- $M4 -DVERS=$VERSDIR/$Z m4/nsc.m4 "$@" >$ZONEDIR/$Z.new
- mv $ZONEDIR/$Z.new $ZONEDIR/$Z
- echo "** $Z: New version $(sed -e "s/^;;; VERSION: //; t; d" $ZONEDIR/$Z)"
- echo $CURRENT_HASH >$HASHDIR/$Z
+ $M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
+ NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
+ if [ -f khash/$Z ] ; then
+ if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
+ cat zone/$Z.tmp
+ echo >&2 "FATAL: Signing failed"
+ exit 1
+ fi
+ rm -f zone/$Z.tmp
+ rm -f tmp/dsset-*
+ mv zone/$Z.signed zone/$Z
+ SIGNED=" (signed)"
+ else
+ mv zone/$Z.new zone/$Z
+ SIGNED=
+ fi
+ echo "** $Z: New version $NEWVER$SIGNED"
+ echo $CURRENT_HASH >hash/$Z