Version 0.13

Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
Document $zonerelfile template macro
2024-05-11 05:55:41 +00:00 · 2020-05-17 11:24:29 +02:00 · 2020-05-17 11:23:51 +02:00 · 2020-05-17 11:18:06 +02:00 · 2020-04-13 22:28:24 +02:00 · 2020-04-13 22:20:54 +02:00
5 changed files with 123 additions and 49 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,15 +2,16 @@ before_install:
  - sudo apt-get install -y bind9utils
 language: python
 python:
- - "3.5"
- - "3.6"
- - "nightly"
+  - "3.5"
+  - "3.6"
+  - "3.7"
+  - "nightly"
 matrix:
  allow_failures:
    - python: "nightly"
 install:
- - pip install -e .
- - pip install pytest
+  - pip install -e .
+  - pip install pytest
 script:
- - pytest
+  - pytest
 sudo: false
--- a/README.rst
+++ b/README.rst
@@ -1,3 +1,6 @@
+.. image:: https://travis-ci.org/oskar456/dzonegit.svg?branch=master
+    :target: https://travis-ci.org/oskar456/dzonegit
+
 Git hooks to manage a repository of DNS zones
 =============================================

@@ -59,24 +62,22 @@ Support for $UNIXTIME directive

 If you want to use ``$UNIXTIME`` in your zone files instead of serial number,
 you have to install a `smudge` filter on the server, that will replace the
-directive with current unix time on checkout. First, set up the filter in
-the Git configuration:
+directive with current unix time on every checkout. First, set up the filter
+in the Git configuration:

 .. code-block:: shell

        $ git config --global filter.dzonegit.smudge $(which dzonegit-smudge-serial)
-        $ git config --global filter.dzonegit.clean cat


-Then, apply the filter on all zone files using ``.gitattributes`` file inside
-the repository:
+Then, apply the filter on all zone files using either ``.git/info/attributes``
+or directly ``.gitattributes`` file inside the repository:

 .. code-block::

        *.zone filter=dzonegit


-
 Configuration options
 ---------------------

@@ -95,6 +96,10 @@ named ``dzonegit``.  All boolean options default to *False*.
  Do not try to automatically update zone serial number if necessary.
  Valid only in the ``pre-commit`` hook.

+*dzonegit.nomissingdotcheck*
+  Do not check for forgotten final dot on the right-hand side of PTR records.
+  Valid only in the ``pre-commit`` hook.
+
 *dzonegit.checkoutpath*
  Path to a writable directory, to which ``post-receive`` hook checks out
  current *HEAD* after each update.
@@ -178,6 +183,9 @@ In the template strings, these placeholders are supported:
 ``$zonefile``
  Full path to the zone file

+``$zonerelfile``
+  Path to the zone file, relative to checkout path (useful for chroot environments)
+
 ``$zonevar``
  Per-zone specific variable, see above

--- a/dzonegit.py
+++ b/dzonegit.py
@@ -41,17 +41,17 @@ class HookException(ValueError):
        return "".join(r)


-def get_head():
-    r = subprocess.run(
-        ["git", "rev-parse", "--verify", "HEAD"],
-        stdout=subprocess.PIPE,
-        stderr=subprocess.DEVNULL,
-    )
-    if r.returncode == 0:
-        return r.stdout.decode("utf-8").strip()
-    else:
-        # Initial commit: diff against an empty tree object
-        return "4b825dc642cb6eb9a060e54bf8d69288fbee4904"
+def get_head(empty=False):
+    if not empty:
+        r = subprocess.run(
+            ["git", "rev-parse", "--verify", "HEAD"],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.DEVNULL,
+        )
+        if r.returncode == 0:
+            return r.stdout.decode("ascii").strip()
+    # Initial commit: diff against an empty tree object
+    return "4b825dc642cb6eb9a060e54bf8d69288fbee4904"


 def check_whitespace_errors(against, revision=None):
@@ -95,13 +95,31 @@ def unixtime_directive(zonedata, unixtime=None):
    )


-def compile_zone(zonename, zonedata, unixtime=None):
+def check_missing_trailing_dot(zonename, compiled_zonedata):
+    badlines = []
+    for line in compiled_zonedata.splitlines():
+        if re.search(
+                r"\sPTR\s+[^\s]*\.{}.$".format(zonename).encode("ascii"),
+                line,
+                re.I,
+        ):
+            badlines.append(line.decode("utf-8"))
+    if badlines:
+        raise HookException(
+            "Possibly missing trailing dot after PTR records:\n{}".format(
+                "\n".join(badlines),
+            ),
+            fname=zonename,
+        )
+
+
+def compile_zone(zonename, zonedata, unixtime=None, missing_dot=False):
    """ Compile the zone. Return tuple with results."""
    CompileResults = namedtuple(
        "CompileResults", "success, serial, zonehash, stderr",
    )
    r = subprocess.run(
-        ["/usr/sbin/named-compilezone", "-o", "-", zonename, "/dev/stdin"],
+        ["/usr/bin/env", "named-compilezone", "-o", "-", zonename, "/dev/stdin"],
        input=unixtime_directive(zonedata, unixtime),
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
@@ -110,6 +128,8 @@ def compile_zone(zonename, zonedata, unixtime=None):
    m = re.search(r"^zone.*loaded serial ([0-9]*)$", stderr, re.MULTILINE)
    if r.returncode == 0 and m:
        serial = m.group(1)
+        if missing_dot:
+            check_missing_trailing_dot(zonename, r.stdout)
        zonehash = sha256(r.stdout).hexdigest()
        return CompileResults(True, serial, zonehash, stderr)
    else:
@@ -146,7 +166,7 @@ def get_altered_files(against, diff_filter=None, revision=None):
        If revision is None, list changes between staging area and
        revision. Otherwise differences between two revisions are computed.
    """
-    cmd = ["git", "diff", "--name-only", "-z"]
+    cmd = ["git", "diff", "--name-only", "-z", "--no-renames"]
    if diff_filter:
        cmd.append("--diff-filter={}".format(diff_filter))
    if revision:
@@ -203,7 +223,12 @@ def get_zone_name(path, zonedata):
        return stemname


-def check_updated_zones(against, revision=None, autoupdate_serial=False):
+def check_updated_zones(
+        against,
+        revision=None,
+        autoupdate_serial=False,
+        missing_dot=False,
+):
    """ Check whether all updated zone files compile. """
    unixtime = int(time.time())
    for f in get_altered_files(against, "AMCR", revision):
@@ -212,7 +237,7 @@ def check_updated_zones(against, revision=None, autoupdate_serial=False):
        print("Checking file {f}".format(f=f))
        zonedata = get_file_contents(f, revision)
        zname = get_zone_name(f, zonedata)
-        rnew = compile_zone(zname, zonedata, unixtime)
+        rnew = compile_zone(zname, zonedata, unixtime, missing_dot)
        if not rnew.success:
            raise HookException(
                "New zone version does not compile",
@@ -232,9 +257,11 @@ def check_updated_zones(against, revision=None, autoupdate_serial=False):

                if autoupdate_serial:
                    newserial = get_increased_serial(rnew.serial)
-                    replace_serial(f, rnew.serial, newserial)
-                    errmsg += " Serial has been automatically increased."
-                    errmsg += " Check and recommit."
+                    if replace_serial(f, rnew.serial, newserial):
+                        errmsg += " Serial has been automatically increased."
+                        errmsg += " Check and recommit."
+                    else:
+                        errmsg += " Autoupdate of serial number failed."
                raise HookException(
                    errmsg,
                    fname=f,
@@ -277,8 +304,9 @@ def replace_serial(path, oldserial, newserial):
        flags=re.DOTALL | re.IGNORECASE | re.MULTILINE,
    )
    if count != 1:
-        raise HookException("Cannot update zone serial number")
+        return False
    path.write_text(updated)
+    return True


 def get_zone_wildcards(name):
@@ -330,7 +358,8 @@ def template_config(checkoutpath, template, blacklist=set(), whitelist=set()):
    out = list()
    zones = dict()
    mapping = {"datetime": datetime.datetime.now().strftime("%c")}
-    out.append(headertpl.substitute(mapping))
+    if headertpl.template:
+        out.append(headertpl.substitute(mapping))
    for f in sorted(Path(checkoutpath).glob("**/*.zone")):
        zonename = get_zone_name(f, f.read_bytes())
        if whitelist and not any(
@@ -366,9 +395,10 @@ def template_config(checkoutpath, template, blacklist=set(), whitelist=set()):
            zonevar = defaultvar
        out.append(itemtpl.substitute(
            mapping, zonename=zonename,
-            zonefile=str(f), zonevar=zonevar,
+            zonefile=str(f), zonerelfile=str(f.relative_to(checkoutpath)), zonevar=zonevar,
        ))
-    out.append(footertpl.substitute(mapping))
+    if footertpl.template:
+        out.append(footertpl.substitute(mapping))
    return "\n".join(out)


@@ -382,13 +412,19 @@ def load_set_file(path):
        }


-def do_commit_checks(against, revision=None, autoupdate_serial=False):
+def do_commit_checks(
+        against,
+        revision=None,
+        autoupdate_serial=False,
+        missing_dot=False,
+):
    try:
        if not get_config("dzonegit.ignorewhitespaceerrors", bool):
            check_whitespace_errors(against, revision=revision)
        check_updated_zones(
            against, revision=revision,
            autoupdate_serial=autoupdate_serial,
+            missing_dot=missing_dot,
        )
    except HookException as e:
        print(e)
@@ -398,7 +434,12 @@ def do_commit_checks(against, revision=None, autoupdate_serial=False):
 def pre_commit():
    against = get_head()
    autoupdate_serial = not get_config("dzonegit.noserialupdate", bool)
-    do_commit_checks(against, autoupdate_serial=autoupdate_serial)
+    missing_dot = not get_config("dzonegit.nomissingdotcheck", bool)
+    do_commit_checks(
+        against,
+        autoupdate_serial=autoupdate_serial,
+        missing_dot=missing_dot,
+    )


 def update(argv=sys.argv):
@@ -411,7 +452,7 @@ def update(argv=sys.argv):
    refname, against, revision = argv[1:4]

    if against == "0000000000000000000000000000000000000000":
-        against = get_head()  # Empty commit
+        against = get_head(True)  # Empty commit

    if refname != "refs/heads/master":
        raise SystemExit("Nothing else than master branch is accepted here")
@@ -429,7 +470,7 @@ def pre_receive(stdin=sys.stdin):
                "is accepted here",
            )
        if against == "0000000000000000000000000000000000000000":
-            against = get_head()  # Empty commit
+            against = get_head(True)  # Empty commit
        do_commit_checks(against, revision)


@@ -479,7 +520,7 @@ def post_receive(stdin=sys.stdin):
        if refname != "refs/heads/master":
            continue
        if against == "0000000000000000000000000000000000000000":
-            against = get_head()  # Empty commit
+            against = get_head(True)  # Empty commit
        should_reconfig = [
            f for f in get_altered_files(against, "ACDRU", revision)
            if f.suffix == ".zone"
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@ readme = Path(__file__).with_name("README.rst").read_text()

 setup(
    name="dzonegit",
-    version="0.6",
+    version="0.13",
    description="Git hooks to manage a repository of DNS zones",
    long_description=readme,
    long_description_content_type="text/x-rst",
@@ -27,7 +27,7 @@ setup(
            ],
    },
    classifiers=[
-        "Development Status :: 3 - Alpha",
+        "Development Status :: 4 - Beta",
        "Environment :: Console",
        "Intended Audience :: System Administrators",
        "License :: OSI Approved :: MIT License",
--- a/test_dzonegit.py
+++ b/test_dzonegit.py
@@ -62,16 +62,20 @@ $ORIGIN example.com.
        60 IN NS ns
 ns.example.com.      60 IN A 192.0.2.1
 """
-    r = dzonegit.compile_zone("example.org", testzone)
+    r = dzonegit.compile_zone("example.org", testzone, missing_dot=True)
    assert not r.success
    assert r.zonehash is None
    assert r.stderr
-    r = dzonegit.compile_zone("example.com", testzone)
+    r = dzonegit.compile_zone("example.com", testzone, missing_dot=True)
    assert r.success
    assert r.serial == "1234567890"
    assert r.zonehash
    r2 = dzonegit.compile_zone("example.com", testzone + b"\n\n; some comment")
    assert r.zonehash == r2.zonehash
+    testzone += b"1 60 IN PTR www\n"
+    dzonegit.compile_zone("example.com", testzone, missing_dot=False)
+    with pytest.raises(ValueError):
+        dzonegit.compile_zone("example.com", testzone, missing_dot=True)


 def test_compile_unsmudged_zone():
@@ -177,12 +181,12 @@ def test_replace_serial(git_dir):
@ 60 IN SOA ns hm 1 61 60 60 60
  60 NS ns.example.org.
 """)
-    dzonegit.replace_serial(Path("dummy.zone"), "1", "60")
+    assert dzonegit.replace_serial(Path("dummy.zone"), "1", "60")
    assert git_dir.join("dummy.zone").read() == """
@ 60 IN SOA ns hm 60 61 60 60 60
  60 NS ns.example.org.
 """
-    dzonegit.replace_serial(Path("dummy.zone"), "60", "61")
+    assert dzonegit.replace_serial(Path("dummy.zone"), "60", "61")
    assert git_dir.join("dummy.zone").read() == """
@ 60 IN SOA ns hm 61 61 60 60 60
  60 NS ns.example.org.
@@ -197,7 +201,7 @@ def test_replace_serial(git_dir):
                )
  60 NS ns.example.org.
 """)
-    dzonegit.replace_serial(Path("dummy.zone"), "60", "6000000")
+    assert dzonegit.replace_serial(Path("dummy.zone"), "60", "6000000")
    assert git_dir.join("dummy.zone").read() == """
@ 60 IN SOA ns hm (
                6000000 ; serial
@@ -208,6 +212,7 @@ def test_replace_serial(git_dir):
                )
  60 NS ns.example.org.
 """
+    assert not dzonegit.replace_serial(Path("dummy.zone"), "0", "60")


 def test_check_updated_zones(git_dir):
@@ -328,7 +333,7 @@ def test_post_receive(git_dir):
    git_dir.chdir()
    head = dzonegit.get_head()
    revisions = "{} {} refs/heads/master\n".format(
-        "4b825dc642cb6eb9a060e54bf8d69288fbee4904",
+        "0000000000000000000000000000000000000000",
        head,
    )
    stdin = StringIO(revisions)
@@ -339,9 +344,19 @@ def test_post_receive(git_dir):
        "echo TEST >{}/test".format(codir),
    ])
    dzonegit.post_receive(stdin)
-    dzonegit.post_receive(stdin)  # Check coping with existing codir
    assert codir.join("dummy.zone").check()
    assert codir.join("test").read() == "TEST\n"
+    # Test reconfig after renaming the file
+    codir.join("test").write("")
+    subprocess.call(["git", "mv", "dummy.zone", "dummy.zone.old"])
+    subprocess.call(["git", "commit", "-m", "rename dummy zone"])
+    revisions = "{} {} refs/heads/master\n".format(
+        head,
+        dzonegit.get_head(),
+    )
+    stdin = StringIO(revisions)
+    dzonegit.post_receive(stdin)
+    assert codir.join("test").read() == "TEST\n"


 def test_template_config(git_dir):
@@ -372,6 +387,8 @@ def test_template_config(git_dir):
        blacklist=set("*"),
    )
    assert " - zone: \"dummy\"\n   file: \"" not in output
+    output = dzonegit.template_config(str(git_dir), "{}")
+    assert len(output) == 0


 def test_load_set_file(git_dir):
@@ -385,3 +402,10 @@ def test_get_zone_wildcards():
        "a.long.zone.name", "*.long.zone.name",
        "*.zone.name", "*.name", "*",
    ]
+
+
+def test_missing_trailing_dot():
+    zonename = "example.com"
+    zonedata = b"something.example.com. IN PTR s.example.com."
+    with pytest.raises(ValueError):
+        dzonegit.check_missing_trailing_dot(zonename, zonedata)
Author	SHA1	Message	Date
Ondřej Caletka	12fb932711	Version 0.13 Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>	2020-05-17 11:24:29 +02:00
Ondřej Caletka	cb543514ac	Document $zonerelfile template macro Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>	2020-05-17 11:23:51 +02:00
Przemyslaw Sztoch	f9c6a52357	New macro $zonerelfile in template file.	2020-05-17 11:18:06 +02:00
Ondřej Caletka	24d992d999	Version 0.12	2020-04-13 22:28:24 +02:00
Rob Seastrom	7cb7c42d76	change named-compilezone to use /usr/bin/env rather than absolute path	2020-04-13 22:20:54 +02:00
Ondřej Caletka	3dd346294a	Merge pull request #9 from oskar456/travis Use travis-ci.org as .com was not enabled yet	2019-08-19 15:34:31 +02:00
Ondřej Caletka	03fde74ede	Use travis-ci.org as .com was not enabled yet	2019-08-19 15:30:34 +02:00
Michal Halenka	3769dd22fb	Include Travis CI status in README	2019-08-19 15:00:49 +02:00
Michal Halenka	8d15bb531c	Update .travis.yml Add new python 3.7 release Fix indentation	2019-08-19 15:00:26 +02:00
Ondřej Caletka	e2e4a3daf7	Version 0.11	2018-09-17 13:50:47 +02:00
Ondřej Caletka	4efef8be9e	Do not template line breaks when header and footer are missing	2018-09-17 13:48:52 +02:00
Ondřej Caletka	ef059861b7	Version 0.10 - switch to Beta status	2018-08-28 12:45:08 +02:00
Ondřej Caletka	94461383e8	Add pre-commit check for missing trailing dot in PTR records.	2018-08-28 12:43:51 +02:00
Ondřej Caletka	3e09833ec1	Better handling of empty commit objects	2018-08-28 10:58:47 +02:00
Ondřej Caletka	9ad1e74a88	Fix no reconfig command issued on zone file rename.	2018-08-27 23:13:29 +02:00
Ondřej Caletka	a7d693253d	version 0.9 (skipping version 0.8 as it was mistakenly published before)	2018-08-23 10:46:43 +02:00
Ondřej Caletka	3777453d2f	Better handling of replace serial failure.	2018-08-23 10:38:56 +02:00
Ondřej Caletka	023906177a	version 0.7	2018-08-20 16:37:49 +02:00
Ondřej Caletka	e79bb901f3	$UNIXTIME doc update	2018-08-20 16:37:08 +02:00
Ondřej Caletka	f07c84aa32	Fix no reload on very first push to the repository	2018-08-20 16:33:00 +02:00