Commit 01bf9235 authored by Ondrej Sury's avatar Ondrej Sury

Initial commit

parents
File added
File added
dnssec-root-key for Debian
--------------------------
The weekly update needs Internet connectivity to check for updated
IANA root key.
-- Ondřej Surý <ondrej@debian.org>, Thu, 26 Jun 2014 10:28:09 +0200
dnssec-root-key for Debian
--------------------------
The source files for this package was created by downloading IANA
DNSSEC root-anchors directory from: http://data.iana.org/root-anchors/
-- Ondřej Surý <ondrej@debian.org>, Thu, 26 Jun 2014 09:26:54 +0200
dnssec-root-key (20100715-1) unstable; urgency=low
* Initial release (Closes: #nnnn) <nnnn is the bug number of your ITP>
-- Ondřej Surý <ondrej@debian.org> Thu, 26 Jun 2014 09:21:39 +0200
Source: dnssec-root-key
Section: misc
Priority: optional
Maintainer: Ondřej Surý <ondrej@debian.org>
Build-Depends: debhelper (>= 8.0.0),
unbound-anchor,
openssl,
gnupg2,
bind9utils,
libxml2-utils
Standards-Version: 3.9.5
Homepage: https://data.iana.org/root-anchors/
#Vcs-Git: git://git.debian.org/collab-maint/dnssec-root-key.git
#Vcs-Browser: http://git.debian.org/?p=collab-maint/dnssec-root-key.git;a=summary
Package: dnssec-root-key
Architecture: all
Depends: ${misc:Depends}, unbound-anchor
Description: DNSSEC root key (trust anchors)
This package contains DNSSEC root key in all available formats that
all packages doing DNSSEC validation can use as a common data source.
.
unbound-anchor is used to keep the root.key up-to-date
via RFC5011 mechanism.
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: dnssec-root-key
Source: https://data.iana.org/root-anchors/
Files: *
Copyright: Copyright (c) 2010 Internet Corporation For Assigned Names and Numbers
License:
ICANN asserts no property rights to any of the IANA registries or
public keys we maintain. You are free to redistribute the IANA
registry files, the root zone file and the root public keys.
.
As a courtesy we'd ask any such redistribution make it clear it is a
mirrored copy, and indicate the original source URL.
Files: debian/*
Copyright: 2014 Ondřej Surý <ondrej@debian.org>
License: Expat
License: Expat
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
.
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
\ No newline at end of file
#!/bin/sh
unbound-anchor -a /etc/dns/root.key \
-c /usr/share/dnssec-root-key/icannbundle.pem
/etc/dns
/usr/share/dnssec-root-key
draft-icann-dnssec-trust-anchor.* /usr/share/doc/dnssec-root-key/
icannbundle.* /usr/share/dnssec-root-key/
icann.pgp /usr/share/dnssec-root-key/
*.crt /usr/share/dnssec-root-key/
*.csr /usr/share/dnssec-root-key/
root-anchors.* /usr/share/dnssec-root-key/
root.key /etc/dns/
root.ds /etc/dns/
#!/bin/sh
# postinst script for getdns-common
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
configure)
unbound-anchor -a /etc/dns/root.key \
-c /usr/share/dnssec-root-key/icannbundle.pem
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
#!/usr/bin/make -f
# -*- makefile -*-
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
%:
dh $@
override_dh_auto_configure override_dh_auto_install:
:
override_dh_auto_build:
# Verify root-anchors.xml using OpenSSL
openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
# Verify root-anchors.xml using OpenPGP
mkdir -m 0700 -p $(CURDIR)/.gnupg/
GNUPGHOME=$(CURDIR)/.gnupg/ gpg2 --quiet --import $(CURDIR)/icann.pgp
echo "2FBB91BCAAEE0ABE1F8031C7D1AFBCE00F6C91D2:6:" | \
GNUPGHOME=$(CURDIR)/.gnupg/ gpg2 --quiet --import-ownertrust
GNUPGHOME=$(CURDIR)/.gnupg/ gpg2 --quiet --verify root-anchors.asc root-anchors.xml
rm -rf .gnupg/
# Create key from validated root-anchors.xml
echo \
"$$(xmllint --xpath '//TrustAnchor/Zone/text()' root-anchors.xml) IN DS" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/KeyTag/text()' root-anchors.xml)" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/Algorithm/text()' root-anchors.xml)" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/DigestType/text()' root-anchors.xml)" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/Digest/text()' root-anchors.xml)" > \
root-anchors.ds
# Create key from downloaded root.key
dnssec-dsfromkey -2 root.key > root.ds
# Compare the DS from root.key and from root-anchors.xml
diff root-anchors.ds root.ds
override_dh_auto_clean:
rm root-anchors.ds root.ds
get_orig_source:
# Create root.key using unbound-anchor
# This needs Internet connection
unbound-anchor \
-a $(CURDIR)/root.key \
-c $(CURDIR)/icannbundle.pem
This diff is collapsed.
This diff is collapsed.
File added
File added
This diff is collapsed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBMM7Lm0a+84A9skdIRAmaXAKCCNJxxGCECU8JWkY9ofYbUbWhRswCfT16u
mJCNEcrHjgJdz5u01l2VZlU=
=umAT
-----END PGP SIGNATURE-----
<?xml version="1.0" encoding="UTF-8"?>
<TrustAnchor id="AD42165F-3B1A-4778-8F42-D34A1D41FD93" source="http://data.iana.org/root-anchors/root-anchors.xml">
<Zone>.</Zone>
<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00">
<KeyTag>19036</KeyTag>
<Algorithm>8</Algorithm>
<DigestType>2</DigestType>
<Digest>49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5</Digest>
</KeyDigest>
</TrustAnchor>
; autotrust trust anchor file
;;id: . 1
;;last_queried: 1403770717 ;;Thu Jun 26 10:18:37 2014
;;last_success: 1403770717 ;;Thu Jun 26 10:18:37 2014
;;next_probe_time: 1403812361 ;;Thu Jun 26 21:52:41 2014
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1403768934 ;;Thu Jun 26 09:48:54 2014
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment