# HG changeset patch
# User asuess@dns.net.schlittermann.de
# Date 1281451126 -7200
# Node ID 4807ad9b8d19fbd7438b4deb5d17f917558e79e9
# Parent  d5337081ed028415a6af7eb792e209500b5a3c0b
added function in dnssec-creatkey to migrate zones including ksk

diff -r d5337081ed02 -r 4807ad9b8d19 dnssec-creatkey
--- a/dnssec-creatkey	Mon Aug 09 11:45:43 2010 +0200
+++ b/dnssec-creatkey	Tue Aug 10 16:38:46 2010 +0200
@@ -35,6 +35,7 @@
 my $zone;
 my $keyname;
 
+
 # prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu
 for (@ARGV) {
     chomp( my $zone = `idn --quiet "$_"` );
@@ -47,6 +48,43 @@
     }
 }
 
+# prueft ob zonen mit schluesselmaterial ueber index- und keycounterdatei
+# verfuegen.
+# legt .index.ksk an falls nicht und gibt die entsprechende zone in die
+# liste @change 
+while (<$master_dir/*>) {
+    chomp( $zone = $_ );
+
+    if (-f "$zone/.index.zsk" and
+        -f "$zone/.index.ksk" and
+        -f "$zone/.keycounter") {
+        next;
+    }
+
+    while (<$zone/*>) {
+        if (m#^K#) {
+            my $file_in_zone = $_;
+
+            open (KEY,$_) or die "$_: $!\n";
+            for (<KEY>) {
+                if (m#DNSKEY.257#) {
+                    $file_in_zone =~ s#(/.*/)(.*).key#$2#;
+
+                    open (INDEX, ">$zone/.index.ksk") or die;
+                    print INDEX "$file_in_zone\n";
+                    close (INDEX);
+
+                    $zone =~ s#($master_dir/)(.*)#$2#;
+                    push( @change, $zone );
+
+                }
+            }
+            close (KEY);
+        }
+    }
+}
+
+
 # gibt alle zonen mit abgelaufenen keycounter in die liste @change
 while (<$master_dir/*>) {
     chomp( $zone = $_ );
@@ -93,7 +131,7 @@
     close(INDEX);
 
     chomp($keyname);
-    print "$keyname (ZSK) erzeugt fuer $zone \n";
+    print "$keyname (ZSK) creat for $zone \n";
 
     open( KC, ">.keycounter" ) or die "$master_dir/$zone/keycounter: $!\n";
     print KC "0";
@@ -107,10 +145,16 @@
     chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
     $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
 
+    print "creat new KSK for $zone? (no): ";
+    unless (<STDIN> =~ m/^yes/) {
+        next;
+    }
+
     unless ( -f ".index.ksk" ) {
         @index = ();
     }
     else {
+
         open( INDEX, ".index.ksk" )
             or die "$master_dir/$zone/.index.ksk: $!\n";
         @index = <INDEX>;
@@ -127,7 +171,7 @@
     close(INDEX);
 
     chomp($keyname);
-    print "$keyname (KSK) erzeugt fuer $zone \n";
+    print "$keyname (KSK) creat for $zone \n";
 }
 
 # loescht alle unbenoetigten schluessel, fuegt die schluessel in
@@ -204,5 +248,4 @@
     print ZONE @new_zone_content;
     close(ZONE);
 
-    print "$master_dir/$zone/$zone wurde neu erstellt \n";
 }
diff -r d5337081ed02 -r 4807ad9b8d19 zone-ls
--- a/zone-ls	Mon Aug 09 11:45:43 2010 +0200
+++ b/zone-ls	Tue Aug 10 16:38:46 2010 +0200
@@ -46,7 +46,7 @@
     $info_status = "OK";
     for (`dig \@localhost $zone`) {
         if (/root-servers/) {
-            $info_status = "FAILD";
+            $info_status = "FAILED";
             last;
 	}
     }