[arch-commits] Commit in dnssec-anchors/trunk (PKGBUILD dnssec-anchors-versioned.sh)

Jelle van der Waa jelle at archlinux.org
Tue Oct 13 19:54:07 UTC 2020 

    Date: Tuesday, October 13, 2020 @ 19:54:07
  Author: jelle
Revision: 398255

Make dnssec-anchors reproducible by downloading the key from our servers

Added:
  dnssec-anchors/trunk/dnssec-anchors-versioned.sh
Modified:
  dnssec-anchors/trunk/PKGBUILD

-----------------------------+
 PKGBUILD                    |   26 ++++++++------------------
 dnssec-anchors-versioned.sh |   23 +++++++++++++++++++++++
 2 files changed, 31 insertions(+), 18 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-10-13 19:49:13 UTC (rev 398254)
+++ PKGBUILD	2020-10-13 19:54:07 UTC (rev 398255)
@@ -1,33 +1,23 @@
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Maintainer: Jelle van der Waa <jelle at archlinux.org>
+# Contributor: Gaetan Bisson <bisson at archlinux.org>
 # Contributor: Thomas Mudrunka <harvie at email.cz>
 # Contributor: m4xm4n <max at maxfierke.com>
 
 pkgname=dnssec-anchors
 pkgver=20190629
-pkgrel=2
+_trusted_key=trusted-key-${pkgver}.key
+pkgrel=3
 pkgdesc='DNSSEC trust anchors for the root zone'
 url='https://data.iana.org/root-anchors/'
 license=('custom:none')
 arch=('any')
 makedepends=('unbound')
-source=('LICENSE')
-sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb')
+source=('LICENSE' "https://sources.archlinux.org/other/packages/${pkgname}/${_trusted_key}")
+sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb'
+            'b01933ede7d505cac6bbee8c58027057d3a073581fa6cf595c352553dd07ee3c')
 
-prepare() {
-	cd "${srcdir}"
-
-	unbound-anchor -v -a root.key ||
-	unbound-anchor -v -a root.key
-
-	unbound-host -v -f root.key -t DNSKEY . |
-	sed 's/ (secure)//;t;d' |
-	sed 's/ has / IN /' |
-	sed 's/ record / /' \
-	> trusted-key.key
-}
-
 package() {
 	cd "${srcdir}"
-	install -Dm644 trusted-key.key "${pkgdir}"/etc/trusted-key.key
+	install -Dm644 ${_trusted_key} "${pkgdir}"/etc/trusted-key.key
 	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
 }

Added: dnssec-anchors-versioned.sh
===================================================================
--- dnssec-anchors-versioned.sh	                        (rev 0)
+++ dnssec-anchors-versioned.sh	2020-10-13 19:54:07 UTC (rev 398255)
@@ -0,0 +1,23 @@
+#!/usr/bin/bash
+
+TRUSTED_KEY=trusted-key-$(date +%Y%m%d).key
+DEST=/srv/ftp/other/packages/dnssec-anchors
+
+update_key() {
+  key=$1
+  unbound-anchor -v -a root.key ||
+  unbound-anchor -v -a root.key
+
+  unbound-host -v -f root.key -t DNSKEY . |
+  sed 's/ (secure)//;t;d' |
+  sed 's/ has / IN /' |
+  sed 's/ record / /' \
+  > "${key}"
+
+  # Cleanup created root.key
+  rm root.key
+}
+
+update_key "${TRUSTED_KEY}"
+
+scp "${TRUSTED_KEY}" repos.archlinux.org:${DEST}


Property changes on: dnssec-anchors/trunk/dnssec-anchors-versioned.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property

More information about the arch-commits mailing list