echo_i "ns3/sign.sh"
infile=key.db.in
-for tld in managed trusted
-do
+for tld in managed trusted; do
# A secure zone to test.
zone=secure.${tld}
zonefile=${zone}.db
- keyname1=`$KEYGEN -f KSK -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
- cat $infile $keyname1.key > $zonefile
- $SIGNER -z -P -3 - -o $zone -r $RANDFILE -O full -f ${zonefile}.signed $zonefile > /dev/null 2>&1
- DSFILE=dsset-`echo ${zone} |sed -e "s/\.$//g"`$TP
- $DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
+ keyname1=$($KEYGEN -f KSK -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
+ cat $infile $keyname1.key >$zonefile
+ $SIGNER -z -P -3 - -o $zone -r $RANDFILE -O full -f ${zonefile}.signed $zonefile >/dev/null 2>&1
+ DSFILE=dsset-$(echo ${zone} | sed -e "s/\.$//g")$TP
+ $DSFROMKEY -A -f ${zonefile}.signed $zone >$DSFILE
# Zone to test trust anchor with unsupported algorithm.
zone=unsupported.${tld}
zonefile=${zone}.db
- keyname2=`$KEYGEN -f KSK -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
- cat $infile $keyname2.key > $zonefile
- $SIGNER -z -P -3 - -o $zone -r $RANDFILE -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
- awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
- DSFILE=dsset-`echo ${zone} |sed -e "s/\.$//g"`$TP
- $DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
+ keyname2=$($KEYGEN -f KSK -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
+ cat $infile $keyname2.key >$zonefile
+ $SIGNER -z -P -3 - -o $zone -r $RANDFILE -O full -f ${zonefile}.tmp $zonefile >/dev/null 2>&1
+ awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp >${zonefile}.signed
+ DSFILE=dsset-$(echo ${zone} | sed -e "s/\.$//g")$TP
+ $DSFROMKEY -A -f ${zonefile}.signed $zone >$DSFILE
# Make trusted-keys and managed keys conf sections for ns8.
mv ${keyname2}.key ${keyname2}.tmp
- awk '$1 == "unsupported.'"${tld}"'." { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
+ awk '$1 == "unsupported.'"${tld}"'." { $6 = 255 } { print }' ${keyname2}.tmp >${keyname2}.key
case $tld in
"managed")
- keyfile_to_managed_keys $keyname1 $keyname2 > ../ns8/managed.conf
+ keyfile_to_managed_keys $keyname1 $keyname2 >../ns8/managed.conf
;;
"trusted")
- keyfile_to_trusted_keys $keyname1 $keyname2 > ../ns8/trusted.conf
+ keyfile_to_trusted_keys $keyname1 $keyname2 >../ns8/trusted.conf
;;
esac
done
infile=secure.example.db.in
zonefile=secure.example.db
-cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n host cnameandkey.$zone`
-dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n host dnameandkey.$zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+cnameandkey=$($KEYGEN -T KEY -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n host cnameandkey.$zone)
+dnameandkey=$($KEYGEN -T KEY -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n host dnameandkey.$zone)
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -D -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
+cat "$zonefile" "$zonefile".signed >"$zonefile".tmp
+mv "$zonefile".tmp "$zonefile".signed
zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db
-keyname1=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b 1024 -n zone -f KSK $zone`
+keyname1=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
+keyname2=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b 1024 -n zone -f KSK $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
zone=keyless.example.
infile=generic.example.db.in
zonefile=keyless.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
mv $zonefile.signed $zonefile.tmp
-<$zonefile.tmp $PERL -p -e 's/ keyless.example/ b.keyless.example/
+$PERL <$zonefile.tmp -p -e 's/ keyless.example/ b.keyless.example/
if /^a.b.keyless.example/../NXT/;' >$zonefile.signed
rm -f $zonefile.tmp
infile=secure.nsec3.example.db.in
zonefile=secure.nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# NSEC3/NSEC3 test zone
infile=nsec3.nsec3.example.db.in
zonefile=nsec3.nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# OPTOUT/NSEC3 test zone
infile=optout.nsec3.example.db.in
zonefile=optout.nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A nsec3 zone (non-optout).
infile=nsec3.example.db.in
zonefile=nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# OPTOUT/NSEC test zone
infile=secure.optout.example.db.in
zonefile=secure.optout.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# OPTOUT/NSEC3 test zone
infile=nsec3.optout.example.db.in
zonefile=nsec3.optout.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# OPTOUT/OPTOUT test zone
infile=optout.optout.example.db.in
zonefile=optout.optout.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A optout nsec3 zone.
infile=optout.example.db.in
zonefile=optout.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U).
infile=nsec3-unknown.example.db.in
zonefile=nsec3-unknown.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A optout nsec3 zone with a unknown nsec3 hash algorithm (-U).
infile=optout-unknown.example.db.in
zonefile=optout-unknown.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A zone that is signed with an unknown DNSKEY algorithm.
infile=dnskey-unknown.example.db.in
zonefile=dnskey-unknown.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile >/dev/null 2>&1
-awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
+awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp >${zonefile}.signed
DSFILE=dsset-${zone}${TP}
-$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
+$DSFROMKEY -A -f ${zonefile}.signed $zone >$DSFILE
#
# A zone that is signed with an unsupported DNSKEY algorithm (3).
infile=dnskey-unsupported.example.db.in
zonefile=dnskey-unsupported.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
-cat $infile $keyname.key > $zonefile
+cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile >/dev/null 2>&1
-awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
+awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp >${zonefile}.signed
DSFILE="dsset-${zone}${TP}"
-$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
+$DSFROMKEY -A -f ${zonefile}.signed $zone >$DSFILE
#
# A zone with a published unsupported DNSKEY algorithm (Reserved).
infile=dnskey-unsupported-2.example.db.in
zonefile=dnskey-unsupported-2.example.db
-ksk=`$KEYGEN -f KSK -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
-zsk=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+ksk=$($KEYGEN -f KSK -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
+zsk=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
-cat $infile $ksk.key $zsk.key unsupported-algorithm.key > $zonefile
+cat $infile $ksk.key $zsk.key unsupported-algorithm.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone -f ${zonefile}.signed $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone -f ${zonefile}.signed $zonefile >/dev/null 2>&1
#
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
infile=dnskey-nsec3-unknown.example.db.in
zonefile=dnskey-nsec3-unknown.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone -U -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone -U -O full -f ${zonefile}.tmp $zonefile >/dev/null 2>&1
-awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
+awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp >${zonefile}.signed
DSFILE=dsset-${zone}${TP}
-$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
+$DSFROMKEY -A -f ${zonefile}.signed $zone >$DSFILE
#
# A multiple parameter nsec3 zone.
infile=multiple.example.db.in
zonefile=multiple.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
mv $zonefile.signed $zonefile
-$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
mv $zonefile.signed $zonefile
-$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
mv $zonefile.signed $zonefile
-$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
mv $zonefile.signed $zonefile
-$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
mv $zonefile.signed $zonefile
-$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A RSASHA256 zone.
infile=rsasha256.example.db.in
zonefile=rsasha256.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A RSASHA512 zone.
infile=rsasha512.example.db.in
zonefile=rsasha512.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A zone with the DNSKEY set only signed by the KSK
infile=kskonly.example.db.in
zonefile=kskonly.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -r $RANDFILE $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -x -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A zone with the expired signatures
infile=expired.example.db.in
zonefile=expired.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -r $RANDFILE $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile >/dev/null 2>&1
rm -f $kskname.* $zskname.*
#
infile=update-nsec3.example.db.in
zonefile=update-nsec3.example.db
-kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -3 -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -3 -r $RANDFILE $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A NSEC signed zone that will have auto-dnssec enabled and
infile=auto-nsec.example.db.in
zonefile=auto-nsec.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE $zone`
-kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -r $RANDFILE $zone)
+kskname=$($KEYGEN -q -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -r $RANDFILE $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A NSEC3 signed zone that will have auto-dnssec enabled and
infile=auto-nsec3.example.db.in
zonefile=auto-nsec3.example.db
-kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
-kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -3 -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -3 -r $RANDFILE $zone)
+kskname=$($KEYGEN -q -3 -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -3 -r $RANDFILE $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# Secure below cname test zone.
zone=secure.below-cname.example.
infile=secure.below-cname.example.db.in
zonefile=secure.below-cname.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# Patched TTL test zone.
signedfile=ttlpatch.example.db.signed
patchedfile=ttlpatch.example.db.patched
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1
-$CHECKZONE -D -s full $zone $signedfile 2> /dev/null | \
- awk '{$2 = "3600"; print}' > $patchedfile
+$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile >/dev/null 2>&1
+$CHECKZONE -D -s full $zone $signedfile 2>/dev/null |
+ awk '{$2 = "3600"; print}' >$patchedfile
#
# Separate DNSSEC records.
zonefile=split-dnssec.example.db
signedfile=split-dnssec.example.db.signed
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
-: > $signedfile
-$SIGNER -P -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
+echo '$INCLUDE "'"$signedfile"'"' >>$zonefile
+: >$signedfile
+$SIGNER -P -r $RANDFILE -D -o $zone $zonefile >/dev/null 2>&1
#
# Separate DNSSEC records smart signing.
zonefile=split-smart.example.db
signedfile=split-smart.example.db.signed
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cp $infile $zonefile
-echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
-: > $signedfile
-$SIGNER -P -S -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
+echo '$INCLUDE "'"$signedfile"'"' >>$zonefile
+: >$signedfile
+$SIGNER -P -S -r $RANDFILE -D -o $zone $zonefile >/dev/null 2>&1
#
# Zone with signatures about to expire, but no private key to replace them
infile="expiring.example.db.in"
zonefile="expiring.example.db"
signedfile="expiring.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
+kskname=$($KEYGEN -q -r $RANDFILE $zone)
+zskname=$($KEYGEN -q -r $RANDFILE -f KSK $zone)
cp $infile $zonefile
-$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile >/dev/null 2>&1
mv -f ${zskname}.private ${zskname}.private.moved
mv -f ${kskname}.private ${kskname}.private.moved
zonefile="upper.example.db"
lower="upper.example.db.lower"
signedfile="upper.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
+kskname=$($KEYGEN -q -r $RANDFILE $zone)
+zskname=$($KEYGEN -q -r $RANDFILE -f KSK $zone)
cp $infile $zonefile
-$SIGNER -P -S -r $RANDFILE -o $zone -f $lower $zonefile > /dev/null 2>/dev/null
-$CHECKZONE -D upper.example $lower 2>/dev/null | \
- sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
+$SIGNER -P -S -r $RANDFILE -o $zone -f $lower $zonefile >/dev/null 2>/dev/null
+$CHECKZONE -D upper.example $lower 2>/dev/null |
+ sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' >$signedfile
#
# Check that the signer's name is in lower case when zone name is in
infile="lower.example.db.in"
zonefile="lower.example.db"
signedfile="lower.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
+kskname=$($KEYGEN -q -r $RANDFILE $zone)
+zskname=$($KEYGEN -q -r $RANDFILE -f KSK $zone)
cp $infile $zonefile
-$SIGNER -P -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -S -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# Zone with signatures about to expire, and dynamic, but configured
infile="nosign.example.db.in"
zonefile="nosign.example.db"
signedfile="nosign.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
+kskname=$($KEYGEN -q -r $RANDFILE $zone)
+zskname=$($KEYGEN -q -r $RANDFILE -f KSK $zone)
cp $infile $zonefile
-$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile >/dev/null 2>&1
# preserve a normalized copy of the NS RRSIG for comparison later
-$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
- awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
- sed 's/[ ][ ]*/ /g'> ../nosign.before
+$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null |
+ awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' |
+ sed 's/[ ][ ]*/ /g' >../nosign.before
#
# An inline signing zone
#
zone=inline.example.
-kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -3 -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -3 -r $RANDFILE $zone)
#
# publish a new key while deactivating another key at the same time.
zone=publish-inactive.example
infile=publish-inactive.example.db.in
zonefile=publish-inactive.example.db
-now=`date -u +%Y%m%d%H%M%S`
-kskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
-kskname=`$KEYGEN -P $now+90s -A $now+3600s -q -r $RANDFILE -f KSK $zone`
-kskname=`$KEYGEN -I $now+90s -q -r $RANDFILE -f KSK $zone`
-zskname=`$KEYGEN -q -r $RANDFILE $zone`
+now=$(date -u +%Y%m%d%H%M%S)
+kskname=$($KEYGEN -q -r $RANDFILE -f KSK $zone)
+kskname=$($KEYGEN -P $now+90s -A $now+3600s -q -r $RANDFILE -f KSK $zone)
+kskname=$($KEYGEN -I $now+90s -q -r $RANDFILE -f KSK $zone)
+zskname=$($KEYGEN -q -r $RANDFILE $zone)
cp $infile $zonefile
-$SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -S -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A zone which will change its sig-validity-interval
zone=siginterval.example
infile=siginterval.example.db.in
zonefile=siginterval.example.db
-kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -3 -r $RANDFILE -fk $zone)
+zskname=$($KEYGEN -q -3 -r $RANDFILE $zone)
cp $infile $zonefile
#
infile=bogus.example.db.in
zonefile=badds.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
-sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
+sed -e 's/bogus/badds/g' <dsset-bogus.example$TP >dsset-badds.example$TP
#
# A zone with future signatures.
zone=future.example
infile=future.example.db.in
zonefile=future.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
-zskname=`$KEYGEN -q -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -r $RANDFILE -f KSK $zone)
+zskname=$($KEYGEN -q -r $RANDFILE $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
cp -f $kskname.key trusted-future.key
#
zone=managed-future.example
infile=managed-future.example.db.in
zonefile=managed-future.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
-zskname=`$KEYGEN -q -r $RANDFILE $zone`
+kskname=$($KEYGEN -q -r $RANDFILE -f KSK $zone)
+zskname=$($KEYGEN -q -r $RANDFILE $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# A zone with a revoked key
infile=generic.example.db.in
zonefile=revkey.example.db
-ksk1=`$KEYGEN -q -r $RANDFILE -3fk $zone`
-ksk1=`$REVOKE $ksk1`
-ksk2=`$KEYGEN -q -r $RANDFILE -3fk $zone`
-zsk1=`$KEYGEN -q -r $RANDFILE -3 $zone`
+ksk1=$($KEYGEN -q -r $RANDFILE -3fk $zone)
+ksk1=$($REVOKE $ksk1)
+ksk2=$($KEYGEN -q -r $RANDFILE -3fk $zone)
+zsk1=$($KEYGEN -q -r $RANDFILE -3 $zone)
cat $infile ${ksk1}.key ${ksk2}.key ${zsk1}.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -o $zone $zonefile >/dev/null 2>&1
#
# Check that NSEC3 are correctly signed and returned from below a DNAME
zone=dname-at-apex-nsec3.example
infile=dname-at-apex-nsec3.example.db.in
zonefile=dname-at-apex-nsec3.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -3fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -3 $zone`
+kskname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -3fk $zone)
+zskname=$($KEYGEN -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -3 $zone)
cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -r $RANDFILE -3 - -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -r $RANDFILE -3 - -o $zone $zonefile >/dev/null 2>&1
#
# A NSEC zone with occuded data at the delegation
zone=occluded.example
infile=occluded.example.db.in
zonefile=occluded.example.db
-kskname=`"$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk "$zone"`
-zskname=`"$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS "$zone"`
-dnskeyname=`"$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk "delegation.$zone"`
-keyname=`"$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n ENTITY -T KEY "delegation.$zone"`
-$DSFROMKEY "$dnskeyname.key" > "dsset-delegation.${zone}$TP"
+kskname=$("$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk "$zone")
+zskname=$("$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS "$zone")
+dnskeyname=$("$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk "delegation.$zone")
+keyname=$("$KEYGEN" -q -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n ENTITY -T KEY "delegation.$zone")
+$DSFROMKEY "$dnskeyname.key" >"dsset-delegation.${zone}$TP"
cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \
- "${dnskeyname}.key" "dsset-delegation.${zone}$TP" >"$zonefile"
-"$SIGNER" -P -r $RANDFILE -o "$zone" "$zonefile" > /dev/null 2>&1
+ "${dnskeyname}.key" "dsset-delegation.${zone}$TP" >"$zonefile"
+"$SIGNER" -P -r $RANDFILE -o "$zone" "$zonefile" >/dev/null 2>&1
projects / thirdparty / bind9.git / commitdiff
