ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone`
-keyfile_to_trusted_keys $ksksby > trusted.conf
+keyfile_to_static_keys $ksksby > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
-keyfile_to_trusted_keys $kskrev > trusted.conf
+keyfile_to_static_keys $kskrev > trusted.conf
cp trusted.conf ../ns5/trusted.conf
echo $zskact > ../active.key
infile="${zonefile}.in"
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
-keyfile_to_trusted_keys $ksk > private.conf
+keyfile_to_static_keys $ksk > private.conf
cp private.conf ../ns4/private.conf
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1
echo "};"
}
-# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
+# keyfile_to_static_keys: convert key data contained in the keyfile(s)
# provided to a *static* "dnssec-keys" section suitable for including in a
# resolver's configuration file
-keyfile_to_trusted_keys() {
+keyfile_to_static_keys() {
keyfile_to_keys_section "dnssec-keys" "static-key" $*
}
-# keyfile_to_managed_keys: convert key data contained in the keyfile(s)
-# provided to a "dnssec-keys" section suitable for including in a
-# resolver's configuration file
-keyfile_to_managed_keys() {
+# keyfile_to_initial_keys: convert key data contained in the keyfile(s)
+# provided to an *initialzing* "dnssec-keys" section suitable for including
+# in a resolver's configuration file
+keyfile_to_initial_keys() {
keyfile_to_keys_section "dnssec-keys" "initial-key" $*
}
echo_i "signed $zone"
-keyfile_to_trusted_keys $keyname2 > trusted.conf
+keyfile_to_static_keys $keyname2 > trusted.conf
cp trusted.conf ../ns5
cp trusted.conf ../ns7
cp trusted.conf ../ns8
case $zone in
"dlv.utld")
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
- keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
+ keyfile_to_static_keys $keyname2 > ../ns5/trusted-dlv.conf
;;
"disabled-algorithm-dlv.utld")
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
- keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
+ keyfile_to_static_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
;;
"unsupported-algorithm-dlv.utld")
cp ${keyname2}.key ${keyname2}.tmp
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
- keyfile_to_trusted_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf
+ keyfile_to_static_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf
;;
esac
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys "$keyname" > trusted.conf
+# Configure the resolving server with a staitc key.
+keyfile_to_static_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
cp trusted.conf ../ns7/trusted.conf
cp trusted.conf ../ns9/trusted.conf
-# ...or with a managed key.
-keyfile_to_managed_keys "$keyname" > managed.conf
+# ...or with an initializing key.
+keyfile_to_initial_keys "$keyname" > managed.conf
cp managed.conf ../ns4/managed.conf
#
case $tld in
"managed")
- keyfile_to_managed_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/managed.conf
+ keyfile_to_initial_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/managed.conf
;;
"trusted")
- keyfile_to_trusted_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/trusted.conf
+ keyfile_to_static_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/trusted.conf
;;
esac
done
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
# copy the KSK out first, then revoke it
-keyfile_to_managed_keys "$keyname" > revoked.conf
+keyfile_to_initial_keys "$keyname" > revoked.conf
"$SETTIME" -R now "${keyname}.key" > /dev/null
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
-keyfile_to_trusted_keys "$keyname" > trusted.conf
+keyfile_to_static_keys "$keyname" > trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $key2 > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys $key2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $key1 > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $key1 > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cd ../ns2 && $SHELL sign.sh
keyname=`cat keygen.out`
rm -f keygen.out
-keyfile_to_trusted_keys $keyname > trusted.conf
+keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns5/trusted.conf
$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
[ $? = 0 ] || cat signer.out
-keyfile_to_trusted_keys $keyname > trusted.conf
+keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns6/trusted.conf
$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
-keyfile_to_trusted_keys $keyname2 > trusted.conf
+keyfile_to_static_keys $keyname2 > trusted.conf
cp trusted.conf ../ns1
# irrelevant here, so just reuse the root zone key generated above.
sed "s/^\./nonexistent./;" $keyname1.key > $keyname1.modified.key
-keyfile_to_trusted_keys $keyname1 $keyname1.modified > trusted.conf
+keyfile_to_static_keys $keyname1 $keyname1.modified > trusted.conf
fi
done
-keyfile_to_trusted_keys $keys_to_trust > trusted-mirror.conf
+keyfile_to_static_keys $keys_to_trust > trusted-mirror.conf
$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
-# Configure the resolving server with a managed trusted key.
-keyfile_to_managed_keys $keyname > managed.conf
+# Configure the resolving server with an initializing key.
+keyfile_to_initial_keys $keyname > managed.conf
cp managed.conf ../ns2/managed.conf
cp managed.conf ../ns4/managed.conf
cp managed.conf ../ns5/managed.conf
-# Configure a trusted key statement (used by delv).
-keyfile_to_trusted_keys $keyname > trusted.conf
+# Configure a static key to be used by delv.
+keyfile_to_static_keys $keyname > trusted.conf
# Prepare an unsupported algorithm key.
unsupportedkey=Kunknown.+255+00000
rootkey=`cat ../ns1/managed.key`
cp "../ns1/${rootkey}.key" .
-# Configure the resolving server with a managed trusted key.
-keyfile_to_managed_keys $unsupportedkey $rsakey $rootkey > managed.conf
+# Configure the resolving server with an initializing key.
+keyfile_to_initial_keys $unsupportedkey $rsakey $rootkey > managed.conf
echo_i "reinitialize trust anchors, add second key to bind.keys"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} mkeys ns2
rm -f ns2/managed-keys.bind*
-keyfile_to_managed_keys ns1/$original ns1/$standby1 > ns2/managed.conf
+keyfile_to_initial_keys ns1/$original ns1/$standby1 > ns2/managed.conf
nextpart ns2/named.run > /dev/null
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} mkeys ns2
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $keyname2 > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys $keyname2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
-# Configure a trusted key statement (used by delv)
-keyfile_to_trusted_keys $ksk > ../ns5/trusted.conf
+# Configure a static key to be used by delv
+keyfile_to_static_keys $ksk > ../ns5/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $keyname > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $keyname > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys "$keyname" > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
-# ...or with a managed key.
-keyfile_to_managed_keys "$keyname" > managed.conf
+# ...or with an initializing key.
+keyfile_to_initial_keys "$keyname" > managed.conf
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
-keyfile_to_trusted_keys "$keyname" > trusted.conf
+keyfile_to_static_keys "$keyname" > trusted.conf
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $keyname2 > trusted.conf
+keyfile_to_static_keys $keyname2 > trusted.conf
zone=undelegated
infile=undelegated.db.in
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
-keyfile_to_trusted_keys $keyname2 >> trusted.conf
+keyfile_to_static_keys $keyname2 >> trusted.conf
cp trusted.conf ../ns2/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null 2>&1
-# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys "$keyname" > trusted.conf
+# Configure the resolving server with a static key.
+keyfile_to_static_keys "$keyname" > trusted.conf
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
-keyfile_to_trusted_keys $keyname2 > private.nsec.conf
+keyfile_to_static_keys $keyname2 > private.nsec.conf
zone=nsec3
infile=nsec3.db.in
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
-keyfile_to_trusted_keys $keyname2 > private.nsec3.conf
+keyfile_to_static_keys $keyname2 > private.nsec3.conf
zone=.
infile=root.db.in
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
-keyfile_to_trusted_keys $keyname2 > trusted.conf
+keyfile_to_static_keys $keyname2 > trusted.conf
projects / thirdparty / bind9.git / commitdiff
