--- a/sbin/dnssec-keytool Thu Jun 30 15:19:33 2011 +0200
+++ b/sbin/dnssec-keytool Thu Jun 30 16:24:32 2011 +0200
@@ -39,10 +39,11 @@
"h|help" => sub { pod2usage(-exit => 0, -verbose => 1) },
"m|man" => sub {
pod2usage(
- -exit => 0,
- # "system('perldoc -V &>/dev/null')" appears shorter, but may not
- # do what you expect ( it still returns 0 on debian squeeze with
- # dash as system shell even if cannot find the command in $PATH)
+ -exit => 0,
+
+ # "system('perldoc -V &>/dev/null')" appears shorter, but may not
+ # do what you expect ( it still returns 0 on debian squeeze with
+ # dash as system shell even if cannot find the command in $PATH)
-noperldoc => system('perldoc -V >/dev/null 2>&1'),
-verbose => 2
);
@@ -65,18 +66,19 @@
}
given ($cmd) {
- when ("zsk") { exit create_zsk(@zones) };
- when ("ksk") { exit create_ksk(@zones) };
+ when ("zsk") { exit create_zsk(@zones) };
+ when ("ksk") { exit create_ksk(@zones) };
+
#when ("check") { exit check_zone(@zones) };
- when ("rm") { exit rm_keys(@zones) };
- default { die "not implemented\n" };
+ when ("rm") { exit rm_keys(@zones) };
+ default { die "not implemented\n" };
};
}
sub rm_keys (@) {
- my @zones = @_;
+ my @zones = @_;
my $master_dir = "$cf{master_dir}";
for my $zone (@zones) {
@@ -84,12 +86,11 @@
my $dir = "$master_dir/$zone";
my $ep = 0;
- my @files = map "$dir/$_", ("$zone.signed",
- ".keycounter",
- ".index.ksk",
- ".index.zsk",
- "dsset-$zone.",
- "keyset-$zone.");
+ my @files = map "$dir/$_",
+ (
+ "$zone.signed", ".keycounter", ".index.ksk", ".index.zsk",
+ "dsset-$zone.", "keyset-$zone."
+ );
push @files, glob "$dir/K$zone*";
for my $f (@files) {
@@ -104,7 +105,8 @@
open my $old, "$dir/$zone" or die "Can't open '$dir/$zone': $!\n";
my @old = <$old>;
close $old;
- my @new = grep { not /^\s*\$include\s+("?)K\Q$zone\E.*\.key\1\s*$/i } @old;
+ my @new =
+ grep { not /^\s*\$include\s+("?)K\Q$zone\E.*\.key\1\s*$/i } @old;
return if @new ~~ @old;
my $new = File::Temp->new(UNLINK => 0)
@@ -127,9 +129,7 @@
ksk => {
cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE %s'
},
- zsk => {
- cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 512 -n ZONE %s'
- }
+ zsk => { cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 512 -n ZONE %s' }
};
@@ -142,17 +142,20 @@
my $cmd = sprintf $args->{$type}->{cmd}, $dir, $zone;
chomp($keyname = qx/$cmd/);
- die "Key generation failed! (output was: '$keyname')" unless $keyname =~ /^K\Q$zone\E\.?\+\d{3}\+\d{5}$/;
+ die "Key generation failed! (output was: '$keyname')"
+ unless $keyname =~ /^K\Q$zone\E\.?\+\d{3}\+\d{5}$/;
- open $idx, '+>>', "$dir/.index.$type" or die "Can't open $dir/.index.$type: $!\n";
- seek $idx, 0 ,0 or die "Cant' seek: $!";
- chomp (@index = <$idx>);
+ open $idx, '+>>', "$dir/.index.$type"
+ or die "Can't open $dir/.index.$type: $!\n";
+ seek $idx, 0, 0 or die "Cant' seek: $!";
+ chomp(@index = <$idx>);
push @index, $keyname;
+
# TODO: this should be part of the key removal procedure, no?
# shift @index if @index > 2;
- seek $idx, 0 ,0 or die "Cant' seek: $!";
+ seek $idx, 0, 0 or die "Cant' seek: $!";
truncate $idx, 0 or die "Can't truncate: $!";
print $idx join "\n" => @index, '';
close $idx;
@@ -162,7 +165,8 @@
key_to_zonefile($keyname);
if (lc $type eq 'zsk') {
- open my $kc, '>', "$dir/.keycounter" or die "Can't open $dir/.keycounter: $!\n";
+ open my $kc, '>', "$dir/.keycounter"
+ or die "Can't open $dir/.keycounter: $!\n";
print $kc "0\n";
close $kc;
}
@@ -273,7 +277,7 @@
my (@lines, $tmp);
open OLD, '<', $zf or die "Can't open $zf: $!\n";
- chomp (@lines = <OLD>);
+ chomp(@lines = <OLD>);
close OLD;
return if grep /^\s*\$include\s+("?)\Q$keyname\E\.key\1\s*$/i, @lines;