From eaff94d586124d66641ed45adbfeacccf55160ee Mon Sep 17 00:00:00 2001 From: missytake Date: Tue, 26 Aug 2025 11:59:16 +0200 Subject: [PATCH] cmdeploy: suppress shell output for local DNS queries --- cmdeploy/src/cmdeploy/dns.py | 7 ++++--- cmdeploy/src/cmdeploy/remote/rdns.py | 12 ++++++------ 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/cmdeploy/src/cmdeploy/dns.py b/cmdeploy/src/cmdeploy/dns.py index 74537a62..bbfbbfc3 100644 --- a/cmdeploy/src/cmdeploy/dns.py +++ b/cmdeploy/src/cmdeploy/dns.py @@ -1,5 +1,6 @@ import datetime import importlib +import subprocess from jinja2 import Template @@ -8,9 +9,9 @@ from . import remote def get_initial_remote_data(sshexec, mail_domain): if sshexec == "docker": - return remote.rdns.perform_initial_checks(mail_domain, pre_command="docker exec chatmail ") + return remote.rdns.perform_initial_checks(mail_domain, pre_command="docker exec chatmail ", shell=subprocess.check_output) elif sshexec == "localhost": - return remote.rdns.perform_initial_checks(mail_domain, pre_command="") + return remote.rdns.perform_initial_checks(mail_domain, pre_command="", shell=subprocess.check_output) return sshexec.logged( call=remote.rdns.perform_initial_checks, kwargs=dict(mail_domain=mail_domain) ) @@ -49,7 +50,7 @@ def check_full_zone(sshexec, remote_data, out, zonefile) -> int: and return (exitcode, remote_data) tuple.""" if sshexec in ["docker", "localhost"]: - required_diff, recommended_diff = remote.rdns.check_zonefile(zonefile, remote_data["mail_domain"]) + required_diff, recommended_diff = remote.rdns.check_zonefile(zonefile, remote_data["mail_domain"], shell=subprocess.check_output) else: required_diff, recommended_diff = sshexec.logged( remote.rdns.check_zonefile, diff --git a/cmdeploy/src/cmdeploy/remote/rdns.py b/cmdeploy/src/cmdeploy/remote/rdns.py index efa49141..62468b45 100644 --- a/cmdeploy/src/cmdeploy/remote/rdns.py +++ b/cmdeploy/src/cmdeploy/remote/rdns.py @@ -15,7 +15,7 @@ import re from .rshell import CalledProcessError, shell -def perform_initial_checks(mail_domain, pre_command=""): +def perform_initial_checks(mail_domain, pre_command="", shell=shell): """Collecting initial DNS settings.""" assert mail_domain if not shell("dig", fail_ok=True): @@ -28,7 +28,7 @@ def perform_initial_checks(mail_domain, pre_command=""): res = dict(mail_domain=mail_domain, A=A, AAAA=AAAA, MTA_STS=MTA_STS, WWW=WWW) res["acme_account_url"] = shell(pre_command + "acmetool account-url", fail_ok=True) res["dkim_entry"], res["web_dkim_entry"] = get_dkim_entry( - mail_domain, pre_command, dkim_selector="opendkim" + mail_domain, pre_command, shell, dkim_selector="opendkim" ) if not MTA_STS or not WWW or (not A and not AAAA): @@ -40,7 +40,7 @@ def perform_initial_checks(mail_domain, pre_command=""): return res -def get_dkim_entry(mail_domain, pre_command, dkim_selector): +def get_dkim_entry(mail_domain, pre_command, shell, dkim_selector): try: dkim_pubkey = shell( f"{pre_command} openssl rsa -in /etc/dkimkeys/{dkim_selector}.private " @@ -57,7 +57,7 @@ def get_dkim_entry(mail_domain, pre_command, dkim_selector): ) -def query_dns(typ, domain): +def query_dns(typ, domain, shell): # Get autoritative nameserver from the SOA record. soa_answers = [ x.split() @@ -77,7 +77,7 @@ def query_dns(typ, domain): return "" -def check_zonefile(zonefile, mail_domain): +def check_zonefile(zonefile, mail_domain, shell=shell): """Check expected zone file entries.""" required = True required_diff = [] @@ -93,7 +93,7 @@ def check_zonefile(zonefile, mail_domain): zf_domain, zf_typ, zf_value = zf_line.split(maxsplit=2) zf_domain = zf_domain.rstrip(".") zf_value = zf_value.strip() - query_value = query_dns(zf_typ, zf_domain) + query_value = query_dns(zf_typ, zf_domain, shell) if zf_value != query_value: assert zf_typ in ("A", "AAAA", "CNAME", "CAA", "SRV", "MX", "TXT"), zf_line if required: