DNSSEC: Complete support for key delegations to sub-domains

[nsc-5.git] / bin / genzone

diff --git a/bin/genzone b/bin/genzone
index 0a647a985609b466ff81df62de0af6dea6204f3e..cee907f3a2d41c9903d5cb37179a97fe77d8b12f 100755 (executable)
--- a/bin/genzone
+++ b/bin/genzone
@@ -13,8 +13,8 @@ Z=$1
 shift
 
 CURRENT_HASH=$($M4 -DHASHING m4/nsc.m4 "$@" | md5sum | cut -d " " -f1)
 shift
 
 CURRENT_HASH=$($M4 -DHASHING m4/nsc.m4 "$@" | md5sum | cut -d " " -f1)

-if [ -f keys/$Z.hash ] ; then
-       CURRENT_HASH=$CURRENT_HASH:$(cat keys/$Z.hash)
+if [ -f khash/$Z ] ; then
+       CURRENT_HASH=$CURRENT_HASH:$(cat khash/$Z)

        if [ -f keys/resign-stamp ] ; then
                CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' keys/resign-stamp)
        fi
        if [ -f keys/resign-stamp ] ; then
                CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' keys/resign-stamp)
        fi


@@ -27,13 +27,14 @@ if [ "X$CURRENT_HASH" = "X$PREV_HASH" ] ; then
 else
        $M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
        NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
 else
        $M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
        NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"

-       if [ -f keys/$Z.hash ] ; then
-               if ! dnssec-signzone -a -d dss -g -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
+       if [ -f khash/$Z ] ; then
+               if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then

                        cat zone/$Z.tmp
                        echo >&2 "FATAL: Signing failed"
                        exit 1
                fi
                rm -f zone/$Z.tmp
                        cat zone/$Z.tmp
                        echo >&2 "FATAL: Signing failed"
                        exit 1
                fi
                rm -f zone/$Z.tmp

+               rm -f tmp/dsset-*

                mv zone/$Z.signed zone/$Z
                SIGNED=" (signed)"
        else
                mv zone/$Z.signed zone/$Z
                SIGNED=" (signed)"
        else