blob: 20a8e88035f8c73056b64873b3ce17790e383cfb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/usr/bin/make -f
# -*- makefile -*-
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
%:
dh $@
override_dh_auto_configure override_dh_auto_install:
:
override_dh_auto_build:
# Verify root-anchors.xml using OpenSSL
openssl smime -verify -content signed-file -CAfile icannbundle.pem -inform DER -in root-anchors.p7s -content root-anchors.xml -out /dev/null
# Verify root.hints
gpgv --keyring `pwd`/registry-admin.key root.hints.sig root.hints
# Create the DS records from the validated root-anchors.xml
./parse-root-anchors.sh < root-anchors.xml | sort -k 4 -n > root-anchors.ds
# Create the DS records from the DNSKEY records
/usr/bin/ldns-key2ds -n -2 root.key | cut --fields=1,3- --output-delimiter=' ' | sort -k 4 -n > root-dns.ds
# Keep the DS records from root-anchors.xml which had a corresponding
# DNSKEY record in the live DNS.
comm root-anchors.ds root-dns.ds -12 > root.ds
override_dh_auto_clean:
rm -f root-anchors.ds root-dns.ds root.ds
get_orig_source:
# Obtain the DNSKEY records from the live DNS
/usr/sbin/unbound-anchor -v \
-a root-auto.key \
|| echo "Check the root-auto.key"
< root-auto.key grep -Ev "^($$|;)" | sed -e 's/ ;;count=.*//' > root.key
rm root-auto.key
./update-root-hints.sh
./update-root-anchors.sh
|
