$M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
if [ -f khash/$Z ] ; then
- if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
+ ORIGIN=$(grep '\$ORIGIN' zone/$Z.new | cut -d' ' -f2)
+ if [ -z "$ORIGIN" ] ; then
+ echo >&2 "FATAL: Cannot establish zone origin for $Z"
+ exit 1
+ fi
+ NSEC="-3 -"
+ if [ -f bin/dnssec-hacks ] ; then
+ # Undocumented hook for hacks
+ . bin/dnssec-hacks
+ fi
+ if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $ORIGIN -S $NSEC zone/$Z.new &>zone/$Z.tmp ; then
cat zone/$Z.tmp
- echo >&2 "FATAL: Signing failed"
+ echo >&2 "FATAL: Cannot sign $Z"
exit 1
fi
rm -f zone/$Z.tmp
rm -f tmp/dsset-*
mv zone/$Z.signed zone/$Z
+ rm -f zone/$Z.new
SIGNED=" (signed)"
else
mv zone/$Z.new zone/$Z
projects / nsc-5.git / blobdiff