From: Wouter Wijngaards Date: Tue, 24 Nov 2015 10:55:18 +0000 (+0000) Subject: - Fix #720: add windows scripts to zip bundle. X-Git-Tag: release-1.5.7rc1~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcd476c81fc646a06ec562374be59a01546a893b;p=thirdparty%2Funbound.git - Fix #720: add windows scripts to zip bundle. git-svn-id: file:///svn/unbound/trunk@3548 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/contrib/create_unbound_ad_servers.cmd b/contrib/create_unbound_ad_servers.cmd index e5ada0bf4..91d18db3e 100644 --- a/contrib/create_unbound_ad_servers.cmd +++ b/contrib/create_unbound_ad_servers.cmd @@ -1,33 +1,33 @@ -@Echo off -rem Convert the Yoyo.org anti-ad server listing -rem into an unbound dns spoof redirection list. -rem Written by Y.Voinov (c) 2014 - -rem Note: Wget required! - -rem Variables -set prefix="C:\Program Files (x86)" -set dst_dir=%prefix%\Unbound -set work_dir=%TEMP% -set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" - -rem Check Wget installed -for /f "delims=" %%a in ('where wget') do @set wget=%%a -if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1 -echo Wget found: %wget% - -"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr% - -del /Q /F /S %dst_dir%\unbound_ad_servers - -for /F "eol=; tokens=*" %%a in (%work_dir%\yoyo_ad_servers) do ( -echo local-zone: %%a redirect>>%dst_dir%\unbound_ad_servers -echo local-data: "%%a A 127.0.0.1">>%dst_dir%\unbound_ad_servers -) - -echo Done. -rem then add an include line to your unbound.conf pointing to the full path of -rem the unbound_ad_servers file: -rem -rem include: $dst_dir/unbound_ad_servers -rem +@Echo off +rem Convert the Yoyo.org anti-ad server listing +rem into an unbound dns spoof redirection list. +rem Written by Y.Voinov (c) 2014 + +rem Note: Wget required! + +rem Variables +set prefix="C:\Program Files (x86)" +set dst_dir=%prefix%\Unbound +set work_dir=%TEMP% +set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" + +rem Check Wget installed +for /f "delims=" %%a in ('where wget') do @set wget=%%a +if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1 +echo Wget found: %wget% + +"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr% + +del /Q /F /S %dst_dir%\unbound_ad_servers + +for /F "eol=; tokens=*" %%a in (%work_dir%\yoyo_ad_servers) do ( +echo local-zone: %%a redirect>>%dst_dir%\unbound_ad_servers +echo local-data: "%%a A 127.0.0.1">>%dst_dir%\unbound_ad_servers +) + +echo Done. +rem then add an include line to your unbound.conf pointing to the full path of +rem the unbound_ad_servers file: +rem +rem include: $dst_dir/unbound_ad_servers +rem diff --git a/doc/Changelog b/doc/Changelog index e5cb67d22..e0dc5613d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +24 November 2015: Wouter + - Fix #720: add windows scripts to zip bundle. + 20 November 2015: Wouter - Added assert on rrset cache correctness. - Fix that malformed EDNS query gets a response without malformed EDNS. diff --git a/makedist.sh b/makedist.sh index 17510c090..77f59b092 100755 --- a/makedist.sh +++ b/makedist.sh @@ -329,9 +329,9 @@ if [ "$DOWIN" = "yes" ]; then $strip unbound-service-remove.exe cd tmp.$$ cp ../doc/example.conf example.conf - cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt . + cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt ../contrib/create_unbound_ad_servers.cmd ../contrib/warmup.cmd ../contrib/unbound_cache.cmd . # zipfile - zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf unbound-website.url + zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf unbound-website.url create_unbound_ad_servers.cmd warmup.cmd unbound_cache.cmd info "Testing $file" (cd .. ; zip -T $file ) # installer diff --git a/winrc/unbound-control-setup.cmd b/winrc/unbound-control-setup.cmd index 13617927a..1dd81dd7c 100644 --- a/winrc/unbound-control-setup.cmd +++ b/winrc/unbound-control-setup.cmd @@ -1,164 +1,164 @@ -@Echo off -rem -rem unbound-control-setup.cmd - set up SSL certificates for unbound-control -rem -rem Copyright (c) 2008, NLnet Labs. All rights reserved. -rem Modified for Windows by Y.Voinov (c) 2014 -rem -rem This software is open source. -rem -rem Redistribution and use in source and binary forms, with or without -rem modification, are permitted provided that the following conditions -rem are met: -rem -rem Redistributions of source code must retain the above copyright notice, -rem this list of conditions and the following disclaimer. -rem -rem Redistributions in binary form must reproduce the above copyright notice, -rem this list of conditions and the following disclaimer in the documentation -rem and/or other materials provided with the distribution. -rem -rem Neither the name of the NLNET LABS nor the names of its contributors may -rem be used to endorse or promote products derived from this software without -rem specific prior written permission. -rem -rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -rem settings: - -rem directory for files -set prefix="C:\Program Files (x86)" -set DESTDIR=%prefix%\Unbound - -rem issuer and subject name for certificates -set SERVERNAME=unbound -set CLIENTNAME=unbound-control - -rem validity period for certificates -set DAYS=7200 - -rem size of keys in bits -set BITS=1536 - -rem hash algorithm -set HASH=sha256 - -rem base name for unbound server keys -set SVR_BASE=unbound_server - -rem base name for unbound-control keys -set CTL_BASE=unbound_control - -rem end of options - -rem Check OpenSSL installed -for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a -if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1 -echo SSL found: %SSL_PROGRAM% - -set arg=%1 -if /I "%arg%" == "-h" goto help -if /I "%arg%"=="-d" set DESTDIR=%2 - -rem go!: -echo setup in directory %DESTDIR% -cd %$DESTDIR% - -rem create certificate keys; do not recreate if they already exist. -if exist $SVR_BASE.key ( -echo %SVR_BASE%.key exists -goto next -) -echo generating %SVR_BASE%.key -"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1 - -:next -if exist %CTL_BASE%.key ( -echo %CTL_BASE%.key exists -goto next2 -) -echo generating %CTL_BASE%.key -"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1 - -:next2 -rem create self-signed cert for server -if exist request.cfg (del /F /Q /S request.cfg) -echo [req]>>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%SERVERNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %SVR_BASE%.pem (self signed certificate) -"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1 -rem create trusted usage pem -"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem - -rem create client request and sign it -if exist request.cfg (del /F /Q /S request.cfg) -echo [req]>>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%CLIENTNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %CTL_BASE%.pem (signed client certificate) -"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem - -if not exist %CTL_BASE%.pem ( -echo could not create %CTL_BASE%.pem -exit 1 -) -rem create trusted usage pem -rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem - -rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem -rem echo "create %CTL_BASE%_browser.pfx (web client certificate)" -rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:" -rem echo "preferences - advanced - encryption - view certificates - your certs" -rem echo "empty password is used, simply click OK on the password dialog box." -rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1 - -rem remove crap -del /F /Q /S request.cfg -del /F /Q /S %CTL_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.srl - -echo Setup success. Certificates created. Enable in unbound.conf file to use - -exit 0 - -:help -echo unbound-control-setup.cmd - setup SSL keys for unbound-control -echo -d dir use directory to store keys and certificates. -echo default: %DESTDIR% -echo please run this command using the same user id that the -echo unbound daemon uses, it needs read privileges. -exit 1 +@Echo off +rem +rem unbound-control-setup.cmd - set up SSL certificates for unbound-control +rem +rem Copyright (c) 2008, NLnet Labs. All rights reserved. +rem Modified for Windows by Y.Voinov (c) 2014 +rem +rem This software is open source. +rem +rem Redistribution and use in source and binary forms, with or without +rem modification, are permitted provided that the following conditions +rem are met: +rem +rem Redistributions of source code must retain the above copyright notice, +rem this list of conditions and the following disclaimer. +rem +rem Redistributions in binary form must reproduce the above copyright notice, +rem this list of conditions and the following disclaimer in the documentation +rem and/or other materials provided with the distribution. +rem +rem Neither the name of the NLNET LABS nor the names of its contributors may +rem be used to endorse or promote products derived from this software without +rem specific prior written permission. +rem +rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +rem settings: + +rem directory for files +set prefix="C:\Program Files (x86)" +set DESTDIR=%prefix%\Unbound + +rem issuer and subject name for certificates +set SERVERNAME=unbound +set CLIENTNAME=unbound-control + +rem validity period for certificates +set DAYS=7200 + +rem size of keys in bits +set BITS=1536 + +rem hash algorithm +set HASH=sha256 + +rem base name for unbound server keys +set SVR_BASE=unbound_server + +rem base name for unbound-control keys +set CTL_BASE=unbound_control + +rem end of options + +rem Check OpenSSL installed +for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a +if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1 +echo SSL found: %SSL_PROGRAM% + +set arg=%1 +if /I "%arg%" == "-h" goto help +if /I "%arg%"=="-d" set DESTDIR=%2 + +rem go!: +echo setup in directory %DESTDIR% +cd %$DESTDIR% + +rem create certificate keys; do not recreate if they already exist. +if exist $SVR_BASE.key ( +echo %SVR_BASE%.key exists +goto next +) +echo generating %SVR_BASE%.key +"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1 + +:next +if exist %CTL_BASE%.key ( +echo %CTL_BASE%.key exists +goto next2 +) +echo generating %CTL_BASE%.key +"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1 + +:next2 +rem create self-signed cert for server +if exist request.cfg (del /F /Q /S request.cfg) +echo [req]>>request.cfg +echo default_bits=%BITS%>>request.cfg +echo default_md=%HASH%>>request.cfg +echo prompt=no>>request.cfg +echo distinguished_name=req_distinguished_name>>request.cfg +echo.>>request.cfg +echo [req_distinguished_name]>>request.cfg +echo commonName=%SERVERNAME%>>request.cfg + +if not exist request.cfg ( +echo could not create request.cfg +exit 1 +) + +echo create %SVR_BASE%.pem (self signed certificate) +"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1 +rem create trusted usage pem +"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem + +rem create client request and sign it +if exist request.cfg (del /F /Q /S request.cfg) +echo [req]>>request.cfg +echo default_bits=%BITS%>>request.cfg +echo default_md=%HASH%>>request.cfg +echo prompt=no>>request.cfg +echo distinguished_name=req_distinguished_name>>request.cfg +echo.>>request.cfg +echo [req_distinguished_name]>>request.cfg +echo commonName=%CLIENTNAME%>>request.cfg + +if not exist request.cfg ( +echo could not create request.cfg +exit 1 +) + +echo create %CTL_BASE%.pem (signed client certificate) +"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem + +if not exist %CTL_BASE%.pem ( +echo could not create %CTL_BASE%.pem +exit 1 +) +rem create trusted usage pem +rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem + +rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem +rem echo "create %CTL_BASE%_browser.pfx (web client certificate)" +rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:" +rem echo "preferences - advanced - encryption - view certificates - your certs" +rem echo "empty password is used, simply click OK on the password dialog box." +rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1 + +rem remove crap +del /F /Q /S request.cfg +del /F /Q /S %CTL_BASE%_trust.pem +del /F /Q /S %SVR_BASE%_trust.pem +del /F /Q /S %SVR_BASE%_trust.srl + +echo Setup success. Certificates created. Enable in unbound.conf file to use + +exit 0 + +:help +echo unbound-control-setup.cmd - setup SSL keys for unbound-control +echo -d dir use directory to store keys and certificates. +echo default: %DESTDIR% +echo please run this command using the same user id that the +echo unbound daemon uses, it needs read privileges. +exit 1