diff -r c45415af9a4b -r d7977be97fa1 dnssec-creatkey --- a/dnssec-creatkey Wed Jun 30 16:48:26 2010 +0200 +++ b/dnssec-creatkey Tue Jul 13 15:32:08 2010 +0200 @@ -1,9 +1,41 @@ #!/bin/bash +set -e + source dnstools.conf master_dir=$MASTER_DIR key_counter_end=$KEY_COUNTER_END +function test_zsk_new { # prueft ob es einen ZSK gibt + for zone in $master_dir/* + do + test -f $zone/${zone##*/}.signed || continue + test -f $zone/.index.zsk || echo ${zone##/*/} + done +} + +function test_ksk_new { # prueft ob es einen KSK gibt + for zone in $master_dir/* + do + test -f $zone/${zone##*/}.signed || continue + test -f $zone/.index.ksk || echo ${zone##/*/} + done +} + +function test_zsk_time { # prueft den keycounter + for zone in $master_dir/* + do + test -f $zone/${zone##*/}.signed || continue + key_counter_end=$1 + test -f $zone/keycounter || echo 0 > $zone/keycounter + key_counter=`< $zone/keycounter` + + if [ $key_counter_end -le $key_counter ] + then + echo ${zone##/*/} + fi + done +} #prüft die eingegebnen domains for utf8domain in $@ @@ -18,33 +50,6 @@ fi done -function test_zsk_new { # prueft ob es einen ZSK gibt - for zone in $master_dir/* - do - test -f $zone/index.zsk || echo ${zone##/*/} - done -} - -function test_ksk_new { # prueft ob es einen KSK gibt - for zone in $master_dir/* - do - test -f $zone/index.ksk || echo ${zone##/*/} - done -} - -function test_zsk_time { # prueft den keycounter - for zone in $master_dir/* - do - key_counter_end=$1 - test -f $zone/keycounter || echo 0 > $zone/keycounter - key_counter=`< $zone/keycounter` - - if [ $key_counter_end -le $key_counter ] - then - echo ${zone##/*/} - fi - done -} zsk_time=`test_zsk_time $key_counter_end` zsk_new=`test_zsk_new` @@ -55,9 +60,9 @@ do cd $master_dir/$NEW_ZSK_ZONE echo "erzeugt zsk fuer" $NEW_ZSK_ZONE - dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk - INDEX_ZSK=$( tail -n2 index.zsk ) - echo $INDEX_ZSK | fmt -w1 > index.zsk + dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> .index.zsk + INDEX_ZSK=$( tail -n2 .index.zsk ) + echo $INDEX_ZSK | fmt -w1 > .index.zsk echo 0 > keycounter done @@ -66,9 +71,9 @@ do cd $master_dir/$NEW_KSK_ZONE echo "erzeugt ksk fuer" $NEW_KSK_ZONE - dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk - INDEX_KSK=$( tail -n2 index.ksk ) - echo $INDEX_KSK | fmt -w1 > index.ksk + dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> .index.ksk + INDEX_KSK=$( tail -n2 .index.ksk ) + echo $INDEX_KSK | fmt -w1 > .index.ksk done @@ -78,7 +83,7 @@ cd $master_dir/$ZONE #loescht alle Schluessel die nicht in der indexdatei stehen - rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null + rm $(ls K*[key,private] | grep -v "`cat .index.zsk`" | grep -v "`cat .index.ksk`") 2> /dev/null #erzeugt ein backup und entfernt alle schluessel aus der zonedatei mv $ZONE $ZONE.old