEccKey() {
|
|||
return 1
|
||||
fi
|
||||
|
||||
[ "$_length" != "1024" ] \
|
||||
&& [ "$_length" != "2048" ] \
|
||||
&& [ "$_length" != "3072" ] \
|
||||
&& [ "$_length" != "4096" ] \
|
||||
&& [ "$_length" != "8192" ]
|
||||
[ "$_length" != "1024" ] &&
|
||||
[ "$_length" != "2048" ] &&
|
||||
[ "$_length" != "3072" ] &&
|
||||
[ "$_length" != "4096" ] &&
|
||||
[ "$_length" != "8192" ]
|
||||
}
|
||||
|
||||
# _createkey 2048|ec-256 file
|
||||
|
@ -1473,7 +1473,7 @@ createDomainKey() {
|
|||
|
||||
_initpath "$domain" "$_cdl"
|
||||
|
||||
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
|
||||
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$_ACME_IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
|
||||
if _createkey "$_cdl" "$CERT_KEY_PATH"; then
|
||||
_savedomainconf Le_Keylength "$_cdl"
|
||||
_info "The domain key is here: $(__green $CERT_KEY_PATH)"
|
||||
|
@ -1483,7 +1483,7 @@ createDomainKey() {
|
|||
return 1
|
||||
fi
|
||||
else
|
||||
if [ "$IS_RENEW" ]; then
|
||||
if [ "$_ACME_IS_RENEW" ]; then
|
||||
_info "Domain key exists, skip"
|
||||
return 0
|
||||
else
|
||||
|
@ -1509,7 +1509,7 @@ createCSR() {
|
|||
|
||||
_initpath "$domain" "$_isEcc"
|
||||
|
||||
if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then
|
||||
if [ -f "$CSR_PATH" ] && [ "$_ACME_IS_RENEW" ] && [ -z "$FORCE" ]; then
|
||||
_info "CSR exists, skip"
|
||||
return
|
||||
fi
|
||||
|
@ -2585,7 +2585,7 @@ _initpath() {
|
|||
. "$ACCOUNT_CONF_PATH"
|
||||
fi
|
||||
|
||||
if [ "$ACME_IN_CRON" ]; then
|
||||
if [ "$_ACME_IN_CRON" ]; then
|
||||
if [ ! "$_USER_PATH_EXPORTED" ]; then
|
||||
_USER_PATH_EXPORTED=1
|
||||
export PATH="$USER_PATH:$PATH"
|
||||
|
@ -2599,7 +2599,7 @@ _initpath() {
|
|||
if [ -z "$ACME_DIRECTORY" ]; then
|
||||
if [ "$STAGE" ]; then
|
||||
ACME_DIRECTORY="$DEFAULT_STAGING_CA"
|
||||
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY"
|
||||
_info "Using ACME_DIRECTORY: $ACME_DIRECTORY"
|
||||
else
|
||||
default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER")
|
||||
_debug default_acme_server "$default_acme_server"
|
||||
|
@ -3387,7 +3387,7 @@ _on_issue_err() {
|
|||
)
|
||||
fi
|
||||
|
||||
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
|
||||
if [ "$_ACME_IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
|
||||
_err "$_DNS_MANUAL_ERR"
|
||||
fi
|
||||
|
||||
|
@ -3419,7 +3419,7 @@ _on_issue_success() {
|
|||
fi
|
||||
|
||||
#run renew hook
|
||||
if [ "$IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
|
||||
if [ "$_ACME_IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
|
||||
_info "Run renew hook:'$_chk_renew_hook'"
|
||||
if ! (
|
||||
export CERT_PATH
|
||||
|
@ -3990,17 +3990,22 @@ _check_dns_entries() {
|
|||
}
|
||||
|
||||
#file
|
||||
_get_cert_issuer() {
|
||||
_get_cert_issuers() {
|
||||
_cfile="$1"
|
||||
echo $(openssl x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2)
|
||||
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then
|
||||
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | openssl pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
|
||||
else
|
||||
${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
|
||||
fi
|
||||
}
|
||||
|
||||
#cert issuer
|
||||
_match_issuer() {
|
||||
_cfile="$1"
|
||||
_missuer="$2"
|
||||
_fissuer=$(_get_cert_issuer $_cfile)
|
||||
[ "$_missuer" = "$_fissuer" ]
|
||||
_fissuers="$(_get_cert_issuers $_cfile)"
|
||||
_debug2 _fissuers "$_fissuers"
|
||||
_contains "$_fissuers" "$_missuer"
|
||||
}
|
||||
|
||||
#webroot, domain domainlist keylength
|
||||
|
@ -4037,7 +4042,7 @@ issue() {
|
|||
_challenge_alias="${14}"
|
||||
_preferred_chain="${15}"
|
||||
|
||||
if [ ! "$IS_RENEW" ]; then
|
||||
if [ -z "$_ACME_IS_RENEW" ]; then
|
||||
_initpath "$_main_domain" "$_key_length"
|
||||
mkdir -p "$DOMAIN_PATH"
|
||||
fi
|
||||
|
@ -4689,7 +4694,8 @@ $_authorizations_map"
|
|||
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
|
||||
|
||||
if [ "$ACME_VERSION" = "2" ]; then
|
||||
_info "Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize"
|
||||
_info "Lets finalize the order."
|
||||
_info "Le_OrderFinalize" "$Le_OrderFinalize"
|
||||
if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
|
||||
_err "Sign failed."
|
||||
_on_issue_err "$_post_hook"
|
||||
|
@ -4760,7 +4766,8 @@ $_authorizations_map"
|
|||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
_info "Downloading cert, Le_LinkCert: $Le_LinkCert"
|
||||
_info "Downloading cert."
|
||||
_info "Le_LinkCert" "$Le_LinkCert"
|
||||
if ! _send_signed_request "$Le_LinkCert"; then
|
||||
_err "Sign failed, can not download cert:$Le_LinkCert."
|
||||
_err "$response"
|
||||
|
@ -4771,10 +4778,8 @@ $_authorizations_map"
|
|||
echo "$response" >"$CERT_PATH"
|
||||
_split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH"
|
||||
|
||||
if [ "$_preferred_chain" ]; then
|
||||
_cert_issuer=$(_get_cert_issuer "$CA_CERT_PATH")
|
||||
_debug _cert_issuer "$_cert_issuer"
|
||||
if ! _match_issuer "$CA_CERT_PATH" "$_preferred_chain"; then
|
||||
if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then
|
||||
if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then
|
||||
rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)"
|
||||
_debug2 "rels" "$rels"
|
||||
for rel in $rels; do
|
||||
|
@ -4789,7 +4794,7 @@ $_authorizations_map"
|
|||
_relca="$CA_CERT_PATH.alt"
|
||||
echo "$response" >"$_relcert"
|
||||
_split_cert_chain "$_relcert" "$_relfullchain" "$_relca"
|
||||
if _match_issuer "$_relca" "$_preferred_chain"; then
|
||||
if _match_issuer "$_relfullchain" "$_preferred_chain"; then
|
||||
_info "Matched issuer in: $rel"
|
||||
cat $_relcert >"$CERT_PATH"
|
||||
cat $_relfullchain >"$CERT_FULLCHAIN_PATH"
|
||||
|
@ -4842,7 +4847,7 @@ $_authorizations_map"
|
|||
_info "Your cert key is in $(__green " $CERT_KEY_PATH ")"
|
||||
fi
|
||||
|
||||
if [ ! "$USER_PATH" ] || [ ! "$ACME_IN_CRON" ]; then
|
||||
if [ ! "$USER_PATH" ] || [ ! "$_ACME_IN_CRON" ]; then
|
||||
USER_PATH="$PATH"
|
||||
_saveaccountconf "USER_PATH" "$USER_PATH"
|
||||
fi
|
||||
|
@ -5033,12 +5038,12 @@ renew() {
|
|||
return "$RENEW_SKIP"
|
||||
fi
|
||||
|
||||
if [ "$ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
|
||||
if [ "$_ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
|
||||
_info "Skip invalid cert for: $Le_Domain"
|
||||
return $RENEW_SKIP
|
||||
fi
|
||||
|
||||
IS_RENEW="1"
|
||||
_ACME_IS_RENEW="1"
|
||||
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
|
||||
Le_PreHook="$(_readdomainconf Le_PreHook)"
|
||||
Le_PostHook="$(_readdomainconf Le_PostHook)"
|
||||
|
@ -5054,7 +5059,7 @@ renew() {
|
|||
res="$?"
|
||||
fi
|
||||
|
||||
IS_RENEW=""
|
||||
_ACME_IS_RENEW=""
|
||||
|
||||
return "$res"
|
||||
}
|
||||
|
@ -5094,7 +5099,7 @@ renewAll() {
|
|||
_error_level="$NOTIFY_LEVEL_RENEW"
|
||||
_notify_code=0
|
||||
fi
|
||||
if [ "$ACME_IN_CRON" ]; then
|
||||
if [ "$_ACME_IN_CRON" ]; then
|
||||
if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then
|
||||
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
||||
_send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0
|
||||
|
@ -5108,7 +5113,7 @@ renewAll() {
|
|||
_error_level="$NOTIFY_LEVEL_SKIP"
|
||||
_notify_code=$RENEW_SKIP
|
||||
fi
|
||||
if [ "$ACME_IN_CRON" ]; then
|
||||
if [ "$_ACME_IN_CRON" ]; then
|
||||
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then
|
||||
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
||||
_send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP"
|
||||
|
@ -5123,7 +5128,7 @@ renewAll() {
|
|||
_error_level="$NOTIFY_LEVEL_ERROR"
|
||||
_notify_code=1
|
||||
fi
|
||||
if [ "$ACME_IN_CRON" ]; then
|
||||
if [ "$_ACME_IN_CRON" ]; then
|
||||
if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then
|
||||
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
||||
_send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1
|
||||
|
@ -5144,7 +5149,7 @@ renewAll() {
|
|||
done
|
||||
_debug _error_level "$_error_level"
|
||||
_debug _set_level "$_set_level"
|
||||
if [ "$ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then
|
||||
if [ "$_ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then
|
||||
if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then
|
||||
_msg_subject="Renew"
|
||||
if [ "$_error_msg" ]; then
|
||||
|
@ -5442,7 +5447,7 @@ _installcert() {
|
|||
|
||||
if [ "$_real_cert" ]; then
|
||||
_info "Installing cert to:$_real_cert"
|
||||
if [ -f "$_real_cert" ] && [ ! "$IS_RENEW" ]; then
|
||||
if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||
cp "$_real_cert" "$_backup_path/cert.bak"
|
||||
fi
|
||||
cat "$CERT_PATH" >"$_real_cert" || return 1
|
||||
|
@ -5454,7 +5459,7 @@ _installcert() {
|
|||
echo "" >>"$_real_ca"
|
||||
cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
|
||||
else
|
||||
if [ -f "$_real_ca" ] && [ ! "$IS_RENEW" ]; then
|
||||
if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||
cp "$_real_ca" "$_backup_path/ca.bak"
|
||||
fi
|
||||
cat "$CA_CERT_PATH" >"$_real_ca" || return 1
|
||||
|
@ -5463,7 +5468,7 @@ _installcert() {
|
|||
|
||||
if [ "$_real_key" ]; then
|
||||
_info "Installing key to:$_real_key"
|
||||
if [ -f "$_real_key" ] && [ ! "$IS_RENEW" ]; then
|
||||
if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||
cp "$_real_key" "$_backup_path/key.bak"
|
||||
fi
|
||||
if [ -f "$_real_key" ]; then
|
||||
|
@ -5476,7 +5481,7 @@ _installcert() {
|
|||
|
||||
if [ "$_real_fullchain" ]; then
|
||||
_info "Installing full chain to:$_real_fullchain"
|
||||
if [ -f "$_real_fullchain" ] && [ ! "$IS_RENEW" ]; then
|
||||
if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||
cp "$_real_fullchain" "$_backup_path/fullchain.bak"
|
||||
fi
|
||||
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
|
||||
|
@ -6093,7 +6098,7 @@ install() {
|
|||
_debug "Skip install cron job"
|
||||
fi
|
||||
|
||||
if [ "$ACME_IN_CRON" != "1" ]; then
|
||||
if [ "$_ACME_IN_CRON" != "1" ]; then
|
||||
if ! _precheck "$_nocron"; then
|
||||
_err "Pre-check failed, can not install."
|
||||
return 1
|
||||
|
@ -6150,7 +6155,7 @@ install() {
|
|||
|
||||
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
|
||||
|
||||
if [ "$ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then
|
||||
if [ "$_ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then
|
||||
_installalias "$_c_home"
|
||||
fi
|
||||
|
||||
|
@ -6248,7 +6253,7 @@ _uninstallalias() {
|
|||
}
|
||||
|
||||
cron() {
|
||||
export ACME_IN_CRON=1
|
||||
export _ACME_IN_CRON=1
|
||||
_initpath
|
||||
_info "$(__green "===Starting cron===")"
|
||||
if [ "$AUTO_UPGRADE" = "1" ]; then
|
||||
|
@ -6269,7 +6274,7 @@ cron() {
|
|||
fi
|
||||
renewAll
|
||||
_ret="$?"
|
||||
ACME_IN_CRON=""
|
||||
_ACME_IN_CRON=""
|
||||
_info "$(__green "===End cron===")"
|
||||
exit $_ret
|
||||
}
|
||||
|
|
|
@ -69,8 +69,8 @@ exim4_deploy() {
|
|||
cp "$_exim4_conf" "$_backup_conf"
|
||||
|
||||
_info "Modify exim4 conf: $_exim4_conf"
|
||||
if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" \
|
||||
&& _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
|
||||
if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" &&
|
||||
_setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
|
||||
_info "Set config success!"
|
||||
else
|
||||
_err "Config exim4 server error, please report bug to us."
|
||||
|
|
|
@ -195,8 +195,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
|
|||
fi
|
||||
if [ -n "$Le_Deploy_ssh_cafile" ]; then
|
||||
_pipe=">"
|
||||
if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] \
|
||||
|| [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
|
||||
if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] ||
|
||||
[ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
|
||||
# if filename is same as previous file then append.
|
||||
_pipe=">>"
|
||||
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
|
||||
|
@ -222,9 +222,9 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
|
|||
fi
|
||||
if [ -n "$Le_Deploy_ssh_fullchain" ]; then
|
||||
_pipe=">"
|
||||
if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] \
|
||||
|| [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] \
|
||||
|| [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
|
||||
if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] ||
|
||||
[ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] ||
|
||||
[ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
|
||||
# if filename is same as previous file then append.
|
||||
_pipe=">>"
|
||||
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
|
||||
|
|
|
@ -65,9 +65,9 @@ vsftpd_deploy() {
|
|||
cp "$_vsftpd_conf" "$_backup_conf"
|
||||
|
||||
_info "Modify vsftpd conf: $_vsftpd_conf"
|
||||
if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" \
|
||||
&& _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" \
|
||||
&& _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
|
||||
if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" &&
|
||||
_setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" &&
|
||||
_setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
|
||||
_info "Set config success!"
|
||||
else
|
||||
_err "Config vsftpd server error, please report bug to us."
|
||||
|
|
|
@ -222,10 +222,10 @@ _use_instance_role() {
|
|||
|
||||
_use_metadata() {
|
||||
_aws_creds="$(
|
||||
_get "$1" "" 1 \
|
||||
| _normalizeJson \
|
||||
| tr '{,}' '\n' \
|
||||
| while read -r _line; do
|
||||
_get "$1" "" 1 |
|
||||
_normalizeJson |
|
||||
tr '{,}' '\n' |
|
||||
while read -r _line; do
|
||||
_key="$(echo "${_line%%:*}" | tr -d '"')"
|
||||
_value="${_line#*:}"
|
||||
_debug3 "_key" "$_key"
|
||||
|
@ -235,8 +235,8 @@ _use_metadata() {
|
|||
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;;
|
||||
Token) echo "AWS_SESSION_TOKEN=$_value" ;;
|
||||
esac
|
||||
done \
|
||||
| paste -sd' ' -
|
||||
done |
|
||||
paste -sd' ' -
|
||||
)"
|
||||
_secure_debug "_aws_creds" "$_aws_creds"
|
||||
|
||||
|
|
|
@ -220,7 +220,7 @@ _azure_rest() {
|
|||
export _H2="accept: application/json"
|
||||
export _H3="Content-Type: application/json"
|
||||
# clear headers from previous request to avoid getting wrong http code on timeouts
|
||||
:>"$HTTP_HEADER"
|
||||
: >"$HTTP_HEADER"
|
||||
_debug "$ep"
|
||||
if [ "$m" != "GET" ]; then
|
||||
_secure_debug2 "data $data"
|
||||
|
|
|
@ -115,9 +115,9 @@ dns_conoha_rm() {
|
|||
return 1
|
||||
fi
|
||||
|
||||
record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' \
|
||||
| grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" \
|
||||
| _head_n 1 | cut -d : -f 2 | tr -d \")
|
||||
record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
|
||||
grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
|
||||
_head_n 1 | cut -d : -f 2 | tr -d \")
|
||||
if [ -z "$record_id" ]; then
|
||||
_err "Can not get record id to remove."
|
||||
return 1
|
||||
|
|
|
@ -18,23 +18,23 @@
|
|||
########
|
||||
|
||||
dns_cyon_add() {
|
||||
_cyon_load_credentials \
|
||||
&& _cyon_load_parameters "$@" \
|
||||
&& _cyon_print_header "add" \
|
||||
&& _cyon_login \
|
||||
&& _cyon_change_domain_env \
|
||||
&& _cyon_add_txt \
|
||||
&& _cyon_logout
|
||||
_cyon_load_credentials &&
|
||||
_cyon_load_parameters "$@" &&
|
||||
_cyon_print_header "add" &&
|
||||
_cyon_login &&
|
||||
_cyon_change_domain_env &&
|
||||
_cyon_add_txt &&
|
||||
_cyon_logout
|
||||
}
|
||||
|
||||
dns_cyon_rm() {
|
||||
_cyon_load_credentials \
|
||||
&& _cyon_load_parameters "$@" \
|
||||
&& _cyon_print_header "delete" \
|
||||
&& _cyon_login \
|
||||
&& _cyon_change_domain_env \
|
||||
&& _cyon_delete_txt \
|
||||
&& _cyon_logout
|
||||
_cyon_load_credentials &&
|
||||
_cyon_load_parameters "$@" &&
|
||||
_cyon_print_header "delete" &&
|
||||
_cyon_login &&
|
||||
_cyon_change_domain_env &&
|
||||
_cyon_delete_txt &&
|
||||
_cyon_logout
|
||||
}
|
||||
|
||||
#########################
|
||||
|
|
|
@ -67,14 +67,14 @@ _dns_do_list_rrs() {
|
|||
_err "getRRList origin ${_domain} failed"
|
||||
return 1
|
||||
fi
|
||||
_rr_list="$(echo "${response}" \
|
||||
| tr -d "\n\r\t" \
|
||||
| sed -e 's/<item xsi:type="ns2:Map">/\n/g' \
|
||||
| grep ">$(_regexcape "$fulldomain")</value>" \
|
||||
| sed -e 's/<\/item>/\n/g' \
|
||||
| grep '>id</key><value' \
|
||||
| _egrep_o '>[0-9]{1,16}<' \
|
||||
| tr -d '><')"
|
||||
_rr_list="$(echo "${response}" |
|
||||
tr -d "\n\r\t" |
|
||||
sed -e 's/<item xsi:type="ns2:Map">/\n/g' |
|
||||
grep ">$(_regexcape "$fulldomain")</value>" |
|
||||
sed -e 's/<\/item>/\n/g' |
|
||||
grep '>id</key><value' |
|
||||
_egrep_o '>[0-9]{1,16}<' |
|
||||
tr -d '><')"
|
||||
[ "${_rr_list}" ]
|
||||
}
|
||||
|
||||
|
@ -120,10 +120,10 @@ _get_root() {
|
|||
i=1
|
||||
|
||||
_dns_do_soap getDomainList
|
||||
_all_domains="$(echo "${response}" \
|
||||
| tr -d "\n\r\t " \
|
||||
| _egrep_o 'domain</key><value[^>]+>[^<]+' \
|
||||
| sed -e 's/^domain<\/key><value[^>]*>//g')"
|
||||
_all_domains="$(echo "${response}" |
|
||||
tr -d "\n\r\t " |
|
||||
_egrep_o 'domain</key><value[^>]+>[^<]+' |
|
||||
sed -e 's/^domain<\/key><value[^>]*>//g')"
|
||||
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
|
|
|
@ -303,10 +303,10 @@ _freedns_domain_id() {
|
|||
return 1
|
||||
fi
|
||||
|
||||
domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
|
||||
| grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" \
|
||||
| sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' \
|
||||
| cut -d = -f 2)"
|
||||
domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
|
||||
grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" |
|
||||
sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' |
|
||||
cut -d = -f 2)"
|
||||
# The above beauty extracts domain ID from the html page...
|
||||
# strip out all blank space and new lines. Then insert newlines
|
||||
# before each table row <tr>
|
||||
|
@ -349,11 +349,11 @@ _freedns_data_id() {
|
|||
return 1
|
||||
fi
|
||||
|
||||
data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
|
||||
| grep "<td[a-zA-Z=#]*>$record_type</td>" \
|
||||
| grep "<ahref.*>$search_domain</a>" \
|
||||
| sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' \
|
||||
| cut -d = -f 2)"
|
||||
data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
|
||||
grep "<td[a-zA-Z=#]*>$record_type</td>" |
|
||||
grep "<ahref.*>$search_domain</a>" |
|
||||
sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' |
|
||||
cut -d = -f 2)"
|
||||
# The above beauty extracts data ID from the html page...
|
||||
# strip out all blank space and new lines. Then insert newlines
|
||||
# before each table row <tr>
|
||||
|
|
|
@ -69,9 +69,9 @@ dns_gandi_livedns_rm() {
|
|||
|
||||
_gandi_livedns_rest PUT \
|
||||
"domains/$_domain/records/$_sub_domain/TXT" \
|
||||
"{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" \
|
||||
&& _contains "$response" '{"message": "DNS Record Created"}' \
|
||||
&& _info "Removing record $(__green "success")"
|
||||
"{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
|
||||
_contains "$response" '{"message": "DNS Record Created"}' &&
|
||||
_info "Removing record $(__green "success")"
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
|
@ -125,9 +125,9 @@ _dns_gandi_append_record() {
|
|||
fi
|
||||
_debug new_rrset_values "$_rrset_values"
|
||||
_gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
|
||||
"{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" \
|
||||
&& _contains "$response" '{"message": "DNS Record Created"}' \
|
||||
&& _info "Adding record $(__green "success")"
|
||||
"{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
|
||||
_contains "$response" '{"message": "DNS Record Created"}' &&
|
||||
_info "Adding record $(__green "success")"
|
||||
}
|
||||
|
||||
_dns_gandi_existing_rrset_values() {
|
||||
|
@ -145,8 +145,8 @@ _dns_gandi_existing_rrset_values() {
|
|||
return 1
|
||||
fi
|
||||
_debug "Already has TXT record."
|
||||
_rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' \
|
||||
| _egrep_o '\[".*\"]')
|
||||
_rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' |
|
||||
_egrep_o '\[".*\"]')
|
||||
return 0
|
||||
}
|
||||
|
||||
|
|
|
@ -78,8 +78,8 @@ _dns_gcloud_execute_tr() {
|
|||
for i in $(seq 1 120); do
|
||||
if gcloud dns record-sets changes list \
|
||||
--zone="$managedZone" \
|
||||
--filter='status != done' \
|
||||
| grep -q '^.*'; then
|
||||
--filter='status != done' |
|
||||
grep -q '^.*'; then
|
||||
_info "_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)..."
|
||||
sleep 5
|
||||
else
|
||||
|
@ -137,11 +137,11 @@ _dns_gcloud_find_zone() {
|
|||
# List domains and find the zone with the deepest sub-domain (in case of some levels of delegation)
|
||||
if ! match=$(gcloud dns managed-zones list \
|
||||
--format="value(name, dnsName)" \
|
||||
--filter="$filter" \
|
||||
| while read -r dnsName name; do
|
||||
--filter="$filter" |
|
||||
while read -r dnsName name; do
|
||||
printf "%s\t%s\t%s\n" "$(echo "$name" | awk -F"." '{print NF-1}')" "$dnsName" "$name"
|
||||
done \
|
||||
| sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
|
||||
done |
|
||||
sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
|
||||
_err "_dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?"
|
||||
return 1
|
||||
fi
|
||||
|
|
|
@ -101,8 +101,8 @@ dns_he_rm() {
|
|||
body="$body&hosted_dns_editzone=1"
|
||||
body="$body&hosted_dns_delrecord=1"
|
||||
body="$body&hosted_dns_delconfirm=delete"
|
||||
_post "$body" "https://dns.he.net/" \
|
||||
| grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
|
||||
_post "$body" "https://dns.he.net/" |
|
||||
grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
|
||||
>/dev/null
|
||||
exit_code="$?"
|
||||
if [ "$exit_code" -eq 0 ]; then
|
||||
|
|
|
@ -123,10 +123,10 @@ _find_record() {
|
|||
return 1
|
||||
else
|
||||
_record_id=$(
|
||||
echo "$response" \
|
||||
| grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" \
|
||||
| grep "\"value\":\"$_record_value\"" \
|
||||
| while read -r record; do
|
||||
echo "$response" |
|
||||
grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" |
|
||||
grep "\"value\":\"$_record_value\"" |
|
||||
while read -r record; do
|
||||
# test for type and
|
||||
if [ -n "$(echo "$record" | _egrep_o '"type":"TXT"')" ]; then
|
||||
echo "$record" | _egrep_o '"id":"[^"]*"' | cut -d : -f 2 | tr -d \"
|
||||
|
|
|
@ -144,7 +144,7 @@ _netlify_rest() {
|
|||
export _H1="Content-Type: application/json"
|
||||
export _H2="Authorization: Bearer $token_trimmed"
|
||||
|
||||
:>"$HTTP_HEADER"
|
||||
: >"$HTTP_HEADER"
|
||||
|
||||
if [ "$m" != "GET" ]; then
|
||||
_debug data "$data"
|
||||
|
|
|
@ -136,11 +136,12 @@ dns_pleskxml_rm() {
|
|||
|
||||
# Reduce output to one line per DNS record, filtered for TXT records with a record ID only (which they should all have)
|
||||
# Also strip out spaces between tags, redundant <data> and </data> group tags and any <self-closing/> tags
|
||||
reclist="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' \
|
||||
| sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' \
|
||||
| grep "<site-id>${root_domain_id}</site-id>" \
|
||||
| grep '<id>[0-9]\{1,\}</id>' \
|
||||
| grep '<type>TXT</type>'
|
||||
reclist="$(
|
||||
_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' |
|
||||
sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' |
|
||||
grep "<site-id>${root_domain_id}</site-id>" |
|
||||
grep '<id>[0-9]\{1,\}</id>' |
|
||||
grep '<type>TXT</type>'
|
||||
)"
|
||||
|
||||
if [ -z "$reclist" ]; then
|
||||
|
@ -151,10 +152,11 @@ dns_pleskxml_rm() {
|
|||
_debug "Got list of DNS TXT records for root domain '$root_domain_name':"
|
||||
_debug "$reclist"
|
||||
|
||||
recid="$(_value "$reclist" \
|
||||
| grep "<host>${fulldomain}.</host>" \
|
||||
| grep "<value>${txtvalue}</value>" \
|
||||
| sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
|
||||
recid="$(
|
||||
_value "$reclist" |
|
||||
grep "<host>${fulldomain}.</host>" |
|
||||
grep "<value>${txtvalue}</value>" |
|
||||
sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
|
||||
)"
|
||||
|
||||
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
|
||||
|
@ -220,11 +222,11 @@ _countdots() {
|
|||
# Last line could change to <sed -n '/.../p'> instead, with suitable escaping of ['"/$],
|
||||
# if future Plesk XML API changes ever require extended regex
|
||||
_api_response_split() {
|
||||
printf '%s' "$1" \
|
||||
| sed 's/^ +//;s/ +$//' \
|
||||
| tr -d '\n\r' \
|
||||
| sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" \
|
||||
| grep "$3"
|
||||
printf '%s' "$1" |
|
||||
sed 's/^ +//;s/ +$//' |
|
||||
tr -d '\n\r' |
|
||||
sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" |
|
||||
grep "$3"
|
||||
}
|
||||
|
||||
#################### Private functions below (DNS functions) ##################################
|
||||
|
@ -265,10 +267,11 @@ _call_api() {
|
|||
# - filter output to keep only lines like this: "SPACES<TAG>text</TAG>SPACES" (shouldn't be necessary with prettyprint but guarantees subsequent code is ok)
|
||||
# - then edit the 3 "useful" error tokens individually and remove closing tags on all lines
|
||||
# - then filter again to remove all lines not edited (which will be the lines not starting A-Z)
|
||||
errtext="$(_value "$pleskxml_prettyprint_result" \
|
||||
| grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' \
|
||||
| sed 's/^ *<status>/Status: /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' \
|
||||
| grep '^[A-Z]'
|
||||
errtext="$(
|
||||
_value "$pleskxml_prettyprint_result" |
|
||||
grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' |
|
||||
sed 's/^ *<status>/Status: /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' |
|
||||
grep '^[A-Z]'
|
||||
)"
|
||||
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue