Adding tsig keyfile support to dehydrated-nsupdate.

Signed-off-by: Daniel Baumann <mail@daniel-baumann.ch>
author: Daniel Baumann <mail@daniel-baumann.ch> 2021-09-05 07:09:09 +0000
committer: Daniel Baumann <mail@daniel-baumann.ch> 2021-09-05 07:11:43 +0000
commit: 8154b3d022d28bf7c2c55a83b4fcaec3953ee1d0 (patch)
tree: e35f2b2ee9d72450405d6fb34abcd8b0c4875688
parent: Updating dehydrated todo file. (diff)
download: service-tools-8154b3d022d28bf7c2c55a83b4fcaec3953ee1d0.tar.xz
service-tools-8154b3d022d28bf7c2c55a83b4fcaec3953ee1d0.zip
2 files changed, 7 insertions, 2 deletions
diff --git a/dehydrated/TODO b/dehydrated/TODO
index 14a44d6..bd980cc 100644
--- a/dehydrated/TODO
+++ b/dehydrated/TODO
@@ -1,5 +1,4 @@
 TODO
 ====
 
-  * add hmac/tsig support
   * write manpages
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index ec8cf7f..7b6ea34 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -103,6 +103,11 @@ do
 	fi
 done
 
+if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
+then
+	NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}"
+fi
+
 NAMESERVERS="$(${DIG} +short NS "${ZONE}")"
 
 # update nameservers
@@ -110,11 +115,12 @@ for NAMESERVER in ${NAMESERVERS}
 do
 	echo -n "   + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..."
 
+# shellcheck disable=SC2086
 echo "server ${NAMESERVER}
 zone ${ZONE}
 ttl 0
 update ${HOOK_ACTION} ${TXT_RECORD} 0 TXT ${TOKEN_VALUE}
-send" | "${NSUPDATE}"
+send" | "${NSUPDATE}" ${NSUPDATE_OPTIONS}
 
 	echo " done."
 done
author	Daniel Baumann <mail@daniel-baumann.ch>	2021-09-05 07:09:09 +0000
committer	Daniel Baumann <mail@daniel-baumann.ch>	2021-09-05 07:11:43 +0000
commit	8154b3d022d28bf7c2c55a83b4fcaec3953ee1d0 (patch)
tree	e35f2b2ee9d72450405d6fb34abcd8b0c4875688
parent	Updating dehydrated todo file. (diff)
download	service-tools-8154b3d022d28bf7c2c55a83b4fcaec3953ee1d0.tar.xz service-tools-8154b3d022d28bf7c2c55a83b4fcaec3953ee1d0.zip