Commit e415631a authored by Ondrej Sury's avatar Ondrej Sury

Rewrite DS creation check to xml2 and ldnsutils, as neither xmllint nor...

Rewrite DS creation check to xml2 and ldnsutils, as neither xmllint nor bind9utils handle multiple DNSKEY in one file correctly
parent d16ccd3c
......@@ -7,8 +7,8 @@ Uploaders: Ondřej Surý <ondrej@debian.org>,
Build-Depends: debhelper (>= 8.0.0),
unbound-anchor,
openssl,
bind9utils,
libxml2-utils
ldnsutils,
xml2
Standards-Version: 3.9.6
Homepage: https://data.iana.org/root-anchors/
Vcs-Git: git://git.debian.org/pkg-dns/dns-root-data.git
......
......@@ -15,16 +15,10 @@ override_dh_auto_build:
openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
# Create key from validated root-anchors.xml
echo \
"$$(xmllint --xpath '//TrustAnchor/Zone/text()' root-anchors.xml) IN DS" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/KeyTag/text()' root-anchors.xml)" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/Algorithm/text()' root-anchors.xml)" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/DigestType/text()' root-anchors.xml)" \
"$$(xmllint --xpath '//TrustAnchor/KeyDigest/Digest/text()' root-anchors.xml)" > \
root-anchors.ds
./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds
# Create key from downloaded root.key
/usr/sbin/dnssec-dsfromkey -2 root.key > root.ds
/usr/bin/ldns-key2ds -n -2 root.key > root.ds
# Compare the DS from root.key and from root-anchors.xml
diff root-anchors.ds root.ds
......
#!/bin/sh
unset ZONE KTAG ALGO DTYPE DIGEST
TTL=172800
export IFS="="
xml2 | while read KEY VAL; do
case "$KEY" in
"/TrustAnchor/Zone") ZONE="$VAL";;
"/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";;
"/TrustAnchor/KeyDigest/Algorithm") ALGO="$VAL";;
"/TrustAnchor/KeyDigest/DigestType") DTYPE="$VAL";;
"/TrustAnchor/KeyDigest/Digest")
DIGEST="$(echo "$VAL" | tr "[A-Z]" "[a-z]")"
if [ -z "$ZONE" -o -z "$KTAG" -o -z "$ALGO" -o -z "$DTYPE" ]; then
echo "Missing some KeyDigest parameter"
exit 1
fi
echo "$ZONE\t$TTL\tIN\tDS\t$KTAG $ALGO $DTYPE $DIGEST"
unset KTAG ALGO DTYPE DIGEST
;;
esac
done
exit 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment