dnssec-creatkey
changeset 10 d7977be97fa1
parent 9 c45415af9a4b
child 11 5509b98ea064
--- a/dnssec-creatkey	Wed Jun 30 16:48:26 2010 +0200
+++ b/dnssec-creatkey	Tue Jul 13 15:32:08 2010 +0200
@@ -1,9 +1,41 @@
 #!/bin/bash
+set -e
+
 source dnstools.conf
 
 master_dir=$MASTER_DIR
 key_counter_end=$KEY_COUNTER_END
 
+function test_zsk_new {			# prueft ob es einen ZSK gibt
+	for zone in $master_dir/*
+	do
+		test -f $zone/${zone##*/}.signed || continue
+		test -f $zone/.index.zsk || echo ${zone##/*/}
+	done
+}
+
+function test_ksk_new {			# prueft ob es einen KSK gibt
+	for zone in $master_dir/*
+	do
+		test -f $zone/${zone##*/}.signed || continue
+		test -f $zone/.index.ksk || echo ${zone##/*/}
+	done
+}
+
+function test_zsk_time {		# prueft den keycounter
+	for zone in $master_dir/*
+	do
+		test -f $zone/${zone##*/}.signed || continue
+		key_counter_end=$1
+		test -f $zone/keycounter || echo 0 > $zone/keycounter
+		key_counter=`< $zone/keycounter`
+	
+		if [ $key_counter_end -le $key_counter ]
+		then
+			echo ${zone##/*/} 
+		fi
+	done
+}
 
 #prüft die eingegebnen domains
 for utf8domain in $@
@@ -18,33 +50,6 @@
         fi
 done
 
-function test_zsk_new {			# prueft ob es einen ZSK gibt
-	for zone in $master_dir/*
-	do
-		test -f $zone/index.zsk || echo ${zone##/*/}
-	done
-}
-
-function test_ksk_new {			# prueft ob es einen KSK gibt
-	for zone in $master_dir/*
-	do
-		test -f $zone/index.ksk || echo ${zone##/*/}
-	done
-}
-
-function test_zsk_time {		# prueft den keycounter
-	for zone in $master_dir/*
-	do
-		key_counter_end=$1
-		test -f $zone/keycounter || echo 0 > $zone/keycounter
-		key_counter=`< $zone/keycounter`
-	
-		if [ $key_counter_end -le $key_counter ]
-		then
-			echo ${zone##/*/} 
-		fi
-	done
-}
 
 zsk_time=`test_zsk_time $key_counter_end`
 zsk_new=`test_zsk_new`
@@ -55,9 +60,9 @@
 do
 	cd $master_dir/$NEW_ZSK_ZONE
 	echo "erzeugt zsk fuer" $NEW_ZSK_ZONE
-	dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk
-	INDEX_ZSK=$( tail -n2 index.zsk )
-	echo $INDEX_ZSK | fmt -w1 > index.zsk
+	dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> .index.zsk
+	INDEX_ZSK=$( tail -n2 .index.zsk )
+	echo $INDEX_ZSK | fmt -w1 > .index.zsk
 
 	echo 0 > keycounter	
 done
@@ -66,9 +71,9 @@
 do	
 	cd $master_dir/$NEW_KSK_ZONE
 	echo "erzeugt ksk fuer" $NEW_KSK_ZONE
-	dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk
-	INDEX_KSK=$( tail -n2 index.ksk )
-	echo $INDEX_KSK | fmt -w1 > index.ksk
+	dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> .index.ksk
+	INDEX_KSK=$( tail -n2 .index.ksk )
+	echo $INDEX_KSK | fmt -w1 > .index.ksk
 done
 
 
@@ -78,7 +83,7 @@
 	cd $master_dir/$ZONE
 
 	#loescht alle Schluessel die nicht in der indexdatei stehen
-	rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null
+	rm $(ls K*[key,private] | grep -v "`cat .index.zsk`" | grep -v "`cat .index.ksk`") 2> /dev/null
 
 	#erzeugt ein backup und entfernt alle schluessel aus der zonedatei
 	mv $ZONE $ZONE.old