Commit 439adc1c authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor

cryptographically verify root.hints

parent 46b92e16
......@@ -8,6 +8,7 @@ Uploaders:
Robert Edmonds <edmonds@debian.org>,
Build-Depends:
debhelper (>= 11~),
gpgv,
ldnsutils,
openssl,
unbound-anchor,
......
......@@ -14,6 +14,9 @@ override_dh_auto_build:
# Verify root-anchors.xml using OpenSSL
openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
# Verify root.hints
gpgv --keyring $(CURDIR)/registry-admin.key $(CURDIR)/root.hints.sig $(CURDIR)/root.hints
# Create key from validated root-anchors.xml
./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds
......@@ -35,3 +38,4 @@ get_orig_source:
< $(CURDIR)/root-auto.key grep -Ev "^($$|;)" | sed -e 's/ ;;count=.*//' > $(CURDIR)/root.key
rm $(CURDIR)/root-auto.key
wget -O $(CURDIR)/root.hints "https://www.internic.net/domain/named.root"
wget -O $(CURDIR)/root.hints.sig "https://www.internic.net/domain/named.root.sig"
File added
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment