From dd04a4d50eca47c8ce85bf75240331bcf27367f7 Mon Sep 17 00:00:00 2001 From: Martin Mares Date: Wed, 30 Jan 2019 10:44:02 +0100 Subject: [PATCH] Most directory names are now fixed Using variables for names of all directories was generating much noise and it was never useful. So was configuring the absolute path to our root directory. We always assume that our root directory is the cwd anyway. --- README | 5 ----- TODO | 4 +++- bin/genzone | 30 +++++++++++++++--------------- bin/key-gen | 4 ++-- bin/key-update | 8 ++++---- m4/dnslib.m4 | 6 ------ m4/mkconf.m4 | 4 ++-- m4/mkmf.m4 | 16 ++++++++-------- m4/mkshell-env.m4 | 7 ------- 9 files changed, 34 insertions(+), 50 deletions(-) diff --git a/README b/README index b1987b3..24dfd7f 100644 --- a/README +++ b/README @@ -330,12 +330,7 @@ The following variables are available: NAMED_RESTART_CMD Shell command for restarting the name server daemon (default: rndc reload) -ROOT Root directory of the whole package (default: /etc/named) CFDIR Directory with config files (default: cf) -ZONEDIR Directory with zone files (default: zone) -BAKDIR Directory with backup files (default: bak) -HASHDIR Directory with zone hashes (default: hash) -VERSDIR Directory with version files (default: var) ROOTCACHE File with the cache of root name servers REFRESH SOA record parameters diff --git a/TODO b/TODO index afd7552..f666f35 100644 --- a/TODO +++ b/TODO @@ -1,7 +1,9 @@ freebsd: don't use `-f' in hostname +- NSCVER macro +- Update or delete nsc.lsm + DNSSEC: - DS records and dependencies on them -- NSCVER macro - in reverse zones, file name != zone name => need to pass zone name to genzone - dependencies on resign-stamp diff --git a/bin/genzone b/bin/genzone index 7805e59..0a647a9 100755 --- a/bin/genzone +++ b/bin/genzone @@ -13,33 +13,33 @@ Z=$1 shift CURRENT_HASH=$($M4 -DHASHING m4/nsc.m4 "$@" | md5sum | cut -d " " -f1) -if [ -f $KEYDIR/$Z.hash ] ; then - CURRENT_HASH=$CURRENT_HASH:$(cat $KEYDIR/$Z.hash) - if [ -f $KEYDIR/resign-stamp ] ; then - CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' $KEYDIR/resign-stamp) +if [ -f keys/$Z.hash ] ; then + CURRENT_HASH=$CURRENT_HASH:$(cat keys/$Z.hash) + if [ -f keys/resign-stamp ] ; then + CURRENT_HASH=$CURRENT_HASH:$(stat -c '%Y' keys/resign-stamp) fi fi -PREV_HASH=$(if [ -s $HASHDIR/$Z ] ; then cat $HASHDIR/$Z ; fi) +PREV_HASH=$(if [ -s hash/$Z ] ; then cat hash/$Z ; fi) if [ "X$CURRENT_HASH" = "X$PREV_HASH" ] ; then echo "-- $Z: No changes" - touch $ZONEDIR/$Z $HASHDIR/$Z + touch zone/$Z hash/$Z else - $M4 -DVERS=$VERSDIR/$Z m4/nsc.m4 "$@" >$ZONEDIR/$Z.new - NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" $ZONEDIR/$Z.new)" - if [ -f $KEYDIR/$Z.hash ] ; then - if ! dnssec-signzone -a -d $DSSDIR -g -K $KEYDIR/$Z $SIGNZONE_OPTIONS -f $ZONEDIR/$Z.signed -o $Z -S -3 - $ZONEDIR/$Z.new &>$ZONEDIR/$Z.tmp ; then - cat $ZONEDIR/$Z.tmp + $M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new + NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)" + if [ -f keys/$Z.hash ] ; then + if ! dnssec-signzone -a -d dss -g -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then + cat zone/$Z.tmp echo >&2 "FATAL: Signing failed" exit 1 fi - rm -f $ZONEDIR/$Z.tmp - mv $ZONEDIR/$Z.signed $ZONEDIR/$Z + rm -f zone/$Z.tmp + mv zone/$Z.signed zone/$Z SIGNED=" (signed)" else - mv $ZONEDIR/$Z.new $ZONEDIR/$Z + mv zone/$Z.new zone/$Z SIGNED= fi echo "** $Z: New version $NEWVER$SIGNED" - echo $CURRENT_HASH >$HASHDIR/$Z + echo $CURRENT_HASH >hash/$Z fi diff --git a/bin/key-gen b/bin/key-gen index 686e8ca..2494ebf 100755 --- a/bin/key-gen +++ b/bin/key-gen @@ -12,6 +12,6 @@ fi D="$1" shift -mkdir -p $KEYDIR/$D -dnssec-keygen $KEYGEN_OPTIONS -K $KEYDIR/$D "$@" $D +mkdir -p keys/$D +dnssec-keygen $KEYGEN_OPTIONS -K keys/$D "$@" $D bin/key-update $D diff --git a/bin/key-update b/bin/key-update index b033eba..3820ef5 100755 --- a/bin/key-update +++ b/bin/key-update @@ -14,7 +14,7 @@ fi update () { local D=$1 - local K=$KEYDIR/$D + local K=keys/$D local H=$K.hash cat $K/*.key | sha1sum | cut -f1 -d' ' >$H.new if [ ! -f $H ] || ! cmp -s $H $H.new ; then @@ -27,14 +27,14 @@ update () } if [ -z "$1" ] ; then - for DD in $KEYDIR/* ; do + for DD in keys/* ; do if [ -d "$DD" ] ; then update $(basename $DD) fi done - for H in $KEYDIR/*.hash ; do + for H in keys/*.hash ; do B=$(basename $H .hash) - if [ ! -d $KEYDIR/$B ] ; then + if [ ! -d keys/$B ] ; then echo "## $B: Deleted obsolete hash" rm $H fi diff --git a/m4/dnslib.m4 b/m4/dnslib.m4 index 5499baa..02609e7 100644 --- a/m4/dnslib.m4 +++ b/m4/dnslib.m4 @@ -92,14 +92,8 @@ define(`nsc_fatal_error', `errprint(`NSC error: $1 define(`NAMED_RESTART_CMD', `rndc reload') -define(`ROOT', `/etc/named') define(`CFDIR', `cf') -define(`ZONEDIR', `zone') -define(`BAKDIR', `bak') define(`VERSDIR', `ver') -define(`HASHDIR', `hash') -define(`KEYDIR', `keys') -define(`DSSDIR', `dss') define(`ROOTCACHE', `root.cache') define(`REFRESH', HOURS(8)) diff --git a/m4/mkconf.m4 b/m4/mkconf.m4 index 927ea9e..f784e44 100644 --- a/m4/mkconf.m4 +++ b/m4/mkconf.m4 @@ -8,7 +8,7 @@ include(m4/dnslib.m4) define(`DO_PRIMARY', `divert(0)zone "$1" in { type master; - file "ZONEDIR/nsc_file_name($2)"; + file "zone/nsc_file_name($2)"; ZZ_OPTIONS()dnl }; @@ -21,7 +21,7 @@ define(`REVERSE', `DO_PRIMARY(REV($1),nsc_if_v6($1,`nsc_revblock6($1)',`nsc_reva define(`SECONDARY', `divert(0)zone "$1" in { type slave; - file "BAKDIR/nsc_file_name($1)"; + file "bak/nsc_file_name($1)"; masters { $2; }; ZZ_OPTIONS()dnl }; diff --git a/m4/mkmf.m4 b/m4/mkmf.m4 index 8bca929..7bdd7be 100644 --- a/m4/mkmf.m4 +++ b/m4/mkmf.m4 @@ -10,12 +10,12 @@ define(`PRIMARIES', `') define(`nsc_prepend_cf_one', ` 'CFDIR/`nsc_file_name($1)') define(`nsc_prepend_cf_multi', `nsc_iterate(`nsc_prepend_cf_one', $@)') -define(`nsc_key_dep', `ifelse(USE_DNSSEC,,,` 'KEYDIR/$1.hash)') -define(`PRIMARY', `divert(0)ZONEDIR/nsc_file_name($1):nsc_prepend_cf_multi($@)nsc_key_dep($1) $(DDEPS) +define(`nsc_key_dep', `ifelse(USE_DNSSEC,,,` 'keys/$1.hash)') +define(`PRIMARY', `divert(0)zone/nsc_file_name($1):nsc_prepend_cf_multi($@)nsc_key_dep($1) $(DDEPS) @bin/genzone nsc_file_name($1)`'nsc_prepend_cf_multi($@) divert(-1) -define(`PRIMARIES', PRIMARIES ZONEDIR/nsc_file_name($1)) +define(`PRIMARIES', PRIMARIES zone/nsc_file_name($1)) ') define(`REVERSE', `PRIMARY(nsc_if_v6($1,`nsc_revblock6($1)',`nsc_revaddr($1)'), shift($@))') @@ -33,18 +33,18 @@ define(`nsc_cleanup', ` ifdef(`NEED_BLACKHOLE', `PRIMARY(blackhole)') divert(0)dnl -VERSDIR/.version: CFDIR/domains ROOTCACHE`'PRIMARIES`'ifdef(`NEED_BLACKHOLE',` ZONEDIR/blackhole') +ver/.version: CFDIR/domains ROOTCACHE`'PRIMARIES`'ifdef(`NEED_BLACKHOLE',` zone/blackhole') NAMED_RESTART_CMD - touch VERSDIR/.version + touch ver/.version clean: - find BAKDIR ZONEDIR HASHDIR DSSDIR -maxdepth 1 -type f | xargs rm -f + find bak zone hash dss -maxdepth 1 -type f | xargs rm -f clobber: clean rm -f Makefile named.conf bin/shell-env distclean: clobber - find VERSDIR -maxdepth 1 -type f | xargs rm -f + find ver -maxdepth 1 -type f | xargs rm -f ') divert(0)dnl @@ -56,6 +56,6 @@ divert(0)dnl DDEPS=m4/nsc.m4 m4/dnslib.m4 cf/config -all: VERSDIR/.version +all: ver/.version m4wrap(`nsc_cleanup') divert(-1) diff --git a/m4/mkshell-env.m4 b/m4/mkshell-env.m4 index 16bb1d4..6a134ba 100644 --- a/m4/mkshell-env.m4 +++ b/m4/mkshell-env.m4 @@ -4,14 +4,7 @@ dnl ### (c) 2019 Martin Mares dnl ### include(m4/dnslib.m4) divert(0)dnl -`NSC_ROOT'=ROOT `CFDIR'=CFDIR -`ZONEDIR'=ZONEDIR -`BAKDIR'=BAKDIR -`VERSDIR'=VERSDIR -`HASHDIR'=HASHDIR -`KEYDIR'=KEYDIR -`DSSDIR'=DSSDIR `ROOTCACHE'=ROOTCACHE `M4'=M4 `KEYGEN_OPTIONS'="KEYGEN_OPTIONS" -- 2.39.2