X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;ds=sidebyside;f=bin%2Fgenzone;h=cee907f3a2d41c9903d5cb37179a97fe77d8b12f;hb=57e60f9a9bd96a6cd81651dfd8b833ea82c509c6;hp=d2749de0b61d4ffc5f064cd844988736d8e0c684;hpb=9e0b4078816d410d3eb2ae4bad1f2bec332a8c95;p=nsc-5.git

diff --git a/bin/genzone b/bin/genzone
index d2749de..cee907f 100755
--- a/bin/genzone
+++ b/bin/genzone
@@ -1,17 +1,46 @@
-#!/bin/sh
+#!/bin/bash
+# NSC -- Zone file generator
+# (c) 1997--2019 Martin Mares <mj@ucw.cz>
+
 set -e
 . bin/shell-env
+
+if [ $# -lt 2 ] ; then
+	echo >&2 "Usage: $0 <domain> <source files>"
+	exit 1
+fi
 Z=$1
 shift
-mkdir -p $HASHDIR
+
 CURRENT_HASH=$($M4 -DHASHING m4/nsc.m4 "$@" | md5sum | cut -d " " -f1)
-PREV_HASH=$(if [ -s $HASHDIR/$Z ] ; then cat $HASHDIR/$Z ; fi)
+if [ -f khash/$Z ] ; then
+	CURRENT_HASH=$CURRENT_HASH:$(cat khash/$Z)
+	if [ -f keys/resign-stamp ] ; then
+		CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' keys/resign-stamp)
+	fi
+fi
+
+PREV_HASH=$(if [ -s hash/$Z ] ; then cat hash/$Z ; fi)
 if [ "X$CURRENT_HASH" = "X$PREV_HASH" ] ; then
 	echo "-- $Z: No changes"
-	touch $ZONEDIR/$Z $HASHDIR/$Z
+	touch zone/$Z hash/$Z
 else
-	$M4 -DVERS=$VERSDIR/$Z m4/nsc.m4 "$@" >$ZONEDIR/$Z.new
-	mv $ZONEDIR/$Z.new $ZONEDIR/$Z
-	echo "** $Z: New version $(sed -e "s/^;;; VERSION: //; t; d" $ZONEDIR/$Z)"
-	echo $CURRENT_HASH >$HASHDIR/$Z
+	$M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
+	NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
+	if [ -f khash/$Z ] ; then
+		if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
+			cat zone/$Z.tmp
+			echo >&2 "FATAL: Signing failed"
+			exit 1
+		fi
+		rm -f zone/$Z.tmp
+		rm -f tmp/dsset-*
+		mv zone/$Z.signed zone/$Z
+		SIGNED=" (signed)"
+	else
+		mv zone/$Z.new zone/$Z
+		SIGNED=
+	fi
+	echo "** $Z: New version $NEWVER$SIGNED"
+	echo $CURRENT_HASH >hash/$Z
 fi