diff --git a/install_dehydrated.sh b/install_dehydrated.sh index 1a578ad..34f07dc 100755 --- a/install_dehydrated.sh +++ b/install_dehydrated.sh @@ -2110,227 +2110,227 @@ if [[ -n "\$_successfully_created_hosts" ]] ; then esac - # - Generate TLSA 2 0 1 record - # - - \$verbose && echononl " Generate \\"TLSA 2 0 1\\" record from root certificate (root.ca).." - tlsa_record_201=\$( - printf "_%s._tcp.%s. \$ttl_201 IN TLSA 2 0 1 %s\\n" \\ - \${_tmp_arr[1]} \\ - \${_tmp_arr[0]} \\ - \$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER | - openssl dgst -sha256 -binary | - hexdump -ve '/1 "%02x"') - ) - if [[ \$? -eq 0 ]] ; then - \$verbose && echo_ok - else - \$verbose && echo_failed - if \$verbose ; then - error "Generating \\"TLSA 2 0 1\\" record failed! " - else - echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 1\\" record failed! \\n" - fi - continue - fi - - # - Add/Renew Record in concerning zone file - # - - \$verbose && echononl " Add/Renew Record in concerning zone file.." - ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\ - "sudo \$renew_tlsa_record \$tlsa_record_201 > /dev/null 2>&1" - ret_val=\$? - case \$ret_val in - 0) - \$verbose && echo_skipped - if \$verbose ; then - info "TLSA 2 0 1 record for \\"\$hostname\\" is up to date." - else - echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" is up to date.\\n" - fi - ;; - 1) - \$verbose && echo_ok - if \$verbose ; then - info "TLSA 2 0 1 record for \\"\$hostname\\" replaced." - else - echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" replaced.\\n" - fi - ;; - 2) - \$verbose && echo_ok - if \$verbose ; then - info "New TLSA 2 0 1 record for \\"\$hostname\\" added." - else - echo -e "\\n [ Info ]: New TLSA 2 0 1 record for \\"\$hostname\\" added.\\n" - fi - ;; - 10) - \$verbose && echo_failed - if \$verbose ; then - error "Invalid TLSA record given!" - else - echo -e "\\n [ Error ]: Invalid TLSA record given! \\n" - fi - continue - ;; - 11) - \$verbose && echo_failed - if \$verbose ; then - error "No zonefile for host \\"\$hostname\\" found!" - else - echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n" - fi - continue - ;; - 20) - \$verbose && echo_failed - if \$verbose ; then - error "Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed!" - else - echo -e "\\n [ Error ]: Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n" - fi - continue - ;; - 21) - \$verbose && echo_failed - if \$verbose ; then - error "Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed!" - else - echo -e "\\n [ Error ]: Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n" - fi - continue - ;; - 99) - \$verbose && echo_failed - if \$verbose ; then - error "Fatal Error!" - else - echo -e "\\n [ Error ]: Fatal Error! \\n" - fi - continue - ;; - *) - \$verbose && echo_failed - if \$verbose ; then - error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!" - else - echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n" - fi - continue - ;; - - esac - - # - Generate TLSA 2 0 2 record - # - - \$verbose && echononl " Generate \\"TLSA 2 0 2\\" record from root certificate (root.ca).." - tlsa_record_202=\$( - printf "_%s._tcp.%s. \$ttl_202 IN TLSA 2 0 2 %s\\n" \\ - \${_tmp_arr[1]} \\ - \${_tmp_arr[0]} \\ - \$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER | - openssl dgst -sha512 -binary | - hexdump -ve '/1 "%02x"') - ) - if [[ \$? -eq 0 ]] ; then - \$verbose && echo_ok - else - \$verbose && echo_failed - if \$verbose ; then - error "Generating \\"TLSA 2 0 2\\" record failed! " - else - echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 2\\" record failed! \\n" - fi - continue - fi - - # - Add/Renew Record in concerning zone file - # - - \$verbose && echononl " Add/Renew Record in concerning zone file.." - ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\ - "sudo \$renew_tlsa_record \$tlsa_record_202 > /dev/null 2>&1" - ret_val=\$? - case \$ret_val in - 0) - \$verbose && echo_skipped - if \$verbose ; then - info "TLSA 2 0 2 record for \\"\$hostname\\" is up to date." - else - echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" is up to date.\\n" - fi - ;; - 1) - \$verbose && echo_ok - if \$verbose ; then - info "TLSA 2 0 2 record for \\"\$hostname\\" replaced." - else - echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" replaced.\\n" - fi - ;; - 2) - \$verbose && echo_ok - if \$verbose ; then - info "New TLSA 2 0 2 record for \\"\$hostname\\" added." - else - echo -e "\\n [ Info ]: New TLSA 2 0 2 record for \\"\$hostname\\" added.\\n" - fi - ;; - 10) - \$verbose && echo_failed - if \$verbose ; then - error "Invalid TLSA record given!" - else - echo -e "\\n [ Error ]: Invalid TLSA record given! \\n" - fi - continue - ;; - 11) - \$verbose && echo_failed - if \$verbose ; then - error "No zonefile for host \\"\$hostname\\" found!" - else - echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n" - fi - continue - ;; - 20) - \$verbose && echo_failed - if \$verbose ; then - error "Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed!" - else - echo -e "\\n [ Error ]: Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n" - fi - continue - ;; - 21) - \$verbose && echo_failed - if \$verbose ; then - error "Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed!" - else - echo -e "\\n [ Error ]: Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n" - fi - continue - ;; - 99) - \$verbose && echo_failed - if \$verbose ; then - error "Fatal Error!" - else - echo -e "\\n [ Error ]: Fatal Error! \\n" - fi - continue - ;; - *) - \$verbose && echo_failed - if \$verbose ; then - error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!" - else - echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n" - fi - continue - ;; - - esac +# # - Generate TLSA 2 0 1 record +# # - +# \$verbose && echononl " Generate \\"TLSA 2 0 1\\" record from root certificate (root.ca).." +# tlsa_record_201=\$( +# printf "_%s._tcp.%s. \$ttl_201 IN TLSA 2 0 1 %s\\n" \\ +# \${_tmp_arr[1]} \\ +# \${_tmp_arr[0]} \\ +# \$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER | +# openssl dgst -sha256 -binary | +# hexdump -ve '/1 "%02x"') +# ) +# if [[ \$? -eq 0 ]] ; then +# \$verbose && echo_ok +# else +# \$verbose && echo_failed +# if \$verbose ; then +# error "Generating \\"TLSA 2 0 1\\" record failed! " +# else +# echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 1\\" record failed! \\n" +# fi +# continue +# fi +# +# # - Add/Renew Record in concerning zone file +# # - +# \$verbose && echononl " Add/Renew Record in concerning zone file.." +# ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\ +# "sudo \$renew_tlsa_record \$tlsa_record_201 > /dev/null 2>&1" +# ret_val=\$? +# case \$ret_val in +# 0) +# \$verbose && echo_skipped +# if \$verbose ; then +# info "TLSA 2 0 1 record for \\"\$hostname\\" is up to date." +# else +# echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" is up to date.\\n" +# fi +# ;; +# 1) +# \$verbose && echo_ok +# if \$verbose ; then +# info "TLSA 2 0 1 record for \\"\$hostname\\" replaced." +# else +# echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" replaced.\\n" +# fi +# ;; +# 2) +# \$verbose && echo_ok +# if \$verbose ; then +# info "New TLSA 2 0 1 record for \\"\$hostname\\" added." +# else +# echo -e "\\n [ Info ]: New TLSA 2 0 1 record for \\"\$hostname\\" added.\\n" +# fi +# ;; +# 10) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Invalid TLSA record given!" +# else +# echo -e "\\n [ Error ]: Invalid TLSA record given! \\n" +# fi +# continue +# ;; +# 11) +# \$verbose && echo_failed +# if \$verbose ; then +# error "No zonefile for host \\"\$hostname\\" found!" +# else +# echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n" +# fi +# continue +# ;; +# 20) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed!" +# else +# echo -e "\\n [ Error ]: Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n" +# fi +# continue +# ;; +# 21) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed!" +# else +# echo -e "\\n [ Error ]: Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n" +# fi +# continue +# ;; +# 99) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Fatal Error!" +# else +# echo -e "\\n [ Error ]: Fatal Error! \\n" +# fi +# continue +# ;; +# *) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!" +# else +# echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n" +# fi +# continue +# ;; +# +# esac +# +# # - Generate TLSA 2 0 2 record +# # - +# \$verbose && echononl " Generate \\"TLSA 2 0 2\\" record from root certificate (root.ca).." +# tlsa_record_202=\$( +# printf "_%s._tcp.%s. \$ttl_202 IN TLSA 2 0 2 %s\\n" \\ +# \${_tmp_arr[1]} \\ +# \${_tmp_arr[0]} \\ +# \$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER | +# openssl dgst -sha512 -binary | +# hexdump -ve '/1 "%02x"') +# ) +# if [[ \$? -eq 0 ]] ; then +# \$verbose && echo_ok +# else +# \$verbose && echo_failed +# if \$verbose ; then +# error "Generating \\"TLSA 2 0 2\\" record failed! " +# else +# echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 2\\" record failed! \\n" +# fi +# continue +# fi +# +# # - Add/Renew Record in concerning zone file +# # - +# \$verbose && echononl " Add/Renew Record in concerning zone file.." +# ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\ +# "sudo \$renew_tlsa_record \$tlsa_record_202 > /dev/null 2>&1" +# ret_val=\$? +# case \$ret_val in +# 0) +# \$verbose && echo_skipped +# if \$verbose ; then +# info "TLSA 2 0 2 record for \\"\$hostname\\" is up to date." +# else +# echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" is up to date.\\n" +# fi +# ;; +# 1) +# \$verbose && echo_ok +# if \$verbose ; then +# info "TLSA 2 0 2 record for \\"\$hostname\\" replaced." +# else +# echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" replaced.\\n" +# fi +# ;; +# 2) +# \$verbose && echo_ok +# if \$verbose ; then +# info "New TLSA 2 0 2 record for \\"\$hostname\\" added." +# else +# echo -e "\\n [ Info ]: New TLSA 2 0 2 record for \\"\$hostname\\" added.\\n" +# fi +# ;; +# 10) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Invalid TLSA record given!" +# else +# echo -e "\\n [ Error ]: Invalid TLSA record given! \\n" +# fi +# continue +# ;; +# 11) +# \$verbose && echo_failed +# if \$verbose ; then +# error "No zonefile for host \\"\$hostname\\" found!" +# else +# echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n" +# fi +# continue +# ;; +# 20) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed!" +# else +# echo -e "\\n [ Error ]: Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n" +# fi +# continue +# ;; +# 21) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed!" +# else +# echo -e "\\n [ Error ]: Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n" +# fi +# continue +# ;; +# 99) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Fatal Error!" +# else +# echo -e "\\n [ Error ]: Fatal Error! \\n" +# fi +# continue +# ;; +# *) +# \$verbose && echo_failed +# if \$verbose ; then +# error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!" +# else +# echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n" +# fi +# continue +# ;; +# +# esac # - To avoid multiple reloading og one and the same zone, we only # - collect the zones, having to reload, at this time and do the