1#!/bin/sh 2# 3# Copyright (C) 2004, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# $Id: sign.sh,v 1.9.120.2 2011/05/26 23:47:05 tbox Exp $ 18 19(cd ../ns6 && sh -e ./sign.sh) 20 21echo "I:dlv/ns3/sign.sh" 22 23SYSTEMTESTTOP=../.. 24. $SYSTEMTESTTOP/conf.sh 25 26RANDFILE=../random.data 27dlvzone=dlv.utld. 28dlvsets= 29dssets= 30 31zone=child1.utld. 32infile=child.db.in 33zonefile=child1.utld.db 34outfile=child1.signed 35dlvsets="$dlvsets dlvset-$zone" 36 37keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 38keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 39 40cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 41 42$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 43echo "I: signed $zone" 44 45 46zone=child3.utld. 47infile=child.db.in 48zonefile=child3.utld.db 49outfile=child3.signed 50dlvsets="$dlvsets dlvset-$zone" 51 52keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 53keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 54 55cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 56 57$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 58echo "I: signed $zone" 59 60 61zone=child4.utld. 62infile=child.db.in 63zonefile=child4.utld.db 64outfile=child4.signed 65dlvsets="$dlvsets dlvset-$zone" 66 67keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 68keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 69 70cat $infile $keyname1.key $keyname2.key >$zonefile 71 72$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 73echo "I: signed $zone" 74 75 76zone=child5.utld. 77infile=child.db.in 78zonefile=child5.utld.db 79outfile=child5.signed 80dlvsets="$dlvsets dlvset-$zone" 81 82keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 83keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 84 85cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 86 87$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 88echo "I: signed $zone" 89 90 91zone=child7.utld. 92infile=child.db.in 93zonefile=child7.utld.db 94outfile=child7.signed 95 96keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 97keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 98 99cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 100 101$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 102echo "I: signed $zone" 103 104 105zone=child8.utld. 106infile=child.db.in 107zonefile=child8.utld.db 108outfile=child8.signed 109 110keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 111keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 112 113cat $infile $keyname1.key $keyname2.key >$zonefile 114 115$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 116echo "I: signed $zone" 117 118 119zone=child9.utld. 120infile=child.db.in 121zonefile=child9.utld.db 122outfile=child9.signed 123dlvsets="$dlvsets dlvset-$zone" 124 125keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 126keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 127 128cat $infile $keyname1.key $keyname2.key >$zonefile 129 130$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 131echo "I: signed $zone" 132 133zone=child10.utld. 134infile=child.db.in 135zonefile=child10.utld.db 136outfile=child10.signed 137dlvsets="$dlvsets dlvset-$zone" 138 139keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 140keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 141 142cat $infile $keyname1.key $keyname2.key >$zonefile 143 144$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 145echo "I: signed $zone" 146 147zone=child1.druz. 148infile=child.db.in 149zonefile=child1.druz.db 150outfile=child1.druz.signed 151dlvsets="$dlvsets dlvset-$zone" 152dssets="$dssets dsset-$zone" 153 154keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 155keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 156 157cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 158 159$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 160echo "I: signed $zone" 161 162 163zone=child3.druz. 164infile=child.db.in 165zonefile=child3.druz.db 166outfile=child3.druz.signed 167dlvsets="$dlvsets dlvset-$zone" 168dssets="$dssets dsset-$zone" 169 170keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 171keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 172 173cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 174 175$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 176echo "I: signed $zone" 177 178 179zone=child4.druz. 180infile=child.db.in 181zonefile=child4.druz.db 182outfile=child4.druz.signed 183dlvsets="$dlvsets dlvset-$zone" 184dssets="$dssets dsset-$zone" 185 186keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 187keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 188 189cat $infile $keyname1.key $keyname2.key >$zonefile 190 191$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 192echo "I: signed $zone" 193 194 195zone=child5.druz. 196infile=child.db.in 197zonefile=child5.druz.db 198outfile=child5.druz.signed 199dlvsets="$dlvsets dlvset-$zone" 200dssets="$dssets dsset-$zone" 201 202keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 203keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 204 205cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 206 207$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 208echo "I: signed $zone" 209 210 211zone=child7.druz. 212infile=child.db.in 213zonefile=child7.druz.db 214outfile=child7.druz.signed 215dssets="$dssets dsset-$zone" 216 217keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 218keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 219 220cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile 221 222$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 223echo "I: signed $zone" 224 225 226zone=child8.druz. 227infile=child.db.in 228zonefile=child8.druz.db 229outfile=child8.druz.signed 230 231keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 232keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 233 234cat $infile $keyname1.key $keyname2.key >$zonefile 235 236$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 237echo "I: signed $zone" 238 239 240zone=child9.druz. 241infile=child.db.in 242zonefile=child9.druz.db 243outfile=child9.druz.signed 244dlvsets="$dlvsets dlvset-$zone" 245 246keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 247keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 248 249cat $infile $keyname1.key $keyname2.key >$zonefile 250 251$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 252echo "I: signed $zone" 253 254zone=child10.druz. 255infile=child.db.in 256zonefile=child10.druz.db 257outfile=child10.druz.signed 258dlvsets="$dlvsets dlvset-$zone" 259dssets="$dssets dsset-$zone" 260 261keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 262keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 263 264cat $infile $keyname1.key $keyname2.key >$zonefile 265 266$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 267echo "I: signed $zone" 268 269 270zone=dlv.utld. 271infile=dlv.db.in 272zonefile=dlv.utld.db 273outfile=dlv.signed 274 275keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 276keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 277 278cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile 279 280$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 281echo "I: signed $zone" 282 283 284grep -v '^;' $keyname2.key | $PERL -n -e ' 285local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; 286local $key = join("", @rest); 287print <<EOF 288trusted-keys { 289 "$dn" $flags $proto $alg "$key"; 290}; 291EOF 292' > trusted-dlv.conf 293cp trusted-dlv.conf ../ns5 294 295cp $dssets ../ns2 296