Date: Tuesday, October 13, 2020 @ 19:54:07 Author: jelle Revision: 398255
Make dnssec-anchors reproducible by downloading the key from our servers Added: dnssec-anchors/trunk/dnssec-anchors-versioned.sh Modified: dnssec-anchors/trunk/PKGBUILD -----------------------------+ PKGBUILD | 26 ++++++++------------------ dnssec-anchors-versioned.sh | 23 +++++++++++++++++++++++ 2 files changed, 31 insertions(+), 18 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-10-13 19:49:13 UTC (rev 398254) +++ PKGBUILD 2020-10-13 19:54:07 UTC (rev 398255) @@ -1,33 +1,23 @@ -# Maintainer: Gaetan Bisson <bis...@archlinux.org> +# Maintainer: Jelle van der Waa <je...@archlinux.org> +# Contributor: Gaetan Bisson <bis...@archlinux.org> # Contributor: Thomas Mudrunka <har...@email.cz> # Contributor: m4xm4n <m...@maxfierke.com> pkgname=dnssec-anchors pkgver=20190629 -pkgrel=2 +_trusted_key=trusted-key-${pkgver}.key +pkgrel=3 pkgdesc='DNSSEC trust anchors for the root zone' url='https://data.iana.org/root-anchors/' license=('custom:none') arch=('any') makedepends=('unbound') -source=('LICENSE') -sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb') +source=('LICENSE' "https://sources.archlinux.org/other/packages/${pkgname}/${_trusted_key}") +sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb' + 'b01933ede7d505cac6bbee8c58027057d3a073581fa6cf595c352553dd07ee3c') -prepare() { - cd "${srcdir}" - - unbound-anchor -v -a root.key || - unbound-anchor -v -a root.key - - unbound-host -v -f root.key -t DNSKEY . | - sed 's/ (secure)//;t;d' | - sed 's/ has / IN /' | - sed 's/ record / /' \ - > trusted-key.key -} - package() { cd "${srcdir}" - install -Dm644 trusted-key.key "${pkgdir}"/etc/trusted-key.key + install -Dm644 ${_trusted_key} "${pkgdir}"/etc/trusted-key.key install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" } Added: dnssec-anchors-versioned.sh =================================================================== --- dnssec-anchors-versioned.sh (rev 0) +++ dnssec-anchors-versioned.sh 2020-10-13 19:54:07 UTC (rev 398255) @@ -0,0 +1,23 @@ +#!/usr/bin/bash + +TRUSTED_KEY=trusted-key-$(date +%Y%m%d).key +DEST=/srv/ftp/other/packages/dnssec-anchors + +update_key() { + key=$1 + unbound-anchor -v -a root.key || + unbound-anchor -v -a root.key + + unbound-host -v -f root.key -t DNSKEY . | + sed 's/ (secure)//;t;d' | + sed 's/ has / IN /' | + sed 's/ record / /' \ + > "${key}" + + # Cleanup created root.key + rm root.key +} + +update_key "${TRUSTED_KEY}" + +scp "${TRUSTED_KEY}" repos.archlinux.org:${DEST} Property changes on: dnssec-anchors/trunk/dnssec-anchors-versioned.sh ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property