ius/dnstools: comparison dnssec-creatkey

equal deleted inserted replaced

-:c45415af9a4b
+:d7977be97fa1
 #!/bin/bash
+set -e
 source dnstools.conf
 master_dir=$MASTER_DIR
 key_counter_end=$KEY_COUNTER_END
+function test_zsk_new {			# prueft ob es einen ZSK gibt
+	for zone in $master_dir/*
+	do
+		test -f $zone/${zone##*/}.signed || continue
+		test -f $zone/.index.zsk || echo ${zone##/*/}
+	done
+}
+function test_ksk_new {			# prueft ob es einen KSK gibt
+	for zone in $master_dir/*
+	do
+		test -f $zone/${zone##*/}.signed || continue
+		test -f $zone/.index.ksk || echo ${zone##/*/}
+	done
+}
+function test_zsk_time {		# prueft den keycounter
+	for zone in $master_dir/*
+	do
+		test -f $zone/${zone##*/}.signed || continue
+		key_counter_end=$1
+		test -f $zone/keycounter || echo 0 > $zone/keycounter
+		key_counter=`< $zone/keycounter`
+		if [ $key_counter_end -le $key_counter ]
+		then
+			echo ${zone##/*/}
+		fi
+	done
+}
 #prüft die eingegebnen domains
 for utf8domain in $@
 do
 domain=$(idn --quiet "$utf8domain")
 else
 echo $domain ist keine verwaltete Zone
 fi
 done
-function test_zsk_new {			# prueft ob es einen ZSK gibt
-	for zone in $master_dir/*
-	do
-		test -f $zone/index.zsk || echo ${zone##/*/}
-	done
-}
-function test_ksk_new {			# prueft ob es einen KSK gibt
-	for zone in $master_dir/*
-	do
-		test -f $zone/index.ksk || echo ${zone##/*/}
-	done
-}
-function test_zsk_time {		# prueft den keycounter
-	for zone in $master_dir/*
-	do
-		key_counter_end=$1
-		test -f $zone/keycounter || echo 0 > $zone/keycounter
-		key_counter=`< $zone/keycounter`
-		if [ $key_counter_end -le $key_counter ]
-		then
-			echo ${zone##/*/}
-		fi
-	done
-}
 zsk_time=`test_zsk_time $key_counter_end`
 zsk_new=`test_zsk_new`
 ksk_new=`test_ksk_new`
 for NEW_ZSK_ZONE in $zsk_new $zsk_time $zsk_aenderung	# Erstellt ZSK
 do
 	cd $master_dir/$NEW_ZSK_ZONE
 	echo "erzeugt zsk fuer" $NEW_ZSK_ZONE
-	dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk
+	dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> .index.zsk
-	INDEX_ZSK=$( tail -n2 index.zsk )
+	INDEX_ZSK=$( tail -n2 .index.zsk )
-	echo $INDEX_ZSK | fmt -w1 > index.zsk
+	echo $INDEX_ZSK | fmt -w1 > .index.zsk
 	echo 0 > keycounter
 done
 for NEW_KSK_ZONE in $ksk_new		# Erstellt KSK
 do
 	cd $master_dir/$NEW_KSK_ZONE
 	echo "erzeugt ksk fuer" $NEW_KSK_ZONE
-	dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk
+	dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> .index.ksk
-	INDEX_KSK=$( tail -n2 index.ksk )
+	INDEX_KSK=$( tail -n2 .index.ksk )
-	echo $INDEX_KSK | fmt -w1 > index.ksk
+	echo $INDEX_KSK | fmt -w1 > .index.ksk
 done
 for ZONE in $zsk_time $zsk_new $ksk_new $zsk_aenderung
 do
 	cd $master_dir/$ZONE
 	#loescht alle Schluessel die nicht in der indexdatei stehen
-	rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null
+	rm $(ls K*[key,private] | grep -v "`cat .index.zsk`" | grep -v "`cat .index.ksk`") 2> /dev/null
 	#erzeugt ein backup und entfernt alle schluessel aus der zonedatei
 	mv $ZONE $ZONE.old
 	grep -v 'DNSKEY' $ZONE.old >> $ZONE

changeset 10	d7977be97fa1
parent 9	c45415af9a4b
child 11	5509b98ea064