diff -r a3860111db49 -r 3db363880766 sbin/dnssec-keytool --- a/sbin/dnssec-keytool Thu Jun 30 15:19:33 2011 +0200 +++ b/sbin/dnssec-keytool Thu Jun 30 16:24:32 2011 +0200 @@ -39,10 +39,11 @@ "h|help" => sub { pod2usage(-exit => 0, -verbose => 1) }, "m|man" => sub { pod2usage( - -exit => 0, - # "system('perldoc -V &>/dev/null')" appears shorter, but may not - # do what you expect ( it still returns 0 on debian squeeze with - # dash as system shell even if cannot find the command in $PATH) + -exit => 0, + + # "system('perldoc -V &>/dev/null')" appears shorter, but may not + # do what you expect ( it still returns 0 on debian squeeze with + # dash as system shell even if cannot find the command in $PATH) -noperldoc => system('perldoc -V >/dev/null 2>&1'), -verbose => 2 ); @@ -65,18 +66,19 @@ } given ($cmd) { - when ("zsk") { exit create_zsk(@zones) }; - when ("ksk") { exit create_ksk(@zones) }; + when ("zsk") { exit create_zsk(@zones) }; + when ("ksk") { exit create_ksk(@zones) }; + #when ("check") { exit check_zone(@zones) }; - when ("rm") { exit rm_keys(@zones) }; - default { die "not implemented\n" }; + when ("rm") { exit rm_keys(@zones) }; + default { die "not implemented\n" }; }; } sub rm_keys (@) { - my @zones = @_; + my @zones = @_; my $master_dir = "$cf{master_dir}"; for my $zone (@zones) { @@ -84,12 +86,11 @@ my $dir = "$master_dir/$zone"; my $ep = 0; - my @files = map "$dir/$_", ("$zone.signed", - ".keycounter", - ".index.ksk", - ".index.zsk", - "dsset-$zone.", - "keyset-$zone."); + my @files = map "$dir/$_", + ( + "$zone.signed", ".keycounter", ".index.ksk", ".index.zsk", + "dsset-$zone.", "keyset-$zone." + ); push @files, glob "$dir/K$zone*"; for my $f (@files) { @@ -104,7 +105,8 @@ open my $old, "$dir/$zone" or die "Can't open '$dir/$zone': $!\n"; my @old = <$old>; close $old; - my @new = grep { not /^\s*\$include\s+("?)K\Q$zone\E.*\.key\1\s*$/i } @old; + my @new = + grep { not /^\s*\$include\s+("?)K\Q$zone\E.*\.key\1\s*$/i } @old; return if @new ~~ @old; my $new = File::Temp->new(UNLINK => 0) @@ -127,9 +129,7 @@ ksk => { cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE %s' }, - zsk => { - cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 512 -n ZONE %s' - } + zsk => { cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 512 -n ZONE %s' } }; @@ -142,17 +142,20 @@ my $cmd = sprintf $args->{$type}->{cmd}, $dir, $zone; chomp($keyname = qx/$cmd/); - die "Key generation failed! (output was: '$keyname')" unless $keyname =~ /^K\Q$zone\E\.?\+\d{3}\+\d{5}$/; + die "Key generation failed! (output was: '$keyname')" + unless $keyname =~ /^K\Q$zone\E\.?\+\d{3}\+\d{5}$/; - open $idx, '+>>', "$dir/.index.$type" or die "Can't open $dir/.index.$type: $!\n"; - seek $idx, 0 ,0 or die "Cant' seek: $!"; - chomp (@index = <$idx>); + open $idx, '+>>', "$dir/.index.$type" + or die "Can't open $dir/.index.$type: $!\n"; + seek $idx, 0, 0 or die "Cant' seek: $!"; + chomp(@index = <$idx>); push @index, $keyname; + # TODO: this should be part of the key removal procedure, no? # shift @index if @index > 2; - seek $idx, 0 ,0 or die "Cant' seek: $!"; + seek $idx, 0, 0 or die "Cant' seek: $!"; truncate $idx, 0 or die "Can't truncate: $!"; print $idx join "\n" => @index, ''; close $idx; @@ -162,7 +165,8 @@ key_to_zonefile($keyname); if (lc $type eq 'zsk') { - open my $kc, '>', "$dir/.keycounter" or die "Can't open $dir/.keycounter: $!\n"; + open my $kc, '>', "$dir/.keycounter" + or die "Can't open $dir/.keycounter: $!\n"; print $kc "0\n"; close $kc; } @@ -273,7 +277,7 @@ my (@lines, $tmp); open OLD, '<', $zf or die "Can't open $zf: $!\n"; - chomp (@lines = ); + chomp(@lines = ); close OLD; return if grep /^\s*\$include\s+("?)\Q$keyname\E\.key\1\s*$/i, @lines;