# HG changeset patch # User Heiko Schlittermann # Date 1293577683 -3600 # Node ID 35a116258422c2fba996f1658436c090396cd4ee # Parent 3d3e09a0c02847c6e66db547329c3fe7c8c77ff9 lifted begin_rollover diff -r 3d3e09a0c028 -r 35a116258422 .hgignore --- a/.hgignore Tue Dec 28 15:36:19 2010 +0100 +++ b/.hgignore Wed Dec 29 00:08:03 2010 +0100 @@ -4,3 +4,4 @@ zone-ls zone-mk zone-rm +bind diff -r 3d3e09a0c028 -r 35a116258422 dnstools.conf --- a/dnstools.conf Tue Dec 28 15:36:19 2010 +0100 +++ b/dnstools.conf Wed Dec 29 00:08:03 2010 +0100 @@ -1,6 +1,6 @@ -bind_dir = /etc/bind # bind-Hauptverzeichnis -master_dir = /etc/bind/master # Verzeichnis für die einzelnen Zonen-Verzeichnisse -zone_conf_dir = /etc/bind/zones.d # Verzeichnis für die Zonen-Konfigurationdateien +bind_dir = ./bind # bind-Hauptverzeichnis +master_dir = ./bind/master # Verzeichnis für die einzelnen Zonen-Verzeichnisse +zone_conf_dir = ./bind/zones.d # Verzeichnis für die Zonen-Konfigurationdateien key_counter_end = 15 # Anzahl der Signierungen bis zum Key-Rollover sign_alert_time = 168 # Warn-Zeitraum vor dem Ablauf einer Zone-Signatur in h diff -r 3d3e09a0c028 -r 35a116258422 update-serial.pl --- a/update-serial.pl Tue Dec 28 15:36:19 2010 +0100 +++ b/update-serial.pl Wed Dec 29 00:08:03 2010 +0100 @@ -20,13 +20,13 @@ sub sign_expired($); sub need_rollover(); sub done_rollover(); +sub begin_rollover(@); sub sign_zone; sub update_serial; sub mk_zone_conf; sub file_entry; sub server_reload; -sub begin_ro; sub key_to_zonefile; sub kill_useless_keys; sub end_ro; @@ -68,12 +68,10 @@ ### @candidates ### @need_rollover ### @done_rollover + + begin_rollover(@need_rollover); # eine rollover-beginn-sequenz exit; - if (@need_rollover) { - begin_ro; # eine rollover-beginn-sequenz - } - if (@end_ro_list) { end_ro; # eine rollover-end-squenz } @@ -428,44 +426,43 @@ return @r; } -sub begin_ro { +sub begin_rollover(@) { + my @zones = @_; + my @r; # anfang des key-rollovers - our @begin_ro_list; - our @new_serial; - for (uniq(@begin_ro_list)) { + #?? for (uniq(@begin_ro_list)) { + foreach my $zone (@zones) { #erzeugt zsks - my $zone = $_; - my $zpf = "$config{master_dir}/$zone"; - my @index; + my $dir = "$config{master_dir}/$zone"; + my @keys; - chdir "$zpf" or die "$zpf: $!\n"; - my $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; + chomp(my $keyname = `cd $dir && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`); + + open(my $fh, "+<$dir/.index.zsk") or die "$dir/.index.zsk: $!\n"; + chomp(@keys = <$fh>); - open(INDEX, ".index.zsk") or die "$zpf/.index.zsk: $!\n"; - @index = ; - close(INDEX); + push @keys, $keyname; + shift @keys if @keys > 2; - push @index, $keyname; - if (@index > 2) { shift(@index); } + seek($fh, 0, 0) or die "seek"; # FIXME + truncate($fh, 0) or die "truncate"; # FIXME + print $fh join "\n" => @keys; - open(INDEX, ">.index.zsk") or die "$zpf/.index.zsk: $!\n"; - print INDEX @index; - close(INDEX); - - chomp($keyname); print " * $zone: neuer ZSK $keyname erstellt\n"; - open(KC, ">.keycounter") or die "$zpf/keycounter: $!\n"; - print KC "0"; - close(KC); + open($fh, ">$dir/.keycounter") or die "$dir/.keycounter: $!\n"; + say $fh 0; + close($fh); &kill_useless_keys($zone); &key_to_zonefile($zone); - push @new_serial, $zone; + push @r, $zone; } + + return @r; } sub key_to_zonefile {