#!/bin/bash
# NSC -- Zone file generator
# (c) 1997--2019 Martin Mares <mj@ucw.cz>

set -e
. bin/shell-env

if [ $# -lt 2 ] ; then
	echo >&2 "Usage: $0 <domain> <source files>"
	exit 1
fi
Z=$1
shift

CURRENT_HASH=$($M4 -DHASHING m4/nsc.m4 "$@" | md5sum | cut -d " " -f1)
if [ -f khash/$Z ] ; then
	CURRENT_HASH=$CURRENT_HASH:$(cat khash/$Z)
	if [ -f keys/resign-stamp ] ; then
		CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' keys/resign-stamp)
	fi
fi

PREV_HASH=$(if [ -s hash/$Z ] ; then cat hash/$Z ; fi)
if [ "X$CURRENT_HASH" = "X$PREV_HASH" ] ; then
	echo "-- $Z: No changes"
	touch zone/$Z hash/$Z
else
	$M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
	NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
	if [ -f khash/$Z ] ; then
		ORIGIN=$(grep '\$ORIGIN' zone/$Z.new | cut -d' ' -f2)
		if [ -z "$ORIGIN" ] ; then
			echo >&2 "FATAL: Cannot establish zone origin for $Z"
			exit 1
		fi
		if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $ORIGIN -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
			cat zone/$Z.tmp
			echo >&2 "FATAL: Cannot sign $Z"
			exit 1
		fi
		rm -f zone/$Z.tmp
		rm -f tmp/dsset-*
		mv zone/$Z.signed zone/$Z
		SIGNED=" (signed)"
	else
		mv zone/$Z.new zone/$Z
		SIGNED=
	fi
	echo "** $Z: New version $NEWVER$SIGNED"
	echo $CURRENT_HASH >hash/$Z
fi