--- a/dnssec-creatkey Wed Jun 30 16:48:26 2010 +0200
+++ b/dnssec-creatkey Tue Jul 13 15:32:08 2010 +0200
@@ -1,9 +1,41 @@
#!/bin/bash
+set -e
+
source dnstools.conf
master_dir=$MASTER_DIR
key_counter_end=$KEY_COUNTER_END
+function test_zsk_new { # prueft ob es einen ZSK gibt
+ for zone in $master_dir/*
+ do
+ test -f $zone/${zone##*/}.signed || continue
+ test -f $zone/.index.zsk || echo ${zone##/*/}
+ done
+}
+
+function test_ksk_new { # prueft ob es einen KSK gibt
+ for zone in $master_dir/*
+ do
+ test -f $zone/${zone##*/}.signed || continue
+ test -f $zone/.index.ksk || echo ${zone##/*/}
+ done
+}
+
+function test_zsk_time { # prueft den keycounter
+ for zone in $master_dir/*
+ do
+ test -f $zone/${zone##*/}.signed || continue
+ key_counter_end=$1
+ test -f $zone/keycounter || echo 0 > $zone/keycounter
+ key_counter=`< $zone/keycounter`
+
+ if [ $key_counter_end -le $key_counter ]
+ then
+ echo ${zone##/*/}
+ fi
+ done
+}
#prüft die eingegebnen domains
for utf8domain in $@
@@ -18,33 +50,6 @@
fi
done
-function test_zsk_new { # prueft ob es einen ZSK gibt
- for zone in $master_dir/*
- do
- test -f $zone/index.zsk || echo ${zone##/*/}
- done
-}
-
-function test_ksk_new { # prueft ob es einen KSK gibt
- for zone in $master_dir/*
- do
- test -f $zone/index.ksk || echo ${zone##/*/}
- done
-}
-
-function test_zsk_time { # prueft den keycounter
- for zone in $master_dir/*
- do
- key_counter_end=$1
- test -f $zone/keycounter || echo 0 > $zone/keycounter
- key_counter=`< $zone/keycounter`
-
- if [ $key_counter_end -le $key_counter ]
- then
- echo ${zone##/*/}
- fi
- done
-}
zsk_time=`test_zsk_time $key_counter_end`
zsk_new=`test_zsk_new`
@@ -55,9 +60,9 @@
do
cd $master_dir/$NEW_ZSK_ZONE
echo "erzeugt zsk fuer" $NEW_ZSK_ZONE
- dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk
- INDEX_ZSK=$( tail -n2 index.zsk )
- echo $INDEX_ZSK | fmt -w1 > index.zsk
+ dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> .index.zsk
+ INDEX_ZSK=$( tail -n2 .index.zsk )
+ echo $INDEX_ZSK | fmt -w1 > .index.zsk
echo 0 > keycounter
done
@@ -66,9 +71,9 @@
do
cd $master_dir/$NEW_KSK_ZONE
echo "erzeugt ksk fuer" $NEW_KSK_ZONE
- dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk
- INDEX_KSK=$( tail -n2 index.ksk )
- echo $INDEX_KSK | fmt -w1 > index.ksk
+ dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> .index.ksk
+ INDEX_KSK=$( tail -n2 .index.ksk )
+ echo $INDEX_KSK | fmt -w1 > .index.ksk
done
@@ -78,7 +83,7 @@
cd $master_dir/$ZONE
#loescht alle Schluessel die nicht in der indexdatei stehen
- rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null
+ rm $(ls K*[key,private] | grep -v "`cat .index.zsk`" | grep -v "`cat .index.ksk`") 2> /dev/null
#erzeugt ein backup und entfernt alle schluessel aus der zonedatei
mv $ZONE $ZONE.old