From 8154b3d022d28bf7c2c55a83b4fcaec3953ee1d0 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <mail@daniel-baumann.ch>
Date: Sun, 5 Sep 2021 09:09:09 +0200
Subject: Adding tsig keyfile support to dehydrated-nsupdate.

Signed-off-by: Daniel Baumann <mail@daniel-baumann.ch>
---
 dehydrated/TODO                    | 1 -
 dehydrated/bin/dehydrated-nsupdate | 8 +++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/dehydrated/TODO b/dehydrated/TODO
index 14a44d6..bd980cc 100644
--- a/dehydrated/TODO
+++ b/dehydrated/TODO
@@ -1,5 +1,4 @@
 TODO
 ====
 
-  * add hmac/tsig support
   * write manpages
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index ec8cf7f..7b6ea34 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -103,6 +103,11 @@ do
 	fi
 done
 
+if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
+then
+	NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}"
+fi
+
 NAMESERVERS="$(${DIG} +short NS "${ZONE}")"
 
 # update nameservers
@@ -110,11 +115,12 @@ for NAMESERVER in ${NAMESERVERS}
 do
 	echo -n "   + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..."
 
+# shellcheck disable=SC2086
 echo "server ${NAMESERVER}
 zone ${ZONE}
 ttl 0
 update ${HOOK_ACTION} ${TXT_RECORD} 0 TXT ${TOKEN_VALUE}
-send" | "${NSUPDATE}"
+send" | "${NSUPDATE}" ${NSUPDATE_OPTIONS}
 
 	echo " done."
 done
-- 
cgit v1.2.3