.github/actionlint-matcher.json

@@ -1,17 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "actionlint",
-      "pattern": [
-        {
-          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4,
-          "code": 5
-        }
-      ]
-    }
-  ]
-}

.github/dependabot.yml

@@ -1,13 +0,0 @@
----
-version: 2
-updates:
-  - package-ecosystem: "bundler"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    commit-message:
-      prefix: "gems"
-    labels: ["dependabot"]
-    open-pull-requests-limit: 10
-    pull-request-branch-name:
-      separator: "-"

.github/renovate.json5

@@ -1,6 +1,6 @@
 {
   extends: [
-    "config:recommended",
+    "config:base",
     ":dependencyDashboard",
     ":prHourlyLimitNone",
     ":prConcurrentLimitNone",
@@ -9,7 +9,6 @@
   schedule: ["before 8am on thursday"],
   branchPrefix: "renovate-",
   dependencyDashboardHeader: "View repository job log [here](https://app.renovatebot.com/dashboard#github/cmur2/dyndnsd).",
-  separateMinorPatch: true,
   commitMessagePrefix: "project: ",
   commitMessageAction: "update",
   commitMessageTopic: "{{depName}}",
@@ -26,13 +25,12 @@
       commitMessagePrefix: "docker: ",
     },
     {
-      matchManagers: ["github-actions"],
+      matchDatasources: ["github-actions"],
       commitMessagePrefix: "ci: ",
     },
   ],
-  customManagers: [
+  regexManagers: [
     {
-      customType: "regex",
       fileMatch: ["\.rb$", "^Rakefile$"],
       matchStrings: [
         "renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s.*_version = '(?<currentValue>.*)'\\s"

.github/workflows/cd.yml

@@ -1,4 +1,3 @@
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: cd
 
@@ -11,11 +10,11 @@ jobs:
   release-dockerimage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v2
 
     - name: Extract dyndnsd version from tag name
       run: |
-        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> "$GITHUB_ENV"
+        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
 
     - name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
       run: |
@@ -23,7 +22,6 @@ jobs:
         for retry in $(seq 1 5); do
           echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
           sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
-          # shellcheck disable=SC2181
           if [ $? -eq 0 ]; then
             exit 0
           fi
@@ -33,16 +31,16 @@ jobs:
 
     # https://github.com/marketplace/actions/build-and-push-docker-images
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@v1
 
     - name: Login to Docker Hub
-      uses: docker/login-action@v3
+      uses: docker/login-action@v1
       with:
         username: cmur2
         password: ${{ secrets.DOCKER_TOKEN }}
 
     - name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@v2
       with:
         context: docker
         build-args: |

.github/workflows/ci.yml

@@ -1,4 +1,3 @@
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: ci
 
@@ -15,15 +14,14 @@ jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
       matrix:
         ruby-version:
+        - '2.5'
+        - '2.6'
+        - '2.7'
         - '3.0'
-        - '3.1'
-        - '3.2'
-        - '3.3'
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v2
     - name: Set up Ruby ${{ matrix.ruby-version }}
       uses: ruby/setup-ruby@v1
       with:
@@ -34,22 +32,12 @@ jobs:
       run: |
         bundle exec rake ci
 
-  actionlint:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Check workflow files
-      run: |
-        echo "::add-matcher::.github/actionlint-matcher.json"
-        bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
-        ./actionlint
+    # https://github.com/marketplace/actions/build-and-push-docker-images
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
 
-  renovate-config-validator:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/renovatebot/renovate
-      options: --user root
-    steps:
-    - uses: actions/checkout@v4
-    - name: Check Renovate config
-      run: renovate-config-validator --strict
+    - name: Test building Docker image for dyndnsd
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        file: docker/ci/Dockerfile

.github/workflows/dockerhub.yml

@@ -1,4 +1,3 @@
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: dockerhub
 

.github/workflows/vulnscan.yml

@@ -1,4 +1,3 @@
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: vulnscan
 
@@ -11,14 +10,15 @@ jobs:
   scan-released-dockerimages:
     runs-on: ubuntu-latest
     env:
+      TRIVY_LIGHT: 'true'
       TRIVY_IGNORE_UNFIXED: 'true'
       TRIVY_REMOVED_PKGS: 'true'
     steps:
     - name: Install Trivy
       run: |
-        mkdir -p "$GITHUB_WORKSPACE/bin"
+        mkdir -p $GITHUB_WORKSPACE/bin
         echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
-        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b "$GITHUB_WORKSPACE/bin"
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
     - name: Download Trivy DB
       run: |
         trivy image --download-db-only
@@ -36,7 +36,7 @@ jobs:
           for image in $ALL_IMAGES; do
             if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
               echo -e "\nScanning newest patch release $image of major v$major_version...\n"
-              if ! trivy image --skip-db-update --scanners vuln --exit-code 1 "$image"; then
+              if ! trivy image --skip-update --exit-code 1 "$image"; then
                 EXIT_CODE=1
               fi
               break

.gitignore

@@ -2,5 +2,3 @@
 *.lock
 pkg/*
 .yardoc
-hadolint
-trivy

.rubocop.yml

@@ -3,15 +3,9 @@ require:
 - rubocop-rspec
 
 AllCops:
-  TargetRubyVersion: '3.0'
+  TargetRubyVersion: '2.5'
   NewCops: enable
 
-Gemspec/DevelopmentDependencies:
-  EnforcedStyle: gemspec
-
-Gemspec/RequireMFA:
-  Enabled: false
-
 Layout/EmptyLineAfterGuardClause:
   Enabled: false
 

CHANGELOG.md

@@ -1,165 +1,5 @@
 # Changelog
 
-## 3.10.0
-
-IMPROVEMENTS:
-
-- add Ruby 3.3 support
-
-OTHER:
-
-- update base of Docker image to Alpine 3.19.0 (from 3.18.3 before)
-
-## 3.9.2 (August 10th, 2023)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.18.3 (from 3.18.2 before)
-
-## 3.9.1 (July 6, 2023)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.18.2 (from 3.18.0 before)
-
-## 3.9.0 (June 8, 2023)
-
-IMPROVEMENTS:
-
-- Drop EOL Ruby 2.7 support, now minimum version supported is Ruby 3.0
-
-## 3.8.2 (April 1st, 2023)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.17.3 (from 3.17.2 before)
-
-## 3.8.1 (March 2nd, 2023)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.17.2 (from 3.17.1 before)
-
-## 3.8.0 (January 13th, 2023)
-
-IMPROVEMENTS:
-
-- add Ruby 3.2 support
-
-OTHER:
-
-- update base of Docker image to Alpine 3.17.1 (from 3.17.0 before)
-
-## 3.7.3 (December 29th, 2022)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.17.0 (from 3.16.2 before)
-
-## 3.7.2 (November 10th, 2022)
-
-OTHER:
-
-- re-release 3.7.1 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.7.1 (September 20th, 2022)
-
-IMPROVEMENTS:
-
-- fix [TypeError](https://github.com/cmur2/dyndnsd/issues/205) when user has no hosts configured
-
-## 3.7.0 (September 16th, 2022)
-
-IMPROVEMENTS:
-
-- Update to Rack 3
-
-## 3.6.2 (August 11th, 2022)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.16.2 (from 3.16.1 before)
-
-## 3.6.1 (July 21st, 2022)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.16.1 (from 3.16.0 before)
-
-## 3.6.0 (June 2nd, 2022)
-
-IMPROVEMENTS:
-
-- Drop EOL Ruby 2.6 and lower support, now minimum version supported is Ruby 2.7
-
-OTHER:
-
-- update base of Docker image to Alpine 3.16 (from 3.15.7 before)
-
-## 3.5.3 (May 5th, 2022)
-
-OTHER:
-
-- re-release 3.5.2 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.5.2 (April 7th, 2022)
-
-OTHER:
-
-- re-release 3.5.1 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.5.1 (February 17th, 2022)
-
-OTHER:
-
-- re-release 3.5.0 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.5.0 (January 8th, 2022)
-
-IMPROVEMENTS:
-
-- add Ruby 3.1 support
-
-OTHER:
-
-- update base of Docker image to Alpine 3.15 (from 3.13.7 before, **Note:** please be aware of the quirks around [Alpine 3.14](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
-
-## 3.4.8 (December 11th, 2021)
-
-OTHER:
-
-- re-release 3.4.7 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.4.7 (November 19th, 2021)
-
-OTHER:
-
-- re-release 3.4.6 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.4.6 (November 19th, 2021)
-
-OTHER:
-
-- re-release 3.4.5 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.4.5 (August 26th, 2021)
-
-OTHER:
-
-- re-release 3.4.4 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.4.4 (August 26th, 2021)
-
-OTHER:
-
-- re-release 3.4.3 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.4.3 (August 20th, 2021)
-
-OTHER:
-
-- re-release 3.4.2 to rebuild Docker image with security vulnerabilities fixes
-
 ## 3.4.2 (July 30, 2021)
 
 IMPROVEMENTS:

README.md

@@ -1,6 +1,6 @@
 # dyndnsd.rb
 
-![ci](https://github.com/cmur2/dyndnsd/workflows/ci/badge.svg)
+![ci](https://github.com/cmur2/dyndnsd/workflows/ci/badge.svg) [![Dependencies](https://badges.depfu.com/badges/4f25da8493f7a29f652ac892fbf9227b/overview.svg)](https://depfu.com/github/cmur2/dyndnsd)
 
 A small, lightweight and extensible DynDNS server written with Ruby and Rack.
 

Rakefile

@@ -14,61 +14,22 @@ task :solargraph do
   sh 'solargraph typecheck'
 end
 
+namespace :solargraph do
+  desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
+  task :init do
+    sh 'solargraph download-core'
+  end
+end
+
 # renovate: datasource=github-tags depName=hadolint/hadolint
-hadolint_version = 'v2.12.0'
+hadolint_version = 'v2.6.0'
 
-# renovate: datasource=github-tags depName=aquasecurity/trivy
-trivy_version = 'v0.52.0'
-
-namespace :docker do
-  ci_image = 'cmur2/dyndnsd:ci'
-
-  desc 'Lint Dockerfile'
-  task :lint do
-    sh "if [ ! -e ./hadolint ]; then wget -q -O ./hadolint https://github.com/hadolint/hadolint/releases/download/#{hadolint_version}/hadolint-Linux-x86_64; fi"
-    sh 'chmod a+x ./hadolint'
-    sh './hadolint --ignore DL3018 docker/Dockerfile'
-    sh './hadolint --ignore DL3018 --ignore DL3028 docker/ci/Dockerfile'
-  end
-
-  desc 'Build CI Docker image'
-  task :build do
-    sh 'docker build -t cmur2/dyndnsd:ci -f docker/ci/Dockerfile .'
-  end
-
-  desc 'Scan CI Docker image for vulnerabilities'
-  task :scan do
-    ver = trivy_version.gsub('v', '')
-    sh "if [ ! -e ./trivy ]; then wget -q -O - https://github.com/aquasecurity/trivy/releases/download/v#{ver}/trivy_#{ver}_Linux-64bit.tar.gz | tar -xzf - trivy; fi"
-    sh "./trivy image #{ci_image}"
-  end
-
-  desc 'End-to-end test the CI Docker image'
-  task :e2e do
-    sh <<~SCRIPT
-      echo -n '{}' > e2e/db.json
-      chmod a+w e2e/db.json
-    SCRIPT
-    sh "docker run -d --name=dyndnsd-ci -v $(pwd)/e2e:/etc/dyndnsd -p 8080:8080 -p 5353:5353 #{ci_image}"
-    sh 'sleep 5'
-    puts '----------------------------------------'
-    # `dig` needs `sudo apt-get install -y -q dnsutils`
-    sh <<~SCRIPT
-      curl -s -o /dev/null -w '%{http_code}' 'http://localhost:8080/' | grep -q '401'
-      curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'good'
-      curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'nochg'
-      dig +short AXFR 'dyn.example.org' @127.0.0.1 -p 5353 | grep -q '1.2.3.4'
-    SCRIPT
-    puts '----------------------------------------'
-    sh <<~SCRIPT
-      docker logs dyndnsd-ci
-      docker container rm -f -v dyndnsd-ci
-      rm e2e/db.json
-    SCRIPT
-  end
+desc 'Run hadolint for Dockerfile linting'
+task :hadolint do
+  sh "docker run --rm -i hadolint/hadolint:#{hadolint_version} hadolint --ignore DL3018 - < docker/Dockerfile"
 end
 
 task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
 
 desc 'Run all tasks desired for CI'
-task ci: [:default, 'docker:lint', :build, 'docker:build', 'docker:e2e']
+task ci: ['solargraph:init', :default, :hadolint, :build]

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.20.0
+FROM alpine:3.13.5
 
 EXPOSE 5353 8080
 

docker/ci/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.20.0
+FROM alpine:3.13.5
 
 EXPOSE 5353 8080
 

dyndnsd.gemspec

@@ -25,25 +25,23 @@ Gem::Specification.new do |s|
   s.executables = ['dyndnsd']
   s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
 
-  s.required_ruby_version = '>= 3.0'
+  s.required_ruby_version = '>= 2.5'
 
-  s.add_runtime_dependency 'async', '~> 1.31.0'
-  s.add_runtime_dependency 'async-dns', '~> 1.3.0'
+  s.add_runtime_dependency 'async-dns', '~> 1.2.0'
   s.add_runtime_dependency 'metriks'
-  s.add_runtime_dependency 'opentelemetry-exporter-jaeger', '~> 0.22.0'
-  s.add_runtime_dependency 'opentelemetry-instrumentation-rack', '~> 0.22.0'
-  s.add_runtime_dependency 'opentelemetry-sdk', '~> 1.2.0'
-  s.add_runtime_dependency 'rack', '~> 3.0'
-  s.add_runtime_dependency 'rackup', '~> 2'
+  s.add_runtime_dependency 'opentelemetry-exporter-jaeger', '~> 0.19.0'
+  s.add_runtime_dependency 'opentelemetry-instrumentation-rack', '~> 0.19.0'
+  s.add_runtime_dependency 'opentelemetry-sdk', '~> 1.0.0.rc2'
+  s.add_runtime_dependency 'rack', '~> 2.0'
   s.add_runtime_dependency 'webrick', '>= 1.6.1'
 
   s.add_development_dependency 'bundler'
-  s.add_development_dependency 'bundler-audit', '~> 0.9.0'
+  s.add_development_dependency 'bundler-audit', '~> 0.8.0'
   s.add_development_dependency 'rack-test'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop', '~> 1.64.0'
+  s.add_development_dependency 'rubocop', '~> 1.18.1'
   s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
-  s.add_development_dependency 'rubocop-rspec', '~> 3.0.1'
-  s.add_development_dependency 'solargraph', '~> 0.49.0'
+  s.add_development_dependency 'rubocop-rspec', '~> 2.4.0'
+  s.add_development_dependency 'solargraph', '~> 0.43.0'
 end

e2e/config.yml

@@ -1,31 +0,0 @@
----
-host: "0.0.0.0"
-port: 8080
-
-db: /etc/dyndnsd/db.json
-debug: false
-domain: dyn.example.org
-#responder: RestStyle
-
-updater:
-  name: zone_transfer_server
-  params:
-    server_listens:
-    - 0.0.0.0@5353
-    #send_notifies:
-    #- 10.0.2.15@53
-    zone_ttl: 300  # 5m
-    zone_nameservers:
-    - dns1.example.org.
-    - dns2.example.org.
-    zone_email_address: admin.example.org.
-    zone_additional_ips:
-    - "127.0.0.1"
-    - "::1"
-
-users:
-  foo:
-    password: "secret"
-    hosts:
-    - foo.dyn.example.org
-    - bar.dyn.example.org

lib/dyndnsd.rb

@@ -7,7 +7,6 @@ require 'ipaddr'
 require 'json'
 require 'yaml'
 require 'rack'
-require 'rackup'
 require 'metriks'
 require 'opentelemetry/instrumentation/rack'
 require 'opentelemetry/sdk'
@@ -107,7 +106,7 @@ module Dyndnsd
       puts "DynDNSd version #{Dyndnsd::VERSION}"
       puts "Using config file #{config_file}"
 
-      config = YAML.safe_load_file(config_file)
+      config = YAML.safe_load(File.open(config_file, 'r', &:read))
 
       setup_logger(config)
 
@@ -215,11 +214,10 @@ module Dyndnsd
       invalid_hostnames = hostnames.select { |h| !Helper.fqdn_valid?(h, @domain) }
       return [422, {'X-DynDNS-Response' => 'hostname_malformed'}, []] if invalid_hostnames.any?
 
-      # we can trust this information since user was authorized by middleware
       user = env['REMOTE_USER']
 
       # check for hostnames that the user does not own
-      forbidden_hostnames = hostnames - @users[user].fetch('hosts', [])
+      forbidden_hostnames = hostnames - @users[user]['hosts']
       return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if forbidden_hostnames.any?
 
       if params['offline'] == 'YES'
@@ -261,10 +259,10 @@ module Dyndnsd
     # @return [void]
     private_class_method def self.setup_traps
       Signal.trap('INT') do
-        Rackup::Handler::WEBrick.shutdown
+        Rack::Handler::WEBrick.shutdown
       end
       Signal.trap('TERM') do
-        Rackup::Handler::WEBrick.shutdown
+        Rack::Handler::WEBrick.shutdown
       end
     end
 
@@ -352,7 +350,7 @@ module Dyndnsd
 
       app = OpenTelemetry::Instrumentation::Rack::Middlewares::TracerMiddleware.new(app)
 
-      Rackup::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
+      Rack::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
     end
   end
 end

lib/dyndnsd/updater/command_with_bind_zone.rb

@@ -21,7 +21,7 @@ module Dyndnsd
           span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
 
           # write zone file in bind syntax
-          File.write(@zone_file, @generator.generate(db))
+          File.open(@zone_file, 'w') { |f| f.write(@generator.generate(db)) }
           # call user-defined command
           pid = fork do
             exec @command

lib/dyndnsd/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dyndnsd
-  VERSION = '3.9.2'
+  VERSION = '3.4.2'
 end

spec/dyndnsd/daemon_spec.rb

@@ -15,9 +15,6 @@ describe Dyndnsd::Daemon do
         'test' => {
           'password' => 'secret',
           'hosts' => ['foo.example.org', 'bar.example.org']
-        },
-        'test2' => {
-          'password' => 'ihavenohosts'
         }
       }
     }
@@ -102,14 +99,6 @@ describe Dyndnsd::Daemon do
     expect(last_response.body).to eq('notfqdn')
   end
 
-  it 'rejects request if user does not own any hostnames' do
-    authorize 'test2', 'ihavenohosts'
-
-    get '/nic/update?hostname=doesnotexisthost.example.org'
-    expect(last_response).to be_ok
-    expect(last_response.body).to eq('nohost')
-  end
-
   it 'rejects request if user does not own one hostname' do
     authorize 'test', 'secret'