mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 22:57:08 +00:00
Easier update script.
git-svn-id: file:///svn/unbound/trunk@1280 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
cb659ab13b
commit
7d242d400f
@ -21,7 +21,9 @@ usage ( )
|
||||
echo " name the files br.anchor se.anchor ..., and include them in"
|
||||
echo " the validating resolver config file."
|
||||
echo " put keys for the root in a file with the name root.anchor."
|
||||
exit 1
|
||||
echo ""
|
||||
echo "Exit code 0 means anchors updated, 1 no changes, others are errors."
|
||||
exit 2
|
||||
}
|
||||
|
||||
if test $# -eq 0; then
|
||||
@ -43,6 +45,7 @@ do_update ( ) {
|
||||
# arguments: <zonename> <keyfile>
|
||||
zonename="$1"
|
||||
keyfile="$2"
|
||||
tmp2=$tmpfile.2
|
||||
|
||||
tmpfile="/tmp/update-anchor.$$"
|
||||
$ubhost -v $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile
|
||||
@ -67,22 +70,22 @@ do_update ( ) {
|
||||
|
||||
if test $bindformat = "yes"; then
|
||||
# are there any KSK keys on board?
|
||||
echo 'trusted-keys {' > "$keyfile"
|
||||
echo 'trusted-keys {' > "$tmp2"
|
||||
if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then
|
||||
# store KSK keys in anchor file
|
||||
grep '(secure)$' $tmpfile | \
|
||||
grep ' has DNSKEY record 257' | \
|
||||
sed -e 's/ (secure)$/";/' | \
|
||||
sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \
|
||||
sed -e 's/^\.\././' >> "$keyfile"
|
||||
sed -e 's/^\.\././' >> "$tmp2"
|
||||
else
|
||||
# store all keys in the anchor file
|
||||
grep '(secure)$' $tmpfile | \
|
||||
sed -e 's/ (secure)$/";/' | \
|
||||
sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \
|
||||
sed -e 's/^\.\././' >> "$keyfile"
|
||||
sed -e 's/^\.\././' >> "$tmp2"
|
||||
fi
|
||||
echo '};' >> "$keyfile"
|
||||
echo '};' >> "$tmp2"
|
||||
else #not bindformat
|
||||
# are there any KSK keys on board?
|
||||
if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then
|
||||
@ -91,21 +94,30 @@ do_update ( ) {
|
||||
grep ' has DNSKEY record 257' | \
|
||||
sed -e 's/ (secure)$//' | \
|
||||
sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \
|
||||
sed -e 's/^\.\././' > "$keyfile"
|
||||
sed -e 's/^\.\././' > "$tmp2"
|
||||
else
|
||||
# store all keys in the anchor file
|
||||
grep '(secure)$' $tmpfile | \
|
||||
sed -e 's/ (secure)$//' | \
|
||||
sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \
|
||||
sed -e 's/^\.\././' > "$keyfile"
|
||||
sed -e 's/^\.\././' > "$tmp2"
|
||||
fi
|
||||
fi # endif-bindformat
|
||||
|
||||
echo "$zonename key file $keyfile updated."
|
||||
# copy over if changed
|
||||
diff $tmp2 $keyfile >/dev/null 2>&1
|
||||
if test $? -eq 1; then # 0 means no change, 2 means trouble.
|
||||
cat $tmp2 > $keyfile
|
||||
no_updated=0
|
||||
echo "$zonename key file $keyfile updated."
|
||||
else
|
||||
echo "$zonename key file $keyfile unchanged."
|
||||
fi
|
||||
|
||||
rm -f $tmpfile
|
||||
rm -f $tmpfile $tmp2
|
||||
}
|
||||
|
||||
no_updated=1
|
||||
if test X"$1" = "X-d"; then
|
||||
tdir="$2"
|
||||
echo "start updating in $2"
|
||||
@ -128,7 +140,5 @@ else
|
||||
fi
|
||||
kfile="$2"
|
||||
do_update $zname $kfile
|
||||
exit $?
|
||||
fi
|
||||
|
||||
exit 0
|
||||
exit $no_updated
|
||||
|
@ -1,6 +1,10 @@
|
||||
2 October 2008: Wouter
|
||||
- fixup unlink of pidfile.
|
||||
- fixup SHA256 algorithm collation code.
|
||||
- contrib/update-anchor.sh does not overwrite anchors if not needed.
|
||||
exits 0 when a restart is needed, other values if not.
|
||||
so, update-anchor.sh -d mydir && /etc/rc.d/unbound restart
|
||||
can restart unbound exactly when needed.
|
||||
|
||||
30 September 2008: Wouter
|
||||
- fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.
|
||||
|
Loading…
Reference in New Issue
Block a user