- mv $ZONEDIR/$Z.new $ZONEDIR/$Z
- echo "** $Z: New version $(sed -e "s/^;;; VERSION: //; t; d" $ZONEDIR/$Z)"
+ NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" $ZONEDIR/$Z.new)"
+ if [ -f $KEYDIR/$Z.hash ] ; then
+ if ! dnssec-signzone -a -d $DSSDIR -g -K $KEYDIR/$Z $SIGNZONE_OPTIONS -f $ZONEDIR/$Z.signed -o $Z -S -3 - $ZONEDIR/$Z.new &>$ZONEDIR/$Z.tmp ; then
+ cat $ZONEDIR/$Z.tmp
+ echo >&2 "FATAL: Signing failed"
+ exit 1
+ fi
+ rm -f $ZONEDIR/$Z.tmp
+ mv $ZONEDIR/$Z.signed $ZONEDIR/$Z
+ SIGNED=" (signed)"
+ else
+ mv $ZONEDIR/$Z.new $ZONEDIR/$Z
+ SIGNED=
+ fi
+ echo "** $Z: New version $NEWVER$SIGNED"