certificates/dehydrated-cron
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

uncomment creating TLSA 2 0 1 and 2 0 2 records.

Browse Source
This commit is contained in:
Christoph 2021-07-03 02:29:27 +02:00
parent 1b6eecb99b
commit 5d9aa2dce7
1 changed files with 221 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

442
install_dehydrated.sh
View File

@ -2110,227 +2110,227 @@ if [[ -n "\$_successfully_created_hosts" ]] ; then
esac esac
# - Generate TLSA 2 0 1 record # # - Generate TLSA 2 0 1 record
# - # # -
\$verbose && echononl " Generate \\"TLSA 2 0 1\\" record from root certificate (root.ca).." # \$verbose && echononl " Generate \\"TLSA 2 0 1\\" record from root certificate (root.ca).."
tlsa_record_201=\$( # tlsa_record_201=\$(
printf "_%s._tcp.%s. \$ttl_201 IN TLSA 2 0 1 %s\\n" \\ # printf "_%s._tcp.%s. \$ttl_201 IN TLSA 2 0 1 %s\\n" \\
\${_tmp_arr[1]} \\ # \${_tmp_arr[1]} \\
\${_tmp_arr[0]} \\ # \${_tmp_arr[0]} \\
\$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER | # \$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER |
openssl dgst -sha256 -binary | # openssl dgst -sha256 -binary |
hexdump -ve '/1 "%02x"') # hexdump -ve '/1 "%02x"')
) # )
if [[ \$? -eq 0 ]] ; then # if [[ \$? -eq 0 ]] ; then
\$verbose && echo_ok # \$verbose && echo_ok
else # else
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Generating \\"TLSA 2 0 1\\" record failed! " # error "Generating \\"TLSA 2 0 1\\" record failed! "
else # else
echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 1\\" record failed! \\n" # echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 1\\" record failed! \\n"
fi # fi
continue # continue
fi # fi
#
# - Add/Renew Record in concerning zone file # # - Add/Renew Record in concerning zone file
# - # # -
\$verbose && echononl " Add/Renew Record in concerning zone file.." # \$verbose && echononl " Add/Renew Record in concerning zone file.."
ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\ # ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\
"sudo \$renew_tlsa_record \$tlsa_record_201 > /dev/null 2>&1" # "sudo \$renew_tlsa_record \$tlsa_record_201 > /dev/null 2>&1"
ret_val=\$? # ret_val=\$?
case \$ret_val in # case \$ret_val in
0) # 0)
\$verbose && echo_skipped # \$verbose && echo_skipped
if \$verbose ; then # if \$verbose ; then
info "TLSA 2 0 1 record for \\"\$hostname\\" is up to date." # info "TLSA 2 0 1 record for \\"\$hostname\\" is up to date."
else # else
echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" is up to date.\\n" # echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" is up to date.\\n"
fi # fi
;; # ;;
1) # 1)
\$verbose && echo_ok # \$verbose && echo_ok
if \$verbose ; then # if \$verbose ; then
info "TLSA 2 0 1 record for \\"\$hostname\\" replaced." # info "TLSA 2 0 1 record for \\"\$hostname\\" replaced."
else # else
echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" replaced.\\n" # echo -e "\\n [ Info ]: TLSA 2 0 1 record for \\"\$hostname\\" replaced.\\n"
fi # fi
;; # ;;
2) # 2)
\$verbose && echo_ok # \$verbose && echo_ok
if \$verbose ; then # if \$verbose ; then
info "New TLSA 2 0 1 record for \\"\$hostname\\" added." # info "New TLSA 2 0 1 record for \\"\$hostname\\" added."
else # else
echo -e "\\n [ Info ]: New TLSA 2 0 1 record for \\"\$hostname\\" added.\\n" # echo -e "\\n [ Info ]: New TLSA 2 0 1 record for \\"\$hostname\\" added.\\n"
fi # fi
;; # ;;
10) # 10)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Invalid TLSA record given!" # error "Invalid TLSA record given!"
else # else
echo -e "\\n [ Error ]: Invalid TLSA record given! \\n" # echo -e "\\n [ Error ]: Invalid TLSA record given! \\n"
fi # fi
continue # continue
;; # ;;
11) # 11)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "No zonefile for host \\"\$hostname\\" found!" # error "No zonefile for host \\"\$hostname\\" found!"
else # else
echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n" # echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n"
fi # fi
continue # continue
;; # ;;
20) # 20)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed!" # error "Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed!"
else # else
echo -e "\\n [ Error ]: Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n" # echo -e "\\n [ Error ]: Replacing TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n"
fi # fi
continue # continue
;; # ;;
21) # 21)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed!" # error "Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed!"
else # else
echo -e "\\n [ Error ]: Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n" # echo -e "\\n [ Error ]: Adding TLSA 2 0 1 record for host \\"\$hostname\\" failed! \\n"
fi # fi
continue # continue
;; # ;;
99) # 99)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Fatal Error!" # error "Fatal Error!"
else # else
echo -e "\\n [ Error ]: Fatal Error! \\n" # echo -e "\\n [ Error ]: Fatal Error! \\n"
fi # fi
continue # continue
;; # ;;
*) # *)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!" # error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!"
else # else
echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n" # echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n"
fi # fi
continue # continue
;; # ;;
#
esac # esac
#
# - Generate TLSA 2 0 2 record # # - Generate TLSA 2 0 2 record
# - # # -
\$verbose && echononl " Generate \\"TLSA 2 0 2\\" record from root certificate (root.ca).." # \$verbose && echononl " Generate \\"TLSA 2 0 2\\" record from root certificate (root.ca).."
tlsa_record_202=\$( # tlsa_record_202=\$(
printf "_%s._tcp.%s. \$ttl_202 IN TLSA 2 0 2 %s\\n" \\ # printf "_%s._tcp.%s. \$ttl_202 IN TLSA 2 0 2 %s\\n" \\
\${_tmp_arr[1]} \\ # \${_tmp_arr[1]} \\
\${_tmp_arr[0]} \\ # \${_tmp_arr[0]} \\
\$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER | # \$(openssl x509 -in /var/lib/dehydrated/certs/\${_tmp_arr[0]}/chain.pem -outform DER |
openssl dgst -sha512 -binary | # openssl dgst -sha512 -binary |
hexdump -ve '/1 "%02x"') # hexdump -ve '/1 "%02x"')
) # )
if [[ \$? -eq 0 ]] ; then # if [[ \$? -eq 0 ]] ; then
\$verbose && echo_ok # \$verbose && echo_ok
else # else
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Generating \\"TLSA 2 0 2\\" record failed! " # error "Generating \\"TLSA 2 0 2\\" record failed! "
else # else
echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 2\\" record failed! \\n" # echo -e "\\n [ Error ]: Generating \\"TLSA 2 0 2\\" record failed! \\n"
fi # fi
continue # continue
fi # fi
#
# - Add/Renew Record in concerning zone file # # - Add/Renew Record in concerning zone file
# - # # -
\$verbose && echononl " Add/Renew Record in concerning zone file.." # \$verbose && echononl " Add/Renew Record in concerning zone file.."
ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\ # ssh -q -p \$dane_ssh_port -i \$dane_ssh_key \${dane_ssh_user}@\${dane_nameserver} \\
"sudo \$renew_tlsa_record \$tlsa_record_202 > /dev/null 2>&1" # "sudo \$renew_tlsa_record \$tlsa_record_202 > /dev/null 2>&1"
ret_val=\$? # ret_val=\$?
case \$ret_val in # case \$ret_val in
0) # 0)
\$verbose && echo_skipped # \$verbose && echo_skipped
if \$verbose ; then # if \$verbose ; then
info "TLSA 2 0 2 record for \\"\$hostname\\" is up to date." # info "TLSA 2 0 2 record for \\"\$hostname\\" is up to date."
else # else
echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" is up to date.\\n" # echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" is up to date.\\n"
fi # fi
;; # ;;
1) # 1)
\$verbose && echo_ok # \$verbose && echo_ok
if \$verbose ; then # if \$verbose ; then
info "TLSA 2 0 2 record for \\"\$hostname\\" replaced." # info "TLSA 2 0 2 record for \\"\$hostname\\" replaced."
else # else
echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" replaced.\\n" # echo -e "\\n [ Info ]: TLSA 2 0 2 record for \\"\$hostname\\" replaced.\\n"
fi # fi
;; # ;;
2) # 2)
\$verbose && echo_ok # \$verbose && echo_ok
if \$verbose ; then # if \$verbose ; then
info "New TLSA 2 0 2 record for \\"\$hostname\\" added." # info "New TLSA 2 0 2 record for \\"\$hostname\\" added."
else # else
echo -e "\\n [ Info ]: New TLSA 2 0 2 record for \\"\$hostname\\" added.\\n" # echo -e "\\n [ Info ]: New TLSA 2 0 2 record for \\"\$hostname\\" added.\\n"
fi # fi
;; # ;;
10) # 10)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Invalid TLSA record given!" # error "Invalid TLSA record given!"
else # else
echo -e "\\n [ Error ]: Invalid TLSA record given! \\n" # echo -e "\\n [ Error ]: Invalid TLSA record given! \\n"
fi # fi
continue # continue
;; # ;;
11) # 11)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "No zonefile for host \\"\$hostname\\" found!" # error "No zonefile for host \\"\$hostname\\" found!"
else # else
echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n" # echo -e "\\n [ Error ]: No zonefile for host \\"\$hostname\\" found! \\n"
fi # fi
continue # continue
;; # ;;
20) # 20)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed!" # error "Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed!"
else # else
echo -e "\\n [ Error ]: Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n" # echo -e "\\n [ Error ]: Replacing TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n"
fi # fi
continue # continue
;; # ;;
21) # 21)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed!" # error "Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed!"
else # else
echo -e "\\n [ Error ]: Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n" # echo -e "\\n [ Error ]: Adding TLSA 2 0 2 record for host \\"\$hostname\\" failed! \\n"
fi # fi
continue # continue
;; # ;;
99) # 99)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Fatal Error!" # error "Fatal Error!"
else # else
echo -e "\\n [ Error ]: Fatal Error! \\n" # echo -e "\\n [ Error ]: Fatal Error! \\n"
fi # fi
continue # continue
;; # ;;
*) # *)
\$verbose && echo_failed # \$verbose && echo_failed
if \$verbose ; then # if \$verbose ; then
error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!" # error "Unknown exit code from remote script \\"\$renew_tlsa_record\"!"
else # else
echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n" # echo -e "\\n [ Error ]: Unknown exit code from remote script \\"\$renew_tlsa_record\"! \\n"
fi # fi
continue # continue
;; # ;;
#
esac # esac
# - To avoid multiple reloading og one and the same zone, we only # - To avoid multiple reloading og one and the same zone, we only
# - collect the zones, having to reload, at this time and do the # - collect the zones, having to reload, at this time and do the