From 8027861ea0c775a47af4ae6ae116b42b25a089ce Mon Sep 17 00:00:00 2001
From: Martin Mares <mj@ucw.cz>
Date: Wed, 30 Jan 2019 11:13:19 +0100
Subject: [PATCH] DNSSEC: Key hashes and resign-stamp moved to a separate
 directory

---
 bin/genzone    | 10 +++++-----
 bin/key-update |  6 +++---
 bin/nsconfig   |  2 +-
 m4/mkmf.m4     |  4 ++--
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/bin/genzone b/bin/genzone
index 0a647a9..6c7bffc 100755
--- a/bin/genzone
+++ b/bin/genzone
@@ -13,10 +13,10 @@ Z=$1
 shift
 
 CURRENT_HASH=$($M4 -DHASHING m4/nsc.m4 "$@" | md5sum | cut -d " " -f1)
-if [ -f keys/$Z.hash ] ; then
-	CURRENT_HASH=$CURRENT_HASH:$(cat keys/$Z.hash)
-	if [ -f keys/resign-stamp ] ; then
-		CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' keys/resign-stamp)
+if [ -f khash/$Z ] ; then
+	CURRENT_HASH=$CURRENT_HASH:$(cat khash/$Z)
+	if [ -f khash/resign-stamp ] ; then
+		CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' khash/resign-stamp)
 	fi
 fi
 
@@ -27,7 +27,7 @@ if [ "X$CURRENT_HASH" = "X$PREV_HASH" ] ; then
 else
 	$M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
 	NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
-	if [ -f keys/$Z.hash ] ; then
+	if [ -f khash/$Z ] ; then
 		if ! dnssec-signzone -a -d dss -g -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
 			cat zone/$Z.tmp
 			echo >&2 "FATAL: Signing failed"
diff --git a/bin/key-update b/bin/key-update
index 3820ef5..9242b44 100755
--- a/bin/key-update
+++ b/bin/key-update
@@ -15,7 +15,7 @@ update ()
 {
 	local D=$1
 	local K=keys/$D
-	local H=$K.hash
+	local H=khash/$D
 	cat $K/*.key | sha1sum | cut -f1 -d' ' >$H.new
 	if [ ! -f $H ] || ! cmp -s $H $H.new ; then
 		echo "** $D: New key hash"
@@ -32,8 +32,8 @@ if [ -z "$1" ] ; then
 			update $(basename $DD)
 		fi
 	done
-	for H in keys/*.hash ; do
-		B=$(basename $H .hash)
+	for H in khash/* ; do
+		B=$(basename $H)
 		if [ ! -d keys/$B ] ; then
 			echo "## $B: Deleted obsolete hash"
 			rm $H
diff --git a/bin/nsconfig b/bin/nsconfig
index 676651d..122cc98 100755
--- a/bin/nsconfig
+++ b/bin/nsconfig
@@ -12,7 +12,7 @@ if [ ! -f $DOMAINS ] ; then
 	exit 1
 	fi
 
-mkdir -p zone bak hash ver keys dss
+mkdir -p zone bak hash ver keys khash dss
 $M4 m4/mkconf.m4 $DOMAINS >named.conf
 $M4 m4/mkmf.m4 $DOMAINS >Makefile
 $M4 -DM4=$M4 m4/mkshell-env.m4 >bin/shell-env
diff --git a/m4/mkmf.m4 b/m4/mkmf.m4
index 7bdd7be..7d0f5d5 100644
--- a/m4/mkmf.m4
+++ b/m4/mkmf.m4
@@ -10,7 +10,7 @@ define(`PRIMARIES', `')
 
 define(`nsc_prepend_cf_one', ` 'CFDIR/`nsc_file_name($1)')
 define(`nsc_prepend_cf_multi', `nsc_iterate(`nsc_prepend_cf_one', $@)')
-define(`nsc_key_dep', `ifelse(USE_DNSSEC,,,` 'keys/$1.hash)')
+define(`nsc_key_dep', `ifelse(USE_DNSSEC,,,` 'khash/$1 khash/resign-stamp)')
 define(`PRIMARY', `divert(0)zone/nsc_file_name($1):nsc_prepend_cf_multi($@)nsc_key_dep($1) $(DDEPS)
 	@bin/genzone nsc_file_name($1)`'nsc_prepend_cf_multi($@)
 
@@ -38,7 +38,7 @@ ver/.version: CFDIR/domains ROOTCACHE`'PRIMARIES`'ifdef(`NEED_BLACKHOLE',` zone/
 	touch ver/.version
 
 clean:
-	find bak zone hash dss -maxdepth 1 -type f | xargs rm -f
+	find bak zone hash -maxdepth 1 -type f | xargs rm -f
 
 clobber: clean
 	rm -f Makefile named.conf bin/shell-env
-- 
2.39.2