1#!/bin/sh -e 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14# shellcheck source=conf.sh 15. ../../conf.sh 16 17echo_i "ns9/setup.sh" 18 19setup() { 20 zone="$1" 21 echo_i "setting up zone: $zone" 22 zonefile="${zone}.db" 23 infile="${zone}.db.infile" 24 echo "$zone" >>zones 25} 26 27sign_dspublish() { 28 cp template.db.in "$zonefile" 29 keytimes="-P $T -P sync $T -A $T" 30 CSK=$($KEYGEN -k default $keytimes $zone 2>keygen.out.$zone) 31 $SETTIME -s -g $O -k $O $T -r $O $T -z $O $T -d $R $T "$CSK" >settime.out.$zone 2>&1 32 cat "$zonefile" "${CSK}.key" >"$infile" 33 private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile" 34 cp $infile $zonefile 35 $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1 36 cp "dsset-${zone}." ../ns2/ 37} 38 39sign_dsremoved() { 40 cp template.db.in "$zonefile" 41 keytimes="-P $Y -P sync $Y -A $Y" 42 CSK=$($KEYGEN -k default $keytimes $zone 2>keygen.out.$zone) 43 $SETTIME -s -g $H -k $O $T -r $O $T -z $O $T -d $U $T "$CSK" >settime.out.$zone 2>&1 44 cat "$zonefile" "${CSK}.key" >"$infile" 45 private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile" 46 cp $infile $zonefile 47 $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1 48 cp "dsset-${zone}." ../ns2/ 49} 50 51# Short environment variable names for key states and times. 52H="HIDDEN" 53R="RUMOURED" 54O="OMNIPRESENT" 55U="UNRETENTIVE" 56T="now-30d" 57Y="now-1y" 58 59# DS Publication. 60for checkds in explicit yes no; do 61 for zn in \ 62 good.${checkds}.dspublish.ns2 \ 63 reference.${checkds}.dspublish.ns2 \ 64 resolver.${checkds}.dspublish.ns2 \ 65 not-yet.${checkds}.dspublish.ns5 \ 66 bad.${checkds}.dspublish.ns6 \ 67 good.${checkds}.dspublish.ns2-4 \ 68 incomplete.${checkds}.dspublish.ns2-4-5 \ 69 bad.${checkds}.dspublish.ns2-4-6; do 70 setup "${zn}" 71 sign_dspublish 72 done 73done 74 75# DS Withdrawal. 76for checkds in explicit yes no; do 77 for zn in \ 78 good.${checkds}.dsremoved.ns5 \ 79 resolver.${checkds}.dsremoved.ns5 \ 80 still-there.${checkds}.dsremoved.ns2 \ 81 bad.${checkds}.dsremoved.ns6 \ 82 good.${checkds}.dsremoved.ns5-7 \ 83 incomplete.${checkds}.dsremoved.ns2-5-7 \ 84 bad.${checkds}.dsremoved.ns5-6-7; do 85 setup "${zn}" 86 sign_dsremoved 87 done 88done 89 90setup "no-ent.ns2" 91sign_dspublish 92 93setup "no-ent.ns5" 94sign_dsremoved 95