--- a/dnssec-creatkey Wed Aug 04 11:27:21 2010 +0200
+++ b/dnssec-creatkey Thu Aug 05 10:49:36 2010 +0200
@@ -29,8 +29,8 @@
close (CONFIG);
-my $master_dir= $config{master_dir};
-my $key_counter_end=$config{key_counter_end};
+my $master_dir = $config{master_dir};
+my $key_counter_end = $config{key_counter_end};
my @change;
my @manu;
my @index;
@@ -41,28 +41,30 @@
for (@ARGV) {
chomp (my $zone = `idn --quiet "$_"`);
- if (-e "$master_dir/$zone") {
+ if (-d "$master_dir/$zone") {
push (@manu, $zone);
- } else {
- print " $zone ist keine verwaltete zone \n ";
+ }
+ else {
+ print " $zone not exist\n ";
}
}
# gibt alle zonen mit abgelaufenen keycounter in die liste @change
-for (<$master_dir/*>) {
+while (<$master_dir/*>) {
chomp ($zone = $_);
my $key;
- if (-e "$zone/.keycounter") {
+ unless (-f "$zone/.keycounter") {
+ next
+ }
- open (KEY, "$zone/.keycounter");
- $key = <KEY>;
- close (KEY);
+ open (KEY, "$zone/.keycounter") or die "$zone/.keycounter: $!\n";
+ $key = <KEY>;
+ close (KEY);
- if ($key_counter_end < $key) {
- $zone =~ s#($master_dir/)(.*)#$2#;
- push (@change, $zone);
- }
+ if ($key_counter_end <= $key) {
+ $zone =~ s#($master_dir/)(.*)#$2#;
+ push (@change, $zone);
}
}
@@ -70,15 +72,16 @@
for (@change, @manu) {
$zone = $_;
- chdir "$master_dir/$zone" or die "chdir nach / nicht moeglich: $1";
+ chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
$keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
- if (-e ".index.zsk") {
- open (INDEX, ".index.zsk");
+ unless (-f ".index.zsk") {
+ @index = ();
+ }
+ else {
+ open (INDEX, ".index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n";
@index = <INDEX>;
close (INDEX);
- } else {
- @index = ();
}
push @index, $keyname;
@@ -86,14 +89,14 @@
shift (@index);
}
- open (INDEX, ">.index.zsk");
+ open (INDEX, ">.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n";
print INDEX @index;
close (INDEX);
chomp ($keyname);
print "$keyname (ZSK) erzeugt fuer $zone \n";
- open (KC, ">.keycounter");
+ open (KC, ">.keycounter") or die "$master_dir/$zone/keycounter: $!\n";
print KC "0";
close (KC);
}
@@ -102,15 +105,15 @@
for (@manu) {
$zone = $_;
- chdir "$master_dir/$zone" or die "chdir nach / nicht moeglich: $1";
+ chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
$keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
- if (-e ".index.ksk") {
- open (INDEX, ".index.ksk");
+ unless (-f ".index.ksk") {
+ @index = ();
+ } else {
+ open (INDEX, ".index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n";
@index = <INDEX>;
close (INDEX);
- } else {
- @index = ();
}
push @index, $keyname;
@@ -118,7 +121,7 @@
shift (@index);
}
- open (INDEX, ">.index.ksk");
+ open (INDEX, ">.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n";
print INDEX @index;
close (INDEX);
@@ -136,28 +139,29 @@
my @keylist = ();
my $file = ();
- open (INDEX, "$master_dir/$zone/.index.zsk");
+
+ open (INDEX, "<$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n";
@keylist = <INDEX>;
close (INDEX);
- open (INDEX, "$master_dir/$zone/.index.ksk");
+ open (INDEX, "<$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n";
push @keylist, <INDEX>;
close (INDEX);
- open (ZONE, "$master_dir/$zone/$zone");
+ open (ZONE, "<$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n";
@old_zone_content = <ZONE>;
close (ZONE);
# kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie
# besser vergleichen zu koennen.
- foreach (@keylist) {
+ for (@keylist) {
chomp;
s#K.*\+.*\+(.*)#$1#;
}
# filtert alle schluessel aus der zonedatei
# old_zone_content ==> new_zone_content
- foreach (@old_zone_content) {
+ for (@old_zone_content) {
unless (/IN\sDNSKEY/) {
push @new_zone_content, $_;
}
@@ -165,12 +169,12 @@
# prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen
# indexdatei beschrieben sind. wenn nicht werden sie geloescht.
- foreach (`ls $master_dir/$zone/K*[key,private]`){
+ for (`ls $master_dir/$zone/K*[key,private]`){
chomp;
$file = $_;
my $rm_count = 1;
- foreach (@keylist) {
+ for (@keylist) {
if ($file =~ /$_/) {
$rm_count = 0;
@@ -178,7 +182,7 @@
# schluessel die in der indexdatei standen, werden an die
# zonedatei angehangen.
if ($file =~ /.*key/) {
- open (KEYFILE, "$file");
+ open (KEYFILE, "<$file") or next "$file: $!\n";
push @new_zone_content, <KEYFILE>;
close (KEYFILE);
@@ -189,11 +193,12 @@
#loescht alle unbenoetigten schluessel
if ($rm_count == 1) {
- print `rm -f $file`;
+ unlink "$file";
}
}
- open (ZONE, ">$master_dir/$zone/$zone");
+
+ open (ZONE, ">$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n";
print ZONE @new_zone_content;
close (ZONE);
--- a/dnssec-killkey Wed Aug 04 11:27:21 2010 +0200
+++ b/dnssec-killkey Thu Aug 05 10:49:36 2010 +0200
@@ -40,19 +40,16 @@
for (@ARGV) {
chomp ($zone = `idn --quiet $_`);
my $zdir = "$master_dir/$zone";
- if (-e "$master_dir/$zone") {
-
+ unless (-e "$master_dir/$zone") {
+ print "$zone ist keine verwaltete zone \n";
+ } else {
if (-e "$zdir/$zone.signed") { unlink "$zdir/$zone.signed"}
if (-e "$zdir/.keycounter") { unlink "$zdir/.keycounter"}
if (-e "$zdir/.index.ksk") { unlink "$zdir/.index.ksk"}
if (-e "$zdir/.index.zsk") { unlink "$zdir/.index.zsk"}
if (-e "$zdir/dsset-$zone.") { unlink "$zdir/dsset-$zone."}
if (-e "$zdir/keyset-$zone.") { unlink "$zdir/keyset-$zone."}
-
for (`ls $master_dir/$zone/K*[key,private]`){ unlink $_}
-
- } else {
- print "$zone ist keine verwaltete zone \n";
}
}
@@ -69,7 +66,10 @@
if (-e "$master_dir/$zone/.index.zsk") {
@status = stat("$master_dir/$zone/.index.zsk");
$status[9] += (3600 * $ablauf_zeit);
- } else { next; }
+ }
+ else {
+ next;
+ }
# prueft ob das key-rollover-ende erreicht ist
unless ($status[9] < $now_time ) {
@@ -78,12 +78,12 @@
# prueft die anzahl der schluessel in der ".index.zsk"
# loescht alte schluessel
- open (INDEX, "$master_dir/$zone/.index.zsk");
+ open (INDEX, "$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n";
@index = <INDEX>;
$index_wc = @index;
close (INDEX);
if ($index_wc > 1) {
- open (INDEX, ">$master_dir/$zone/.index.zsk");
+ open (INDEX, ">$master_dir/$zone/.index.zsk")or die "$master_dir/$zone/.index.zsk: $!\n";
print INDEX $index[1];
close (INDEX);
push @auto, $zone;
@@ -91,12 +91,12 @@
# prueft die anzahl der schluessel in der ".index.ksk"
# loescht alte schluessel
- open (INDEX, "$master_dir/$zone/.index.ksk");
+ open (INDEX, "$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n";
@index = <INDEX>;
$index_wc = @index;
close (INDEX);
if ($index_wc > 1) {
- open (INDEX, ">$master_dir/$zone/.index.ksk");
+ open (INDEX, ">$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n";
print INDEX $index[1];
close (INDEX);
push @auto, $zone;
@@ -114,15 +114,15 @@
my @keylist = ();
my $file;
- open (INDEX, "$master_dir/$zone/.index.zsk");
+ open (INDEX, "$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n";
@keylist = <INDEX>;
close (INDEX);
- open (INDEX, "$master_dir/$zone/.index.ksk");
+ open (INDEX, "$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n";
push @keylist, <INDEX>;
close (INDEX);
- open (ZONE, "$master_dir/$zone/$zone");
+ open (ZONE, "$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n";
@old_zone_content = <ZONE>;
close (ZONE);
@@ -156,7 +156,7 @@
# schluessel die in der indexdatei standen, werden an die
# zonedatei angehangen.
if ($file =~ /.*key/) {
- open (KEYFILE, "$file");
+ open (KEYFILE, "$file") or die "$file: $!\n";
push @new_zone_content, <KEYFILE>;
close (KEYFILE);
@@ -171,7 +171,7 @@
}
}
- open (ZONE, ">$master_dir/$zone/$zone");
+ open (ZONE, ">$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n";
print ZONE @new_zone_content;
close (ZONE);