mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- Fix #720: add windows scripts to zip bundle.
git-svn-id: file:///svn/unbound/trunk@3548 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
55f5a55f5f
commit
fcd476c81f
@ -1,33 +1,33 @@
|
||||
@Echo off
|
||||
rem Convert the Yoyo.org anti-ad server listing
|
||||
rem into an unbound dns spoof redirection list.
|
||||
rem Written by Y.Voinov (c) 2014
|
||||
|
||||
rem Note: Wget required!
|
||||
|
||||
rem Variables
|
||||
set prefix="C:\Program Files (x86)"
|
||||
set dst_dir=%prefix%\Unbound
|
||||
set work_dir=%TEMP%
|
||||
set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
|
||||
|
||||
rem Check Wget installed
|
||||
for /f "delims=" %%a in ('where wget') do @set wget=%%a
|
||||
if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1
|
||||
echo Wget found: %wget%
|
||||
|
||||
"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr%
|
||||
|
||||
del /Q /F /S %dst_dir%\unbound_ad_servers
|
||||
|
||||
for /F "eol=; tokens=*" %%a in (%work_dir%\yoyo_ad_servers) do (
|
||||
echo local-zone: %%a redirect>>%dst_dir%\unbound_ad_servers
|
||||
echo local-data: "%%a A 127.0.0.1">>%dst_dir%\unbound_ad_servers
|
||||
)
|
||||
|
||||
echo Done.
|
||||
rem then add an include line to your unbound.conf pointing to the full path of
|
||||
rem the unbound_ad_servers file:
|
||||
rem
|
||||
rem include: $dst_dir/unbound_ad_servers
|
||||
rem
|
||||
@Echo off
|
||||
rem Convert the Yoyo.org anti-ad server listing
|
||||
rem into an unbound dns spoof redirection list.
|
||||
rem Written by Y.Voinov (c) 2014
|
||||
|
||||
rem Note: Wget required!
|
||||
|
||||
rem Variables
|
||||
set prefix="C:\Program Files (x86)"
|
||||
set dst_dir=%prefix%\Unbound
|
||||
set work_dir=%TEMP%
|
||||
set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
|
||||
|
||||
rem Check Wget installed
|
||||
for /f "delims=" %%a in ('where wget') do @set wget=%%a
|
||||
if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1
|
||||
echo Wget found: %wget%
|
||||
|
||||
"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr%
|
||||
|
||||
del /Q /F /S %dst_dir%\unbound_ad_servers
|
||||
|
||||
for /F "eol=; tokens=*" %%a in (%work_dir%\yoyo_ad_servers) do (
|
||||
echo local-zone: %%a redirect>>%dst_dir%\unbound_ad_servers
|
||||
echo local-data: "%%a A 127.0.0.1">>%dst_dir%\unbound_ad_servers
|
||||
)
|
||||
|
||||
echo Done.
|
||||
rem then add an include line to your unbound.conf pointing to the full path of
|
||||
rem the unbound_ad_servers file:
|
||||
rem
|
||||
rem include: $dst_dir/unbound_ad_servers
|
||||
rem
|
||||
|
@ -1,3 +1,6 @@
|
||||
24 November 2015: Wouter
|
||||
- Fix #720: add windows scripts to zip bundle.
|
||||
|
||||
20 November 2015: Wouter
|
||||
- Added assert on rrset cache correctness.
|
||||
- Fix that malformed EDNS query gets a response without malformed EDNS.
|
||||
|
@ -329,9 +329,9 @@ if [ "$DOWIN" = "yes" ]; then
|
||||
$strip unbound-service-remove.exe
|
||||
cd tmp.$$
|
||||
cp ../doc/example.conf example.conf
|
||||
cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt .
|
||||
cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt ../contrib/create_unbound_ad_servers.cmd ../contrib/warmup.cmd ../contrib/unbound_cache.cmd .
|
||||
# zipfile
|
||||
zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf unbound-website.url
|
||||
zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf unbound-website.url create_unbound_ad_servers.cmd warmup.cmd unbound_cache.cmd
|
||||
info "Testing $file"
|
||||
(cd .. ; zip -T $file )
|
||||
# installer
|
||||
|
@ -1,164 +1,164 @@
|
||||
@Echo off
|
||||
rem
|
||||
rem unbound-control-setup.cmd - set up SSL certificates for unbound-control
|
||||
rem
|
||||
rem Copyright (c) 2008, NLnet Labs. All rights reserved.
|
||||
rem Modified for Windows by Y.Voinov (c) 2014
|
||||
rem
|
||||
rem This software is open source.
|
||||
rem
|
||||
rem Redistribution and use in source and binary forms, with or without
|
||||
rem modification, are permitted provided that the following conditions
|
||||
rem are met:
|
||||
rem
|
||||
rem Redistributions of source code must retain the above copyright notice,
|
||||
rem this list of conditions and the following disclaimer.
|
||||
rem
|
||||
rem Redistributions in binary form must reproduce the above copyright notice,
|
||||
rem this list of conditions and the following disclaimer in the documentation
|
||||
rem and/or other materials provided with the distribution.
|
||||
rem
|
||||
rem Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
rem be used to endorse or promote products derived from this software without
|
||||
rem specific prior written permission.
|
||||
rem
|
||||
rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
rem settings:
|
||||
|
||||
rem directory for files
|
||||
set prefix="C:\Program Files (x86)"
|
||||
set DESTDIR=%prefix%\Unbound
|
||||
|
||||
rem issuer and subject name for certificates
|
||||
set SERVERNAME=unbound
|
||||
set CLIENTNAME=unbound-control
|
||||
|
||||
rem validity period for certificates
|
||||
set DAYS=7200
|
||||
|
||||
rem size of keys in bits
|
||||
set BITS=1536
|
||||
|
||||
rem hash algorithm
|
||||
set HASH=sha256
|
||||
|
||||
rem base name for unbound server keys
|
||||
set SVR_BASE=unbound_server
|
||||
|
||||
rem base name for unbound-control keys
|
||||
set CTL_BASE=unbound_control
|
||||
|
||||
rem end of options
|
||||
|
||||
rem Check OpenSSL installed
|
||||
for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a
|
||||
if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1
|
||||
echo SSL found: %SSL_PROGRAM%
|
||||
|
||||
set arg=%1
|
||||
if /I "%arg%" == "-h" goto help
|
||||
if /I "%arg%"=="-d" set DESTDIR=%2
|
||||
|
||||
rem go!:
|
||||
echo setup in directory %DESTDIR%
|
||||
cd %$DESTDIR%
|
||||
|
||||
rem create certificate keys; do not recreate if they already exist.
|
||||
if exist $SVR_BASE.key (
|
||||
echo %SVR_BASE%.key exists
|
||||
goto next
|
||||
)
|
||||
echo generating %SVR_BASE%.key
|
||||
"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
|
||||
|
||||
:next
|
||||
if exist %CTL_BASE%.key (
|
||||
echo %CTL_BASE%.key exists
|
||||
goto next2
|
||||
)
|
||||
echo generating %CTL_BASE%.key
|
||||
"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
|
||||
|
||||
:next2
|
||||
rem create self-signed cert for server
|
||||
if exist request.cfg (del /F /Q /S request.cfg)
|
||||
echo [req]>>request.cfg
|
||||
echo default_bits=%BITS%>>request.cfg
|
||||
echo default_md=%HASH%>>request.cfg
|
||||
echo prompt=no>>request.cfg
|
||||
echo distinguished_name=req_distinguished_name>>request.cfg
|
||||
echo.>>request.cfg
|
||||
echo [req_distinguished_name]>>request.cfg
|
||||
echo commonName=%SERVERNAME%>>request.cfg
|
||||
|
||||
if not exist request.cfg (
|
||||
echo could not create request.cfg
|
||||
exit 1
|
||||
)
|
||||
|
||||
echo create %SVR_BASE%.pem (self signed certificate)
|
||||
"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
|
||||
rem create trusted usage pem
|
||||
"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
|
||||
|
||||
rem create client request and sign it
|
||||
if exist request.cfg (del /F /Q /S request.cfg)
|
||||
echo [req]>>request.cfg
|
||||
echo default_bits=%BITS%>>request.cfg
|
||||
echo default_md=%HASH%>>request.cfg
|
||||
echo prompt=no>>request.cfg
|
||||
echo distinguished_name=req_distinguished_name>>request.cfg
|
||||
echo.>>request.cfg
|
||||
echo [req_distinguished_name]>>request.cfg
|
||||
echo commonName=%CLIENTNAME%>>request.cfg
|
||||
|
||||
if not exist request.cfg (
|
||||
echo could not create request.cfg
|
||||
exit 1
|
||||
)
|
||||
|
||||
echo create %CTL_BASE%.pem (signed client certificate)
|
||||
"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
|
||||
|
||||
if not exist %CTL_BASE%.pem (
|
||||
echo could not create %CTL_BASE%.pem
|
||||
exit 1
|
||||
)
|
||||
rem create trusted usage pem
|
||||
rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
|
||||
|
||||
rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem
|
||||
rem echo "create %CTL_BASE%_browser.pfx (web client certificate)"
|
||||
rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:"
|
||||
rem echo "preferences - advanced - encryption - view certificates - your certs"
|
||||
rem echo "empty password is used, simply click OK on the password dialog box."
|
||||
rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
|
||||
|
||||
rem remove crap
|
||||
del /F /Q /S request.cfg
|
||||
del /F /Q /S %CTL_BASE%_trust.pem
|
||||
del /F /Q /S %SVR_BASE%_trust.pem
|
||||
del /F /Q /S %SVR_BASE%_trust.srl
|
||||
|
||||
echo Setup success. Certificates created. Enable in unbound.conf file to use
|
||||
|
||||
exit 0
|
||||
|
||||
:help
|
||||
echo unbound-control-setup.cmd - setup SSL keys for unbound-control
|
||||
echo -d dir use directory to store keys and certificates.
|
||||
echo default: %DESTDIR%
|
||||
echo please run this command using the same user id that the
|
||||
echo unbound daemon uses, it needs read privileges.
|
||||
exit 1
|
||||
@Echo off
|
||||
rem
|
||||
rem unbound-control-setup.cmd - set up SSL certificates for unbound-control
|
||||
rem
|
||||
rem Copyright (c) 2008, NLnet Labs. All rights reserved.
|
||||
rem Modified for Windows by Y.Voinov (c) 2014
|
||||
rem
|
||||
rem This software is open source.
|
||||
rem
|
||||
rem Redistribution and use in source and binary forms, with or without
|
||||
rem modification, are permitted provided that the following conditions
|
||||
rem are met:
|
||||
rem
|
||||
rem Redistributions of source code must retain the above copyright notice,
|
||||
rem this list of conditions and the following disclaimer.
|
||||
rem
|
||||
rem Redistributions in binary form must reproduce the above copyright notice,
|
||||
rem this list of conditions and the following disclaimer in the documentation
|
||||
rem and/or other materials provided with the distribution.
|
||||
rem
|
||||
rem Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
rem be used to endorse or promote products derived from this software without
|
||||
rem specific prior written permission.
|
||||
rem
|
||||
rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
rem settings:
|
||||
|
||||
rem directory for files
|
||||
set prefix="C:\Program Files (x86)"
|
||||
set DESTDIR=%prefix%\Unbound
|
||||
|
||||
rem issuer and subject name for certificates
|
||||
set SERVERNAME=unbound
|
||||
set CLIENTNAME=unbound-control
|
||||
|
||||
rem validity period for certificates
|
||||
set DAYS=7200
|
||||
|
||||
rem size of keys in bits
|
||||
set BITS=1536
|
||||
|
||||
rem hash algorithm
|
||||
set HASH=sha256
|
||||
|
||||
rem base name for unbound server keys
|
||||
set SVR_BASE=unbound_server
|
||||
|
||||
rem base name for unbound-control keys
|
||||
set CTL_BASE=unbound_control
|
||||
|
||||
rem end of options
|
||||
|
||||
rem Check OpenSSL installed
|
||||
for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a
|
||||
if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1
|
||||
echo SSL found: %SSL_PROGRAM%
|
||||
|
||||
set arg=%1
|
||||
if /I "%arg%" == "-h" goto help
|
||||
if /I "%arg%"=="-d" set DESTDIR=%2
|
||||
|
||||
rem go!:
|
||||
echo setup in directory %DESTDIR%
|
||||
cd %$DESTDIR%
|
||||
|
||||
rem create certificate keys; do not recreate if they already exist.
|
||||
if exist $SVR_BASE.key (
|
||||
echo %SVR_BASE%.key exists
|
||||
goto next
|
||||
)
|
||||
echo generating %SVR_BASE%.key
|
||||
"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
|
||||
|
||||
:next
|
||||
if exist %CTL_BASE%.key (
|
||||
echo %CTL_BASE%.key exists
|
||||
goto next2
|
||||
)
|
||||
echo generating %CTL_BASE%.key
|
||||
"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
|
||||
|
||||
:next2
|
||||
rem create self-signed cert for server
|
||||
if exist request.cfg (del /F /Q /S request.cfg)
|
||||
echo [req]>>request.cfg
|
||||
echo default_bits=%BITS%>>request.cfg
|
||||
echo default_md=%HASH%>>request.cfg
|
||||
echo prompt=no>>request.cfg
|
||||
echo distinguished_name=req_distinguished_name>>request.cfg
|
||||
echo.>>request.cfg
|
||||
echo [req_distinguished_name]>>request.cfg
|
||||
echo commonName=%SERVERNAME%>>request.cfg
|
||||
|
||||
if not exist request.cfg (
|
||||
echo could not create request.cfg
|
||||
exit 1
|
||||
)
|
||||
|
||||
echo create %SVR_BASE%.pem (self signed certificate)
|
||||
"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
|
||||
rem create trusted usage pem
|
||||
"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
|
||||
|
||||
rem create client request and sign it
|
||||
if exist request.cfg (del /F /Q /S request.cfg)
|
||||
echo [req]>>request.cfg
|
||||
echo default_bits=%BITS%>>request.cfg
|
||||
echo default_md=%HASH%>>request.cfg
|
||||
echo prompt=no>>request.cfg
|
||||
echo distinguished_name=req_distinguished_name>>request.cfg
|
||||
echo.>>request.cfg
|
||||
echo [req_distinguished_name]>>request.cfg
|
||||
echo commonName=%CLIENTNAME%>>request.cfg
|
||||
|
||||
if not exist request.cfg (
|
||||
echo could not create request.cfg
|
||||
exit 1
|
||||
)
|
||||
|
||||
echo create %CTL_BASE%.pem (signed client certificate)
|
||||
"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
|
||||
|
||||
if not exist %CTL_BASE%.pem (
|
||||
echo could not create %CTL_BASE%.pem
|
||||
exit 1
|
||||
)
|
||||
rem create trusted usage pem
|
||||
rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
|
||||
|
||||
rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem
|
||||
rem echo "create %CTL_BASE%_browser.pfx (web client certificate)"
|
||||
rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:"
|
||||
rem echo "preferences - advanced - encryption - view certificates - your certs"
|
||||
rem echo "empty password is used, simply click OK on the password dialog box."
|
||||
rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
|
||||
|
||||
rem remove crap
|
||||
del /F /Q /S request.cfg
|
||||
del /F /Q /S %CTL_BASE%_trust.pem
|
||||
del /F /Q /S %SVR_BASE%_trust.pem
|
||||
del /F /Q /S %SVR_BASE%_trust.srl
|
||||
|
||||
echo Setup success. Certificates created. Enable in unbound.conf file to use
|
||||
|
||||
exit 0
|
||||
|
||||
:help
|
||||
echo unbound-control-setup.cmd - setup SSL keys for unbound-control
|
||||
echo -d dir use directory to store keys and certificates.
|
||||
echo default: %DESTDIR%
|
||||
echo please run this command using the same user id that the
|
||||
echo unbound daemon uses, it needs read privileges.
|
||||
exit 1
|
||||
|
Loading…
Reference in New Issue
Block a user