X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=bin%2Fgenzone;h=432ad43e8e8cd6503d6b6b5f37c50300141f6360;hb=b8a9b37c2c9fb73e51e0b57de246f7df76e01dcb;hp=cee907f3a2d41c9903d5cb37179a97fe77d8b12f;hpb=57e60f9a9bd96a6cd81651dfd8b833ea82c509c6;p=nsc-5.git

diff --git a/bin/genzone b/bin/genzone
index cee907f..432ad43 100755
--- a/bin/genzone
+++ b/bin/genzone
@@ -28,14 +28,25 @@ else
 	$M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
 	NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
 	if [ -f khash/$Z ] ; then
-		if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
+		ORIGIN=$(grep '\$ORIGIN' zone/$Z.new | cut -d' ' -f2)
+		if [ -z "$ORIGIN" ] ; then
+			echo >&2 "FATAL: Cannot establish zone origin for $Z"
+			exit 1
+		fi
+		NSEC="-3 -"
+		if [ -f bin/dnssec-hacks ] ; then
+			# Undocumented hook for hacks
+			. bin/dnssec-hacks
+		fi
+		if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $ORIGIN -S $NSEC zone/$Z.new &>zone/$Z.tmp ; then
 			cat zone/$Z.tmp
-			echo >&2 "FATAL: Signing failed"
+			echo >&2 "FATAL: Cannot sign $Z"
 			exit 1
 		fi
 		rm -f zone/$Z.tmp
 		rm -f tmp/dsset-*
 		mv zone/$Z.signed zone/$Z
+		rm -f zone/$Z.new
 		SIGNED=" (signed)"
 	else
 		mv zone/$Z.new zone/$Z