Easier update script.

git-svn-id: file:///svn/unbound/trunk@1280 be551aaa-1e26-0410-a405-d3ace91eadb9
2024-09-21 22:57:08 +00:00 · 2008-10-02 09:22:02 +00:00 · 2008-10-02 09:22:02 +00:00 · 7d242d400f
commit 7d242d400f
parent cb659ab13b
2 changed files with 26 additions and 12 deletions
--- a/contrib/update-anchor.sh
+++ b/contrib/update-anchor.sh
@ -21,7 +21,9 @@ usage ( )
 	echo "    name the files br.anchor se.anchor ..., and include them in"
 	echo "    the validating resolver config file."
 	echo "    put keys for the root in a file with the name root.anchor."
-	exit 1
+	echo ""
+	echo "Exit code 0 means anchors updated, 1 no changes, others are errors."
+	exit 2
 }

 if test $# -eq 0; then
@ -43,6 +45,7 @@ do_update ( ) {
 	# arguments: <zonename> <keyfile>
 	zonename="$1"
 	keyfile="$2"
+	tmp2=$tmpfile.2

 	tmpfile="/tmp/update-anchor.$$"
 	$ubhost -v $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile
@ -67,22 +70,22 @@ do_update ( ) {

 	if test $bindformat = "yes"; then
 		# are there any KSK keys on board?
-		echo 'trusted-keys {' > "$keyfile"
+		echo 'trusted-keys {' > "$tmp2"
 		if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then
 			# store KSK keys in anchor file
 			grep '(secure)$' $tmpfile | \
 			grep ' has DNSKEY record 257' | \
 			sed -e 's/ (secure)$/";/' | \
 			sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \
-			sed -e 's/^\.\././' >> "$keyfile"
+			sed -e 's/^\.\././' >> "$tmp2"
 		else
 			# store all keys in the anchor file
 			grep '(secure)$' $tmpfile | \
 			sed -e 's/ (secure)$/";/' | \
 			sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \
-			sed -e 's/^\.\././' >> "$keyfile"
+			sed -e 's/^\.\././' >> "$tmp2"
 		fi
-		echo '};' >> "$keyfile"
+		echo '};' >> "$tmp2"
 	else #not bindformat
 		# are there any KSK keys on board?
 		if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then
@ -91,21 +94,30 @@ do_update ( ) {
 			grep ' has DNSKEY record 257' | \
 			sed -e 's/ (secure)$//' | \
 			sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \
-			sed -e 's/^\.\././' > "$keyfile"
+			sed -e 's/^\.\././' > "$tmp2"
 		else
 			# store all keys in the anchor file
 			grep '(secure)$' $tmpfile | \
 			sed -e 's/ (secure)$//' | \
 			sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \
-			sed -e 's/^\.\././' > "$keyfile"
+			sed -e 's/^\.\././' > "$tmp2"
 		fi
 	fi # endif-bindformat

-	echo "$zonename key file $keyfile updated."
+	# copy over if changed
+	diff $tmp2 $keyfile >/dev/null 2>&1
+	if test $? -eq 1; then   # 0 means no change, 2 means trouble.
+		cat $tmp2 > $keyfile
+		no_updated=0
+		echo "$zonename key file $keyfile updated."
+	else
+		echo "$zonename key file $keyfile unchanged."
+	fi

-	rm -f $tmpfile
+	rm -f $tmpfile $tmp2
 }

+no_updated=1
 if test X"$1" = "X-d"; then
 	tdir="$2"
 	echo "start updating in $2"
@ -128,7 +140,5 @@ else
 	fi
 	kfile="$2"
 	do_update $zname $kfile
-	exit $?
 fi
-
-exit 0
+exit $no_updated
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,6 +1,10 @@
 2 October 2008: Wouter
 	- fixup unlink of pidfile.
 	- fixup SHA256 algorithm collation code.
+	- contrib/update-anchor.sh does not overwrite anchors if not needed.
+	  exits 0 when a restart is needed, other values if not.
+	  so,  update-anchor.sh -d mydir && /etc/rc.d/unbound restart
+	  can restart unbound exactly when needed.

 30 September 2008: Wouter
 	- fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.