From: Florian Eckert Date: Wed, 9 Sep 2020 15:29:31 +0000 (+0200) Subject: ddns-scripts: update route53-v1 to json X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=96c67053e3dd28356ac6cd56fbebfba6b8e1ae4e;p=feed%2Fpackages.git ddns-scripts: update route53-v1 to json Signed-off-by: Florian Eckert --- diff --git a/net/ddns-scripts/Makefile b/net/ddns-scripts/Makefile index 1a82b298cd..04d25617a1 100755 --- a/net/ddns-scripts/Makefile +++ b/net/ddns-scripts/Makefile @@ -470,17 +470,17 @@ endef define Package/ddns-scripts_route53-v1/install $(INSTALL_DIR) $(1)/etc/uci-defaults $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns.defaults $(1)/etc/uci-defaults/ddns_route53-v1 + $(INSTALL_DIR) $(1)/usr/lib/ddns - $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/update_route53_v1.sh $(1)/usr/lib/ddns + $(INSTALL_BIN) ./files/usr/lib/ddns/update_route53_v1.sh \ + $(1)/usr/lib/ddns + + $(INSTALL_DIR) $(1)/usr/share/ddns/services + $(INSTALL_DATA) ./files/usr/share/ddns/services/route53-v1.json \ + $(1)/usr/share/ddns/services endef define Package/ddns-scripts_route53-v1/postinst #!/bin/sh - # remove old services file entries - /bin/sed -i '/route53-v1/d' $${IPKG_INSTROOT}/etc/ddns/services >/dev/null 2>&1 - /bin/sed -i '/route53-v1/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6 >/dev/null 2>&1 - # and create new - printf "%s\\t%s\\n" '"route53-v1"' '"update_route53_v1.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services - printf "%s\\t%s\\n" '"route53-v1"' '"update_route53_v1.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services_ipv6 # on real system restart service if enabled [ -z "$${IPKG_INSTROOT}" ] && { [ -x /etc/uci-defaults/ddns_route53-v1 ] && \ @@ -495,9 +495,6 @@ define Package/ddns-scripts_route53-v1/prerm #!/bin/sh # if NOT run buildroot then stop service [ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/ddns stop >/dev/null 2>&1 - # remove services file entries - /bin/sed -i 'route53-v1/d' $${IPKG_INSTROOT}/etc/ddns/services >/dev/null 2>&1 - /bin/sed -i 'route53-v1/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6 >/dev/null 2>&1 exit 0 # suppress errors endef diff --git a/net/ddns-scripts/files/update_route53_v1.sh b/net/ddns-scripts/files/update_route53_v1.sh deleted file mode 100644 index 6d752ba9ed..0000000000 --- a/net/ddns-scripts/files/update_route53_v1.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/sh -# Distributed under the terms of the GNU General Public License (GPL) version 2.0 -# based on Yuval Adam's route53.sh found at https://github.com/yuvadm/route53-ddns/blob/master/route53.sh -# 2017 Max Berger - -[ -z "${CURL_SSL}" ] && write_log 14 "Amazon AWS Route53 communication require cURL with SSL support. Please install" -[ -z "{$username}" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'" -[ -z "${password}" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'" -[ -z "${domain}" ] && write_log 14 "Service section not configured correctly! Missing zone id as 'domain'" - -ENDPOINT="route53.amazonaws.com" -RECORD_TTL=300 -RECORD_NAME="${lookup_host}." -[ ${use_ipv6} -eq 0 ] && RECORD_TYPE="A" -[ ${use_ipv6} -eq 1 ] && RECORD_TYPE="AAAA" -RECORD_VALUE="${LOCAL_IP}" -HOSTED_ZONE_ID="${domain}" -API_PATH="/2013-04-01/hostedzone/${HOSTED_ZONE_ID}/rrset/" - -AWS_ACCESS_KEY_ID="${username}" -AWS_SECRET_ACCESS_KEY="${password}" -AWS_REGION='us-east-1' -AWS_SERVICE='route53' - -hash() { - msg="$1" - echo -en "${msg}" | openssl dgst -sha256 | sed 's/^.* //' -} - -sign_plain() { - # Sign message using a plaintext key - key="$1" - msg="$2" - echo -en "${msg}" | openssl dgst -hex -sha256 -hmac "${key}" | sed 's/^.* //' -} - -sign() { - # Sign message using a hex formatted key - key="$1" - msg="$2" - echo -en "${msg}" | openssl dgst -hex -sha256 -mac HMAC -macopt "hexkey:${key}" | sed 's/^.* //' -} - -request_body=" \ - \ - \ - \ - \ - UPSERT \ - \ - ${RECORD_NAME} \ - ${RECORD_TYPE} \ - ${RECORD_TTL} \ - \ - \ - ${RECORD_VALUE} \ - \ - \ - \ - \ - \ - \ -" - -fulldate="$(date --utc +%Y%m%dT%H%M%SZ)" -shortdate="$(date --utc +%Y%m%d)" -signed_headers="host;x-amz-date" -request_hash="$(hash "${request_body}")" -canonical_request="POST\n${API_PATH}\n\nhost:route53.amazonaws.com\nx-amz-date:${fulldate}\n\n${signed_headers}\n${request_hash}" - -date_key="$(sign_plain "AWS4${AWS_SECRET_ACCESS_KEY}" "${shortdate}")" -region_key="$(sign "${date_key}" ${AWS_REGION})" -service_key="$(sign "${region_key}" ${AWS_SERVICE})" -signing_key="$(sign "${service_key}" aws4_request)" - -credential="${shortdate}/${AWS_REGION}/${AWS_SERVICE}/aws4_request" -sigmsg="AWS4-HMAC-SHA256\n${fulldate}\n${credential}\n$(hash "${canonical_request}")" - -signature="$(sign "${signing_key}" "${sigmsg}")" - -authorization="AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${credential}, SignedHeaders=${signed_headers}, Signature=${signature}" - -ANSWER="$(flock /tmp/$(basename -s .sh "$0").lock curl \ - -X "POST" \ - -H "Host: route53.amazonaws.com" \ - -H "X-Amz-Date: ${fulldate}" \ - -H "Authorization: ${authorization}" \ - -H "Content-Type: text/xml" \ - -d "$request_body" \ - "https://${ENDPOINT}${API_PATH}")" -write_log 7 "${ANSWER}" - -echo "${ANSWER}" | grep -F "Error" >/dev/null && return 1 -echo "${ANSWER}" | grep -F "ChangeInfo" >/dev/null && return 0 -return 2 diff --git a/net/ddns-scripts/files/usr/lib/ddns/update_route53_v1.sh b/net/ddns-scripts/files/usr/lib/ddns/update_route53_v1.sh new file mode 100644 index 0000000000..6d752ba9ed --- /dev/null +++ b/net/ddns-scripts/files/usr/lib/ddns/update_route53_v1.sh @@ -0,0 +1,95 @@ +#!/bin/sh +# Distributed under the terms of the GNU General Public License (GPL) version 2.0 +# based on Yuval Adam's route53.sh found at https://github.com/yuvadm/route53-ddns/blob/master/route53.sh +# 2017 Max Berger + +[ -z "${CURL_SSL}" ] && write_log 14 "Amazon AWS Route53 communication require cURL with SSL support. Please install" +[ -z "{$username}" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'" +[ -z "${password}" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'" +[ -z "${domain}" ] && write_log 14 "Service section not configured correctly! Missing zone id as 'domain'" + +ENDPOINT="route53.amazonaws.com" +RECORD_TTL=300 +RECORD_NAME="${lookup_host}." +[ ${use_ipv6} -eq 0 ] && RECORD_TYPE="A" +[ ${use_ipv6} -eq 1 ] && RECORD_TYPE="AAAA" +RECORD_VALUE="${LOCAL_IP}" +HOSTED_ZONE_ID="${domain}" +API_PATH="/2013-04-01/hostedzone/${HOSTED_ZONE_ID}/rrset/" + +AWS_ACCESS_KEY_ID="${username}" +AWS_SECRET_ACCESS_KEY="${password}" +AWS_REGION='us-east-1' +AWS_SERVICE='route53' + +hash() { + msg="$1" + echo -en "${msg}" | openssl dgst -sha256 | sed 's/^.* //' +} + +sign_plain() { + # Sign message using a plaintext key + key="$1" + msg="$2" + echo -en "${msg}" | openssl dgst -hex -sha256 -hmac "${key}" | sed 's/^.* //' +} + +sign() { + # Sign message using a hex formatted key + key="$1" + msg="$2" + echo -en "${msg}" | openssl dgst -hex -sha256 -mac HMAC -macopt "hexkey:${key}" | sed 's/^.* //' +} + +request_body=" \ + \ + \ + \ + \ + UPSERT \ + \ + ${RECORD_NAME} \ + ${RECORD_TYPE} \ + ${RECORD_TTL} \ + \ + \ + ${RECORD_VALUE} \ + \ + \ + \ + \ + \ + \ +" + +fulldate="$(date --utc +%Y%m%dT%H%M%SZ)" +shortdate="$(date --utc +%Y%m%d)" +signed_headers="host;x-amz-date" +request_hash="$(hash "${request_body}")" +canonical_request="POST\n${API_PATH}\n\nhost:route53.amazonaws.com\nx-amz-date:${fulldate}\n\n${signed_headers}\n${request_hash}" + +date_key="$(sign_plain "AWS4${AWS_SECRET_ACCESS_KEY}" "${shortdate}")" +region_key="$(sign "${date_key}" ${AWS_REGION})" +service_key="$(sign "${region_key}" ${AWS_SERVICE})" +signing_key="$(sign "${service_key}" aws4_request)" + +credential="${shortdate}/${AWS_REGION}/${AWS_SERVICE}/aws4_request" +sigmsg="AWS4-HMAC-SHA256\n${fulldate}\n${credential}\n$(hash "${canonical_request}")" + +signature="$(sign "${signing_key}" "${sigmsg}")" + +authorization="AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${credential}, SignedHeaders=${signed_headers}, Signature=${signature}" + +ANSWER="$(flock /tmp/$(basename -s .sh "$0").lock curl \ + -X "POST" \ + -H "Host: route53.amazonaws.com" \ + -H "X-Amz-Date: ${fulldate}" \ + -H "Authorization: ${authorization}" \ + -H "Content-Type: text/xml" \ + -d "$request_body" \ + "https://${ENDPOINT}${API_PATH}")" +write_log 7 "${ANSWER}" + +echo "${ANSWER}" | grep -F "Error" >/dev/null && return 1 +echo "${ANSWER}" | grep -F "ChangeInfo" >/dev/null && return 0 +return 2 diff --git a/net/ddns-scripts/files/usr/share/ddns/services/route53-v1.json b/net/ddns-scripts/files/usr/share/ddns/services/route53-v1.json new file mode 100644 index 0000000000..bf5d8d37ba --- /dev/null +++ b/net/ddns-scripts/files/usr/share/ddns/services/route53-v1.json @@ -0,0 +1,9 @@ +{ + "name": "route53-v1", + "ipv4": { + "url": "update_route53_v1.sh" + }, + "ipv6": { + "url": "update_route53_v1.sh" + } +}