]> mj.ucw.cz Git - nsc-5.git/blob - bin/genzone
projects / nsc-5.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
DNSSEC: Complete support for key delegations to sub-domains
[nsc-5.git] / bin / genzone
1 #!/bin/bash
2 # NSC -- Zone file generator
3 # (c) 1997--2019 Martin Mares <mj@ucw.cz>
4
5 set -e
6 . bin/shell-env
7
8 if [ $# -lt 2 ] ; then
9         echo >&2 "Usage: $0 <domain> <source files>"
10         exit 1
11 fi
12 Z=$1
13 shift
14
15 CURRENT_HASH=$($M4 -DHASHING m4/nsc.m4 "$@" | md5sum | cut -d " " -f1)
16 if [ -f khash/$Z ] ; then
17         CURRENT_HASH=$CURRENT_HASH:$(cat khash/$Z)
18         if [ -f keys/resign-stamp ] ; then
19                 CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' keys/resign-stamp)
20         fi
21 fi
22
23 PREV_HASH=$(if [ -s hash/$Z ] ; then cat hash/$Z ; fi)
24 if [ "X$CURRENT_HASH" = "X$PREV_HASH" ] ; then
25         echo "-- $Z: No changes"
26         touch zone/$Z hash/$Z
27 else
28         $M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
29         NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
30         if [ -f khash/$Z ] ; then
31                 if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
32                         cat zone/$Z.tmp
33                         echo >&2 "FATAL: Signing failed"
34                         exit 1
35                 fi
36                 rm -f zone/$Z.tmp
37                 rm -f tmp/dsset-*
38                 mv zone/$Z.signed zone/$Z
39                 SIGNED=" (signed)"
40         else
41                 mv zone/$Z.new zone/$Z
42                 SIGNED=
43         fi
44         echo "** $Z: New version $NEWVER$SIGNED"
45         echo $CURRENT_HASH >hash/$Z
46 fi
Name Server Configurator - a set of scripts for maintaining DNS zones