From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 20 Nov 2009 10:37:06 +0000 (+0000)
Subject: Utility script to convert anchors.mf from the ITAR into individual files that are... 
X-Git-Tag: release-1.4.0~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=521bd290415ed036a7244ebc7ac1735ea9da1424;p=thirdparty%2Funbound.git

Utility script to convert anchors.mf from the ITAR into individual files that are amenable to RFC5011 tracking.


git-svn-id: file:///svn/unbound/trunk@1914 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/contrib/README b/contrib/README
index 1b8458f43..b68e0d76a 100644
--- a/contrib/README
+++ b/contrib/README
@@ -8,6 +8,8 @@ distribution but may be helpful.
 * update-anchor.sh: shell script that uses unbound-host to update a set
 	of trust anchor files. Run from cron twice a month.
 * update-itar.sh: shell script that updates from itar.iana.org. Run from cron.
+* split-itar.sh: shell script to split anchors.mf from itar.iana.org into
+	multiple key files so it can be used with auto-trust-anchor-file.
 * unbound_munin_ : plugin for munin statistics report
 * unbound_cacti.tar.gz : setup files for cacti statistics report
 * selinux: the .fc and .te files for SElinux protection of the unbound daemon
diff --git a/contrib/split-itar.sh b/contrib/split-itar.sh
new file mode 100644
index 000000000..5963d656b
--- /dev/null
+++ b/contrib/split-itar.sh
@@ -0,0 +1,46 @@
+#/usr/bin/env bash
+# Contributed by Tom Hendrikx <tom@whyscream.net>
+
+PROGNAME=$(basename $0)
+
+usage() {
+	echo "$PROGNAME: split the anchors.mf file from IANA into separate files." >&2
+	echo "" >&2
+	echo "$PROGNAME uses 2 arguments:" >&2
+	echo "  - the path to the anchors.mf, available at: https://itar.iana.org/" >&2
+	echo "  - the directory to leave the files, defaults to '.' (current working dir)" >&2
+	exit 1
+}
+
+if [ -n "$1" ] && [ -r "$1" ]; then
+	itar="$1"
+	echo "Reading from: $itar"
+else 
+	echo "Error: no anchors file given" >&2
+	usage
+fi
+
+if [ -n "$2" ]; then
+	dir="$2"
+else 
+	dir=$(pwd)
+fi
+
+if [ ! -d "$dir" ]; then
+	echo "Error: $dir is not a directory" >&2
+	usage
+fi
+
+while read cn line; do
+	if [ $(expr match "$cn" '[a-zA-Z0-9-]*\.') -gt 0 ]; then
+		# first line of key
+		out="$dir/$cn"anchor
+		echo "writing key for $cn to: $out"
+		echo "$cn	$line" > $out
+	elif [ "$cn" == "DS" ]; then
+		# second or later line of earlier defined key
+		echo "	$cn	$line" >> $out
+	fi
+done < "$itar"
+
+echo "Done."
diff --git a/doc/CREDITS b/doc/CREDITS
index 499b7ba15..13acf74be 100644
--- a/doc/CREDITS
+++ b/doc/CREDITS
@@ -17,3 +17,4 @@ Zdenek Vasicek and Marek Vavrusa - python module.
 cz.nic - sponsoring 'summer of code' development by Zdenek and Marek.
 Brett Carr - windows beta testing.
 Luca Bruno - patch for windows support in libunbound hosts and resolvconf().
+Tom Hendrikx - contributed split-itar.sh a useful script to 5011-track ITAR.
diff --git a/doc/Changelog b/doc/Changelog
index 7fe34493b..9b39e0124 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+20 November 2009: Wouter
+	- contrib/split-itar.sh contributed by Tom Hendrikx.
+
 19 November 2009: Wouter
 	- better argument help for unbound-control.
 	- iana portlist updated.