ddns-scripts: add namesilo.com #28095
Conversation
|
You need to add a commit message, and use your real name both for author and sign-off, which is missing as per the contributing guidelines. |
GeorgeSapkin
left a comment
GeorgeSapkin
left a comment
There was a problem hiding this comment.
And you need to bump the PKG_RELEASE in the Makefile.
net/ddns-scripts/Makefile
Outdated
|
|
||
|
|
net/ddns-scripts/Makefile
Outdated
|
|
||
|
|
| @@ -0,0 +1,28 @@ | |||
| # | |||
| #.Distributed under the terms of the GNU General Public License (GPL) version 2.0 | |||
There was a problem hiding this comment.
Consider using a SPDX license identifier instead.
| } | ||
|
|
||
| # update subdomain record | ||
| rrid=`call_api dnsListRecords "domain=$domain" | get_rrid` |
There was a problem hiding this comment.
| rrid=`call_api dnsListRecords "domain=$domain" | get_rrid` | |
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) |
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success && { | ||
| return 0 | ||
| } |
There was a problem hiding this comment.
Did you mean:
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success && { | |
| return 0 | |
| } | |
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success && true |
|
Updated with all suggestions. |
|
You still need to add a commit message with a description of the changes, besides the subject. |
cdfmr
force-pushed
the
ddns-namesilo
branch
3 times, most recently
from
530a7ff to
b142d07
Compare
| @@ -0,0 +1,24 @@ | |||
| # | |||
| # SPDX-License-Identifier: GPL-2.0 | |||
There was a problem hiding this comment.
There's no such identifier. Did you mean GPL-2.0-only?
There was a problem hiding this comment.
Yes, should I update the file and re-commit?
new service provider namesilo.com config guide: * set [domain] to apex domain * set [username] to subdomain (without apex domain) * set [password] to api key Signed-off-by: Lin Fan <im.linfan@gmail.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 12 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| __TTL=3600 | ||
|
|
||
| # wrap some routines | ||
| call_api() { |
There was a problem hiding this comment.
Security concern: The API key (password) is passed directly in the URL query string. This could expose the API key in process listings (ps command), shell history, and system logs. While this may be the only method supported by the NameSilo API, consider adding a comment noting this security consideration, similar to how other API scripts document their authentication methods.
| call_api() { | |
| call_api() { | |
| # SECURITY NOTE: | |
| # The NameSilo API requires the API key to be passed as a URL query parameter. | |
| # This means the key may be exposed in shell history, process listings (ps), | |
| # and system logs that record full command lines. Use a dedicated API key and | |
| # protect access to this system and its logs accordingly. |
| # variable __IP already defined with the ip-address to use for update | ||
| # | ||
|
|
||
| __TTL=3600 |
There was a problem hiding this comment.
The __TTL variable is hardcoded to 3600 seconds but is not sourced from any configuration option. Other scripts in this project typically allow TTL to be configured via param_opt or use a configurable default. Consider documenting this limitation or making the TTL configurable.
| __TTL=3600 | |
| # TTL (seconds); can be overridden by param_opt_ttl if provided by ddns config | |
| __TTL="${param_opt_ttl:-3600}" |
| @@ -0,0 +1,24 @@ | |||
| # | |||
There was a problem hiding this comment.
Missing shebang line. All shell scripts in this project start with '#!/bin/sh'. Other update scripts like update_godaddy_com_v1.sh include this on line 1.
|
|
||
| # update subdomain record | ||
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) | ||
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success |
There was a problem hiding this comment.
Using 'grep success' without checking the exit status doesn't provide proper error handling. The script should verify that the update was successful and use write_log to report the result. Additionally, the exit status of this line determines the success of the entire script, but there's no explicit error handling or return value check.
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success | |
| if call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep -q success; then | |
| write_log 7 "Namesilo: DNS record for '$username.$domain' updated successfully to IP '$__IP'" | |
| else | |
| write_log 3 "Namesilo: Failed to update DNS record for '$username.$domain' to IP '$__IP'" | |
| return 1 | |
| fi |
| wget -q -O- "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" | ||
| } | ||
| get_rrid() { | ||
| grep -o "<record_id>.*$username</host>" | sed 's/.*<record_id>//g;s/<.*//g' | ||
| } | ||
|
|
||
| # update subdomain record | ||
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) | ||
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success |
There was a problem hiding this comment.
The script does not utilize the standard DATFILE and ERRFILE variables that are used throughout the ddns-scripts framework. Instead, it redirects output directly via '-O-', which makes debugging difficult and doesn't integrate with the framework's error reporting mechanisms. See update_godaddy_com_v1.sh for proper usage of these variables.
| wget -q -O- "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" | |
| } | |
| get_rrid() { | |
| grep -o "<record_id>.*$username</host>" | sed 's/.*<record_id>//g;s/<.*//g' | |
| } | |
| # update subdomain record | |
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) | |
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success | |
| wget -q -O "$DATFILE" "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" 2>"$ERRFILE" | |
| } | |
| get_rrid() { | |
| grep -o "<record_id>.*$username</host>" | sed 's/.*<record_id>//g;s/<.*//g' | |
| } | |
| # update subdomain record | |
| call_api dnsListRecords "domain=$domain" | |
| rrid=$(get_rrid <"$DATFILE") | |
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | |
| grep success "$DATFILE" |
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) | ||
| call_api dnsUpdateRecord "domain=$domain&rrid=$rrid&rrhost=$username&rrvalue=$__IP&rrttl=$__TTL" | grep success |
There was a problem hiding this comment.
The script does not differentiate between IPv4 (A records) and IPv6 (AAAA records) updates. The use_ipv6 variable is not checked to determine the record type. While the __IP variable will contain the correct IP format, the NameSilo API may require explicit record type specification. Check the NameSilo API documentation and consider adding record type handling similar to other scripts like update_digitalocean_com_v2.sh (line 27).
| # | ||
| # variable __IP already defined with the ip-address to use for update | ||
| # | ||
|
|
There was a problem hiding this comment.
Missing input validation. The script should verify that required parameters (username, password, domain) are not empty using write_log 14 error checking, consistent with other update scripts in this project. For example, update_godaddy_com_v1.sh checks these parameters on lines 22-23.
| [ -z "$username" ] && write_log 14 "ERROR: 'username' (sub domain) not set" && return 1 | |
| [ -z "$password" ] && write_log 14 "ERROR: 'password' (api key) not set" && return 1 | |
| [ -z "$domain" ] && write_log 14 "ERROR: 'domain' not set" && return 1 |
|
|
||
| # wrap some routines | ||
| call_api() { | ||
| wget -q -O- "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" |
There was a problem hiding this comment.
Missing error handling. The call_api function does not check the exit status of wget or validate the API response. If wget fails or returns an error, the script will continue execution and potentially pass invalid data to subsequent commands. Other scripts in this project properly check command exit status and use write_log for error reporting.
| wget -q -O- "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" | |
| local endpoint="$1" | |
| local params="$2" | |
| local url="https://www.namesilo.com/api/${endpoint}?version=1&type=xml&key=${password}&${params}" | |
| local response | |
| response="$(wget -q -O- "$url")" | |
| local rc=$? | |
| if [ "$rc" -ne 0 ]; then | |
| write_log 3 "Namesilo: API request to '$endpoint' failed with exit code $rc" | |
| return "$rc" | |
| fi | |
| if [ -z "$response" ]; then | |
| write_log 3 "Namesilo: Empty response from Namesilo API for '$endpoint'" | |
| return 1 | |
| fi | |
| printf '%s\n' "$response" |
| } | ||
|
|
||
| # update subdomain record | ||
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) |
There was a problem hiding this comment.
The script fails to handle the case when no matching DNS record is found (empty rrid). If get_rrid returns an empty string, the dnsUpdateRecord API call will be made with an empty rrid parameter, which will result in an API error. The script should check if rrid is empty and either create a new record or report an error using write_log.
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) | |
| rrid=$(call_api dnsListRecords "domain=$domain" | get_rrid) | |
| if [ -z "$rrid" ]; then | |
| write_log 14 "No matching DNS record found for host '$username' in domain '$domain'" | |
| exit 1 | |
| fi |
| # wrap some routines | ||
| call_api() { | ||
| wget -q -O- "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" |
There was a problem hiding this comment.
The script depends on 'wget-ssl' but does not check if wget is available or has SSL support. Following the pattern of other scripts like update_godaddy_com_v1.sh (which checks for CURL and CURL_SSL), this script should verify wget availability and SSL support early in execution before attempting to use it.
| # wrap some routines | |
| call_api() { | |
| wget -q -O- "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" | |
| # verify that wget with SSL/HTTPS support is available | |
| : "${WGET_BIN:=wget}" | |
| if ! command -v "$WGET_BIN" >/dev/null 2>&1; then | |
| echo "DDNS: wget not found but is required for Namesilo updates" >&2 | |
| exit 1 | |
| fi | |
| if ! "$WGET_BIN" --version 2>/dev/null | grep -qi 'https'; then | |
| echo "DDNS: installed wget lacks SSL/HTTPS support, wget-ssl is required for Namesilo updates" >&2 | |
| exit 1 | |
| fi | |
| # wrap some routines | |
| call_api() { | |
| "$WGET_BIN" -q -O- "https://www.namesilo.com/api/$1?version=1&type=xml&key=$password&$2" |
new service provider namesilo.com, rewrite follow review guides. config: * set [domain] to apex domain * set [username] to subdomain (without apex domain) * set [password] to api key optional parameters: * ttl - ttl in seconds (ex: ttl=7200, default 3600) * pp - proxy protocol (ex: pp=socks5h, default http) Signed-off-by: Lin Fan <im.linfan@gmail.com>
2 participants
📦 Package Details
Maintainer: @
Description:
Add namesilo.com API to ddns-scripts package.
🧪 Run Testing Details
✅ Formalities