genzone: A hook for hacks; do not forget to remove *.new

author Martin Mares <mj@ucw.cz>

Wed, 30 Jan 2019 14:05:40 +0000 (15:05 +0100)

committer Martin Mares <mj@ucw.cz>

Wed, 30 Jan 2019 14:05:40 +0000 (15:05 +0100)
author Martin Mares <mj@ucw.cz>
Wed, 30 Jan 2019 14:05:40 +0000 (15:05 +0100)
committer Martin Mares <mj@ucw.cz>
Wed, 30 Jan 2019 14:05:40 +0000 (15:05 +0100)
diff --git a/bin/genzone b/bin/genzone

index 4af086795f5b878f423f8652e2190082b72f4b6c..432ad43e8e8cd6503d6b6b5f37c50300141f6360 100755 (executable)
--- a/bin/genzone
+++ b/bin/genzone
@@ -33,7 +33,12 @@ else
                         echo >&2 "FATAL: Cannot establish zone origin for $Z"
                         exit 1
                 fi
-               if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $ORIGIN -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
+               NSEC="-3 -"
+               if [ -f bin/dnssec-hacks ] ; then
+                       # Undocumented hook for hacks
+                       . bin/dnssec-hacks
+               fi
+               if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $ORIGIN -S $NSEC zone/$Z.new &>zone/$Z.tmp ; then
                         cat zone/$Z.tmp
                         echo >&2 "FATAL: Cannot sign $Z"
                         exit 1
@@ -41,6 +46,7 @@ else
                 rm -f zone/$Z.tmp
                 rm -f tmp/dsset-*
                 mv zone/$Z.signed zone/$Z
+               rm -f zone/$Z.new
                 SIGNED=" (signed)"
         else
                 mv zone/$Z.new zone/$Z
author	Martin Mares <mj@ucw.cz>
	Wed, 30 Jan 2019 14:05:40 +0000 (15:05 +0100)
committer	Martin Mares <mj@ucw.cz>
	Wed, 30 Jan 2019 14:05:40 +0000 (15:05 +0100)