+
+build() {
+ cd ${srcdir}
+
+ msg 'Verifiing root-zone anchors using GPG'
+ echo 'I will import ICANN GPG key now. You should check it and optionaly sign it for future pkg builds.'
+ gpg --import icann.pgp
+ if gpg --verify "${_root_anchors}.asc" "${_root_anchors}.xml"; then
+ msg2 'OK!'
+ echo
+ else
+ msg2 'Failed!'
+ return 1
+ fi;
+
+ msg 'Transforming root-zone anchors for various applications'
+ msg2 'to DS format... (unbound,drill,dig,...)'
+ _anchor_data="$(sed -f "${srcdir}/anchors2ds.sed" "${_root_anchors}.xml" | tee "${_root_anchors}.key")";
+ echo ${_anchor_data}
+ echo
+
+ msg2 'to dnsval.conf format... (dnssec-tools)'
+ echo "# you can include this file in dnsval.conf using following directive:
+# include ${_anchor_dir}/${_root_anchors}.dnsval.conf
+
+: trust-anchor
+ ${_anchor_data}
+;
+
+: zone-security-expectation
+$(for zone in ${_signed_zones[*]}; do echo -e "\t${zone} validate"; done)
+;" | tee "${_root_anchors}.dnsval.conf"
+ echo
+
+ msg 'Installing anchor files...'
+ mkdir -p ${pkgdir}${_anchor_dir}/
+ cp -f ${srcdir}/* "${pkgdir}${_anchor_dir}/"
+
+ msg 'Making /etc/trusted-key.key symlink...'
+ mkdir -p "${pkgdir}/etc"
+ ln -s "${_anchor_dir}/${_root_anchors}.key" "${pkgdir}/etc/trusted-key.key"
+
+ msg 'Installing usefull binaries...'
+ mkdir -p "${pkgdir}/usr/bin"
+ cp "${srcdir}/anchors2ds.sed" "${pkgdir}/usr/bin/anchors2ds"
+ chmod -R 755 "${pkgdir}/usr/bin"
+
+ msg 'Cleaning...'
+ rm -rf "${srcdir}"/*
+
+}
+
+md5sums=('dc7048530480e57f2eade3cd12dfaf39'
+ '4659ca54445124527a9cdc1993264b3e'