Date: Wednesday, March 20, 2013 @ 04:16:39 Author: bisson Revision: 180317
add function to generate trusted-key.key and verify its authenticity Added: dnssec-anchors/trunk/LICENSE Modified: dnssec-anchors/trunk/PKGBUILD dnssec-anchors/trunk/trusted-key.key -----------------+ LICENSE | 1 + PKGBUILD | 30 ++++++++++++++++++++---------- trusted-key.key | 3 +-- 3 files changed, 22 insertions(+), 12 deletions(-) Added: LICENSE =================================================================== --- LICENSE (rev 0) +++ LICENSE 2013-03-20 03:16:39 UTC (rev 180317) @@ -0,0 +1 @@ +The contents of this package are inelligible for copyright protection. Modified: PKGBUILD =================================================================== --- PKGBUILD 2013-03-20 02:35:37 UTC (rev 180316) +++ PKGBUILD 2013-03-20 03:16:39 UTC (rev 180317) @@ -4,24 +4,34 @@ # Maintainer: Gaetan Bisson <[email protected]> pkgname=dnssec-anchors -pkgver=20120422 +pkgver=20130320 pkgrel=1 pkgdesc='DNSSEC trust anchors for the root zone' url='http://data.iana.org/root-anchors/' license=('custom:NoCopyright') arch=('any') -source=('trusted-key.key') -sha256sums=('a6e1e5de6d3f26ea74792eab7ac21cc7805e986303bfa270a0120cc8146f881a') +source=('LICENSE' + 'trusted-key.key') +sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb' + 'ca6388cc16223b29b607f07a9aa77e0aa52f653106d440cdc92cc40e145a4bb5') -# dig . dnskey +short | sed 's/^/. 172789 IN DNSKEY /' > trusted-key.key +get_trusted-key() { + drill -z -s DNSKEY . > root.key + curl http://data.iana.org/root-anchors/root-anchors.xml | + awk 'BEGIN{ORS=" "}(NR>4){gsub(/<[^>]*>/,"");print tolower($0)}' | + sed 's/ /\n/' > root.ds + + # Any of those tests failing is suspicious; check thoroughly! + [[ "$(<root.ds)" = '19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5' ]] && + grep -Pq 'IN\tDS\t'"$(<root.ds)" root.key || + return 1 + + sed '/DNSKEY/s/ ;{id = '"$(cut -d\ -f1<root.ds)"' .*//;t;d' root.key > trusted-key.key +} + package() { cd "${srcdir}" - install -Dm644 trusted-key.key "${pkgdir}"/etc/trusted-key.key - - install -d "${pkgdir}/usr/share/licenses/${pkgname}" - cat > "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" << EOF -The contents of this package are inelligible for copyright protection. -EOF + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" } Modified: trusted-key.key =================================================================== --- trusted-key.key 2013-03-20 02:35:37 UTC (rev 180316) +++ trusted-key.key 2013-03-20 03:16:39 UTC (rev 180317) @@ -1,2 +1 @@ -. 172789 IN DNSKEY 256 3 8 AwEAAbd0IPTQdvyndWSX6HHcB+JycMl1aCGTHSJUBs/y9S93el05VvXg 1VqSF4vveB9rEuAZ1z8RNWZ9ac+rlaK7PrI5RlCIyKKPbtHbpgQGkwai 8O6BZ4J/ch7DGuhGJfvoECcWjsucs683WFRtmfLx5WNdPxxi30Czt1zP qMWfY6YJ -. 172789 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0= +. 166750 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
