First really working version :-) Still have to add code to get DNSKEYs and validate...

author Harvie <tomas@mudrunka.cz>

Fri, 6 Aug 2010 01:47:51 +0000 (03:47 +0200)

committer Harvie <tomas@mudrunka.cz>

Fri, 6 Aug 2010 01:47:51 +0000 (03:47 +0200)
author Harvie <tomas@mudrunka.cz>
Fri, 6 Aug 2010 01:47:51 +0000 (03:47 +0200)
committer Harvie <tomas@mudrunka.cz>
Fri, 6 Aug 2010 01:47:51 +0000 (03:47 +0200)
diff --git a/dnssec-root-zone-trust-anchors/PKGBUILD b/dnssec-root-zone-trust-anchors/PKGBUILD

index 189c064cc6508670861ca2063a878eef40b56231..28c5bc3229e6788e9d3e86cd55cc5b341bae1379 100644 (file)
--- a/dnssec-root-zone-trust-anchors/PKGBUILD
+++ b/dnssec-root-zone-trust-anchors/PKGBUILD
@@ -1,19 +1,27 @@
  # Contributor: Thomas Mudrunka <harvie@@email..cz>
  # Maintainer: Thomas Mudrunka <harvie@@email..cz>
  # You can also contact me on http://blog.harvie.cz/
+# Patches welcome: http://github.com/harvie/archlinux-packages
  
  pkgname=dnssec-root-zone-trust-anchors
-pkgver=1.0
-pkgrel=3
-pkgdesc="IANA Root Zone Trust Anchors for DNSSEC converted to various formats so they are usable by many applications."
+pkgver=2010.07.15
+pkgrel=1
+pkgdesc='IANA Root Zone Trust Anchors for DNSSEC converted to various formats so they are usable by many applications.'
  arch=('any')
  license=('Public Domain')
  url='https://www.iana.org/dnssec/'
-depends=(coreutils)
+depends=()
+makedepends=(sed coreutils gnupg)
+optdepends=(
+       'gnupg: verify IANA anchors yourself'
+       'sed: anchors2ds'
+)
+_signed_zones=(.) #(bg br cat cz dk edu lk na org tm uk)
  _anchor_dir=/usr/share/dnssec-trust-anchors
-_root_anchor_out=root-anchor
+_root_anchors=root-anchors
  _root_anchor=Kjqmt7v
  source=(
+       anchors2ds.sed
         https://data.iana.org/root-anchors/${_root_anchor}.crt
         https://data.iana.org/root-anchors/${_root_anchor}.csr
         https://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.html
@@ -25,7 +33,60 @@ source=(
         https://data.iana.org/root-anchors/root-anchors.p7s
         https://data.iana.org/root-anchors/root-anchors.xml
  )
-md5sums=('4659ca54445124527a9cdc1993264b3e'
+
+build() {
+       cd ${srcdir}
+
+       msg 'Verifiing root-zone anchors using GPG'
+               echo 'I will import ICANN GPG key now. You should check it and optionaly sign it for future pkg builds.'
+               gpg --import icann.pgp
+               if gpg --verify "${_root_anchors}.asc" "${_root_anchors}.xml"; then
+                       msg2 'OK!'
+                       echo
+               else
+                       msg2 'Failed!'
+                       return 1
+               fi;
+
+       msg 'Transforming root-zone anchors for various applications'
+       msg2 'to DS format... (unbound,drill,dig,...)'
+               _anchor_data="$(sed -f "${srcdir}/anchors2ds.sed" "${_root_anchors}.xml" | tee "${_root_anchors}.key")";
+               echo ${_anchor_data}
+               echo
+
+       msg2 'to dnsval.conf format... (dnssec-tools)'
+               echo "# you can include this file in dnsval.conf using following directive:
+# include ${_anchor_dir}/${_root_anchors}.dnsval.conf
+
+: trust-anchor
+       ${_anchor_data}
+;
+
+: zone-security-expectation
+$(for zone in ${_signed_zones[*]}; do echo -e "\t${zone} validate"; done)
+;" | tee "${_root_anchors}.dnsval.conf"
+       echo
+
+       msg 'Installing anchor files...'
+       mkdir -p ${pkgdir}${_anchor_dir}/
+       cp -f ${srcdir}/* "${pkgdir}${_anchor_dir}/"
+
+       msg 'Making /etc/trusted-key.key symlink...'
+       mkdir -p "${pkgdir}/etc"
+       ln -s "${_anchor_dir}/${_root_anchors}.key" "${pkgdir}/etc/trusted-key.key"
+
+       msg 'Installing usefull binaries...'
+       mkdir -p "${pkgdir}/usr/bin"
+       cp "${srcdir}/anchors2ds.sed" "${pkgdir}/usr/bin/anchors2ds"
+       chmod -R 755 "${pkgdir}/usr/bin"
+
+       msg 'Cleaning...'
+       rm -rf "${srcdir}"/*
+
+}
+
+md5sums=('dc7048530480e57f2eade3cd12dfaf39'
+         '4659ca54445124527a9cdc1993264b3e'
           '427766bf91c674c4f0469ed363f207a8'
           'fc244ac431689b6f5be904028c869fce'
           '3cd5b6b9f78658e1a1132fe36ce18273'
@@ -35,7 +96,8 @@ md5sums=('4659ca54445124527a9cdc1993264b3e'
           'a5612e1b84a75c29b642b9342286c511'
           'ebde9ff9f8fdc8e057c7f9c0fa24738a'
           '69e6f9b67e92fbc952d488cc6f67198f')
-sha1sums=('1521d2d6046e8858b6e7bad0a03f524abfa81cb1'
+sha1sums=('535d130c78439146182cd33d3e5f26a6191abeb4'
+          '1521d2d6046e8858b6e7bad0a03f524abfa81cb1'
            'ccd189083713572119635047e3d78ae9a2d9d307'
            '1d7c57b28ec4551361b7b6fc38f7740e8c2626c0'
            '81c1a8a5292938ce858c72abd39e07acd9d4f95c'
@@ -45,7 +107,8 @@ sha1sums=('1521d2d6046e8858b6e7bad0a03f524abfa81cb1'
            '9a9fe64e4ef587f4413c1e0ab7655e532de9070f'
            '5e7a74700015caaed59a2cc09f5daf15f24d5c18'
            '9bb81768fb3095584096999693418fcdb13d7b9c')
-sha256sums=('ad068d18531618a9f1d0b68ffd84c87fbb5b8c2aea0288122a2eae8ad1190c2f'
+sha256sums=('94b4370dd436580e8a5fb775e436ef9ff1cafcfb00bb787a8cadef8b3e34ee08'
+            'ad068d18531618a9f1d0b68ffd84c87fbb5b8c2aea0288122a2eae8ad1190c2f'
              '401120c1721ba100b2d9abf2d01332399535ba0f9c71dbd9f97232c5ebd608d2'
              'dbf1e6220849f93ceb80b6d247c5a3d42b5c38e053b1a6465e701d3c8f953a8e'
              '328faa824f529f1483f584fbb4b1f83b63f53ae4bad64609bab2009a811172c7'
@@ -55,7 +118,8 @@ sha256sums=('ad068d18531618a9f1d0b68ffd84c87fbb5b8c2aea0288122a2eae8ad1190c2f'
              '5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa'
              '62eba1622ebf8f87b3125f4f9e686cefd952f805696cab0fc24c96eccd7c6f49'
              'dfb281b771dc854c18d1cff9d2eecaf184cf7a9668606aaa33e8f01bf4b4d8e4')
-sha384sums=('8e749498165c421f468fbd97d520651f54db79cfd5683bd74486758701916c7b44084d7aac449f8e50aa553237bea63a'
+sha384sums=('d23aa0cee0c601dac88a418ddb90730bfc12d0b14d7332d1741dd44843a21a89fad6298cce7e4c3fa66d67779844c873'
+            '8e749498165c421f468fbd97d520651f54db79cfd5683bd74486758701916c7b44084d7aac449f8e50aa553237bea63a'
              '65128264d4271ff197368b69bce1df37294f45e324a02289599c13ad920d1acb9fc13be67b64c7b54c305feae30cd270'
              'fb37e1b7130094cffd36e7c6d8e9f3fbd2f1266f759bb453975e4047f71246dd46d556213e913bed6698e45862cd5dc1'
              '3789bf702382ba80dc21cb33db0b9cb2b1fc4dfc91a990b0762fcb9b9b89c184ae3bfe62e18ef7f01c5f35fd2436f090'
@@ -65,7 +129,8 @@ sha384sums=('8e749498165c421f468fbd97d520651f54db79cfd5683bd74486758701916c7b440
              '47c1f4243298ce2f5f6234a159b080acdd58d657175300408020e2e064c647ebd3c8110d82700c35a622f96804f48827'
              'f9a0059f6040b1f39a03c0eb3c861a5b1f287b9507b42bff25ce12784ad8500c0b4dcbbb0f1b2c849c25c1626bfade1b'
              'e4e08ece419d2ccb934a930121a8ea3a7f34127dfcc3ac1dda3da4389b1b825fc689dc00dcefb13d749179ac5a497c38')
-sha512sums=('b0c85c17439b3a9323390217edf72f67a91a36b509a68470543b4dc1a3cce6a73065e989dee10ae070e5d2100e026af1d01ab8c000447ae4bbe64c21451d1081'
+sha512sums=('772c3d5f89f75f3629cd52116ffe15355f66de58892dc7d9518275a07f1c27865e3cc1331254918e0edfb7979de471f2641ada7b544d6ec0a95f8cc9c389f370'
+            'b0c85c17439b3a9323390217edf72f67a91a36b509a68470543b4dc1a3cce6a73065e989dee10ae070e5d2100e026af1d01ab8c000447ae4bbe64c21451d1081'
              '8e47be5054bbb801cb914d94a6f0d1e6b9b2eba387714f011f118bf8af6dacfe24a2dec80525ad005c545fa15fd8413cf90615e6d5c50d7925daa4aefff77112'
              '66a5e48a2a2222bbddb84222c49b5e6cd2e30c4dc56c8ba5be9d0748fb46f71a3c2a82e843a340acbc9ce9a5f655a1695c73d0d127c6dac2099d2303a9057898'
              'df200c6e42924df6813c32a3084a93ec5228a6a04e21e2daf82069d40a390d5a4f3e72c8e55610fda70b01f1ae20dbf2e7e49a7c1d45e9cd145446821a67479f'
@@ -75,38 +140,3 @@ sha512sums=('b0c85c17439b3a9323390217edf72f67a91a36b509a68470543b4dc1a3cce6a7306
              'e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913'
              'a9dda6e8785cb1675128f90b181f6100055894e5c8c7f8e7cbdcac82d4a0b3a2a00f57421b81a5093c4b283a75dc63e1e21e10f8c350e7404bba7c5e13fad28a'
              'bca506c852bc83aa9d04ed0b52bef6d0baec745e466292273d52f49fd73cec73db4c6d55a9921fe086c7edc618f3ab21dc03146b6d617644495b3926e262e572')
-
-build() {
-       mkdir -p ${pkgdir}${_anchor_dir}/
-       cd ${srcdir}
-
-       msg 'Transforming root-zone key'
-       msg2 'to base64 format...'
-               _anchor_data="$(wc -c ${_root_anchor}.crt | cut -d ' ' -f 1) 0 0 $(base64 -w 0 ${_root_anchor}.crt)";
-               echo ${_anchor_data}
-               echo
-
-       msg2 'to trusted-keys format...'
-               echo . IN DNSKEY ${_anchor_data} | tee ${_root_anchor_out}.key
-               echo
-
-       msg2 'to dnsval.conf format...'
-               echo "# you can include this file in dnsval.conf using following directive:
-# include ${_anchor_dir}/${_root_anchor_out}.dnsval.conf
-
-: trust-anchor
-  . \"${_anchor_data}\"
-;
-
-: zone-security-expectation
-  . validate
-;" | tee ${_root_anchor_out}.dnsval.conf
-       echo
-
-       msg 'Copying files...'
-       cp -f ${srcdir}/* ${pkgdir}${_anchor_dir}/
-
-       msg 'Making /etc/trusted-key.key symlink...'
-       mkdir -p ${pkgdir}/etc
-       ln -s ${_anchor_dir}/${_root_anchor_out}.key ${pkgdir}/etc/trusted-key.key
-}
author	Harvie <tomas@mudrunka.cz>
	Fri, 6 Aug 2010 01:47:51 +0000 (03:47 +0200)
committer	Harvie <tomas@mudrunka.cz>
	Fri, 6 Aug 2010 01:47:51 +0000 (03:47 +0200)