mirror of
https://github.com/cmur2/dyndnsd.git
synced 2024-09-28 23:02:17 +02:00
Compare commits
294 Commits
v3.3.2.rc1
...
master
Author | SHA1 | Date | |
---|---|---|---|
|
45e82dc86a | ||
|
8656fd141b | ||
|
b9d9f41913 | ||
|
b88b109259 | ||
|
80e91fcb5d | ||
|
5d09b50b0e | ||
|
e18bc8910c | ||
|
e145885b57 | ||
|
76c9208940 | ||
|
0ab9ace8c8 | ||
|
27867076f3 | ||
|
8a270e37fc | ||
|
d1e3d6f9d2 | ||
|
dc0eb621e7 | ||
|
78b4f956cd | ||
|
85c6378d73 | ||
|
556f087a10 | ||
|
c962f3eb84 | ||
|
581885daa0 | ||
|
267a96bf73 | ||
|
44a4a28094 | ||
3f962fa3bb | |||
1171e0cb92 | |||
6a933194f3 | |||
e546d03d9f | |||
|
65d52675c9 | ||
|
636d6f6379 | ||
|
26381244aa | ||
|
d51937c68b | ||
|
dbc4073b66 | ||
|
d83f8d8e69 | ||
95acdcbc70 | |||
|
38fdf44c1f | ||
|
e3d57ea3aa | ||
|
90166c8ef2 | ||
|
98b413eb6b | ||
|
43df61b819 | ||
|
8ee945ed31 | ||
|
1ae0642541 | ||
|
be33b1917a | ||
|
e6c9773b8e | ||
|
5a54dbe0c7 | ||
|
aa20275888 | ||
|
049e14afa5 | ||
|
54544b75d1 | ||
|
3274741721 | ||
|
8d8a85a78f | ||
|
cdfe350828 | ||
|
337c86f47b | ||
|
20d359f328 | ||
|
4cf6591f38 | ||
|
5a9244694a | ||
|
015ee60420 | ||
|
2d4b94c129 | ||
|
aefd59aea8 | ||
|
10fd5699ac | ||
|
ecf425dd61 | ||
|
70ad2148b9 | ||
|
93e252443a | ||
|
d9f0119ab8 | ||
|
bf225b8e6a | ||
|
6a9e05fb97 | ||
|
bc4210d5ce | ||
|
a54235fcf2 | ||
|
be87ba8f31 | ||
|
5e947316f6 | ||
c71b23d35e | |||
2258edaae6 | |||
|
f8878077cf | ||
|
2deb5f3337 | ||
|
ca92b894cb | ||
e45902f5cf | |||
|
9ae88964ec | ||
|
90ae7543d7 | ||
|
37413bcd3b | ||
|
7af351c384 | ||
|
68dac5c6f3 | ||
|
c7130c7ee4 | ||
|
3c3c1fcb24 | ||
|
425318a0d1 | ||
|
c2eda1648b | ||
|
d72cfeddd8 | ||
|
6463999ab4 | ||
|
b56922c3c8 | ||
|
71666776b4 | ||
|
c4e6e16afb | ||
|
05f86550be | ||
|
edcd7e1e47 | ||
|
6f29034aef | ||
dd7553d5fd | |||
|
a21f6a4cad | ||
|
31a7f54827 | ||
|
d415451c8e | ||
|
699c907a84 | ||
|
1ad23c8716 | ||
|
c538a6b07f | ||
|
fe3f17cd02 | ||
|
0e9b17cb0b | ||
|
0f793f92d8 | ||
|
0fd3833b9c | ||
|
5bc5977704 | ||
|
684d1f0578 | ||
|
14bac86e9d | ||
|
12afe16a78 | ||
|
75059044de | ||
|
9f7ebfe59c | ||
|
ac42413580 | ||
|
415bb36754 | ||
481504f174 | |||
|
d68a93a94f | ||
|
69d2378747 | ||
|
ac929f65aa | ||
f648c28f18 | |||
|
2e6e69810e | ||
|
e9398eab71 | ||
65f8dbb21b | |||
|
6b6f6cf3a4 | ||
|
9af4f03013 | ||
|
b77c3b0996 | ||
|
600cbeb453 | ||
|
b2d369cc4c | ||
|
31e73c7c4a | ||
|
52874542a7 | ||
|
1daf68376d | ||
|
b5f5fa9105 | ||
|
ea1d4baa04 | ||
|
944d3fbc5d | ||
|
78721c5b15 | ||
|
fce992b842 | ||
|
a2a51d63ac | ||
|
b19213d099 | ||
|
ede79802d3 | ||
|
d4483b02a2 | ||
|
1fbad10a24 | ||
|
da28c76a68 | ||
|
e5c66824ab | ||
3d787a46ea | |||
3a5b1bcb27 | |||
|
d066b3ecee | ||
|
71b0fda5ee | ||
b1e948a2dc | |||
|
e22035919b | ||
|
1ffd1de964 | ||
|
39c7dc7837 | ||
|
7528e8084e | ||
|
343a56a6ba | ||
|
6111edc067 | ||
|
0e0d9dfc86 | ||
fadaf4840c | |||
|
9281e6958b | ||
|
ec1e836a89 | ||
|
d80268c1b8 | ||
|
d04e039b2a | ||
|
c14618c503 | ||
|
0e700e8b7b | ||
|
d256c86420 | ||
|
a589148d9e | ||
|
232b3f32a2 | ||
|
3c83eb4347 | ||
|
800618f434 | ||
|
1e61a12b48 | ||
|
7bcaf18f7e | ||
|
c0d69f591f | ||
|
2228e742cf | ||
|
e7f528377b | ||
|
537682804f | ||
|
7ffab915ac | ||
|
d515a87640 | ||
|
4a7eba5ad6 | ||
|
52bb8ee9d2 | ||
|
eb1d88807b | ||
|
7c2104b0ce | ||
4237d35fcc | |||
|
451ed20f5d | ||
|
a2879c6c9a | ||
|
f882381f9d | ||
|
fb536da665 | ||
|
49b7b07b52 | ||
|
2854155db2 | ||
|
b40c6f8c30 | ||
|
44605f0f04 | ||
|
63bf4123bd | ||
|
990d4617e8 | ||
|
0030e41a8d | ||
|
97a913f97c | ||
|
b1ff774a55 | ||
|
683767ed8c | ||
|
a45c1cca82 | ||
|
0a053ad577 | ||
|
51eae6da2f | ||
|
fa1d9c7e30 | ||
|
b56adc8b79 | ||
|
88c8bcefeb | ||
|
6c8510910a | ||
|
6faae0d0fd | ||
|
3b34e00fc3 | ||
|
d1463cc790 | ||
|
aea182efcb | ||
|
990dc14a48 | ||
558445af2e | |||
3f784ccaa1 | |||
dbc61d72fb | |||
2838ad9eae | |||
|
84e513b4a2 | ||
|
0a4a052cc9 | ||
|
b9f0a07aba | ||
|
cb9f6f7027 | ||
12dcc3eb42 | |||
90f4442e94 | |||
|
193997958f | ||
9eb9849004 | |||
|
4df5b8fa63 | ||
|
45b522f7cc | ||
|
817dd810e3 | ||
09461aa013 | |||
|
367a542f74 | ||
|
6642d9a7a2 | ||
9580f1478f | |||
6c91c46378 | |||
e622ab292a | |||
507e6a36fd | |||
0a2afb1e4c | |||
|
6e7d4ea985 | ||
809e2dd5d1 | |||
bdda57c4bc | |||
8c5240bbf7 | |||
aecc55e9e7 | |||
|
7b8485cacc | ||
|
0134b7bee1 | ||
|
fc9ef9ae31 | ||
3a31315d9e | |||
|
db8c5cd682 | ||
|
29c779c05d | ||
|
036fcbc7a0 | ||
|
aabaa11c61 | ||
|
632cd2bd99 | ||
|
60cbe7c8c1 | ||
e5f82b4ef5 | |||
|
794d060fe6 | ||
|
761dbe769f | ||
d8dc69de8b | |||
4b3302bb49 | |||
|
1a59d6f79a | ||
|
84429c066f | ||
|
9768424628 | ||
|
882fcbe13b | ||
|
7580e87a30 | ||
|
6c1d44b388 | ||
|
a67418653d | ||
|
b1f9e39fc4 | ||
b8fd42fd85 | |||
e806517b18 | |||
|
7a2d3a90ac | ||
|
c5929bbbbd | ||
|
98e6b3a711 | ||
|
3d4bfc0158 | ||
afd95a81c3 | |||
|
f3cc8fc03a | ||
|
dcd4201523 | ||
|
781379d879 | ||
|
429bbff838 | ||
|
bc97a0fc05 | ||
|
47a73fd149 | ||
fe2ef47675 | |||
fc0fe3c6d5 | |||
|
d4bcac2d5b | ||
|
0f57c6f305 | ||
|
50d71f5e54 | ||
|
2120450659 | ||
|
fdb3274785 | ||
|
5d41a1b77e | ||
f716afe84d | |||
b73416d775 | |||
|
43dd527485 | ||
|
2c629f8bbc | ||
|
1db9c4a6ee | ||
|
b1eca52235 | ||
|
4987ec2264 | ||
ad01f9a9dd | |||
6aa8c10ae0 | |||
6afed2049a | |||
199ccf7665 | |||
7c77b7304a | |||
243f679d7f | |||
085f75c6dd | |||
0e96359429 | |||
6374837156 | |||
53af02398d | |||
16706071b7 | |||
43f089ce70 | |||
|
15c3e587ff | ||
|
b438ed097f | ||
|
337c779410 | ||
b004b4d1e7 |
17
.github/actionlint-matcher.json
vendored
Normal file
17
.github/actionlint-matcher.json
vendored
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{
|
||||||
|
"problemMatcher": [
|
||||||
|
{
|
||||||
|
"owner": "actionlint",
|
||||||
|
"pattern": [
|
||||||
|
{
|
||||||
|
"regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
|
||||||
|
"file": 1,
|
||||||
|
"line": 2,
|
||||||
|
"column": 3,
|
||||||
|
"message": 4,
|
||||||
|
"code": 5
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
13
.github/dependabot.yml
vendored
Normal file
13
.github/dependabot.yml
vendored
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
- package-ecosystem: "bundler"
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: "weekly"
|
||||||
|
commit-message:
|
||||||
|
prefix: "gems"
|
||||||
|
labels: ["dependabot"]
|
||||||
|
open-pull-requests-limit: 10
|
||||||
|
pull-request-branch-name:
|
||||||
|
separator: "-"
|
42
.github/renovate.json5
vendored
Normal file
42
.github/renovate.json5
vendored
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{
|
||||||
|
extends: [
|
||||||
|
"config:recommended",
|
||||||
|
":dependencyDashboard",
|
||||||
|
":prHourlyLimitNone",
|
||||||
|
":prConcurrentLimitNone",
|
||||||
|
":label(dependency-upgrade)",
|
||||||
|
],
|
||||||
|
schedule: ["before 8am on thursday"],
|
||||||
|
branchPrefix: "renovate-",
|
||||||
|
dependencyDashboardHeader: "View repository job log [here](https://app.renovatebot.com/dashboard#github/cmur2/dyndnsd).",
|
||||||
|
separateMinorPatch: true,
|
||||||
|
commitMessagePrefix: "project: ",
|
||||||
|
commitMessageAction: "update",
|
||||||
|
commitMessageTopic: "{{depName}}",
|
||||||
|
commitMessageExtra: "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
|
||||||
|
packageRules: [
|
||||||
|
// Ruby dependencies are managed by depfu
|
||||||
|
{
|
||||||
|
matchManagers: ["bundler"],
|
||||||
|
enabled: false,
|
||||||
|
},
|
||||||
|
// Commit message formats
|
||||||
|
{
|
||||||
|
matchDatasources: ["docker"],
|
||||||
|
commitMessagePrefix: "docker: ",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
matchManagers: ["github-actions"],
|
||||||
|
commitMessagePrefix: "ci: ",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
customManagers: [
|
||||||
|
{
|
||||||
|
customType: "regex",
|
||||||
|
fileMatch: ["\.rb$", "^Rakefile$"],
|
||||||
|
matchStrings: [
|
||||||
|
"renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s.*_version = '(?<currentValue>.*)'\\s"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
],
|
||||||
|
}
|
26
.github/workflows/cd.yml
vendored
26
.github/workflows/cd.yml
vendored
@ -1,3 +1,4 @@
|
|||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
---
|
---
|
||||||
name: cd
|
name: cd
|
||||||
|
|
||||||
@ -10,23 +11,38 @@ jobs:
|
|||||||
release-dockerimage:
|
release-dockerimage:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Extract dyndnsd version from tag name
|
- name: Extract dyndnsd version from tag name
|
||||||
run: |
|
run: |
|
||||||
echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
|
echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> "$GITHUB_ENV"
|
||||||
|
|
||||||
|
- name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
|
||||||
|
run: |
|
||||||
|
set +e
|
||||||
|
for retry in $(seq 1 5); do
|
||||||
|
echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
|
||||||
|
sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
|
||||||
|
# shellcheck disable=SC2181
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
sleep 60
|
||||||
|
done
|
||||||
|
exit 1
|
||||||
|
|
||||||
# https://github.com/marketplace/actions/build-and-push-docker-images
|
# https://github.com/marketplace/actions/build-and-push-docker-images
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v1
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
- name: Login to Docker Hub
|
- name: Login to Docker Hub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v3
|
||||||
with:
|
with:
|
||||||
username: cmur2
|
username: cmur2
|
||||||
password: ${{ secrets.DOCKER_TOKEN }}
|
password: ${{ secrets.DOCKER_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
|
- name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v6
|
||||||
with:
|
with:
|
||||||
context: docker
|
context: docker
|
||||||
build-args: |
|
build-args: |
|
||||||
|
31
.github/workflows/ci.yml
vendored
31
.github/workflows/ci.yml
vendored
@ -1,3 +1,4 @@
|
|||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
---
|
---
|
||||||
name: ci
|
name: ci
|
||||||
|
|
||||||
@ -14,19 +15,41 @@ jobs:
|
|||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
ruby-version:
|
ruby-version:
|
||||||
- '2.5'
|
|
||||||
- '2.6'
|
|
||||||
- '2.7'
|
|
||||||
- '3.0'
|
- '3.0'
|
||||||
|
- '3.1'
|
||||||
|
- '3.2'
|
||||||
|
- '3.3'
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v4
|
||||||
- name: Set up Ruby ${{ matrix.ruby-version }}
|
- name: Set up Ruby ${{ matrix.ruby-version }}
|
||||||
uses: ruby/setup-ruby@v1
|
uses: ruby/setup-ruby@v1
|
||||||
with:
|
with:
|
||||||
ruby-version: ${{ matrix.ruby-version }}
|
ruby-version: ${{ matrix.ruby-version }}
|
||||||
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
||||||
|
|
||||||
- name: Lint and Test
|
- name: Lint and Test
|
||||||
run: |
|
run: |
|
||||||
bundle exec rake ci
|
bundle exec rake ci
|
||||||
|
|
||||||
|
actionlint:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Check workflow files
|
||||||
|
run: |
|
||||||
|
echo "::add-matcher::.github/actionlint-matcher.json"
|
||||||
|
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
|
||||||
|
./actionlint
|
||||||
|
|
||||||
|
renovate-config-validator:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container:
|
||||||
|
image: ghcr.io/renovatebot/renovate
|
||||||
|
options: --user root
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Check Renovate config
|
||||||
|
run: renovate-config-validator --strict
|
||||||
|
1
.github/workflows/dockerhub.yml
vendored
1
.github/workflows/dockerhub.yml
vendored
@ -1,3 +1,4 @@
|
|||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
---
|
---
|
||||||
name: dockerhub
|
name: dockerhub
|
||||||
|
|
||||||
|
8
.github/workflows/vulnscan.yml
vendored
8
.github/workflows/vulnscan.yml
vendored
@ -1,3 +1,4 @@
|
|||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
---
|
---
|
||||||
name: vulnscan
|
name: vulnscan
|
||||||
|
|
||||||
@ -10,15 +11,14 @@ jobs:
|
|||||||
scan-released-dockerimages:
|
scan-released-dockerimages:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
TRIVY_LIGHT: 'true'
|
|
||||||
TRIVY_IGNORE_UNFIXED: 'true'
|
TRIVY_IGNORE_UNFIXED: 'true'
|
||||||
TRIVY_REMOVED_PKGS: 'true'
|
TRIVY_REMOVED_PKGS: 'true'
|
||||||
steps:
|
steps:
|
||||||
- name: Install Trivy
|
- name: Install Trivy
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $GITHUB_WORKSPACE/bin
|
mkdir -p "$GITHUB_WORKSPACE/bin"
|
||||||
echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
|
echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
|
||||||
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b "$GITHUB_WORKSPACE/bin"
|
||||||
- name: Download Trivy DB
|
- name: Download Trivy DB
|
||||||
run: |
|
run: |
|
||||||
trivy image --download-db-only
|
trivy image --download-db-only
|
||||||
@ -36,7 +36,7 @@ jobs:
|
|||||||
for image in $ALL_IMAGES; do
|
for image in $ALL_IMAGES; do
|
||||||
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
|
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
|
||||||
echo -e "\nScanning newest patch release $image of major v$major_version...\n"
|
echo -e "\nScanning newest patch release $image of major v$major_version...\n"
|
||||||
if ! trivy image --skip-update --exit-code 1 "$image"; then
|
if ! trivy image --skip-db-update --scanners vuln --exit-code 1 "$image"; then
|
||||||
EXIT_CODE=1
|
EXIT_CODE=1
|
||||||
fi
|
fi
|
||||||
break
|
break
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -2,3 +2,5 @@
|
|||||||
*.lock
|
*.lock
|
||||||
pkg/*
|
pkg/*
|
||||||
.yardoc
|
.yardoc
|
||||||
|
hadolint
|
||||||
|
trivy
|
||||||
|
@ -3,9 +3,15 @@ require:
|
|||||||
- rubocop-rspec
|
- rubocop-rspec
|
||||||
|
|
||||||
AllCops:
|
AllCops:
|
||||||
TargetRubyVersion: '2.5'
|
TargetRubyVersion: '3.0'
|
||||||
NewCops: enable
|
NewCops: enable
|
||||||
|
|
||||||
|
Gemspec/DevelopmentDependencies:
|
||||||
|
EnforcedStyle: gemspec
|
||||||
|
|
||||||
|
Gemspec/RequireMFA:
|
||||||
|
Enabled: false
|
||||||
|
|
||||||
Layout/EmptyLineAfterGuardClause:
|
Layout/EmptyLineAfterGuardClause:
|
||||||
Enabled: false
|
Enabled: false
|
||||||
|
|
||||||
|
193
CHANGELOG.md
193
CHANGELOG.md
@ -1,6 +1,195 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
## 3.3.2
|
## 3.10.0
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- add Ruby 3.3 support
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.19.0 (from 3.18.3 before)
|
||||||
|
|
||||||
|
## 3.9.2 (August 10th, 2023)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.18.3 (from 3.18.2 before)
|
||||||
|
|
||||||
|
## 3.9.1 (July 6, 2023)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.18.2 (from 3.18.0 before)
|
||||||
|
|
||||||
|
## 3.9.0 (June 8, 2023)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- Drop EOL Ruby 2.7 support, now minimum version supported is Ruby 3.0
|
||||||
|
|
||||||
|
## 3.8.2 (April 1st, 2023)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.17.3 (from 3.17.2 before)
|
||||||
|
|
||||||
|
## 3.8.1 (March 2nd, 2023)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.17.2 (from 3.17.1 before)
|
||||||
|
|
||||||
|
## 3.8.0 (January 13th, 2023)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- add Ruby 3.2 support
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.17.1 (from 3.17.0 before)
|
||||||
|
|
||||||
|
## 3.7.3 (December 29th, 2022)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.17.0 (from 3.16.2 before)
|
||||||
|
|
||||||
|
## 3.7.2 (November 10th, 2022)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.7.1 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.7.1 (September 20th, 2022)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- fix [TypeError](https://github.com/cmur2/dyndnsd/issues/205) when user has no hosts configured
|
||||||
|
|
||||||
|
## 3.7.0 (September 16th, 2022)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- Update to Rack 3
|
||||||
|
|
||||||
|
## 3.6.2 (August 11th, 2022)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.16.2 (from 3.16.1 before)
|
||||||
|
|
||||||
|
## 3.6.1 (July 21st, 2022)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.16.1 (from 3.16.0 before)
|
||||||
|
|
||||||
|
## 3.6.0 (June 2nd, 2022)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- Drop EOL Ruby 2.6 and lower support, now minimum version supported is Ruby 2.7
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.16 (from 3.15.7 before)
|
||||||
|
|
||||||
|
## 3.5.3 (May 5th, 2022)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.5.2 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.5.2 (April 7th, 2022)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.5.1 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.5.1 (February 17th, 2022)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.5.0 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.5.0 (January 8th, 2022)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- add Ruby 3.1 support
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.15 (from 3.13.7 before, **Note:** please be aware of the quirks around [Alpine 3.14](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
|
||||||
|
|
||||||
|
## 3.4.8 (December 11th, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.4.7 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.4.7 (November 19th, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.4.6 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.4.6 (November 19th, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.4.5 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.4.5 (August 26th, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.4.4 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.4.4 (August 26th, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.4.3 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.4.3 (August 20th, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.4.2 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
|
||||||
|
## 3.4.2 (July 30, 2021)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- move from OpenTracing to OpenTelemetry for experimental tracing feature
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- re-release 3.4.1 to rebuild Docker image with security vulnerabilities fixes
|
||||||
|
- adopt Renovate for dependency updates
|
||||||
|
|
||||||
|
## 3.4.1 (April 15, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.13.5 to fix security vulnerabilities
|
||||||
|
|
||||||
|
## 3.4.0 (April 2, 2021)
|
||||||
|
|
||||||
|
IMPROVEMENTS:
|
||||||
|
|
||||||
|
- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
|
||||||
|
|
||||||
|
## 3.3.3 (April 1, 2021)
|
||||||
|
|
||||||
|
OTHER:
|
||||||
|
|
||||||
|
- update base of Docker image to Alpine 3.13.4 to fix security vulnerabilities
|
||||||
|
|
||||||
|
## 3.3.2 (February 20, 2021)
|
||||||
|
|
||||||
OTHER:
|
OTHER:
|
||||||
|
|
||||||
@ -157,7 +346,7 @@ IMPROVEMENTS:
|
|||||||
|
|
||||||
IMPROVEMENTS:
|
IMPROVEMENTS:
|
||||||
|
|
||||||
- Support dropping priviliges on startup, also affects external commands run
|
- Support dropping privileges on startup, also affects external commands run
|
||||||
- Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
|
- Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
|
||||||
- Detach from child processes running external commands to avoid zombie processes
|
- Detach from child processes running external commands to avoid zombie processes
|
||||||
|
|
||||||
|
42
README.md
42
README.md
@ -1,6 +1,6 @@
|
|||||||
# dyndnsd.rb
|
# dyndnsd.rb
|
||||||
|
|
||||||
![ci](https://github.com/cmur2/dyndnsd/workflows/ci/badge.svg) [![Dependencies](https://badges.depfu.com/badges/4f25da8493f7a29f652ac892fbf9227b/overview.svg)](https://depfu.com/github/cmur2/dyndnsd)
|
![ci](https://github.com/cmur2/dyndnsd/workflows/ci/badge.svg)
|
||||||
|
|
||||||
A small, lightweight and extensible DynDNS server written with Ruby and Rack.
|
A small, lightweight and extensible DynDNS server written with Ruby and Rack.
|
||||||
|
|
||||||
@ -75,7 +75,7 @@ There is an officially maintained [Docker image for dyndnsd](https://hub.docker.
|
|||||||
|
|
||||||
Users can make extensions by deriving from the official Docker image or building their own.
|
Users can make extensions by deriving from the official Docker image or building their own.
|
||||||
|
|
||||||
The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. the following YAML should be used as a base and extended with user's settings:
|
The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. The following YAML should be used as a base and extended with user's settings:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
host: "0.0.0.0"
|
host: "0.0.0.0"
|
||||||
@ -98,7 +98,7 @@ docker run -d --name dyndnsd \
|
|||||||
cmur2/dyndnsd:vX.Y.Z
|
cmur2/dyndnsd:vX.Y.Z
|
||||||
```
|
```
|
||||||
|
|
||||||
*Note*: You may need to expose more then just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
|
*Note*: You may need to expose more than just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -106,7 +106,7 @@ docker run -d --name dyndnsd \
|
|||||||
|
|
||||||
By using [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) any secondary nameserver can retrieve the DNS zone contents from dyndnsd.rb and serve them to clients.
|
By using [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) any secondary nameserver can retrieve the DNS zone contents from dyndnsd.rb and serve them to clients.
|
||||||
To speedup propagation after changes dyndnsd.rb can issue a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) to inform the nameserver that the DNS zone contents changed and should be fetched even before the time indicated in the SOA record is up.
|
To speedup propagation after changes dyndnsd.rb can issue a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) to inform the nameserver that the DNS zone contents changed and should be fetched even before the time indicated in the SOA record is up.
|
||||||
Currently dyndnsd.rb does not support any authentication for incoming DNS zone transfer requests so it should be isolated from the internet on these ports.
|
Currently, dyndnsd.rb does not support any authentication for incoming DNS zone transfer request, so it should be isolated from the internet on these ports.
|
||||||
|
|
||||||
This approach has several advantages:
|
This approach has several advantages:
|
||||||
- dyndnsd.rb can be used in *hidden primary* fashion isolated from client's DNS traffic and does not need to implement full nameserver features
|
- dyndnsd.rb can be used in *hidden primary* fashion isolated from client's DNS traffic and does not need to implement full nameserver features
|
||||||
@ -151,7 +151,7 @@ users:
|
|||||||
|
|
||||||
NSD is a nice, open source, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into its own database) and has a simple configuration file.
|
NSD is a nice, open source, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into its own database) and has a simple configuration file.
|
||||||
|
|
||||||
A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers but one can fake it using the following dyndnsd.rb configuration:
|
A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers, but one can fake it using the following dyndnsd.rb configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
host: "0.0.0.0"
|
host: "0.0.0.0"
|
||||||
@ -198,23 +198,23 @@ The update URL you want to tell your clients (humans or scripts ^^) consists of
|
|||||||
where:
|
where:
|
||||||
|
|
||||||
* the protocol depends on your (web server/proxy) settings
|
* the protocol depends on your (web server/proxy) settings
|
||||||
* USER and PASSWORD are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
|
* `USER` and `PASSWORD` are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
|
||||||
* DOMAIN should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
|
* `DOMAIN` should match what you defined in your config.yaml as domain but may be anything else when using a web server as proxy
|
||||||
* PORT depends on your (webserver/proxy) settings
|
* `PORT` depends on your (web server/proxy) settings
|
||||||
* HOSTNAMES is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
|
* `HOSTNAMES` is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
|
||||||
* MYIP is optional and the HTTP client's IP address will be used if missing
|
* `MYIP` is optional and the HTTP client's IP address will be used if missing
|
||||||
* MYIP6 is optional but if present also requires presence of MYIP
|
* `MYIP6` is optional but if present also requires presence of `MYIP`
|
||||||
|
|
||||||
|
|
||||||
### IP address determination
|
### IP address determination
|
||||||
|
|
||||||
The following rules apply:
|
The following rules apply:
|
||||||
|
|
||||||
* use any IP address provided via the myip parameter when present, or
|
* use any IP address provided via the `myip` parameter when present, or
|
||||||
* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
|
* use any IP address provided via the `X-Real-IP` header e.g. when used behind HTTP reverse proxy such as nginx, or
|
||||||
* use any IP address used by the connecting HTTP client
|
* use any IP address used by the connecting HTTP client
|
||||||
|
|
||||||
If you want to provide an additional IPv6 address as myip6 parameter, the myip parameter containing an IPv4 address has to be present, too! No automatism is applied then.
|
If you want to provide an additional IPv6 address as myip6 parameter, the `myip` parameter containing an IPv4 address has to be present, too! No automatism is applied then.
|
||||||
|
|
||||||
|
|
||||||
### SSL, multiple listen ports
|
### SSL, multiple listen ports
|
||||||
@ -231,7 +231,7 @@ The [Debian 6 init.d script](docs/debian-6-init-dyndnsd) assumes that dyndnsd.rb
|
|||||||
|
|
||||||
### Monitoring
|
### Monitoring
|
||||||
|
|
||||||
For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter) but you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
|
For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default, the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter, butt you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
host: "0.0.0.0"
|
host: "0.0.0.0"
|
||||||
@ -271,9 +271,9 @@ users:
|
|||||||
|
|
||||||
### Tracing (experimental)
|
### Tracing (experimental)
|
||||||
|
|
||||||
For tracing, dyndnsd.rb is instrumented using the [OpenTracing](http://opentracing.io/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using a middleware for Rack allows handling incoming OpenTracing span information properly.
|
For tracing, dyndnsd.rb is instrumented using the [OpenTelemetry](https://opentelemetry.io/docs/ruby/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using an [instrumentation for Rack](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/instrumentation/rack) allows handling incoming OpenTelemetry parent span information properly (when desired, turned off by default to reduce attack surface).
|
||||||
|
|
||||||
Currently only one OpenTracing-compatible tracer implementation named [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be configured to use with dyndnsd.rb.
|
Currently, the [OpenTelemetry trace exporter](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/exporter/jaeger) for [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be enabled via dyndnsd.rb configuration. Alternatively, you can also enable other exporters via the environment variable `OTEL_TRACES_EXPORTER`, e.g. `OTEL_TRACES_EXPORTER=console`.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
host: "0.0.0.0"
|
host: "0.0.0.0"
|
||||||
@ -282,11 +282,9 @@ db: "/opt/dyndnsd/db.json"
|
|||||||
domain: "dyn.example.org"
|
domain: "dyn.example.org"
|
||||||
# enable and configure tracing using the (currently only) tracer jaeger
|
# enable and configure tracing using the (currently only) tracer jaeger
|
||||||
tracing:
|
tracing:
|
||||||
trust_incoming_span: false # default value, change to accept incoming OpenTracing spans as parents
|
trust_incoming_span: false # default value, change to accept incoming OpenTelemetry spans as parents
|
||||||
jaeger:
|
service_name: "my.dyndnsd.identifier" # default unset, will be populated by OpenTelemetry
|
||||||
host: 127.0.0.1 # defaults for host and port of local jaeger-agent
|
jaeger: true # enables the Jaeger AgentExporter
|
||||||
port: 6831
|
|
||||||
service_name: "my.dyndnsd.identifier"
|
|
||||||
# configure the updater, here we use command_with_bind_zone, params are updater-specific
|
# configure the updater, here we use command_with_bind_zone, params are updater-specific
|
||||||
updater:
|
updater:
|
||||||
name: "command_with_bind_zone"
|
name: "command_with_bind_zone"
|
||||||
|
60
Rakefile
60
Rakefile
@ -14,19 +14,61 @@ task :solargraph do
|
|||||||
sh 'solargraph typecheck'
|
sh 'solargraph typecheck'
|
||||||
end
|
end
|
||||||
|
|
||||||
namespace :solargraph do
|
# renovate: datasource=github-tags depName=hadolint/hadolint
|
||||||
desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
|
hadolint_version = 'v2.12.0'
|
||||||
task :init do
|
|
||||||
sh 'solargraph download-core'
|
# renovate: datasource=github-tags depName=aquasecurity/trivy
|
||||||
end
|
trivy_version = 'v0.54.1'
|
||||||
|
|
||||||
|
namespace :docker do
|
||||||
|
ci_image = 'cmur2/dyndnsd:ci'
|
||||||
|
|
||||||
|
desc 'Lint Dockerfile'
|
||||||
|
task :lint do
|
||||||
|
sh "if [ ! -e ./hadolint ]; then wget -q -O ./hadolint https://github.com/hadolint/hadolint/releases/download/#{hadolint_version}/hadolint-Linux-x86_64; fi"
|
||||||
|
sh 'chmod a+x ./hadolint'
|
||||||
|
sh './hadolint --ignore DL3018 docker/Dockerfile'
|
||||||
|
sh './hadolint --ignore DL3018 --ignore DL3028 docker/ci/Dockerfile'
|
||||||
end
|
end
|
||||||
|
|
||||||
desc 'Run hadolint for Dockerfile linting'
|
desc 'Build CI Docker image'
|
||||||
task :hadolint do
|
task :build do
|
||||||
sh 'docker run --rm -i hadolint/hadolint:v1.18.0 hadolint --ignore DL3018 - < docker/Dockerfile'
|
sh 'docker build -t cmur2/dyndnsd:ci -f docker/ci/Dockerfile .'
|
||||||
|
end
|
||||||
|
|
||||||
|
desc 'Scan CI Docker image for vulnerabilities'
|
||||||
|
task :scan do
|
||||||
|
ver = trivy_version.gsub('v', '')
|
||||||
|
sh "if [ ! -e ./trivy ]; then wget -q -O - https://github.com/aquasecurity/trivy/releases/download/v#{ver}/trivy_#{ver}_Linux-64bit.tar.gz | tar -xzf - trivy; fi"
|
||||||
|
sh "./trivy image #{ci_image}"
|
||||||
|
end
|
||||||
|
|
||||||
|
desc 'End-to-end test the CI Docker image'
|
||||||
|
task :e2e do
|
||||||
|
sh <<~SCRIPT
|
||||||
|
echo -n '{}' > e2e/db.json
|
||||||
|
chmod a+w e2e/db.json
|
||||||
|
SCRIPT
|
||||||
|
sh "docker run -d --name=dyndnsd-ci -v $(pwd)/e2e:/etc/dyndnsd -p 8080:8080 -p 5353:5353 #{ci_image}"
|
||||||
|
sh 'sleep 5'
|
||||||
|
puts '----------------------------------------'
|
||||||
|
# `dig` needs `sudo apt-get install -y -q dnsutils`
|
||||||
|
sh <<~SCRIPT
|
||||||
|
curl -s -o /dev/null -w '%{http_code}' 'http://localhost:8080/' | grep -q '401'
|
||||||
|
curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'good'
|
||||||
|
curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'nochg'
|
||||||
|
dig +short AXFR 'dyn.example.org' @127.0.0.1 -p 5353 | grep -q '1.2.3.4'
|
||||||
|
SCRIPT
|
||||||
|
puts '----------------------------------------'
|
||||||
|
sh <<~SCRIPT
|
||||||
|
docker logs dyndnsd-ci
|
||||||
|
docker container rm -f -v dyndnsd-ci
|
||||||
|
rm e2e/db.json
|
||||||
|
SCRIPT
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
|
task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
|
||||||
|
|
||||||
desc 'Run all tasks desired for CI'
|
desc 'Run all tasks desired for CI'
|
||||||
task ci: ['solargraph:init', :default, :hadolint]
|
task ci: [:default, 'docker:lint', :build, 'docker:build', 'docker:e2e']
|
||||||
|
@ -1,15 +1,22 @@
|
|||||||
FROM alpine:3.13.2
|
FROM alpine:3.20.3
|
||||||
|
|
||||||
EXPOSE 5353 8080
|
EXPOSE 5353 8080
|
||||||
|
|
||||||
ARG DYNDNSD_VERSION=3.3.1
|
ARG DYNDNSD_VERSION
|
||||||
|
|
||||||
RUN apk --no-cache add openssl ca-certificates && \
|
RUN apk --no-cache add openssl ca-certificates && \
|
||||||
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
|
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
|
||||||
apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
|
apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
|
||||||
gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
|
gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
|
||||||
|
rm -rf /usr/lib/ruby/gems/*/cache/ && \
|
||||||
# set timezone to Berlin
|
# set timezone to Berlin
|
||||||
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
|
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
|
||||||
apk del .build-deps
|
apk del .build-deps
|
||||||
|
|
||||||
|
# Follow the principle of least privilege: run as unprivileged user.
|
||||||
|
# Running as non-root enables running this image in platforms like OpenShift
|
||||||
|
# that do not allow images running as root.
|
||||||
|
# User ID 65534 is usually user 'nobody'.
|
||||||
|
USER 65534
|
||||||
|
|
||||||
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
|
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
|
||||||
|
22
docker/ci/Dockerfile
Normal file
22
docker/ci/Dockerfile
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
FROM alpine:3.20.3
|
||||||
|
|
||||||
|
EXPOSE 5353 8080
|
||||||
|
|
||||||
|
COPY pkg/dyndnsd-*.gem /tmp/dyndnsd.gem
|
||||||
|
|
||||||
|
RUN apk --no-cache add openssl ca-certificates && \
|
||||||
|
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
|
||||||
|
apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
|
||||||
|
gem install --no-document /tmp/dyndnsd.gem && \
|
||||||
|
rm -rf /usr/lib/ruby/gems/*/cache/ && \
|
||||||
|
# set timezone to Berlin
|
||||||
|
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
|
||||||
|
apk del .build-deps
|
||||||
|
|
||||||
|
# Follow the principle of least privilege: run as unprivileged user.
|
||||||
|
# Running as non-root enables running this image in platforms like OpenShift
|
||||||
|
# that do not allow images running as root.
|
||||||
|
# User ID 65534 is usually user 'nobody'.
|
||||||
|
USER 65534
|
||||||
|
|
||||||
|
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
|
@ -25,23 +25,25 @@ Gem::Specification.new do |s|
|
|||||||
s.executables = ['dyndnsd']
|
s.executables = ['dyndnsd']
|
||||||
s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
|
s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
|
||||||
|
|
||||||
s.required_ruby_version = '>= 2.5'
|
s.required_ruby_version = '>= 3.0'
|
||||||
|
|
||||||
s.add_runtime_dependency 'async-dns', '~> 1.2.0'
|
s.add_dependency 'async', '~> 1.31.0'
|
||||||
s.add_runtime_dependency 'jaeger-client', '~> 1.1.0'
|
s.add_dependency 'async-dns', '~> 1.3.0'
|
||||||
s.add_runtime_dependency 'metriks'
|
s.add_dependency 'metriks'
|
||||||
s.add_runtime_dependency 'opentracing', '~> 0.5.0'
|
s.add_dependency 'opentelemetry-exporter-jaeger', '~> 0.22.0'
|
||||||
s.add_runtime_dependency 'rack', '~> 2.0'
|
s.add_dependency 'opentelemetry-instrumentation-rack', '~> 0.22.0'
|
||||||
s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
|
s.add_dependency 'opentelemetry-sdk', '~> 1.2.0'
|
||||||
s.add_runtime_dependency 'webrick', '>= 1.6.1'
|
s.add_dependency 'rack', '~> 3.0'
|
||||||
|
s.add_dependency 'rackup', '~> 2'
|
||||||
|
s.add_dependency 'webrick', '>= 1.6.1'
|
||||||
|
|
||||||
s.add_development_dependency 'bundler'
|
s.add_development_dependency 'bundler'
|
||||||
s.add_development_dependency 'bundler-audit', '~> 0.7.0'
|
s.add_development_dependency 'bundler-audit', '~> 0.9.0'
|
||||||
s.add_development_dependency 'rack-test'
|
s.add_development_dependency 'rack-test'
|
||||||
s.add_development_dependency 'rake'
|
s.add_development_dependency 'rake'
|
||||||
s.add_development_dependency 'rspec'
|
s.add_development_dependency 'rspec'
|
||||||
s.add_development_dependency 'rubocop', '~> 1.10.0'
|
s.add_development_dependency 'rubocop', '~> 1.66.0'
|
||||||
s.add_development_dependency 'rubocop-rake', '~> 0.5.1'
|
s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
|
||||||
s.add_development_dependency 'rubocop-rspec', '~> 2.2.0'
|
s.add_development_dependency 'rubocop-rspec', '~> 3.0.1'
|
||||||
s.add_development_dependency 'solargraph', '~> 0.40.0'
|
s.add_development_dependency 'solargraph', '~> 0.49.0'
|
||||||
end
|
end
|
||||||
|
31
e2e/config.yml
Normal file
31
e2e/config.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
host: "0.0.0.0"
|
||||||
|
port: 8080
|
||||||
|
|
||||||
|
db: /etc/dyndnsd/db.json
|
||||||
|
debug: false
|
||||||
|
domain: dyn.example.org
|
||||||
|
#responder: RestStyle
|
||||||
|
|
||||||
|
updater:
|
||||||
|
name: zone_transfer_server
|
||||||
|
params:
|
||||||
|
server_listens:
|
||||||
|
- 0.0.0.0@5353
|
||||||
|
#send_notifies:
|
||||||
|
#- 10.0.2.15@53
|
||||||
|
zone_ttl: 300 # 5m
|
||||||
|
zone_nameservers:
|
||||||
|
- dns1.example.org.
|
||||||
|
- dns2.example.org.
|
||||||
|
zone_email_address: admin.example.org.
|
||||||
|
zone_additional_ips:
|
||||||
|
- "127.0.0.1"
|
||||||
|
- "::1"
|
||||||
|
|
||||||
|
users:
|
||||||
|
foo:
|
||||||
|
password: "secret"
|
||||||
|
hosts:
|
||||||
|
- foo.dyn.example.org
|
||||||
|
- bar.dyn.example.org
|
@ -7,10 +7,11 @@ require 'ipaddr'
|
|||||||
require 'json'
|
require 'json'
|
||||||
require 'yaml'
|
require 'yaml'
|
||||||
require 'rack'
|
require 'rack'
|
||||||
|
require 'rackup'
|
||||||
require 'metriks'
|
require 'metriks'
|
||||||
|
require 'opentelemetry/instrumentation/rack'
|
||||||
|
require 'opentelemetry/sdk'
|
||||||
require 'metriks/reporter/graphite'
|
require 'metriks/reporter/graphite'
|
||||||
require 'opentracing'
|
|
||||||
require 'rack/tracer'
|
|
||||||
|
|
||||||
require 'dyndnsd/generator/bind'
|
require 'dyndnsd/generator/bind'
|
||||||
require 'dyndnsd/updater/command_with_bind_zone'
|
require 'dyndnsd/updater/command_with_bind_zone'
|
||||||
@ -69,7 +70,7 @@ module Dyndnsd
|
|||||||
# @return [Boolean]
|
# @return [Boolean]
|
||||||
def authorized?(username, password)
|
def authorized?(username, password)
|
||||||
Helper.span('check_authorized') do |span|
|
Helper.span('check_authorized') do |span|
|
||||||
span.set_tag('dyndnsd.user', username)
|
span.set_attribute('enduser.id', username)
|
||||||
|
|
||||||
allow = Helper.user_allowed?(username, password, @users)
|
allow = Helper.user_allowed?(username, password, @users)
|
||||||
if !allow
|
if !allow
|
||||||
@ -106,13 +107,13 @@ module Dyndnsd
|
|||||||
puts "DynDNSd version #{Dyndnsd::VERSION}"
|
puts "DynDNSd version #{Dyndnsd::VERSION}"
|
||||||
puts "Using config file #{config_file}"
|
puts "Using config file #{config_file}"
|
||||||
|
|
||||||
config = YAML.safe_load(File.open(config_file, 'r', &:read))
|
config = YAML.safe_load_file(config_file)
|
||||||
|
|
||||||
setup_logger(config)
|
setup_logger(config)
|
||||||
|
|
||||||
Dyndnsd.logger.info 'Starting...'
|
Dyndnsd.logger.info 'Starting...'
|
||||||
|
|
||||||
# drop priviliges as soon as possible
|
# drop privileges as soon as possible
|
||||||
# NOTE: first change group than user
|
# NOTE: first change group than user
|
||||||
if config['group']
|
if config['group']
|
||||||
group = Etc.getgrnam(config['group'])
|
group = Etc.getgrnam(config['group'])
|
||||||
@ -170,7 +171,7 @@ module Dyndnsd
|
|||||||
def process_changes(hostnames, myips)
|
def process_changes(hostnames, myips)
|
||||||
changes = []
|
changes = []
|
||||||
Helper.span('process_changes') do |span|
|
Helper.span('process_changes') do |span|
|
||||||
span.set_tag('dyndnsd.hostnames', hostnames.join(','))
|
span.set_attribute('dyndnsd.hostnames', hostnames.join(','))
|
||||||
|
|
||||||
hostnames.each do |hostname|
|
hostnames.each do |hostname|
|
||||||
# myips order is always deterministic
|
# myips order is always deterministic
|
||||||
@ -214,10 +215,11 @@ module Dyndnsd
|
|||||||
invalid_hostnames = hostnames.select { |h| !Helper.fqdn_valid?(h, @domain) }
|
invalid_hostnames = hostnames.select { |h| !Helper.fqdn_valid?(h, @domain) }
|
||||||
return [422, {'X-DynDNS-Response' => 'hostname_malformed'}, []] if invalid_hostnames.any?
|
return [422, {'X-DynDNS-Response' => 'hostname_malformed'}, []] if invalid_hostnames.any?
|
||||||
|
|
||||||
|
# we can trust this information since user was authorized by middleware
|
||||||
user = env['REMOTE_USER']
|
user = env['REMOTE_USER']
|
||||||
|
|
||||||
# check for hostnames that the user does not own
|
# check for hostnames that the user does not own
|
||||||
forbidden_hostnames = hostnames - @users[user]['hosts']
|
forbidden_hostnames = hostnames - @users[user].fetch('hosts', [])
|
||||||
return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if forbidden_hostnames.any?
|
return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if forbidden_hostnames.any?
|
||||||
|
|
||||||
if params['offline'] == 'YES'
|
if params['offline'] == 'YES'
|
||||||
@ -252,15 +254,17 @@ module Dyndnsd
|
|||||||
Dyndnsd.logger.progname = 'dyndnsd'
|
Dyndnsd.logger.progname = 'dyndnsd'
|
||||||
Dyndnsd.logger.formatter = LogFormatter.new
|
Dyndnsd.logger.formatter = LogFormatter.new
|
||||||
Dyndnsd.logger.level = config['debug'] ? Logger::DEBUG : Logger::INFO
|
Dyndnsd.logger.level = config['debug'] ? Logger::DEBUG : Logger::INFO
|
||||||
|
|
||||||
|
OpenTelemetry.logger = Dyndnsd.logger
|
||||||
end
|
end
|
||||||
|
|
||||||
# @return [void]
|
# @return [void]
|
||||||
private_class_method def self.setup_traps
|
private_class_method def self.setup_traps
|
||||||
Signal.trap('INT') do
|
Signal.trap('INT') do
|
||||||
Rack::Handler::WEBrick.shutdown
|
Rackup::Handler::WEBrick.shutdown
|
||||||
end
|
end
|
||||||
Signal.trap('TERM') do
|
Signal.trap('TERM') do
|
||||||
Rack::Handler::WEBrick.shutdown
|
Rackup::Handler::WEBrick.shutdown
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -296,16 +300,31 @@ module Dyndnsd
|
|||||||
# @param config [Hash{String => Object}]
|
# @param config [Hash{String => Object}]
|
||||||
# @return [void]
|
# @return [void]
|
||||||
private_class_method def self.setup_tracing(config)
|
private_class_method def self.setup_tracing(config)
|
||||||
# configure OpenTracing
|
# by default do not try to emit any traces until the user opts in
|
||||||
if config.dig('tracing', 'jaeger')
|
ENV['OTEL_TRACES_EXPORTER'] ||= 'none'
|
||||||
require 'jaeger/client'
|
|
||||||
|
|
||||||
host = config['tracing']['jaeger']['host'] || '127.0.0.1'
|
# configure OpenTelemetry
|
||||||
port = config['tracing']['jaeger']['port'] || 6831
|
OpenTelemetry::SDK.configure do |c|
|
||||||
service_name = config['tracing']['jaeger']['service_name'] || 'dyndnsd'
|
if config.dig('tracing', 'jaeger')
|
||||||
OpenTracing.global_tracer = Jaeger::Client.build(
|
require 'opentelemetry/exporter/jaeger'
|
||||||
host: host, port: port, service_name: service_name, flush_interval: 1
|
|
||||||
|
c.add_span_processor(
|
||||||
|
OpenTelemetry::SDK::Trace::Export::BatchSpanProcessor.new(
|
||||||
|
OpenTelemetry::Exporter::Jaeger::AgentExporter.new
|
||||||
)
|
)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
if config.dig('tracing', 'service_name')
|
||||||
|
c.service_name = config['tracing']['service_name']
|
||||||
|
end
|
||||||
|
|
||||||
|
c.service_version = Dyndnsd::VERSION
|
||||||
|
c.use('OpenTelemetry::Instrumentation::Rack')
|
||||||
|
end
|
||||||
|
|
||||||
|
if !config.dig('tracing', 'trust_incoming_span')
|
||||||
|
OpenTelemetry.propagation = OpenTelemetry::Context::Propagation::NoopTextMapPropagator.new
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -331,10 +350,9 @@ module Dyndnsd
|
|||||||
app = Responder::DynDNSStyle.new(app)
|
app = Responder::DynDNSStyle.new(app)
|
||||||
end
|
end
|
||||||
|
|
||||||
trust_incoming_span = config.dig('tracing', 'trust_incoming_span') || false
|
app = OpenTelemetry::Instrumentation::Rack::Middlewares::TracerMiddleware.new(app)
|
||||||
app = Rack::Tracer.new(app, trust_incoming_span: trust_incoming_span)
|
|
||||||
|
|
||||||
Rack::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
|
Rackup::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -45,24 +45,17 @@ module Dyndnsd
|
|||||||
# @param block [Proc]
|
# @param block [Proc]
|
||||||
# @return [void]
|
# @return [void]
|
||||||
def self.span(operation, &block)
|
def self.span(operation, &block)
|
||||||
scope = OpenTracing.start_active_span(operation)
|
tracer = OpenTelemetry.tracer_provider.tracer(Dyndnsd.name, Dyndnsd::VERSION)
|
||||||
span = scope.span
|
tracer.in_span(
|
||||||
span.set_tag('component', 'dyndnsd')
|
operation,
|
||||||
span.set_tag('span.kind', 'server')
|
attributes: {'component' => 'dyndnsd'},
|
||||||
begin
|
kind: :server
|
||||||
|
) do |span|
|
||||||
|
Dyndnsd.logger.debug "Creating span ID #{span.context.hex_span_id} for trace ID #{span.context.hex_trace_id}"
|
||||||
block.call(span)
|
block.call(span)
|
||||||
rescue StandardError => e
|
rescue StandardError => e
|
||||||
span.set_tag('error', true)
|
span.record_exception(e)
|
||||||
span.log_kv(
|
|
||||||
event: 'error',
|
|
||||||
'error.kind': e.class.to_s,
|
|
||||||
'error.object': e,
|
|
||||||
message: e.message,
|
|
||||||
stack: e.backtrace&.join("\n") || ''
|
|
||||||
)
|
|
||||||
raise e
|
raise e
|
||||||
ensure
|
|
||||||
scope.close
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -18,10 +18,10 @@ module Dyndnsd
|
|||||||
return if !db.changed?
|
return if !db.changed?
|
||||||
|
|
||||||
Helper.span('updater_update') do |span|
|
Helper.span('updater_update') do |span|
|
||||||
span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
||||||
|
|
||||||
# write zone file in bind syntax
|
# write zone file in bind syntax
|
||||||
File.open(@zone_file, 'w') { |f| f.write(@generator.generate(db)) }
|
File.write(@zone_file, @generator.generate(db))
|
||||||
# call user-defined command
|
# call user-defined command
|
||||||
pid = fork do
|
pid = fork do
|
||||||
exec @command
|
exec @command
|
||||||
|
@ -35,7 +35,7 @@ module Dyndnsd
|
|||||||
# @return [void]
|
# @return [void]
|
||||||
def update(db)
|
def update(db)
|
||||||
Helper.span('updater_update') do |span|
|
Helper.span('updater_update') do |span|
|
||||||
span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
||||||
|
|
||||||
soa_rr = Resolv::DNS::Resource::IN::SOA.new(
|
soa_rr = Resolv::DNS::Resource::IN::SOA.new(
|
||||||
@zone_nameservers[0], @zone_email_address,
|
@zone_nameservers[0], @zone_email_address,
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
module Dyndnsd
|
module Dyndnsd
|
||||||
VERSION = '3.3.2.rc1'
|
VERSION = '3.9.2'
|
||||||
end
|
end
|
||||||
|
@ -15,6 +15,9 @@ describe Dyndnsd::Daemon do
|
|||||||
'test' => {
|
'test' => {
|
||||||
'password' => 'secret',
|
'password' => 'secret',
|
||||||
'hosts' => ['foo.example.org', 'bar.example.org']
|
'hosts' => ['foo.example.org', 'bar.example.org']
|
||||||
|
},
|
||||||
|
'test2' => {
|
||||||
|
'password' => 'ihavenohosts'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -24,9 +27,7 @@ describe Dyndnsd::Daemon do
|
|||||||
|
|
||||||
app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
|
app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
|
||||||
|
|
||||||
app = Dyndnsd::Responder::DynDNSStyle.new(app)
|
Dyndnsd::Responder::DynDNSStyle.new(app)
|
||||||
|
|
||||||
Rack::Tracer.new(app, trust_incoming_span: false)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'requires authentication' do
|
it 'requires authentication' do
|
||||||
@ -101,6 +102,14 @@ describe Dyndnsd::Daemon do
|
|||||||
expect(last_response.body).to eq('notfqdn')
|
expect(last_response.body).to eq('notfqdn')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'rejects request if user does not own any hostnames' do
|
||||||
|
authorize 'test2', 'ihavenohosts'
|
||||||
|
|
||||||
|
get '/nic/update?hostname=doesnotexisthost.example.org'
|
||||||
|
expect(last_response).to be_ok
|
||||||
|
expect(last_response.body).to eq('nohost')
|
||||||
|
end
|
||||||
|
|
||||||
it 'rejects request if user does not own one hostname' do
|
it 'rejects request if user does not own one hostname' do
|
||||||
authorize 'test', 'secret'
|
authorize 'test', 'secret'
|
||||||
|
|
||||||
|
13
upgrade-version.sh
Executable file
13
upgrade-version.sh
Executable file
@ -0,0 +1,13 @@
|
|||||||
|
#!/bin/bash -eux
|
||||||
|
|
||||||
|
sed -i "s/$1/$2/g" lib/dyndnsd/version.rb
|
||||||
|
|
||||||
|
release_date=$(LC_ALL=en_US.utf8 date +"%B %-d, %Y")
|
||||||
|
|
||||||
|
if grep "## $2 (" CHANGELOG.md; then
|
||||||
|
true
|
||||||
|
elif grep "## $2" CHANGELOG.md; then
|
||||||
|
sed -i "s/## $2/## $2 ($release_date)/g" CHANGELOG.md
|
||||||
|
else
|
||||||
|
echo "## $2 ($release_date)" >> CHANGELOG.md
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user