[arch-commits] Commit in dnssec-anchors/trunk (LICENSE PKGBUILD trusted-key.key)

Wed Mar 20 03:16:40 UTC 2013

Date: Wednesday, March 20, 2013 @ 04:16:39
  Author: bisson
Revision: 180317

add function to generate trusted-key.key and verify its authenticity

Added:
  dnssec-anchors/trunk/LICENSE
Modified:
  dnssec-anchors/trunk/PKGBUILD
  dnssec-anchors/trunk/trusted-key.key

-----------------+
 LICENSE         |    1 +
 PKGBUILD        |   30 ++++++++++++++++++++----------
 trusted-key.key |    3 +--
 3 files changed, 22 insertions(+), 12 deletions(-)

Added: LICENSE
===================================================================

--- LICENSE	                        (rev 0)
+++ LICENSE	2013-03-20 03:16:39 UTC (rev 180317)
@@ -0,0 +1 @@
+The contents of this package are inelligible for copyright protection.

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2013-03-20 02:35:37 UTC (rev 180316)
+++ PKGBUILD	2013-03-20 03:16:39 UTC (rev 180317)
@@ -4,24 +4,34 @@
 # Maintainer: Gaetan Bisson <bisson at archlinux.org>
 
 pkgname=dnssec-anchors
-pkgver=20120422
+pkgver=20130320
 pkgrel=1
 pkgdesc='DNSSEC trust anchors for the root zone'
 url='http://data.iana.org/root-anchors/'
 license=('custom:NoCopyright')
 arch=('any')
-source=('trusted-key.key')
-sha256sums=('a6e1e5de6d3f26ea74792eab7ac21cc7805e986303bfa270a0120cc8146f881a')
+source=('LICENSE'
+        'trusted-key.key')
+sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb'
+            'ca6388cc16223b29b607f07a9aa77e0aa52f653106d440cdc92cc40e145a4bb5')
 
-# dig . dnskey +short | sed 's/^/. 172789 IN DNSKEY /' > trusted-key.key
+get_trusted-key() {
+	drill -z -s DNSKEY . > root.key
 
+	curl http://data.iana.org/root-anchors/root-anchors.xml |
+	awk 'BEGIN{ORS=" "}(NR>4){gsub(/<[^>]*>/,"");print tolower($0)}' |
+	sed 's/   /\n/' > root.ds
+
+	# Any of those tests failing is suspicious; check thoroughly!
+	[[ "$(<root.ds)" = '19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5' ]] &&
+	grep -Pq 'IN\tDS\t'"$(<root.ds)" root.key ||
+	return 1
+
+	sed '/DNSKEY/s/ ;{id = '"$(cut -d\  -f1<root.ds)"' .*//;t;d' root.key > trusted-key.key
+}
+
 package() {
 	cd "${srcdir}"
-
 	install -Dm644 trusted-key.key "${pkgdir}"/etc/trusted-key.key
-
-	install -d "${pkgdir}/usr/share/licenses/${pkgname}"
-	cat > "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" << EOF
-The contents of this package are inelligible for copyright protection.
-EOF
+	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
 }

Modified: trusted-key.key
===================================================================
--- trusted-key.key	2013-03-20 02:35:37 UTC (rev 180316)
+++ trusted-key.key	2013-03-20 03:16:39 UTC (rev 180317)
@@ -1,2 +1 @@
-. 172789 IN DNSKEY 256 3 8 AwEAAbd0IPTQdvyndWSX6HHcB+JycMl1aCGTHSJUBs/y9S93el05VvXg 1VqSF4vveB9rEuAZ1z8RNWZ9ac+rlaK7PrI5RlCIyKKPbtHbpgQGkwai 8O6BZ4J/ch7DGuhGJfvoECcWjsucs683WFRtmfLx5WNdPxxi30Czt1zP qMWfY6YJ
-. 172789 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
+.	166750	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=


