+4753. [contrib] Software obtainable from known upstream locations
+ (i.e., zkt, nslint, query-loc) has been removed.
+ Links to these and other packages can be found at
+ https://www.isc.org/community/tools [RT #46182]
+
4752. [test] Add unit test for isc_net_pton. [RT #46171]
4751. [func] "dnssec-signzone -S" can now automatically add parent
Internationalized Domain Name processing.
- dnsperf-2.1.0.0-1/
+ - dnsperf-patches/
DNS server performance testing tools, like 'queryperf' but more
advanced: 'dnsperf' focuses on authoritative server performance
- and 'resperf' on recursive server performance.
+ and 'resperf' on recursive server performance. The patch that
+ adds support for EDNS Client Subnet can be found in dnsperf-patches
+ directory.
- - nslint-3.0a2
-
- A lint-like tool for checking DNS files
-
- - query-loc-0.4.0
-
- A tool for retrieving location information stored in the DNS
-
- - zkt-1.1.2
-
- DNSSEC Zone Key Tools, an alternate method for managing keys
- and signatures
+Formerly, there was more software included in this directory, but we
+have removed it in favour of using canonical upstream locations. You
+can find the links to the nslint, query-loc and zkt, and other software
+we find useful but do not necessarily support, at:
+ https://www.isc.org/community/tools/
+++ /dev/null
-/gnuc.h
-/nslint
-/version.c
+++ /dev/null
-@(#) $Id: CHANGES 250 2009-10-16 23:26:47Z leres $ (LBL)
-
-v3.0 Fri Oct 16 16:26:04 PDT 2009
-
-- Add IPv6 support.
-
-v2.2 Fri Mar 13 22:29:52 PDT 2009
-
-- Convert source tree to subversion
-
-v2.1 Fri Feb 15 20:45:01 PST 2008
-
-- Handle "srv" records.
-
-- Fix some ttl parsing problems.
-
-- Add "ignore" option
-
-- Hack in support for "view"
-
-- Check for duplicate "cname" records.
-
-- Upgrade to autoconf 2.61
-
-v2.0.2 Tue Mar 20 17:49:13 PST 2001
-
-- Allow missing trailing dot in certain special cases.
-
-- Include zone names when checking NS records.
-
-- Document nslint.conf network keyword.
-
-- Sort the network list so that we always pick the right network/mask
- when the overlap.
-
-v2.0.1 Tue Dec 14 11:24:31 PST 1999
-
-- Handle $ttl.
-
-- Fix some minor portability/compiler problems for OSF 4.
-
-- Correctly detect mx records that point to themselves but not a
- real "a" record.
-
-- Fix file descriptor leak in doconf(). Thanks to Paul McIlfatrick
- (paul.mcilfatrick@bt.com)
-
-v2.0 Wed Dec 9 16:48:54 PST 1998
-
-- Add support for BIND 8 named.conf file.
-
-- Support protocols in addition to tcp and udp for WKS records.
- Resulted from a bug report from Petter Reinholdtsen (pere@td.org.uit.no)
-
-- Support dotted serial numbers in SOA records. Resulted from a
- bug report from Frank Ederveen (frank@our.domaintje.com)
-
-- Ignore unknown statements and options in named.boot and named.conf
- (instead of issuing warnings).
-
-- Handle '#' and C style named.conf comments.
-
-- Handle optional "in" in named.conf zone statements. Reported by
- DJ Coster (djc@discoverbrokerage.com)
-
-- Add support for include directives in named.boot and named.conf.
-
-- Redo differing ttls check and do mx records in addition to a
- records. Change place where soa values gets zeroed so they don't
- get clobbered when we use includes.
-
-- Allow "@" abbr. for ptr, mx, cname and ns records.
-
-- Detect cname referenced by another cname or mx record.
-
-- Handle chaos records (to some minor extent).
-
-v1.7 Tue Jul 22 14:26:21 PDT 1997
-
-- Report differing ttls in A records. Check SOA records.
-
-- Detect hosts with more than one ip address on a subnet.
-
-v1.6.1 Sat Jun 7 03:12:01 PDT 1997
-
-- Fix "unknown service" printf format.
-
-- Fix off-by-one error in the ptr parsing code. Thanks to Andreas
- Lamprecht (andreas.lamprecht@siemens.at)
-
-- Fix broken $origin code.
-
-v1.6 Mon Apr 7 19:09:52 PDT 1997
-
-- Add support for classless delegation.
-
-- Fix some case sensitive bugs.
-
-- Report domain names outside the current zone.
-
-- Fixed off-by-one bug that broke single character hostnames.
-
-- Increase size of hash table.
-
-- Make tcp and udp service name tables dynamic.
-
-- Improved error message for garbage in /etc/services.
-
-v1.5.1 Thu Jul 18 21:44:44 PDT 1996
-
-- Use $CC when checking gcc version. Thanks to Carl Lindberg
- (carl_lindberg@blacksmith.com)
-
-- Raise size of hash table to 65K.
-
-v1.5 Fri Jul 12 18:58:47 PDT 1996
-
-- Detect extra octets and other garbage in PTR records.
-
-- Handle multi-line WKS records.
-
-- Allow multple WKS records (since we can have udp and tcp).
-
-- Convert to autoconf.
-
-- Declare optarg, optind and opterr extern. Thanks to Howard Moftich
- (howardm@lsil.com).
-
-- BS/DOS does not have malloc.h. Thanks to Jordan Hayes
- (jordan@thinkbank.com).
-
-- Correctly handle named.boot comments with leading whitespace.
-
-- Handle fully specified in-addr.arpa records. Resulted from a bug
- report from Joe Kelly (joe@gol.com).
-
-- Fix endian problems. Thanks to Carl Lindberg (carl_lindberg@blacksmith.com).
-
-- Fixed some mixed case problems.
-
-- Update man page to describe how nslint.boot works.
-
-v1.4 Sat Jun 3 23:38:14 PDT 1995
-
-- Allow TXT records to exist with no other records.
-
-- Full system prototypes.
-
-- Complain about extra arguments.
-
-- Detect MX record chains.
-
-- Handle single line SOA records correctly. Thanks to Edward J. O'Brien
- (ejobrie@sam.wal-mart.com)
-
-v1.3 Wed Mar 8 17:27:20 PST 1995
-
-- Add "allowdupa" record type for use with nslint.boot. This allows ip
- addresses to have multiple A records.
-
-- Fixed bug that caused dangling cname references to not be reported
- properly. Thanks to Edward J. O'Brien (ejobrie@sam.wal-mart.com).
-
-v1.2 Thu Sep 1 15:55:38 PDT 1994
-
-- Allow hostnames with a leading numeric as per rfc1123. Thanks to Bill
- Gianopoulos (wag@sccux1.msd.ray.com).
-
-- Remove (undocumented) -u flag and allow uppercase.
-
-- Support TXT records. Thanks to Paul Pomes (paul@uxc.cso.uiuc.edu).
-
-- Support RP records.
-
-- Ignore new bind keywords.
-
-- Fix bug where we could exit with a zero status even though errors had
- been detected
-
-- Complain about hosts that have smtp/tcp WKS entries but no MX records.
-
-- Add -B flag to handle PTR records that point outside the domains
- listed in named.boot.
-
-v1.1 Sun May 22 20:43:03 PDT 1994
-
-- Allow ns records with no a records (the preferred way to go).
-
-- Fix typos in the sawstr array.
-
-- Use string.h instead of strings.h and add rindex(), index() and
- bzero() macros for SYSV compatibility. Thanks to Bill King
- (wrk@cle.ab.com).
-
-- Handle $origin directives. Thanks to Bill Gianopoulos
- (wag@sccux1.msd.ray.com).
-
-- Fix add_domain() to work for the root. Thanks to Bill Gianopoulos.
-
-- Handle quotes in hinfo records. Thanks to Bill Gianopoulos.
-
-- Fix endian problems in parseinaddr() and parseptr().
-
-- Check non in-addr.arpa names for cname conflicts.
-
-v1.0 Thu Apr 21 11:02:59 PDT 1994
-
-- Initial release.
+++ /dev/null
-CHANGES
-FILES
-INSTALL
-Makefile.in
-README
-VERSION
-aclocal.m4
-config.guess
-config.sub
-configure
-configure.in
-install-sh
-lbl/gnuc.h
-mkdep
-nslint.8
-nslint.c
-savestr.c
-savestr.h
-strerror.c
-version.h
+++ /dev/null
-@(#) $Id: INSTALL 238 2009-03-14 05:43:37Z leres $ (LBL)
-
-You will need an ANSI C compiler to build nslint. The configure
-script will abort if your compiler is not ANSI compliant. If this
-happens, use the GNU C compiler, available via anonymous ftp:
-
- ftp://prep.ai.mit.edu/pub/gnu/gcc.tar.gz
-
-If necessary, edit the BINDEST and MANDEST paths in Makefile.in
-and run ./configure (a shell script). "configure" will determine
-your system attributes and generate an appropriate Makefile from
-Makefile.in. Now build nslint by running "make".
-
-If everything builds ok, su and type "make install" (and optionally
-"make install-man). This will install nslint and its manual entry.
-
-If your system is not one which we have tested nslint on, you may
-have to modify the configure script and Makefile.in. Please send
-us patches for any modifications you need to make.
-
-FILES
------
-CHANGES - description of differences between releases
-FILES - list of files exported as part of the distribution
-INSTALL - this file
-Makefile.in - compilation rules (input to the configure script)
-README - description of distribution
-VERSION - version of this release
-aclocal.m4 - autoconf macros
-config.guess - autoconf support
-config.sub - autoconf support
-configure - configure script (run this first)
-configure.in - configure script source
-install-sh - BSD style install script
-lbl/gnuc.h - gcc macros and defines
-mkdep - construct Makefile dependency list
-nslint.8 - manual entry
-nslint.c - main program
-savestr.c - strdup() replacement
-savestr.h - savestr prototypes
-strerror.c - missing routine
-version.h - prototypes, defines and struct definitions
+++ /dev/null
-# Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 2000, 2008, 2009
-# The Regents of the University of California. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that: (1) source code distributions
-# retain the above copyright notice and this paragraph in its entirety, (2)
-# distributions including binary code include the above copyright notice and
-# this paragraph in its entirety in the documentation or other materials
-# provided with the distribution, and (3) all advertising materials mentioning
-# features or use of this software display the following acknowledgement:
-# ``This product includes software developed by the University of California,
-# Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
-# the University nor the names of its contributors may be used to endorse
-# or promote products derived from this software without specific prior
-# written permission.
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-#
-# @(#) $Id: Makefile.in 242 2009-10-14 08:30:03Z leres $ (LBL)
-
-#
-# Various configurable paths (remember to edit Makefile.in, not Makefile)
-#
-
-# Top level hierarchy
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-# Pathname of directory to install the binary
-BINDEST = @bindir@
-# Pathname of directory to install the man page
-MANDEST = @prefix@/man
-# The root of the directory tree for read-only
-datarootdir = @datarootdir@
-
-# VPATH
-srcdir = @srcdir@
-VPATH = @srcdir@
-
-#
-# You shouldn't need to edit anything below here.
-#
-
-PROG = nslint
-CC = @CC@
-CCOPT = @V_CCOPT@
-INCLS = @V_INCLS@
-DEFS = @DEFS@
-
-# Standard CFLAGS
-CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
-
-# Standard LDFLAGS
-LDFLAGS = @LDFLAGS@
-
-# Standard LIBS
-LIBS = @LIBS@
-
-INSTALL = @INSTALL@
-
-# Explicitly define compilation rule since SunOS 4's make doesn't like gcc.
-# Also, gcc does not remove the .o before forking 'as', which can be a
-# problem if you don't own the file but can write to the directory.
-.c.o:
- @rm -f $@
- $(CC) $(CFLAGS) -c $(srcdir)/$*.c
-
-CSRC = nslint.c savestr.c
-GENSRC = version.c
-
-SRC = $(CSRC) $(GENSRC)
-
-# We would like to say "OBJS = $(SRC:.c=.o)" but Ultrix's make cannot
-# hack the extra indirection
-OBJS = $(CSRC:.c=.o) $(GENSRC:.c=.o) @LIBOBJS@
-
-TAGHDR = \
- /usr/include/sys/types.h \
- /usr/include/netinet/in.h
-
-TAGFILES = $(SRC) $(TAGHDR)
-
-CLEANFILES = $(PROG) $(OBJS) $(GENSRC) purify $(OBJS:.o=_pure_*.o)
-
-$(PROG): $(OBJS)
- @rm -f $@
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
-
-purify: $(OBJS)
- @rm -f $@
- purify $(CC) $(CFLAGS) $(LDFLAGS) -static -o purify $(OBJS) $(LIBS)
-
-version.o: version.c
-version.c: $(srcdir)/VERSION
- @rm -f $@
- sed -e 's/.*/char version[] = "&";/' $(srcdir)/VERSION > $@
-
-install: force
- $(INSTALL) -m 555 -o bin -g bin $(PROG) $(DESTDIR)$(BINDEST)/$(PROG)
- @diff $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8 >/dev/null 2>&1 || \
- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).8 $(DESTDIR)$(MANDEST)/man8/
-
-clean: force
- rm -f $(CLEANFILES)
-
-distclean: force
- rm -rf $(CLEANFILES) Makefile config.cache config.log config.status \
- gnuc.h os-proto.h autom4te.cache
-
-tags: $(TAGFILES)
- ctags -wtd $(TAGFILES)
-
-tar: force
- @cwd=`pwd` ; name=$(PROG)-`cat VERSION` ; \
- list="" ; tar="tar chf" ; temp="$$name.tar.gz" ; \
- for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \
- echo \
- "rm -f $$name; ln -s . $$name" ; \
- rm -f $$name; ln -s . $$name ; \
- echo \
- "$$tar - [lots of files] | gzip > $$temp" ; \
- $$tar - $$list | gzip > $$temp ; \
- echo \
- "rm -f $$name" ; \
- rm -f $$name
-
-sign:
- @name=${PROG}-`cat VERSION`.tar.gz; \
- set -x; \
- rm -f $${name}.asc; \
- gpg --armor --detach-sign $${name}
-
-force: /tmp
-depend: $(GENSRC) force
- ./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC)
+++ /dev/null
-@(#) $Id: README 237 2009-03-14 05:38:15Z leres $ (LBL)
-
-NSLINT 2.0
-Lawrence Berkeley National Laboratory
-Network Research Group
-nslint@ee.lbl.gov
-ftp://ftp.ee.lbl.gov/nslint.tar.gz
-
-This directory contains source code for nslint, a lint program for dns
-files.
-
-Please send bugs and comments to nslint@ee.lbl.gov.
-
- - Craig Leres
+++ /dev/null
-dnl @(#) $Id: aclocal.m4 616 2009-10-10 00:08:08Z leres $ (LBL)
-dnl
-dnl Copyright (c) 2008, 2009
-dnl The Regents of the University of California. All rights reserved.
-dnl
-dnl Redistribution and use in source and binary forms, with or without
-dnl modification, are permitted provided that: (1) source code distributions
-dnl retain the above copyright notice and this paragraph in its entirety, (2)
-dnl distributions including binary code include the above copyright notice and
-dnl this paragraph in its entirety in the documentation or other materials
-dnl provided with the distribution, and (3) all advertising materials mentioning
-dnl features or use of this software display the following acknowledgement:
-dnl ``This product includes software developed by the University of California,
-dnl Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
-dnl the University nor the names of its contributors may be used to endorse
-dnl or promote products derived from this software without specific prior
-dnl written permission.
-dnl THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-dnl WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-dnl
-dnl LBL autoconf macros
-dnl
-
-dnl
-dnl Determine which compiler we're using (cc or gcc)
-dnl If using gcc, determine the version number
-dnl If using cc, require that it support ansi prototypes
-dnl If using gcc, use -O3 (otherwise use -O)
-dnl If using cc, explicitly specify /usr/local/include
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_C_INIT(copt, incls)
-dnl
-dnl results:
-dnl
-dnl $1 (copt set)
-dnl $2 (incls set)
-dnl CC
-dnl LDFLAGS set
-dnl
-AC_DEFUN(AC_LBL_C_INIT,
- [AC_PREREQ(2.12)
- AC_ARG_ENABLE([optimization],
- [AS_HELP_STRING([--disable-optimization],
- [turn off gcc optimization])],
- ac_cv_without_optimization=${withval})
- AC_BEFORE([$0], [AC_PROG_CC])
- AC_BEFORE([$0], [AC_LBL_FIXINCLUDES])
- AC_BEFORE([$0], [AC_LBL_DEVEL])
- AC_ARG_WITH(gcc, [ --without-gcc don't use gcc])
- AC_USE_SYSTEM_EXTENSIONS
- $1=""
- if test "${ac_cv_without_optimization+set}" != set; then
- $1="-O"
- fi
- $2=""
- if test "${srcdir}" != "." ; then
- $2="-I\$\(srcdir\)"
- fi
- if test -z "$CC" ; then
- case "$target_os" in
-
- bsdi*)
- AC_CHECK_PROG(SHLICC2, shlicc2, yes, no)
- if test $SHLICC2 = yes ; then
- CC=shlicc2
- export CC
- fi
- ;;
- esac
- fi
- if test -z "$CC" -a "$with_gcc" = no ; then
- CC=cc
- export CC
- fi
- AC_PROG_CC
- AC_SYS_LARGEFILE
- if test "$GCC" != yes ; then
- AC_MSG_CHECKING(that $CC handles ansi prototypes)
- AC_CACHE_VAL(ac_cv_lbl_cc_ansi_prototypes,
- AC_TRY_COMPILE(
- [#include <sys/types.h>],
- [int frob(int, char *)],
- ac_cv_lbl_cc_ansi_prototypes=yes,
- ac_cv_lbl_cc_ansi_prototypes=no))
- AC_MSG_RESULT($ac_cv_lbl_cc_ansi_prototypes)
- if test $ac_cv_lbl_cc_ansi_prototypes = no ; then
- case "$target_os" in
-
- hpux*)
- AC_MSG_CHECKING(for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE))
- savedcflags="$CFLAGS"
- CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS"
- AC_CACHE_VAL(ac_cv_lbl_cc_hpux_cc_aa,
- AC_TRY_COMPILE(
- [#include <sys/types.h>],
- [int frob(int, char *)],
- ac_cv_lbl_cc_hpux_cc_aa=yes,
- ac_cv_lbl_cc_hpux_cc_aa=no))
- AC_MSG_RESULT($ac_cv_lbl_cc_hpux_cc_aa)
- if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then
- AC_MSG_ERROR(see the INSTALL doc for more info)
- fi
- CFLAGS="$savedcflags"
- $1="-Aa $$1"
- AC_DEFINE(_HPUX_SOURCE,,[HP-UX ansi compiler])
- ;;
-
- *)
- AC_MSG_ERROR(see the INSTALL doc for more info)
- ;;
- esac
- fi
- $2="$$2 -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
-
- case "$target_os" in
-
- irix*)
- $1="$$1 -xansi -signed -g3"
- ;;
-
- osf*)
- $1="$$1 -std1 -g3"
- ;;
-
- ultrix*)
- AC_MSG_CHECKING(that Ultrix $CC hacks const in prototypes)
- AC_CACHE_VAL(ac_cv_lbl_cc_const_proto,
- AC_TRY_COMPILE(
- [#include <sys/types.h>],
- [struct a { int b; };
- void c(const struct a *)],
- ac_cv_lbl_cc_const_proto=yes,
- ac_cv_lbl_cc_const_proto=no))
- AC_MSG_RESULT($ac_cv_lbl_cc_const_proto)
- if test $ac_cv_lbl_cc_const_proto = no ; then
- AC_DEFINE(const,,[ultrix can't hack const])
- fi
- ;;
- esac
- fi
-])
-
-AC_LBL_ENABLE_CHECK(brov6 activemapping expire-dfa-states)
-dnl
-dnl This allows us to check for bogus configure enable/disable
-dnl command line options
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_ENABLE_CHECK(opt ...)
-dnl
-AC_DEFUN(AC_LBL_ENABLE_CHECK,
- [set |
- sed -n -e 's/^enable_\([[^=]]*\)=[[^=]]*$/\1/p' |
- while read var; do
- ok=0
- for o in $1; do
- if test "${o}" = "${var}" ; then
- ok=1
- break
- fi
- done
- if test ${ok} -eq 0 ; then
- # It's hard to kill configure script from subshell!
- AC_MSG_ERROR(unknown enable option: ${var})
- exit 1
- fi
- done
- if test $? -ne 0 ; then
- exit 1
- fi])
-
-dnl
-dnl Use pfopen.c if available and pfopen() not in standard libraries
-dnl Require libpcap
-dnl Look for libpcap in ..
-dnl Use the installed libpcap if there is no local version
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_LIBPCAP(pcapdep, incls)
-dnl
-dnl results:
-dnl
-dnl $1 (pcapdep set)
-dnl $2 (incls appended)
-dnl LIBS
-dnl LDFLAGS
-dnl LBL_LIBS
-dnl
-AC_DEFUN(AC_LBL_LIBPCAP,
- [AC_REQUIRE([AC_LBL_LIBRARY_NET])
- dnl
- dnl save a copy before locating libpcap.a
- dnl
- LBL_LIBS="$LIBS"
- pfopen=/usr/examples/packetfilter/pfopen.c
- if test -f $pfopen ; then
- AC_CHECK_FUNCS(pfopen)
- if test $ac_cv_func_pfopen = "no" ; then
- AC_MSG_RESULT(Using $pfopen)
- LIBS="$LIBS $pfopen"
- fi
- fi
- AC_MSG_CHECKING(for local pcap library)
- libpcap=FAIL
- lastdir=FAIL
- places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
- egrep '/libpcap-[[0-9]]*\.[[0-9]]*(\.[[0-9]]*)?([[ab]][[0-9]]*)?$'`
- for dir in $places ../libpcap libpcap ; do
- basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//'`
- if test $lastdir = $basedir ; then
- dnl skip alphas when an actual release is present
- continue;
- fi
- lastdir=$dir
- if test -r $dir/pcap.c ; then
- libpcap=$dir/libpcap.a
- d=$dir
- dnl continue and select the last one that exists
- fi
- done
- if test "x$libpcap" = xFAIL ; then
- AC_MSG_RESULT(not found)
- AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap")
- unset ac_cv_lib_pcap_pcap_open_live
- if test "x$libpcap" = xFAIL ; then
- CFLAGS="$CFLAGS -I/usr/local/include"
- LIBS="$LIBS -L/usr/local/lib"
- AC_CHECK_LIB(pcap, pcap_open_live, libpcap="-lpcap")
- unset ac_cv_lib_pcap_pcap_open_live
- if test "x$libpcap" = xFAIL ; then
- AC_MSG_ERROR(see the INSTALL doc for more info)
- fi
- $2="$$2 -I/usr/local/include"
- fi
- LIBS="$LIBS -lpcap"
- else
- $1=$libpcap
- $2="-I$d $$2"
- AC_MSG_RESULT($libpcap)
- fi
- if test "x$libpcap" != "x-lpcap" ; then
- LIBS="$libpcap $LIBS"
- fi
- case "$target_os" in
-
- aix*)
- pseexe="/lib/pse.exp"
- AC_MSG_CHECKING(for $pseexe)
- if test -f $pseexe ; then
- AC_MSG_RESULT(yes)
- LIBS="$LIBS -I:$pseexe"
- fi
- ;;
- esac])
-
-dnl
-dnl Define RETSIGTYPE and RETSIGVAL
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_TYPE_SIGNAL
-dnl
-dnl results:
-dnl
-dnl RETSIGTYPE (defined)
-dnl RETSIGVAL (defined)
-dnl
-AC_DEFUN(AC_LBL_TYPE_SIGNAL,
- [AC_BEFORE([$0], [AC_LBL_LIBPCAP])
- AC_TYPE_SIGNAL
- if test "$ac_cv_type_signal" = void ; then
- AC_DEFINE(RETSIGVAL,,[signal function return value])
- else
- AC_DEFINE(RETSIGVAL,(0))
- fi
- case "$target_os" in
-
- irix*)
- AC_DEFINE(_BSD_SIGNALS,,[irix's BSD style signals])
- ;;
-
- *)
- dnl prefer sigset() to sigaction()
- AC_CHECK_FUNCS(sigset)
- if test $ac_cv_func_sigset = yes ; then
- AC_DEFINE(signal,sigset,[use sigset() instead of signal()])
- else
- AC_CHECK_FUNCS(sigaction)
- fi
- ;;
- esac])
-
-dnl
-dnl If using gcc, make sure we have ANSI ioctl definitions
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_FIXINCLUDES
-dnl
-AC_DEFUN(AC_LBL_FIXINCLUDES,
- [if test "$GCC" = yes ; then
- AC_MSG_CHECKING(for ANSI ioctl definitions)
- AC_CACHE_VAL(ac_cv_lbl_gcc_fixincludes,
- AC_TRY_COMPILE(
- [/*
- * This generates a "duplicate case value" when fixincludes
- * has not be run.
- */
-# include <sys/types.h>
-# include <sys/time.h>
-# include <sys/ioctl.h>
-# ifdef HAVE_SYS_IOCCOM_H
-# include <sys/ioccom.h>
-# endif],
- [switch (0) {
- case _IO('A', 1):;
- case _IO('B', 1):;
- }],
- ac_cv_lbl_gcc_fixincludes=yes,
- ac_cv_lbl_gcc_fixincludes=no))
- AC_MSG_RESULT($ac_cv_lbl_gcc_fixincludes)
- if test $ac_cv_lbl_gcc_fixincludes = no ; then
- # Don't cache failure
- unset ac_cv_lbl_gcc_fixincludes
- AC_MSG_ERROR(see the INSTALL for more info)
- fi
- fi])
-
-dnl
-dnl Check for flex, default to lex
-dnl Require flex 2.4 or higher
-dnl Check for bison, default to yacc
-dnl Default to lex/yacc if both flex and bison are not available
-dnl Define the yy prefix string if using flex and bison
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_LEX_AND_YACC(lex, yacc, yyprefix)
-dnl
-dnl results:
-dnl
-dnl $1 (lex set)
-dnl $2 (yacc appended)
-dnl $3 (optional flex and bison -P prefix)
-dnl
-AC_DEFUN(AC_LBL_LEX_AND_YACC,
- [AC_ARG_WITH(flex, [ --without-flex don't use flex])
- AC_ARG_WITH(bison, [ --without-bison don't use bison])
- if test "$with_flex" = no ; then
- $1=lex
- else
- AC_CHECK_PROGS($1, flex, lex)
- fi
- if test "$$1" = flex ; then
- # The -V flag was added in 2.4
- AC_MSG_CHECKING(for flex 2.4 or higher)
- AC_CACHE_VAL(ac_cv_lbl_flex_v24,
- if flex -V >/dev/null 2>&1; then
- ac_cv_lbl_flex_v24=yes
- else
- ac_cv_lbl_flex_v24=no
- fi)
- AC_MSG_RESULT($ac_cv_lbl_flex_v24)
- if test $ac_cv_lbl_flex_v24 = no ; then
- s="2.4 or higher required"
- AC_MSG_WARN(ignoring obsolete flex executable ($s))
- $1=lex
- fi
- fi
- if test "$with_bison" = no ; then
- $2=yacc
- else
- AC_CHECK_PROGS($2, bison, yacc)
- fi
- if test "$$2" = bison ; then
- $2="$$2 -y"
- fi
- if test "$$1" != lex -a "$$2" = yacc -o "$$1" = lex -a "$$2" != yacc ; then
- AC_MSG_WARN(don't have both flex and bison; reverting to lex/yacc)
- $1=lex
- $2=yacc
- fi
- if test "$$1" = flex -a -n "$3" ; then
- $1="$$1 -P$3"
- $2="$$2 -p $3"
- fi])
-
-dnl
-dnl Checks to see if union wait is used with WEXITSTATUS()
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_UNION_WAIT
-dnl
-dnl results:
-dnl
-dnl DECLWAITSTATUS (defined)
-dnl
-AC_DEFUN(AC_LBL_UNION_WAIT,
- [AC_MSG_CHECKING(if union wait is used)
- AC_CACHE_VAL(ac_cv_lbl_union_wait,
- AC_TRY_COMPILE([
-# include <sys/types.h>
-# include <sys/wait.h>],
- [int status;
- u_int i = WEXITSTATUS(status);
- u_int j = waitpid(0, &status, 0);],
- ac_cv_lbl_union_wait=no,
- ac_cv_lbl_union_wait=yes))
- AC_MSG_RESULT($ac_cv_lbl_union_wait)
- if test $ac_cv_lbl_union_wait = yes ; then
- AC_DEFINE(DECLWAITSTATUS,union wait)
- else
- AC_DEFINE(DECLWAITSTATUS,int)
- fi])
-
-dnl
-dnl Checks to see if the sockaddr struct has the 4.4 BSD sa_len member
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_SOCKADDR_SA_LEN
-dnl
-dnl results:
-dnl
-dnl HAVE_SOCKADDR_SA_LEN (defined)
-dnl
-AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
- [AC_CHECK_MEMBERS(struct sockaddr.sa_len,,,[
-# include <sys/types.h>
-# include <sys/socket.h>])])
-
-dnl
-dnl Makes sure socklen_t is defined
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_SOCKLEN_T
-dnl
-dnl results:
-dnl
-dnl socklen_t (defined if missing)
-dnl
-AC_DEFUN(AC_LBL_SOCKLEN_T,
- [AC_MSG_CHECKING(for socklen_t in sys/socket.h using $CC)
- AC_CACHE_VAL(ac_cv_lbl_socklen_t,
- AC_TRY_COMPILE([
-# include "confdefs.h"
-# include <sys/types.h>
-# include <sys/socket.h>
-# if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-# endif],
- [socklen_t i],
- ac_cv_lbl_socklen_t=yes,
- ac_cv_lbl_socklen_t=no))
- AC_MSG_RESULT($ac_cv_lbl_socklen_t)
- if test $ac_cv_lbl_socklen_t = no ; then
- AC_DEFINE(socklen_t, int, [Define socklen_t if missing])
- fi])
-
-dnl
-dnl Checks to see if the IFF_LOOPBACK exists as a define or enum
-dnl
-dnl (stupidly some versions of linux use an enum...)
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_IFF_LOOPBACK
-dnl
-dnl results:
-dnl
-dnl HAVE_IFF_LOOPBACK (defined)
-dnl
-AC_DEFUN(AC_LBL_IFF_LOOPBACK,
- [AC_MSG_CHECKING(for IFF_LOOPBACK define/enum)
- AC_CACHE_VAL(ac_cv_lbl_have_iff_loopback,
- AC_TRY_COMPILE([
-# include <sys/param.h>
-# include <sys/file.h>
-# include <sys/ioctl.h>
-# include <sys/socket.h>
-# ifdef HAVE_SYS_SOCKIO_H
-# include <sys/sockio.h>
-# endif
-# include <sys/time.h>
-# include <net/if.h>
-# include <netinet/in.h>],
- [int i = IFF_LOOPBACK],
- ac_cv_lbl_have_iff_loopback=yes,
- ac_cv_lbl_have_iff_loopback=no))
- AC_MSG_RESULT($ac_cv_lbl_have_iff_loopback)
- if test $ac_cv_lbl_have_iff_loopback = yes ; then
- AC_DEFINE(HAVE_IFF_LOOPBACK,, [Have IFF_LOOPBACK define/enum])
- fi])
-
-dnl
-dnl Due to the stupid way it's implemented, AC_CHECK_TYPE is nearly useless.
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_CHECK_TYPE
-dnl
-dnl results:
-dnl
-dnl int32_t (defined)
-dnl u_int32_t (defined)
-dnl
-AC_DEFUN(AC_LBL_CHECK_TYPE,
- [AC_MSG_CHECKING(for $1 using $CC)
- AC_CACHE_VAL(ac_cv_lbl_have_$1,
- AC_TRY_COMPILE([
-# include "confdefs.h"
-# include <sys/types.h>
-# if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-# endif],
- [$1 i],
- ac_cv_lbl_have_$1=yes,
- ac_cv_lbl_have_$1=no))
- AC_MSG_RESULT($ac_cv_lbl_have_$1)
- if test $ac_cv_lbl_have_$1 = no ; then
- AC_DEFINE($1, $2, Define $1)
- fi])
-
-dnl
-dnl Checks to see if unaligned memory accesses fail
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_UNALIGNED_ACCESS
-dnl
-dnl results:
-dnl
-dnl LBL_ALIGN (DEFINED)
-dnl
-AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
- [AC_MSG_CHECKING(if unaligned accesses fail)
- AC_CACHE_VAL(ac_cv_lbl_unaligned_fail,
- [case "$target_cpu" in
-
- alpha|hp*|mips|sparc)
- ac_cv_lbl_unaligned_fail=yes
- ;;
-
- *)
- cat >conftest.c <<EOF
-# include <sys/types.h>
-# include <sys/wait.h>
-# include <stdio.h>
- unsigned char a[[5]] = { 1, 2, 3, 4, 5 };
- main() {
- unsigned int i;
- pid_t pid;
- int status;
- /* avoid "core dumped" message */
- pid = fork();
- if (pid < 0)
- exit(2);
- if (pid > 0) {
- /* parent */
- pid = waitpid(pid, &status, 0);
- if (pid < 0)
- exit(3);
- exit(!WIFEXITED(status));
- }
- /* child */
- i = *(unsigned int *)&a[[1]];
- printf("%d\n", i);
- exit(0);
- }
-EOF
- ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \
- conftest.c $LIBS >/dev/null 2>&1
- if test ! -x conftest ; then
- dnl failed to compile for some reason
- ac_cv_lbl_unaligned_fail=yes
- else
- ./conftest >conftest.out
- if test ! -s conftest.out ; then
- ac_cv_lbl_unaligned_fail=yes
- else
- ac_cv_lbl_unaligned_fail=no
- fi
- fi
- rm -f conftest* core core.conftest
- ;;
- esac])
- AC_MSG_RESULT($ac_cv_lbl_unaligned_fail)
- if test $ac_cv_lbl_unaligned_fail = yes ; then
- AC_DEFINE(LBL_ALIGN)
- fi])
-
-dnl
-dnl add all warning option to CFLAGS
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_CHECK_WALL(copt)
-dnl
-dnl results:
-dnl
-dnl $1 (copt appended)
-dnl ac_cv_lbl_gcc_vers
-dnl
-AC_DEFUN(AC_LBL_CHECK_WALL,
- [ if test "$GCC" = yes ; then
- if test "$SHLICC2" = yes ; then
- ac_cv_lbl_gcc_vers=2
- $1="`echo $$1 | sed -e 's/-O/-O3/'`"
- else
- AC_MSG_CHECKING(gcc version)
- AC_CACHE_VAL(ac_cv_lbl_gcc_vers,
- # Gag, the gcc folks keep changing the output...
- # try to grab N.N.N
- ac_cv_lbl_gcc_vers=`$CC --version 2>&1 |
- sed -e '1!d' -e 's/[[[^0-9]]]*\([[[0-9]]][[[0-9]]]*\)\.[[[0-9\]]][[[0-9]]]*\.[[[0-9]]][[[0-9]]]*.*/\1/'`)
- AC_MSG_RESULT($ac_cv_lbl_gcc_vers)
- if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then
- $1="`echo $$1 | sed -e 's/-O/-O3/'`"
- fi
- fi
- if test "$ac_cv_prog_cc_g" = yes ; then
- $1="-g $$1"
- fi
- $1="$$1 -Wall"
- if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then
- $1="$$1 -Wmissing-prototypes -Wstrict-prototypes"
- if [[ "`uname -s`" = "FreeBSD" ]]; then
- $1="$$1 -Werror"
- fi
- fi
- else
- case "$target_os" in
-
- irix6*)
- $1="$$1 -fullwarn -n32"
- ;;
-
- *)
- ;;
- esac
- fi])
-
-dnl
-dnl If using gcc and the file .devel exists:
-dnl Compile with -g (if supported) and -Wall
-dnl If using gcc 2, do extra prototype checking
-dnl If an os prototype include exists, symlink os-proto.h to it
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_DEVEL(copt)
-dnl
-dnl results:
-dnl
-dnl $1 (copt appended)
-dnl HAVE_OS_PROTO_H (defined)
-dnl os-proto.h (symlinked)
-dnl
-AC_DEFUN(AC_LBL_DEVEL,[
- AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH])
- rm -f os-proto.h
- if test -f .devel ; then
- AC_LBL_CHECK_WALL($1)
- os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'`
- name="lbl/os-$os.h"
- if test -f $name ; then
- ln -s $name os-proto.h
- AC_DEFINE(HAVE_OS_PROTO_H,,[have os-proto.h])
- else
- AC_MSG_WARN(can't find $name)
- fi
- fi])
-
-dnl
-dnl Improved version of AC_CHECK_LIB
-dnl
-dnl Thanks to John Hawkinson (jhawk@mit.edu)
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_CHECK_LIB(LIBRARY, FUNCTION [, ACTION-IF-FOUND [,
-dnl ACTION-IF-NOT-FOUND [, OTHER-LIBRARIES]]])
-dnl
-dnl results:
-dnl
-dnl LIBS
-dnl
-
-define(AC_LBL_CHECK_LIB,
-[AC_MSG_CHECKING([for $2 in -l$1])
-dnl Use a cache variable name containing both the library and function name,
-dnl because the test really is for library $1 defining function $2, not
-dnl just for library $1. Separate tests with the same $1 and different $2's
-dnl may have different results.
-ac_lib_var=`echo $1['_']$2['_']$5 | sed 'y%./+- %__p__%'`
-AC_CACHE_VAL(ac_cv_lbl_lib_$ac_lib_var,
-[ac_save_LIBS="$LIBS"
-LIBS="-l$1 $5 $LIBS"
-AC_TRY_LINK(dnl
-ifelse([$2], [main], , dnl Avoid conflicting decl of main.
-[/* Override any gcc2 internal prototype to avoid an error. */
-]ifelse(AC_LANG, CPLUSPLUS, [#ifdef __cplusplus
-extern "C"
-#endif
-])dnl
-[/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $2();
-]),
- [$2()],
- eval "ac_cv_lbl_lib_$ac_lib_var=yes",
- eval "ac_cv_lbl_lib_$ac_lib_var=no")
-LIBS="$ac_save_LIBS"
-])dnl
-if eval "test \"`echo '$ac_cv_lbl_lib_'$ac_lib_var`\" = yes"; then
- AC_MSG_RESULT(yes)
- ifelse([$3], ,
-[changequote(, )dnl
- ac_tr_lib=HAVE_LIB`echo $1 | sed -e 's/[^a-zA-Z0-9_]/_/g' \
- -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
-changequote([, ])dnl
- AC_DEFINE_UNQUOTED($ac_tr_lib)
- LIBS="-l$1 $LIBS"
-], [$3])
-else
- AC_MSG_RESULT(no)
-ifelse([$4], , , [$4
-])dnl
-fi
-])
-
-dnl
-dnl AC_LBL_LIBRARY_NET
-dnl
-dnl This test is for network applications that need socket() and
-dnl gethostbyname() -ish functions. Under Solaris, those applications
-dnl need to link with "-lsocket -lnsl". Under IRIX, they need to link
-dnl with "-lnsl" but should *not* link with "-lsocket" because
-dnl libsocket.a breaks a number of things (for instance:
-dnl gethostbyname() under IRIX 5.2, and snoop sockets under most
-dnl versions of IRIX).
-dnl
-dnl Unfortunately, many application developers are not aware of this,
-dnl and mistakenly write tests that cause -lsocket to be used under
-dnl IRIX. It is also easy to write tests that cause -lnsl to be used
-dnl under operating systems where neither are necessary (or useful),
-dnl such as SunOS 4.1.4, which uses -lnsl for TLI.
-dnl
-dnl This test exists so that every application developer does not test
-dnl this in a different, and subtly broken fashion.
-
-dnl It has been argued that this test should be broken up into two
-dnl seperate tests, one for the resolver libraries, and one for the
-dnl libraries necessary for using Sockets API. Unfortunately, the two
-dnl are carefully intertwined and allowing the autoconf user to use
-dnl them independantly potentially results in unfortunate ordering
-dnl dependancies -- as such, such component macros would have to
-dnl carefully use indirection and be aware if the other components were
-dnl executed. Since other autoconf macros do not go to this trouble,
-dnl and almost no applications use sockets without the resolver, this
-dnl complexity has not been implemented.
-dnl
-dnl The check for libresolv is in case you are attempting to link
-dnl statically and happen to have a libresolv.a lying around (and no
-dnl libnsl.a).
-dnl
-AC_DEFUN(AC_LBL_LIBRARY_NET, [
- # Most operating systems have gethostbyname() in the default searched
- # libraries (i.e. libc):
- AC_CHECK_FUNC(gethostbyname, ,
- # Some OSes (eg. Solaris) place it in libnsl:
- AC_CHECK_LIB(nsl, gethostbyname, ,
- # Some strange OSes (SINIX) have it in libsocket:
- AC_CHECK_LIB(socket, gethostbyname, ,
- # Unfortunately libsocket sometimes depends on libnsl.
- # AC_CHECK_LIB's API is essentially broken so the
- # following ugliness is necessary:
- AC_CHECK_LIB(socket, gethostbyname,
- LIBS="-lsocket -lnsl $LIBS",
- AC_CHECK_LIB(resolv, gethostbyname),
- -lnsl))))
- AC_CHECK_FUNC(socket, , AC_CHECK_LIB(socket, socket, ,
- AC_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", ,
- -lnsl)))
- # DLPI needs putmsg under HPUX so test for -lstr while we're at it
- AC_CHECK_LIB(str, putmsg)
- ])
-
-dnl
-dnl AC_LBL_RUN_PATH
-dnl
-dnl Extracts -L directories from LIBS; if any are found they are
-dnl converted to a LD_RUN_PATH and put in V_ENVIRONMENT
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_RUN_PATH
-dnl
-dnl results:
-dnl
-dnl V_ENVIRONMENT
-dnl
-AC_DEFUN(AC_LBL_LD_RUN_PATH, [
- AC_MSG_CHECKING(LD_RUN_PATH)
- AC_SUBST(V_ENVIRONMENT)
- dnl
- dnl Split out -L directories
- dnl
- ldirs=""
- for x in ${LIBS}; do
- case x${x} in
-
- x-L*)
- ldirs="${ldirs} ${x}"
- ;;
-
- *)
- ;;
- esac
- done
-
- dnl
- dnl Build LD_RUN_PATH
- dnl
- if test -n "${ldirs}"; then
- V_ENVIRONMENT="LD_RUN_PATH=\"`echo \"${ldirs}\" | sed -e 's,-L,,g' -e 's,^ *,,' -e 's, ,:,g'`\""
- AC_MSG_RESULT(${V_ENVIRONMENT})
- else
- AC_MSG_RESULT(empty)
- fi])
-
-dnl
-dnl AC_LBL_BROCCOLI
-dnl
-dnl Include Broccoli support
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_BROCCOLI(copt, incls, [min-vers])
-dnl
-dnl results:
-dnl
-dnl $1 (copt variable appended)
-dnl $2 (incls variable appended)
-dnl $3 minimum version (optional)
-dnl
-AC_DEFUN(AC_LBL_BROCCOLI, [
- AC_BEFORE([$0], [AC_LBL_LD_RUN_PATH])
- dnl
- dnl configure flags
- dnl
- AC_ARG_WITH([broccoli],
- [AS_HELP_STRING([--without-broccoli],
- [disable Broccoli support @<:@default=check@:>@])],
- ac_cv_with_broccoli=${withval})
- dnl
- dnl Network application libraries
- dnl
- AC_LBL_LIBRARY_NET
-
- AC_MSG_CHECKING(for broccoli)
- if test "${ac_cv_with_broccoli}" = "" -o \
- "${ac_cv_with_broccoli}" = yes ; then
- cflags=""
- libs=""
- dnl
- dnl Our entire path
- dnl
- dirs="`echo ${PATH} | sed -e 's/:/ /g'`"
- dnl
- dnl Add in default Bro install bin directory
- dnl
- dirs="${dirs} /usr/local/bro/bin"
- for d in ${dirs}; do
- if test -x ${d}/broccoli-config ; then
- broccoli_config_path="${d}/broccoli-config"
- cflags="`${broccoli_config_path} --cflags`"
- libs="`${broccoli_config_path} --libs`"
- break
- fi
- done
- if test -n "${cflags}" ; then
- ac_cv_have_broccoli=yes
- else
- ac_cv_have_broccoli=no
- fi
- AC_MSG_RESULT($ac_cv_have_broccoli)
- if test "${ac_cv_with_broccoli}" = yes -a \
- ${ac_cv_have_broccoli} = "no" ; then
- AC_MSG_ERROR(Broccoli explicitly enabled but not supported)
- fi
- else
- AC_MSG_RESULT([disabled])
- fi
-
- dnl
- dnl Optionally check for minimum Broccoli version
- dnl
- if test "$ac_cv_have_broccoli" = yes -a -n "$3"; then
- AC_MSG_CHECKING(Broccoli >= $3)
- BROCCOLI_VERSION="`${broccoli_config_path} --version`"
- AC_MSG_RESULT(${BROCCOLI_VERSION})
- dnl
- dnl Sort the two versions; the desired version should
- dnl appear first (or perhaps 1st and 2nd)
- dnl
- tvers="`(echo "$3" ; echo ${BROCCOLI_VERSION}) |
- sort -t. +0 -1n +1 -2n +2 -3n +3 -4n |
- head -1`"
- if test "${tvers}" != "$3"; then
- if test "${ac_cv_with_broccoli}" = yes; then
- AC_MSG_ERROR(Broccoli $3 or higher is required)
- fi
- AC_MSG_NOTICE(Broccoli support disabled)
- ac_cv_have_broccoli="no"
- fi
- fi
-
- dnl
- dnl Broccoli ho!
- dnl
- if test "$ac_cv_have_broccoli" = yes ; then
- AC_DEFINE(HAVE_BROCCOLI)
- dnl
- dnl Split out -I directories
- dnl
- for x in ${cflags}; do
- case x${x} in
-
- x-I*)
- eval "$2=\"\$$2 ${x}\""
- ;;
-
- *)
- eval "$1=\"\$$1 ${x}\""
- ;;
- esac
- done
-
- dnl
- dnl Add in Broccoli libs
- dnl
- LIBS="$LIBS ${libs}"
-
- dnl
- dnl Look for the libs in DIR or DIR/lib
- dnl
- AC_ARG_WITH([openssl],
- [AS_HELP_STRING([--with-openssl=DIR],
- [Use OpenSSL installation in DIR])],
- [eval "$2=\"-I${withval}/include \$$2\""
- for x in ${withval}/lib ${withval}; do
- if test -r ${x}/libssl.a; then
- LIBS="-L${x} ${LIBS}"
- break
- fi
- done])
-
- dnl
- dnl -lssl needs to come first on some systems!
- dnl
- AC_CHECK_LIB(ssl, OPENSSL_add_all_algorithms_conf,
- [LIBS="${LIBS} -lssl -lcrypto"],,-lcrypto)
- dnl
- dnl Newer versions of 1.4.0 and anything higher needs bro_init()
- dnl
- AC_CHECK_LIB(broccoli, bro_init, [AC_DEFINE(HAVE_BRO_INIT)])
- fi])
+++ /dev/null
-#! /bin/sh
-# Attempt to guess a canonical system name.
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-
-timestamp='2003-07-02'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Originally written by Per Bothner <per@bothner.com>.
-# Please send patches to <config-patches@gnu.org>. Submit a context
-# diff and a properly formatted ChangeLog entry.
-#
-# This script attempts to guess a canonical system name similar to
-# config.sub. If it succeeds, it prints the system name on stdout, and
-# exits with 0. Otherwise, it exits with 1.
-#
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION]
-
-Output the configuration name of the system \`$me' is run on.
-
-Operation modes:
- -h, --help print this help, then exit
- -t, --time-stamp print date of last modification, then exit
- -v, --version print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.guess ($timestamp)
-
-Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
- case $1 in
- --time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
- --version | -v )
- echo "$version" ; exit 0 ;;
- --help | --h* | -h )
- echo "$usage"; exit 0 ;;
- -- ) # Stop option processing
- shift; break ;;
- - ) # Use stdin as input.
- break ;;
- -* )
- echo "$me: invalid option $1$help" >&2
- exit 1 ;;
- * )
- break ;;
- esac
-done
-
-if test $# != 0; then
- echo "$me: too many arguments$help" >&2
- exit 1
-fi
-
-trap 'exit 1' 1 2 15
-
-# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
-# compiler to aid in system detection is discouraged as it requires
-# temporary files to be created and, as you can see below, it is a
-# headache to deal with in a portable fashion.
-
-# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
-# use `HOST_CC' if defined, but it is deprecated.
-
-# Portable tmp directory creation inspired by the Autoconf team.
-
-set_cc_for_build='
-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
-: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
-dummy=$tmp/dummy ;
-tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
-case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,) echo "int x;" > $dummy.c ;
- for c in cc gcc c89 c99 ; do
- if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
- CC_FOR_BUILD="$c"; break ;
- fi ;
- done ;
- if test x"$CC_FOR_BUILD" = x ; then
- CC_FOR_BUILD=no_compiler_found ;
- fi
- ;;
- ,,*) CC_FOR_BUILD=$CC ;;
- ,*,*) CC_FOR_BUILD=$HOST_CC ;;
-esac ;'
-
-# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
-# (ghazi@noc.rutgers.edu 1994-08-24)
-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
- PATH=$PATH:/.attbin ; export PATH
-fi
-
-UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
-UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
-UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-
-# Note: order is significant - the case branches are not exclusive.
-
-case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
- *:NetBSD:*:*)
- # NetBSD (nbsd) targets should (where applicable) match one or
- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
- # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
- # switched to ELF, *-*-netbsd* would select the old
- # object file format. This provides both forward
- # compatibility and a consistent mechanism for selecting the
- # object file format.
- #
- # Note: NetBSD doesn't particularly care about the vendor
- # portion of the name. We always set it to "unknown".
- sysctl="sysctl -n hw.machine_arch"
- UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
- /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
- case "${UNAME_MACHINE_ARCH}" in
- armeb) machine=armeb-unknown ;;
- arm*) machine=arm-unknown ;;
- sh3el) machine=shl-unknown ;;
- sh3eb) machine=sh-unknown ;;
- *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
- esac
- # The Operating System including object format, if it has switched
- # to ELF recently, or will in the future.
- case "${UNAME_MACHINE_ARCH}" in
- arm*|i386|m68k|ns32k|sh3*|sparc|vax)
- eval $set_cc_for_build
- if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep __ELF__ >/dev/null
- then
- # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
- # Return netbsd for either. FIX?
- os=netbsd
- else
- os=netbsdelf
- fi
- ;;
- *)
- os=netbsd
- ;;
- esac
- # The OS release
- # Debian GNU/NetBSD machines have a different userland, and
- # thus, need a distinct triplet. However, they do not need
- # kernel version information, so it can be replaced with a
- # suitable tag, in the style of linux-gnu.
- case "${UNAME_VERSION}" in
- Debian*)
- release='-gnu'
- ;;
- *)
- release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
- ;;
- esac
- # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
- # contains redundant information, the shorter form:
- # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- echo "${machine}-${os}${release}"
- exit 0 ;;
- amiga:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- arc:OpenBSD:*:*)
- echo mipsel-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- hp300:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mac68k:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- macppc:OpenBSD:*:*)
- echo powerpc-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvme68k:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvme88k:OpenBSD:*:*)
- echo m88k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvmeppc:OpenBSD:*:*)
- echo powerpc-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- pmax:OpenBSD:*:*)
- echo mipsel-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- sgi:OpenBSD:*:*)
- echo mipseb-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- sun3:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- wgrisc:OpenBSD:*:*)
- echo mipsel-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- *:OpenBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- alpha:OSF1:*:*)
- if test $UNAME_RELEASE = "V4.0"; then
- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
- fi
- # According to Compaq, /usr/sbin/psrinfo has been available on
- # OSF/1 and Tru64 systems produced since 1995. I hope that
- # covers most systems running today. This code pipes the CPU
- # types through head -n 1, so we only detect the type of CPU 0.
- ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
- case "$ALPHA_CPU_TYPE" in
- "EV4 (21064)")
- UNAME_MACHINE="alpha" ;;
- "EV4.5 (21064)")
- UNAME_MACHINE="alpha" ;;
- "LCA4 (21066/21068)")
- UNAME_MACHINE="alpha" ;;
- "EV5 (21164)")
- UNAME_MACHINE="alphaev5" ;;
- "EV5.6 (21164A)")
- UNAME_MACHINE="alphaev56" ;;
- "EV5.6 (21164PC)")
- UNAME_MACHINE="alphapca56" ;;
- "EV5.7 (21164PC)")
- UNAME_MACHINE="alphapca57" ;;
- "EV6 (21264)")
- UNAME_MACHINE="alphaev6" ;;
- "EV6.7 (21264A)")
- UNAME_MACHINE="alphaev67" ;;
- "EV6.8CB (21264C)")
- UNAME_MACHINE="alphaev68" ;;
- "EV6.8AL (21264B)")
- UNAME_MACHINE="alphaev68" ;;
- "EV6.8CX (21264D)")
- UNAME_MACHINE="alphaev68" ;;
- "EV6.9A (21264/EV69A)")
- UNAME_MACHINE="alphaev69" ;;
- "EV7 (21364)")
- UNAME_MACHINE="alphaev7" ;;
- "EV7.9 (21364A)")
- UNAME_MACHINE="alphaev79" ;;
- esac
- # A Vn.n version is a released version.
- # A Tn.n version is a released field test version.
- # A Xn.n version is an unreleased experimental baselevel.
- # 1.2 uses "1.2" for uname -r.
- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- exit 0 ;;
- Alpha*:OpenVMS:*:*)
- echo alpha-hp-vms
- exit 0 ;;
- Alpha\ *:Windows_NT*:*)
- # How do we know it's Interix rather than the generic POSIX subsystem?
- # Should we change UNAME_MACHINE based on the output of uname instead
- # of the specific Alpha model?
- echo alpha-pc-interix
- exit 0 ;;
- 21064:Windows_NT:50:3)
- echo alpha-dec-winnt3.5
- exit 0 ;;
- Amiga*:UNIX_System_V:4.0:*)
- echo m68k-unknown-sysv4
- exit 0;;
- *:[Aa]miga[Oo][Ss]:*:*)
- echo ${UNAME_MACHINE}-unknown-amigaos
- exit 0 ;;
- *:[Mm]orph[Oo][Ss]:*:*)
- echo ${UNAME_MACHINE}-unknown-morphos
- exit 0 ;;
- *:OS/390:*:*)
- echo i370-ibm-openedition
- exit 0 ;;
- arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
- echo arm-acorn-riscix${UNAME_RELEASE}
- exit 0;;
- SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
- echo hppa1.1-hitachi-hiuxmpp
- exit 0;;
- Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
- # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
- if test "`(/bin/universe) 2>/dev/null`" = att ; then
- echo pyramid-pyramid-sysv3
- else
- echo pyramid-pyramid-bsd
- fi
- exit 0 ;;
- NILE*:*:*:dcosx)
- echo pyramid-pyramid-svr4
- exit 0 ;;
- DRS?6000:unix:4.0:6*)
- echo sparc-icl-nx6
- exit 0 ;;
- DRS?6000:UNIX_SV:4.2*:7*)
- case `/usr/bin/uname -p` in
- sparc) echo sparc-icl-nx7 && exit 0 ;;
- esac ;;
- sun4H:SunOS:5.*:*)
- echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
- sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
- echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
- i86pc:SunOS:5.*:*)
- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
- sun4*:SunOS:6*:*)
- # According to config.sub, this is the proper way to canonicalize
- # SunOS6. Hard to guess exactly what SunOS6 will be like, but
- # it's likely to be more like Solaris than SunOS4.
- echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
- sun4*:SunOS:*:*)
- case "`/usr/bin/arch -k`" in
- Series*|S4*)
- UNAME_RELEASE=`uname -v`
- ;;
- esac
- # Japanese Language versions have a version number like `4.1.3-JL'.
- echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
- exit 0 ;;
- sun3*:SunOS:*:*)
- echo m68k-sun-sunos${UNAME_RELEASE}
- exit 0 ;;
- sun*:*:4.2BSD:*)
- UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
- test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
- case "`/bin/arch`" in
- sun3)
- echo m68k-sun-sunos${UNAME_RELEASE}
- ;;
- sun4)
- echo sparc-sun-sunos${UNAME_RELEASE}
- ;;
- esac
- exit 0 ;;
- aushp:SunOS:*:*)
- echo sparc-auspex-sunos${UNAME_RELEASE}
- exit 0 ;;
- # The situation for MiNT is a little confusing. The machine name
- # can be virtually everything (everything which is not
- # "atarist" or "atariste" at least should have a processor
- # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
- # to the lowercase version "mint" (or "freemint"). Finally
- # the system name "TOS" denotes a system which is actually not
- # MiNT. But MiNT is downward compatible to TOS, so this should
- # be no problem.
- atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
- atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
- *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
- milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
- exit 0 ;;
- hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
- exit 0 ;;
- *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
- exit 0 ;;
- powerpc:machten:*:*)
- echo powerpc-apple-machten${UNAME_RELEASE}
- exit 0 ;;
- RISC*:Mach:*:*)
- echo mips-dec-mach_bsd4.3
- exit 0 ;;
- RISC*:ULTRIX:*:*)
- echo mips-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
- VAX*:ULTRIX*:*:*)
- echo vax-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
- 2020:CLIX:*:* | 2430:CLIX:*:*)
- echo clipper-intergraph-clix${UNAME_RELEASE}
- exit 0 ;;
- mips:*:*:UMIPS | mips:*:*:RISCos)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
-#ifdef __cplusplus
-#include <stdio.h> /* for printf() prototype */
- int main (int argc, char *argv[]) {
-#else
- int main (argc, argv) int argc; char *argv[]; {
-#endif
- #if defined (host_mips) && defined (MIPSEB)
- #if defined (SYSTYPE_SYSV)
- printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
- #endif
- #if defined (SYSTYPE_SVR4)
- printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
- #endif
- #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
- printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
- #endif
- #endif
- exit (-1);
- }
-EOF
- $CC_FOR_BUILD -o $dummy $dummy.c \
- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
- && exit 0
- echo mips-mips-riscos${UNAME_RELEASE}
- exit 0 ;;
- Motorola:PowerMAX_OS:*:*)
- echo powerpc-motorola-powermax
- exit 0 ;;
- Motorola:*:4.3:PL8-*)
- echo powerpc-harris-powermax
- exit 0 ;;
- Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
- echo powerpc-harris-powermax
- exit 0 ;;
- Night_Hawk:Power_UNIX:*:*)
- echo powerpc-harris-powerunix
- exit 0 ;;
- m88k:CX/UX:7*:*)
- echo m88k-harris-cxux7
- exit 0 ;;
- m88k:*:4*:R4*)
- echo m88k-motorola-sysv4
- exit 0 ;;
- m88k:*:3*:R3*)
- echo m88k-motorola-sysv3
- exit 0 ;;
- AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
- if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
- then
- if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
- [ ${TARGET_BINARY_INTERFACE}x = x ]
- then
- echo m88k-dg-dgux${UNAME_RELEASE}
- else
- echo m88k-dg-dguxbcs${UNAME_RELEASE}
- fi
- else
- echo i586-dg-dgux${UNAME_RELEASE}
- fi
- exit 0 ;;
- M88*:DolphinOS:*:*) # DolphinOS (SVR3)
- echo m88k-dolphin-sysv3
- exit 0 ;;
- M88*:*:R3*:*)
- # Delta 88k system running SVR3
- echo m88k-motorola-sysv3
- exit 0 ;;
- XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
- echo m88k-tektronix-sysv3
- exit 0 ;;
- Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
- echo m68k-tektronix-bsd
- exit 0 ;;
- *:IRIX*:*:*)
- echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
- exit 0 ;;
- ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
- i*86:AIX:*:*)
- echo i386-ibm-aix
- exit 0 ;;
- ia64:AIX:*:*)
- if [ -x /usr/bin/oslevel ] ; then
- IBM_REV=`/usr/bin/oslevel`
- else
- IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
- fi
- echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
- exit 0 ;;
- *:AIX:2:3)
- if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <sys/systemcfg.h>
-
- main()
- {
- if (!__power_pc())
- exit(1);
- puts("powerpc-ibm-aix3.2.5");
- exit(0);
- }
-EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
- echo rs6000-ibm-aix3.2.5
- elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
- echo rs6000-ibm-aix3.2.4
- else
- echo rs6000-ibm-aix3.2
- fi
- exit 0 ;;
- *:AIX:*:[45])
- IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
- if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
- IBM_ARCH=rs6000
- else
- IBM_ARCH=powerpc
- fi
- if [ -x /usr/bin/oslevel ] ; then
- IBM_REV=`/usr/bin/oslevel`
- else
- IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
- fi
- echo ${IBM_ARCH}-ibm-aix${IBM_REV}
- exit 0 ;;
- *:AIX:*:*)
- echo rs6000-ibm-aix
- exit 0 ;;
- ibmrt:4.4BSD:*|romp-ibm:BSD:*)
- echo romp-ibm-bsd4.4
- exit 0 ;;
- ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
- echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
- exit 0 ;; # report: romp-ibm BSD 4.3
- *:BOSX:*:*)
- echo rs6000-bull-bosx
- exit 0 ;;
- DPX/2?00:B.O.S.:*:*)
- echo m68k-bull-sysv3
- exit 0 ;;
- 9000/[34]??:4.3bsd:1.*:*)
- echo m68k-hp-bsd
- exit 0 ;;
- hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
- echo m68k-hp-bsd4.4
- exit 0 ;;
- 9000/[34678]??:HP-UX:*:*)
- HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
- case "${UNAME_MACHINE}" in
- 9000/31? ) HP_ARCH=m68000 ;;
- 9000/[34]?? ) HP_ARCH=m68k ;;
- 9000/[678][0-9][0-9])
- if [ -x /usr/bin/getconf ]; then
- sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
- 532) # CPU_PA_RISC2_0
- case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
- '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
- esac ;;
- esac
- fi
- if [ "${HP_ARCH}" = "" ]; then
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
-
- #define _HPUX_SOURCE
- #include <stdlib.h>
- #include <unistd.h>
-
- int main ()
- {
- #if defined(_SC_KERNEL_BITS)
- long bits = sysconf(_SC_KERNEL_BITS);
- #endif
- long cpu = sysconf (_SC_CPU_VERSION);
-
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
- case CPU_PA_RISC2_0:
- #if defined(_SC_KERNEL_BITS)
- switch (bits)
- {
- case 64: puts ("hppa2.0w"); break;
- case 32: puts ("hppa2.0n"); break;
- default: puts ("hppa2.0"); break;
- } break;
- #else /* !defined(_SC_KERNEL_BITS) */
- puts ("hppa2.0"); break;
- #endif
- default: puts ("hppa1.0"); break;
- }
- exit (0);
- }
-EOF
- (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
- test -z "$HP_ARCH" && HP_ARCH=hppa
- fi ;;
- esac
- if [ ${HP_ARCH} = "hppa2.0w" ]
- then
- # avoid double evaluation of $set_cc_for_build
- test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
- if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
- then
- HP_ARCH="hppa2.0w"
- else
- HP_ARCH="hppa64"
- fi
- fi
- echo ${HP_ARCH}-hp-hpux${HPUX_REV}
- exit 0 ;;
- ia64:HP-UX:*:*)
- HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
- echo ia64-hp-hpux${HPUX_REV}
- exit 0 ;;
- 3050*:HI-UX:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <unistd.h>
- int
- main ()
- {
- long cpu = sysconf (_SC_CPU_VERSION);
- /* The order matters, because CPU_IS_HP_MC68K erroneously returns
- true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
- results, however. */
- if (CPU_IS_PA_RISC (cpu))
- {
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
- case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
- default: puts ("hppa-hitachi-hiuxwe2"); break;
- }
- }
- else if (CPU_IS_HP_MC68K (cpu))
- puts ("m68k-hitachi-hiuxwe2");
- else puts ("unknown-hitachi-hiuxwe2");
- exit (0);
- }
-EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
- echo unknown-hitachi-hiuxwe2
- exit 0 ;;
- 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
- echo hppa1.1-hp-bsd
- exit 0 ;;
- 9000/8??:4.3bsd:*:*)
- echo hppa1.0-hp-bsd
- exit 0 ;;
- *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
- echo hppa1.0-hp-mpeix
- exit 0 ;;
- hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
- echo hppa1.1-hp-osf
- exit 0 ;;
- hp8??:OSF1:*:*)
- echo hppa1.0-hp-osf
- exit 0 ;;
- i*86:OSF1:*:*)
- if [ -x /usr/sbin/sysversion ] ; then
- echo ${UNAME_MACHINE}-unknown-osf1mk
- else
- echo ${UNAME_MACHINE}-unknown-osf1
- fi
- exit 0 ;;
- parisc*:Lites*:*:*)
- echo hppa1.1-hp-lites
- exit 0 ;;
- C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
- echo c1-convex-bsd
- exit 0 ;;
- C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
- if getsysinfo -f scalar_acc
- then echo c32-convex-bsd
- else echo c2-convex-bsd
- fi
- exit 0 ;;
- C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
- echo c34-convex-bsd
- exit 0 ;;
- C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
- echo c38-convex-bsd
- exit 0 ;;
- C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
- echo c4-convex-bsd
- exit 0 ;;
- CRAY*Y-MP:*:*:*)
- echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
- CRAY*[A-Z]90:*:*:*)
- echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
- | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
- -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
- -e 's/\.[^.]*$/.X/'
- exit 0 ;;
- CRAY*TS:*:*:*)
- echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
- CRAY*T3E:*:*:*)
- echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
- CRAY*SV1:*:*:*)
- echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
- *:UNICOS/mp:*:*)
- echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
- F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
- FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit 0 ;;
- i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
- echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
- exit 0 ;;
- sparc*:BSD/OS:*:*)
- echo sparc-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
- *:BSD/OS:*:*)
- echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
- *:FreeBSD:*:*|*:GNU/FreeBSD:*:*)
- # Determine whether the default compiler uses glibc.
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <features.h>
- #if __GLIBC__ >= 2
- LIBC=gnu
- #else
- LIBC=
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- # GNU/FreeBSD systems have a "k" prefix to indicate we are using
- # FreeBSD's kernel, but not the complete OS.
- case ${LIBC} in gnu) kernel_only='k' ;; esac
- echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
- exit 0 ;;
- i*:CYGWIN*:*)
- echo ${UNAME_MACHINE}-pc-cygwin
- exit 0 ;;
- i*:MINGW*:*)
- echo ${UNAME_MACHINE}-pc-mingw32
- exit 0 ;;
- i*:PW*:*)
- echo ${UNAME_MACHINE}-pc-pw32
- exit 0 ;;
- x86:Interix*:[34]*)
- echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
- exit 0 ;;
- [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
- echo i${UNAME_MACHINE}-pc-mks
- exit 0 ;;
- i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
- # How do we know it's Interix rather than the generic POSIX subsystem?
- # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
- # UNAME_MACHINE based on the output of uname instead of i386?
- echo i586-pc-interix
- exit 0 ;;
- i*:UWIN*:*)
- echo ${UNAME_MACHINE}-pc-uwin
- exit 0 ;;
- p*:CYGWIN*:*)
- echo powerpcle-unknown-cygwin
- exit 0 ;;
- prep*:SunOS:5.*:*)
- echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
- *:GNU:*:*)
- echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
- exit 0 ;;
- i*86:Minix:*:*)
- echo ${UNAME_MACHINE}-pc-minix
- exit 0 ;;
- arm*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- cris:Linux:*:*)
- echo cris-axis-linux-gnu
- exit 0 ;;
- ia64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- m68*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- mips:Linux:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #undef CPU
- #undef mips
- #undef mipsel
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mipsel
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips
- #else
- CPU=
- #endif
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
- ;;
- mips64:Linux:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #undef CPU
- #undef mips64
- #undef mips64el
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mips64el
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips64
- #else
- CPU=
- #endif
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
- ;;
- ppc:Linux:*:*)
- echo powerpc-unknown-linux-gnu
- exit 0 ;;
- ppc64:Linux:*:*)
- echo powerpc64-unknown-linux-gnu
- exit 0 ;;
- alpha:Linux:*:*)
- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
- EV5) UNAME_MACHINE=alphaev5 ;;
- EV56) UNAME_MACHINE=alphaev56 ;;
- PCA56) UNAME_MACHINE=alphapca56 ;;
- PCA57) UNAME_MACHINE=alphapca56 ;;
- EV6) UNAME_MACHINE=alphaev6 ;;
- EV67) UNAME_MACHINE=alphaev67 ;;
- EV68*) UNAME_MACHINE=alphaev68 ;;
- esac
- objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
- exit 0 ;;
- parisc:Linux:*:* | hppa:Linux:*:*)
- # Look for CPU level
- case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
- PA7*) echo hppa1.1-unknown-linux-gnu ;;
- PA8*) echo hppa2.0-unknown-linux-gnu ;;
- *) echo hppa-unknown-linux-gnu ;;
- esac
- exit 0 ;;
- parisc64:Linux:*:* | hppa64:Linux:*:*)
- echo hppa64-unknown-linux-gnu
- exit 0 ;;
- s390:Linux:*:* | s390x:Linux:*:*)
- echo ${UNAME_MACHINE}-ibm-linux
- exit 0 ;;
- sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- sh*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- sparc:Linux:*:* | sparc64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- x86_64:Linux:*:*)
- echo x86_64-unknown-linux-gnu
- exit 0 ;;
- i*86:Linux:*:*)
- # The BFD linker knows what the default object file format is, so
- # first see if it will tell us. cd to the root directory to prevent
- # problems with other programs or directories called `ld' in the path.
- # Set LC_ALL=C to ensure ld outputs messages in English.
- ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
- | sed -ne '/supported targets:/!d
- s/[ ][ ]*/ /g
- s/.*supported targets: *//
- s/ .*//
- p'`
- case "$ld_supported_targets" in
- elf32-i386)
- TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
- ;;
- a.out-i386-linux)
- echo "${UNAME_MACHINE}-pc-linux-gnuaout"
- exit 0 ;;
- coff-i386)
- echo "${UNAME_MACHINE}-pc-linux-gnucoff"
- exit 0 ;;
- "")
- # Either a pre-BFD a.out linker (linux-gnuoldld) or
- # one that does not give us useful --help.
- echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
- exit 0 ;;
- esac
- # Determine whether the default compiler is a.out or elf
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <features.h>
- #ifdef __ELF__
- # ifdef __GLIBC__
- # if __GLIBC__ >= 2
- LIBC=gnu
- # else
- LIBC=gnulibc1
- # endif
- # else
- LIBC=gnulibc1
- # endif
- #else
- #ifdef __INTEL_COMPILER
- LIBC=gnu
- #else
- LIBC=gnuaout
- #endif
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
- ;;
- i*86:DYNIX/ptx:4*:*)
- # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
- # earlier versions are messed up and put the nodename in both
- # sysname and nodename.
- echo i386-sequent-sysv4
- exit 0 ;;
- i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
- # I am not positive that other SVR4 systems won't match this,
- # I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
- echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
- exit 0 ;;
- i*86:OS/2:*:*)
- # If we were able to find `uname', then EMX Unix compatibility
- # is probably installed.
- echo ${UNAME_MACHINE}-pc-os2-emx
- exit 0 ;;
- i*86:XTS-300:*:STOP)
- echo ${UNAME_MACHINE}-unknown-stop
- exit 0 ;;
- i*86:atheos:*:*)
- echo ${UNAME_MACHINE}-unknown-atheos
- exit 0 ;;
- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
- echo i386-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
- i*86:*DOS:*:*)
- echo ${UNAME_MACHINE}-pc-msdosdjgpp
- exit 0 ;;
- i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
- UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
- if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
- echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
- else
- echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
- fi
- exit 0 ;;
- i*86:*:5:[78]*)
- case `/bin/uname -X | grep "^Machine"` in
- *486*) UNAME_MACHINE=i486 ;;
- *Pentium) UNAME_MACHINE=i586 ;;
- *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
- esac
- echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
- exit 0 ;;
- i*86:*:3.2:*)
- if test -f /usr/options/cb.name; then
- UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
- echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
- elif /bin/uname -X 2>/dev/null >/dev/null ; then
- UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
- (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
- (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
- && UNAME_MACHINE=i586
- (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
- && UNAME_MACHINE=i686
- (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
- && UNAME_MACHINE=i686
- echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
- else
- echo ${UNAME_MACHINE}-pc-sysv32
- fi
- exit 0 ;;
- pc:*:*:*)
- # Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i386.
- echo i386-pc-msdosdjgpp
- exit 0 ;;
- Intel:Mach:3*:*)
- echo i386-pc-mach3
- exit 0 ;;
- paragon:*:*:*)
- echo i860-intel-osf1
- exit 0 ;;
- i860:*:4.*:*) # i860-SVR4
- if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
- echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
- else # Add other i860-SVR4 vendors below as they are discovered.
- echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
- fi
- exit 0 ;;
- mini*:CTIX:SYS*5:*)
- # "miniframe"
- echo m68010-convergent-sysv
- exit 0 ;;
- mc68k:UNIX:SYSTEM5:3.51m)
- echo m68k-convergent-sysv
- exit 0 ;;
- M680?0:D-NIX:5.3:*)
- echo m68k-diab-dnix
- exit 0 ;;
- M68*:*:R3V[567]*:*)
- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
- OS_REL=''
- test -r /etc/.relid \
- && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4.3${OS_REL} && exit 0
- /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
- 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4 && exit 0 ;;
- m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
- echo m68k-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
- mc68030:UNIX_System_V:4.*:*)
- echo m68k-atari-sysv4
- exit 0 ;;
- TSUNAMI:LynxOS:2.*:*)
- echo sparc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
- rs6000:LynxOS:2.*:*)
- echo rs6000-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
- echo powerpc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
- SM[BE]S:UNIX_SV:*:*)
- echo mips-dde-sysv${UNAME_RELEASE}
- exit 0 ;;
- RM*:ReliantUNIX-*:*:*)
- echo mips-sni-sysv4
- exit 0 ;;
- RM*:SINIX-*:*:*)
- echo mips-sni-sysv4
- exit 0 ;;
- *:SINIX-*:*:*)
- if uname -p 2>/dev/null >/dev/null ; then
- UNAME_MACHINE=`(uname -p) 2>/dev/null`
- echo ${UNAME_MACHINE}-sni-sysv4
- else
- echo ns32k-sni-sysv
- fi
- exit 0 ;;
- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says <Richard.M.Bartel@ccMail.Census.GOV>
- echo i586-unisys-sysv4
- exit 0 ;;
- *:UNIX_System_V:4*:FTX*)
- # From Gerald Hewes <hewes@openmarket.com>.
- # How about differentiating between stratus architectures? -djm
- echo hppa1.1-stratus-sysv4
- exit 0 ;;
- *:*:*:FTX*)
- # From seanf@swdc.stratus.com.
- echo i860-stratus-sysv4
- exit 0 ;;
- *:VOS:*:*)
- # From Paul.Green@stratus.com.
- echo hppa1.1-stratus-vos
- exit 0 ;;
- mc68*:A/UX:*:*)
- echo m68k-apple-aux${UNAME_RELEASE}
- exit 0 ;;
- news*:NEWS-OS:6*:*)
- echo mips-sony-newsos6
- exit 0 ;;
- R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
- if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
- else
- echo mips-unknown-sysv${UNAME_RELEASE}
- fi
- exit 0 ;;
- BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
- echo powerpc-be-beos
- exit 0 ;;
- BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
- echo powerpc-apple-beos
- exit 0 ;;
- BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
- echo i586-pc-beos
- exit 0 ;;
- SX-4:SUPER-UX:*:*)
- echo sx4-nec-superux${UNAME_RELEASE}
- exit 0 ;;
- SX-5:SUPER-UX:*:*)
- echo sx5-nec-superux${UNAME_RELEASE}
- exit 0 ;;
- SX-6:SUPER-UX:*:*)
- echo sx6-nec-superux${UNAME_RELEASE}
- exit 0 ;;
- Power*:Rhapsody:*:*)
- echo powerpc-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
- *:Rhapsody:*:*)
- echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
- *:Darwin:*:*)
- case `uname -p` in
- *86) UNAME_PROCESSOR=i686 ;;
- powerpc) UNAME_PROCESSOR=powerpc ;;
- esac
- echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
- exit 0 ;;
- *:procnto*:*:* | *:QNX:[0123456789]*:*)
- UNAME_PROCESSOR=`uname -p`
- if test "$UNAME_PROCESSOR" = "x86"; then
- UNAME_PROCESSOR=i386
- UNAME_MACHINE=pc
- fi
- echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
- exit 0 ;;
- *:QNX:*:4*)
- echo i386-pc-qnx
- exit 0 ;;
- NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
- echo nsr-tandem-nsk${UNAME_RELEASE}
- exit 0 ;;
- *:NonStop-UX:*:*)
- echo mips-compaq-nonstopux
- exit 0 ;;
- BS2000:POSIX*:*:*)
- echo bs2000-siemens-sysv
- exit 0 ;;
- DS/*:UNIX_System_V:*:*)
- echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
- exit 0 ;;
- *:Plan9:*:*)
- # "uname -m" is not consistent, so use $cputype instead. 386
- # is converted to i386 for consistency with other x86
- # operating systems.
- if test "$cputype" = "386"; then
- UNAME_MACHINE=i386
- else
- UNAME_MACHINE="$cputype"
- fi
- echo ${UNAME_MACHINE}-unknown-plan9
- exit 0 ;;
- *:TOPS-10:*:*)
- echo pdp10-unknown-tops10
- exit 0 ;;
- *:TENEX:*:*)
- echo pdp10-unknown-tenex
- exit 0 ;;
- KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
- echo pdp10-dec-tops20
- exit 0 ;;
- XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
- echo pdp10-xkl-tops20
- exit 0 ;;
- *:TOPS-20:*:*)
- echo pdp10-unknown-tops20
- exit 0 ;;
- *:ITS:*:*)
- echo pdp10-unknown-its
- exit 0 ;;
- SEI:*:*:SEIUX)
- echo mips-sei-seiux${UNAME_RELEASE}
- exit 0 ;;
-esac
-
-#echo '(No uname command or uname output not recognized.)' 1>&2
-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
-
-eval $set_cc_for_build
-cat >$dummy.c <<EOF
-#ifdef _SEQUENT_
-# include <sys/types.h>
-# include <sys/utsname.h>
-#endif
-main ()
-{
-#if defined (sony)
-#if defined (MIPSEB)
- /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
- I don't know.... */
- printf ("mips-sony-bsd\n"); exit (0);
-#else
-#include <sys/param.h>
- printf ("m68k-sony-newsos%s\n",
-#ifdef NEWSOS4
- "4"
-#else
- ""
-#endif
- ); exit (0);
-#endif
-#endif
-
-#if defined (__arm) && defined (__acorn) && defined (__unix)
- printf ("arm-acorn-riscix"); exit (0);
-#endif
-
-#if defined (hp300) && !defined (hpux)
- printf ("m68k-hp-bsd\n"); exit (0);
-#endif
-
-#if defined (NeXT)
-#if !defined (__ARCHITECTURE__)
-#define __ARCHITECTURE__ "m68k"
-#endif
- int version;
- version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
- if (version < 4)
- printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
- else
- printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
- exit (0);
-#endif
-
-#if defined (MULTIMAX) || defined (n16)
-#if defined (UMAXV)
- printf ("ns32k-encore-sysv\n"); exit (0);
-#else
-#if defined (CMU)
- printf ("ns32k-encore-mach\n"); exit (0);
-#else
- printf ("ns32k-encore-bsd\n"); exit (0);
-#endif
-#endif
-#endif
-
-#if defined (__386BSD__)
- printf ("i386-pc-bsd\n"); exit (0);
-#endif
-
-#if defined (sequent)
-#if defined (i386)
- printf ("i386-sequent-dynix\n"); exit (0);
-#endif
-#if defined (ns32000)
- printf ("ns32k-sequent-dynix\n"); exit (0);
-#endif
-#endif
-
-#if defined (_SEQUENT_)
- struct utsname un;
-
- uname(&un);
-
- if (strncmp(un.version, "V2", 2) == 0) {
- printf ("i386-sequent-ptx2\n"); exit (0);
- }
- if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
- printf ("i386-sequent-ptx1\n"); exit (0);
- }
- printf ("i386-sequent-ptx\n"); exit (0);
-
-#endif
-
-#if defined (vax)
-# if !defined (ultrix)
-# include <sys/param.h>
-# if defined (BSD)
-# if BSD == 43
- printf ("vax-dec-bsd4.3\n"); exit (0);
-# else
-# if BSD == 199006
- printf ("vax-dec-bsd4.3reno\n"); exit (0);
-# else
- printf ("vax-dec-bsd\n"); exit (0);
-# endif
-# endif
-# else
- printf ("vax-dec-bsd\n"); exit (0);
-# endif
-# else
- printf ("vax-dec-ultrix\n"); exit (0);
-# endif
-#endif
-
-#if defined (alliant) && defined (i860)
- printf ("i860-alliant-bsd\n"); exit (0);
-#endif
-
- exit (1);
-}
-EOF
-
-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
-
-# Apollos put the system type in the environment.
-
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
-
-# Convex versions that predate uname can use getsysinfo(1)
-
-if [ -x /usr/convex/getsysinfo ]
-then
- case `getsysinfo -f cpu_type` in
- c1*)
- echo c1-convex-bsd
- exit 0 ;;
- c2*)
- if getsysinfo -f scalar_acc
- then echo c32-convex-bsd
- else echo c2-convex-bsd
- fi
- exit 0 ;;
- c34*)
- echo c34-convex-bsd
- exit 0 ;;
- c38*)
- echo c38-convex-bsd
- exit 0 ;;
- c4*)
- echo c4-convex-bsd
- exit 0 ;;
- esac
-fi
-
-cat >&2 <<EOF
-$0: unable to guess system type
-
-This script, last modified $timestamp, has failed to recognize
-the operating system you are using. It is advised that you
-download the most up to date version of the config scripts from
-
- ftp://ftp.gnu.org/pub/gnu/config/
-
-If the version you run ($0) is already up to date, please
-send the following data and any information you think might be
-pertinent to <config-patches@gnu.org> in order to provide the needed
-information to handle your system.
-
-config.guess timestamp = $timestamp
-
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
-
-hostinfo = `(hostinfo) 2>/dev/null`
-/bin/universe = `(/bin/universe) 2>/dev/null`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
-/bin/arch = `(/bin/arch) 2>/dev/null`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
-
-UNAME_MACHINE = ${UNAME_MACHINE}
-UNAME_RELEASE = ${UNAME_RELEASE}
-UNAME_SYSTEM = ${UNAME_SYSTEM}
-UNAME_VERSION = ${UNAME_VERSION}
-EOF
-
-exit 1
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
+++ /dev/null
-#! /bin/sh
-# Configuration validation subroutine script.
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-
-timestamp='2003-07-04'
-
-# This file is (in principle) common to ALL GNU software.
-# The presence of a machine in this file suggests that SOME GNU software
-# can handle that machine. It does not imply ALL GNU software can.
-#
-# This file is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Please send patches to <config-patches@gnu.org>. Submit a context
-# diff and a properly formatted ChangeLog entry.
-#
-# Configuration subroutine to validate and canonicalize a configuration type.
-# Supply the specified configuration type as an argument.
-# If it is invalid, we print an error message on stderr and exit with code 1.
-# Otherwise, we print the canonical config type on stdout and succeed.
-
-# This file is supposed to be the same for all GNU packages
-# and recognize all the CPU types, system types and aliases
-# that are meaningful with *any* GNU software.
-# Each package is responsible for reporting which valid configurations
-# it does not support. The user should be able to distinguish
-# a failure to support a valid configuration from a meaningless
-# configuration.
-
-# The goal of this file is to map all the various variations of a given
-# machine specification into a single specification in the form:
-# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
-# or in some cases, the newer four-part form:
-# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
-# It is wrong to echo any other type of specification.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS
- $0 [OPTION] ALIAS
-
-Canonicalize a configuration name.
-
-Operation modes:
- -h, --help print this help, then exit
- -t, --time-stamp print date of last modification, then exit
- -v, --version print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.sub ($timestamp)
-
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
- case $1 in
- --time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
- --version | -v )
- echo "$version" ; exit 0 ;;
- --help | --h* | -h )
- echo "$usage"; exit 0 ;;
- -- ) # Stop option processing
- shift; break ;;
- - ) # Use stdin as input.
- break ;;
- -* )
- echo "$me: invalid option $1$help"
- exit 1 ;;
-
- *local*)
- # First pass through any local machine types.
- echo $1
- exit 0;;
-
- * )
- break ;;
- esac
-done
-
-case $# in
- 0) echo "$me: missing argument$help" >&2
- exit 1;;
- 1) ;;
- *) echo "$me: too many arguments$help" >&2
- exit 1;;
-esac
-
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
- nto-qnx* | linux-gnu* | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
- os=-$maybe_os
- basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
- ;;
- *)
- basic_machine=`echo $1 | sed 's/-[^-]*$//'`
- if [ $basic_machine != $1 ]
- then os=`echo $1 | sed 's/.*-/-/'`
- else os=; fi
- ;;
-esac
-
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work. We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
- -sun*os*)
- # Prevent following clause from handling this invalid input.
- ;;
- -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
- -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
- -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
- -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
- -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
- -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis)
- os=
- basic_machine=$1
- ;;
- -sim | -cisco | -oki | -wec | -winbond)
- os=
- basic_machine=$1
- ;;
- -scout)
- ;;
- -wrs)
- os=-vxworks
- basic_machine=$1
- ;;
- -chorusos*)
- os=-chorusos
- basic_machine=$1
- ;;
- -chorusrdb)
- os=-chorusrdb
- basic_machine=$1
- ;;
- -hiux*)
- os=-hiuxwe2
- ;;
- -sco5)
- os=-sco3.2v5
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco4)
- os=-sco3.2v4
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2.[4-9]*)
- os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2v[4-9]*)
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco*)
- os=-sco3.2v2
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -udk*)
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -isc)
- os=-isc2.2
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -clix*)
- basic_machine=clipper-intergraph
- ;;
- -isc*)
- basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
- ;;
- -lynx*)
- os=-lynxos
- ;;
- -ptx*)
- basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
- ;;
- -windowsnt*)
- os=`echo $os | sed -e 's/windowsnt/winnt/'`
- ;;
- -psos*)
- os=-psos
- ;;
- -mint | -mint[0-9]*)
- basic_machine=m68k-atari
- os=-mint
- ;;
-esac
-
-# Decode aliases for certain CPU-COMPANY combinations.
-case $basic_machine in
- # Recognize the basic CPU types without company name.
- # Some are omitted here because they have special meanings below.
- 1750a | 580 \
- | a29k \
- | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
- | c4x | clipper \
- | d10v | d30v | dlx | dsp16xx \
- | fr30 | frv \
- | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
- | i370 | i860 | i960 | ia64 \
- | ip2k \
- | m32r | m68000 | m68k | m88k | mcore \
- | mips | mipsbe | mipseb | mipsel | mipsle \
- | mips16 \
- | mips64 | mips64el \
- | mips64vr | mips64vrel \
- | mips64orion | mips64orionel \
- | mips64vr4100 | mips64vr4100el \
- | mips64vr4300 | mips64vr4300el \
- | mips64vr5000 | mips64vr5000el \
- | mipsisa32 | mipsisa32el \
- | mipsisa32r2 | mipsisa32r2el \
- | mipsisa64 | mipsisa64el \
- | mipsisa64sb1 | mipsisa64sb1el \
- | mipsisa64sr71k | mipsisa64sr71kel \
- | mipstx39 | mipstx39el \
- | mn10200 | mn10300 \
- | msp430 \
- | ns16k | ns32k \
- | openrisc | or32 \
- | pdp10 | pdp11 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
- | pyramid \
- | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
- | sh64 | sh64le \
- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
- | strongarm \
- | tahoe | thumb | tic4x | tic80 | tron \
- | v850 | v850e \
- | we32k \
- | x86 | xscale | xstormy16 | xtensa \
- | z8k)
- basic_machine=$basic_machine-unknown
- ;;
- m6811 | m68hc11 | m6812 | m68hc12)
- # Motorola 68HC11/12.
- basic_machine=$basic_machine-unknown
- os=-none
- ;;
- m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
- ;;
-
- # We use `pc' rather than `unknown'
- # because (1) that's what they normally are, and
- # (2) the word "unknown" tends to confuse beginning users.
- i*86 | x86_64)
- basic_machine=$basic_machine-pc
- ;;
- # Object if more than one company name word.
- *-*-*)
- echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
- exit 1
- ;;
- # Recognize the basic CPU types with company name.
- 580-* \
- | a29k-* \
- | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
- | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- | alphapca5[67]-* | alpha64pca5[67]-* | amd64-* | arc-* \
- | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
- | avr-* \
- | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
- | clipper-* | cydra-* \
- | d10v-* | d30v-* | dlx-* \
- | elxsi-* \
- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
- | h8300-* | h8500-* \
- | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
- | i*86-* | i860-* | i960-* | ia64-* \
- | ip2k-* \
- | m32r-* \
- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | mcore-* \
- | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
- | mips16-* \
- | mips64-* | mips64el-* \
- | mips64vr-* | mips64vrel-* \
- | mips64orion-* | mips64orionel-* \
- | mips64vr4100-* | mips64vr4100el-* \
- | mips64vr4300-* | mips64vr4300el-* \
- | mips64vr5000-* | mips64vr5000el-* \
- | mipsisa32-* | mipsisa32el-* \
- | mipsisa32r2-* | mipsisa32r2el-* \
- | mipsisa64-* | mipsisa64el-* \
- | mipsisa64sb1-* | mipsisa64sb1el-* \
- | mipsisa64sr71k-* | mipsisa64sr71kel-* \
- | mipstx39-* | mipstx39el-* \
- | msp430-* \
- | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
- | orion-* \
- | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
- | pyramid-* \
- | romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
- | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* \
- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
- | tron-* \
- | v850-* | v850e-* | vax-* \
- | we32k-* \
- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
- | xtensa-* \
- | ymp-* \
- | z8k-*)
- ;;
- # Recognize the various machine names and aliases which stand
- # for a CPU type and a company and sometimes even an OS.
- 386bsd)
- basic_machine=i386-unknown
- os=-bsd
- ;;
- 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
- basic_machine=m68000-att
- ;;
- 3b*)
- basic_machine=we32k-att
- ;;
- a29khif)
- basic_machine=a29k-amd
- os=-udi
- ;;
- adobe68k)
- basic_machine=m68010-adobe
- os=-scout
- ;;
- alliant | fx80)
- basic_machine=fx80-alliant
- ;;
- altos | altos3068)
- basic_machine=m68k-altos
- ;;
- am29k)
- basic_machine=a29k-none
- os=-bsd
- ;;
- amd64)
- basic_machine=x86_64-pc
- ;;
- amdahl)
- basic_machine=580-amdahl
- os=-sysv
- ;;
- amiga | amiga-*)
- basic_machine=m68k-unknown
- ;;
- amigaos | amigados)
- basic_machine=m68k-unknown
- os=-amigaos
- ;;
- amigaunix | amix)
- basic_machine=m68k-unknown
- os=-sysv4
- ;;
- apollo68)
- basic_machine=m68k-apollo
- os=-sysv
- ;;
- apollo68bsd)
- basic_machine=m68k-apollo
- os=-bsd
- ;;
- aux)
- basic_machine=m68k-apple
- os=-aux
- ;;
- balance)
- basic_machine=ns32k-sequent
- os=-dynix
- ;;
- c90)
- basic_machine=c90-cray
- os=-unicos
- ;;
- convex-c1)
- basic_machine=c1-convex
- os=-bsd
- ;;
- convex-c2)
- basic_machine=c2-convex
- os=-bsd
- ;;
- convex-c32)
- basic_machine=c32-convex
- os=-bsd
- ;;
- convex-c34)
- basic_machine=c34-convex
- os=-bsd
- ;;
- convex-c38)
- basic_machine=c38-convex
- os=-bsd
- ;;
- cray | j90)
- basic_machine=j90-cray
- os=-unicos
- ;;
- crds | unos)
- basic_machine=m68k-crds
- ;;
- cris | cris-* | etrax*)
- basic_machine=cris-axis
- ;;
- da30 | da30-*)
- basic_machine=m68k-da30
- ;;
- decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
- basic_machine=mips-dec
- ;;
- decsystem10* | dec10*)
- basic_machine=pdp10-dec
- os=-tops10
- ;;
- decsystem20* | dec20*)
- basic_machine=pdp10-dec
- os=-tops20
- ;;
- delta | 3300 | motorola-3300 | motorola-delta \
- | 3300-motorola | delta-motorola)
- basic_machine=m68k-motorola
- ;;
- delta88)
- basic_machine=m88k-motorola
- os=-sysv3
- ;;
- dpx20 | dpx20-*)
- basic_machine=rs6000-bull
- os=-bosx
- ;;
- dpx2* | dpx2*-bull)
- basic_machine=m68k-bull
- os=-sysv3
- ;;
- ebmon29k)
- basic_machine=a29k-amd
- os=-ebmon
- ;;
- elxsi)
- basic_machine=elxsi-elxsi
- os=-bsd
- ;;
- encore | umax | mmax)
- basic_machine=ns32k-encore
- ;;
- es1800 | OSE68k | ose68k | ose | OSE)
- basic_machine=m68k-ericsson
- os=-ose
- ;;
- fx2800)
- basic_machine=i860-alliant
- ;;
- genix)
- basic_machine=ns32k-ns
- ;;
- gmicro)
- basic_machine=tron-gmicro
- os=-sysv
- ;;
- go32)
- basic_machine=i386-pc
- os=-go32
- ;;
- h3050r* | hiux*)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- h8300hms)
- basic_machine=h8300-hitachi
- os=-hms
- ;;
- h8300xray)
- basic_machine=h8300-hitachi
- os=-xray
- ;;
- h8500hms)
- basic_machine=h8500-hitachi
- os=-hms
- ;;
- harris)
- basic_machine=m88k-harris
- os=-sysv3
- ;;
- hp300-*)
- basic_machine=m68k-hp
- ;;
- hp300bsd)
- basic_machine=m68k-hp
- os=-bsd
- ;;
- hp300hpux)
- basic_machine=m68k-hp
- os=-hpux
- ;;
- hp3k9[0-9][0-9] | hp9[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hp9k2[0-9][0-9] | hp9k31[0-9])
- basic_machine=m68000-hp
- ;;
- hp9k3[2-9][0-9])
- basic_machine=m68k-hp
- ;;
- hp9k6[0-9][0-9] | hp6[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hp9k7[0-79][0-9] | hp7[0-79][0-9])
- basic_machine=hppa1.1-hp
- ;;
- hp9k78[0-9] | hp78[0-9])
- # FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
- ;;
- hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
- # FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
- ;;
- hp9k8[0-9][13679] | hp8[0-9][13679])
- basic_machine=hppa1.1-hp
- ;;
- hp9k8[0-9][0-9] | hp8[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hppa-next)
- os=-nextstep3
- ;;
- hppaosf)
- basic_machine=hppa1.1-hp
- os=-osf
- ;;
- hppro)
- basic_machine=hppa1.1-hp
- os=-proelf
- ;;
- i370-ibm* | ibm*)
- basic_machine=i370-ibm
- ;;
-# I'm not sure what "Sysv32" means. Should this be sysv3.2?
- i*86v32)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-sysv32
- ;;
- i*86v4*)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-sysv4
- ;;
- i*86v)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-sysv
- ;;
- i*86sol2)
- basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
- os=-solaris2
- ;;
- i386mach)
- basic_machine=i386-mach
- os=-mach
- ;;
- i386-vsta | vsta)
- basic_machine=i386-unknown
- os=-vsta
- ;;
- iris | iris4d)
- basic_machine=mips-sgi
- case $os in
- -irix*)
- ;;
- *)
- os=-irix4
- ;;
- esac
- ;;
- isi68 | isi)
- basic_machine=m68k-isi
- os=-sysv
- ;;
- m88k-omron*)
- basic_machine=m88k-omron
- ;;
- magnum | m3230)
- basic_machine=mips-mips
- os=-sysv
- ;;
- merlin)
- basic_machine=ns32k-utek
- os=-sysv
- ;;
- mingw32)
- basic_machine=i386-pc
- os=-mingw32
- ;;
- miniframe)
- basic_machine=m68000-convergent
- ;;
- *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
- basic_machine=m68k-atari
- os=-mint
- ;;
- mips3*-*)
- basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
- ;;
- mips3*)
- basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
- ;;
- mmix*)
- basic_machine=mmix-knuth
- os=-mmixware
- ;;
- monitor)
- basic_machine=m68k-rom68k
- os=-coff
- ;;
- morphos)
- basic_machine=powerpc-unknown
- os=-morphos
- ;;
- msdos)
- basic_machine=i386-pc
- os=-msdos
- ;;
- mvs)
- basic_machine=i370-ibm
- os=-mvs
- ;;
- ncr3000)
- basic_machine=i486-ncr
- os=-sysv4
- ;;
- netbsd386)
- basic_machine=i386-unknown
- os=-netbsd
- ;;
- netwinder)
- basic_machine=armv4l-rebel
- os=-linux
- ;;
- news | news700 | news800 | news900)
- basic_machine=m68k-sony
- os=-newsos
- ;;
- news1000)
- basic_machine=m68030-sony
- os=-newsos
- ;;
- news-3600 | risc-news)
- basic_machine=mips-sony
- os=-newsos
- ;;
- necv70)
- basic_machine=v70-nec
- os=-sysv
- ;;
- next | m*-next )
- basic_machine=m68k-next
- case $os in
- -nextstep* )
- ;;
- -ns2*)
- os=-nextstep2
- ;;
- *)
- os=-nextstep3
- ;;
- esac
- ;;
- nh3000)
- basic_machine=m68k-harris
- os=-cxux
- ;;
- nh[45]000)
- basic_machine=m88k-harris
- os=-cxux
- ;;
- nindy960)
- basic_machine=i960-intel
- os=-nindy
- ;;
- mon960)
- basic_machine=i960-intel
- os=-mon960
- ;;
- nonstopux)
- basic_machine=mips-compaq
- os=-nonstopux
- ;;
- np1)
- basic_machine=np1-gould
- ;;
- nv1)
- basic_machine=nv1-cray
- os=-unicosmp
- ;;
- nsr-tandem)
- basic_machine=nsr-tandem
- ;;
- op50n-* | op60c-*)
- basic_machine=hppa1.1-oki
- os=-proelf
- ;;
- or32 | or32-*)
- basic_machine=or32-unknown
- os=-coff
- ;;
- OSE68000 | ose68000)
- basic_machine=m68000-ericsson
- os=-ose
- ;;
- os68k)
- basic_machine=m68k-none
- os=-os68k
- ;;
- pa-hitachi)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- paragon)
- basic_machine=i860-intel
- os=-osf
- ;;
- pbd)
- basic_machine=sparc-tti
- ;;
- pbb)
- basic_machine=m68k-tti
- ;;
- pc532 | pc532-*)
- basic_machine=ns32k-pc532
- ;;
- pentium | p5 | k5 | k6 | nexgen | viac3)
- basic_machine=i586-pc
- ;;
- pentiumpro | p6 | 6x86 | athlon | athlon_*)
- basic_machine=i686-pc
- ;;
- pentiumii | pentium2 | pentiumiii | pentium3)
- basic_machine=i686-pc
- ;;
- pentium4)
- basic_machine=i786-pc
- ;;
- pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
- basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pentiumpro-* | p6-* | 6x86-* | athlon-*)
- basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
- basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pentium4-*)
- basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- pn)
- basic_machine=pn-gould
- ;;
- power) basic_machine=power-ibm
- ;;
- ppc) basic_machine=powerpc-unknown
- ;;
- ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- ppcle | powerpclittle | ppc-le | powerpc-little)
- basic_machine=powerpcle-unknown
- ;;
- ppcle-* | powerpclittle-*)
- basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- ppc64) basic_machine=powerpc64-unknown
- ;;
- ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- ppc64le | powerpc64little | ppc64-le | powerpc64-little)
- basic_machine=powerpc64le-unknown
- ;;
- ppc64le-* | powerpc64little-*)
- basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
- ;;
- ps2)
- basic_machine=i386-ibm
- ;;
- pw32)
- basic_machine=i586-unknown
- os=-pw32
- ;;
- rom68k)
- basic_machine=m68k-rom68k
- os=-coff
- ;;
- rm[46]00)
- basic_machine=mips-siemens
- ;;
- rtpc | rtpc-*)
- basic_machine=romp-ibm
- ;;
- s390 | s390-*)
- basic_machine=s390-ibm
- ;;
- s390x | s390x-*)
- basic_machine=s390x-ibm
- ;;
- sa29200)
- basic_machine=a29k-amd
- os=-udi
- ;;
- sb1)
- basic_machine=mipsisa64sb1-unknown
- ;;
- sb1el)
- basic_machine=mipsisa64sb1el-unknown
- ;;
- sei)
- basic_machine=mips-sei
- os=-seiux
- ;;
- sequent)
- basic_machine=i386-sequent
- ;;
- sh)
- basic_machine=sh-hitachi
- os=-hms
- ;;
- sh64)
- basic_machine=sh64-unknown
- ;;
- sparclite-wrs | simso-wrs)
- basic_machine=sparclite-wrs
- os=-vxworks
- ;;
- sps7)
- basic_machine=m68k-bull
- os=-sysv2
- ;;
- spur)
- basic_machine=spur-unknown
- ;;
- st2000)
- basic_machine=m68k-tandem
- ;;
- stratus)
- basic_machine=i860-stratus
- os=-sysv4
- ;;
- sun2)
- basic_machine=m68000-sun
- ;;
- sun2os3)
- basic_machine=m68000-sun
- os=-sunos3
- ;;
- sun2os4)
- basic_machine=m68000-sun
- os=-sunos4
- ;;
- sun3os3)
- basic_machine=m68k-sun
- os=-sunos3
- ;;
- sun3os4)
- basic_machine=m68k-sun
- os=-sunos4
- ;;
- sun4os3)
- basic_machine=sparc-sun
- os=-sunos3
- ;;
- sun4os4)
- basic_machine=sparc-sun
- os=-sunos4
- ;;
- sun4sol2)
- basic_machine=sparc-sun
- os=-solaris2
- ;;
- sun3 | sun3-*)
- basic_machine=m68k-sun
- ;;
- sun4)
- basic_machine=sparc-sun
- ;;
- sun386 | sun386i | roadrunner)
- basic_machine=i386-sun
- ;;
- sv1)
- basic_machine=sv1-cray
- os=-unicos
- ;;
- symmetry)
- basic_machine=i386-sequent
- os=-dynix
- ;;
- t3e)
- basic_machine=alphaev5-cray
- os=-unicos
- ;;
- t90)
- basic_machine=t90-cray
- os=-unicos
- ;;
- tic54x | c54x*)
- basic_machine=tic54x-unknown
- os=-coff
- ;;
- tic55x | c55x*)
- basic_machine=tic55x-unknown
- os=-coff
- ;;
- tic6x | c6x*)
- basic_machine=tic6x-unknown
- os=-coff
- ;;
- tx39)
- basic_machine=mipstx39-unknown
- ;;
- tx39el)
- basic_machine=mipstx39el-unknown
- ;;
- toad1)
- basic_machine=pdp10-xkl
- os=-tops20
- ;;
- tower | tower-32)
- basic_machine=m68k-ncr
- ;;
- udi29k)
- basic_machine=a29k-amd
- os=-udi
- ;;
- ultra3)
- basic_machine=a29k-nyu
- os=-sym1
- ;;
- v810 | necv810)
- basic_machine=v810-nec
- os=-none
- ;;
- vaxv)
- basic_machine=vax-dec
- os=-sysv
- ;;
- vms)
- basic_machine=vax-dec
- os=-vms
- ;;
- vpp*|vx|vx-*)
- basic_machine=f301-fujitsu
- ;;
- vxworks960)
- basic_machine=i960-wrs
- os=-vxworks
- ;;
- vxworks68)
- basic_machine=m68k-wrs
- os=-vxworks
- ;;
- vxworks29k)
- basic_machine=a29k-wrs
- os=-vxworks
- ;;
- w65*)
- basic_machine=w65-wdc
- os=-none
- ;;
- w89k-*)
- basic_machine=hppa1.1-winbond
- os=-proelf
- ;;
- xps | xps100)
- basic_machine=xps100-honeywell
- ;;
- ymp)
- basic_machine=ymp-cray
- os=-unicos
- ;;
- z8k-*-coff)
- basic_machine=z8k-unknown
- os=-sim
- ;;
- none)
- basic_machine=none-none
- os=-none
- ;;
-
-# Here we handle the default manufacturer of certain CPU types. It is in
-# some cases the only manufacturer, in others, it is the most popular.
- w89k)
- basic_machine=hppa1.1-winbond
- ;;
- op50n)
- basic_machine=hppa1.1-oki
- ;;
- op60c)
- basic_machine=hppa1.1-oki
- ;;
- romp)
- basic_machine=romp-ibm
- ;;
- rs6000)
- basic_machine=rs6000-ibm
- ;;
- vax)
- basic_machine=vax-dec
- ;;
- pdp10)
- # there are many clones, so DEC is not a safe bet
- basic_machine=pdp10-unknown
- ;;
- pdp11)
- basic_machine=pdp11-dec
- ;;
- we32k)
- basic_machine=we32k-att
- ;;
- sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
- basic_machine=sh-unknown
- ;;
- sh64)
- basic_machine=sh64-unknown
- ;;
- sparc | sparcv9 | sparcv9b)
- basic_machine=sparc-sun
- ;;
- cydra)
- basic_machine=cydra-cydrome
- ;;
- orion)
- basic_machine=orion-highlevel
- ;;
- orion105)
- basic_machine=clipper-highlevel
- ;;
- mac | mpw | mac-mpw)
- basic_machine=m68k-apple
- ;;
- pmac | pmac-mpw)
- basic_machine=powerpc-apple
- ;;
- *-unknown)
- # Make sure to match an already-canonicalized machine name.
- ;;
- *)
- echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
- exit 1
- ;;
-esac
-
-# Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
- *-digital*)
- basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
- ;;
- *-commodore*)
- basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
- ;;
- *)
- ;;
-esac
-
-# Decode manufacturer-specific aliases for certain operating systems.
-
-if [ x"$os" != x"" ]
-then
-case $os in
- # First match some system type aliases
- # that might get confused with valid system types.
- # -solaris* is a basic system type, with this one exception.
- -solaris1 | -solaris1.*)
- os=`echo $os | sed -e 's|solaris1|sunos4|'`
- ;;
- -solaris)
- os=-solaris2
- ;;
- -svr4*)
- os=-sysv4
- ;;
- -unixware*)
- os=-sysv4.2uw
- ;;
- -gnu/linux*)
- os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
- ;;
- # First accept the basic system types.
- # The portable systems comes first.
- # Each alternative MUST END IN A *, to match a version number.
- # -sysv* is not here because it comes later, after sysvr4.
- -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
- | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* \
- | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
- | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
- | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
- | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
- | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* \
- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
- | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
- | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
- | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
- | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
- | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
- | -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
- # Remember, each alternative MUST END IN *, to match a version number.
- ;;
- -qnx*)
- case $basic_machine in
- x86-* | i*86-*)
- ;;
- *)
- os=-nto$os
- ;;
- esac
- ;;
- -nto-qnx*)
- ;;
- -nto*)
- os=`echo $os | sed -e 's|nto|nto-qnx|'`
- ;;
- -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
- | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
- ;;
- -mac*)
- os=`echo $os | sed -e 's|mac|macos|'`
- ;;
- -linux*)
- os=`echo $os | sed -e 's|linux|linux-gnu|'`
- ;;
- -sunos5*)
- os=`echo $os | sed -e 's|sunos5|solaris2|'`
- ;;
- -sunos6*)
- os=`echo $os | sed -e 's|sunos6|solaris3|'`
- ;;
- -opened*)
- os=-openedition
- ;;
- -wince*)
- os=-wince
- ;;
- -osfrose*)
- os=-osfrose
- ;;
- -osf*)
- os=-osf
- ;;
- -utek*)
- os=-bsd
- ;;
- -dynix*)
- os=-bsd
- ;;
- -acis*)
- os=-aos
- ;;
- -atheos*)
- os=-atheos
- ;;
- -386bsd)
- os=-bsd
- ;;
- -ctix* | -uts*)
- os=-sysv
- ;;
- -nova*)
- os=-rtmk-nova
- ;;
- -ns2 )
- os=-nextstep2
- ;;
- -nsk*)
- os=-nsk
- ;;
- # Preserve the version number of sinix5.
- -sinix5.*)
- os=`echo $os | sed -e 's|sinix|sysv|'`
- ;;
- -sinix*)
- os=-sysv4
- ;;
- -triton*)
- os=-sysv3
- ;;
- -oss*)
- os=-sysv3
- ;;
- -svr4)
- os=-sysv4
- ;;
- -svr3)
- os=-sysv3
- ;;
- -sysvr4)
- os=-sysv4
- ;;
- # This must come after -sysvr4.
- -sysv*)
- ;;
- -ose*)
- os=-ose
- ;;
- -es1800*)
- os=-ose
- ;;
- -xenix)
- os=-xenix
- ;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
- os=-mint
- ;;
- -aros*)
- os=-aros
- ;;
- -kaos*)
- os=-kaos
- ;;
- -none)
- ;;
- *)
- # Get rid of the `-' at the beginning of $os.
- os=`echo $os | sed 's/[^-]*-//'`
- echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
- exit 1
- ;;
-esac
-else
-
-# Here we handle the default operating systems that come with various machines.
-# The value should be what the vendor currently ships out the door with their
-# machine or put another way, the most popular os provided with the machine.
-
-# Note that if you're going to try to match "-MANUFACTURER" here (say,
-# "-sun"), then you have to tell the case statement up towards the top
-# that MANUFACTURER isn't an operating system. Otherwise, code above
-# will signal an error saying that MANUFACTURER isn't an operating
-# system, and we'll never get to this point.
-
-case $basic_machine in
- *-acorn)
- os=-riscix1.2
- ;;
- arm*-rebel)
- os=-linux
- ;;
- arm*-semi)
- os=-aout
- ;;
- c4x-* | tic4x-*)
- os=-coff
- ;;
- # This must come before the *-dec entry.
- pdp10-*)
- os=-tops20
- ;;
- pdp11-*)
- os=-none
- ;;
- *-dec | vax-*)
- os=-ultrix4.2
- ;;
- m68*-apollo)
- os=-domain
- ;;
- i386-sun)
- os=-sunos4.0.2
- ;;
- m68000-sun)
- os=-sunos3
- # This also exists in the configure program, but was not the
- # default.
- # os=-sunos4
- ;;
- m68*-cisco)
- os=-aout
- ;;
- mips*-cisco)
- os=-elf
- ;;
- mips*-*)
- os=-elf
- ;;
- or32-*)
- os=-coff
- ;;
- *-tti) # must be before sparc entry or we get the wrong os.
- os=-sysv3
- ;;
- sparc-* | *-sun)
- os=-sunos4.1.1
- ;;
- *-be)
- os=-beos
- ;;
- *-ibm)
- os=-aix
- ;;
- *-wec)
- os=-proelf
- ;;
- *-winbond)
- os=-proelf
- ;;
- *-oki)
- os=-proelf
- ;;
- *-hp)
- os=-hpux
- ;;
- *-hitachi)
- os=-hiux
- ;;
- i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
- os=-sysv
- ;;
- *-cbm)
- os=-amigaos
- ;;
- *-dg)
- os=-dgux
- ;;
- *-dolphin)
- os=-sysv3
- ;;
- m68k-ccur)
- os=-rtu
- ;;
- m88k-omron*)
- os=-luna
- ;;
- *-next )
- os=-nextstep
- ;;
- *-sequent)
- os=-ptx
- ;;
- *-crds)
- os=-unos
- ;;
- *-ns)
- os=-genix
- ;;
- i370-*)
- os=-mvs
- ;;
- *-next)
- os=-nextstep3
- ;;
- *-gould)
- os=-sysv
- ;;
- *-highlevel)
- os=-bsd
- ;;
- *-encore)
- os=-bsd
- ;;
- *-sgi)
- os=-irix
- ;;
- *-siemens)
- os=-sysv4
- ;;
- *-masscomp)
- os=-rtu
- ;;
- f30[01]-fujitsu | f700-fujitsu)
- os=-uxpv
- ;;
- *-rom68k)
- os=-coff
- ;;
- *-*bug)
- os=-coff
- ;;
- *-apple)
- os=-macos
- ;;
- *-atari*)
- os=-mint
- ;;
- *)
- os=-none
- ;;
-esac
-fi
-
-# Here we handle the case where we know the os, and the CPU type, but not the
-# manufacturer. We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
- *-unknown)
- case $os in
- -riscix*)
- vendor=acorn
- ;;
- -sunos*)
- vendor=sun
- ;;
- -aix*)
- vendor=ibm
- ;;
- -beos*)
- vendor=be
- ;;
- -hpux*)
- vendor=hp
- ;;
- -mpeix*)
- vendor=hp
- ;;
- -hiux*)
- vendor=hitachi
- ;;
- -unos*)
- vendor=crds
- ;;
- -dgux*)
- vendor=dg
- ;;
- -luna*)
- vendor=omron
- ;;
- -genix*)
- vendor=ns
- ;;
- -mvs* | -opened*)
- vendor=ibm
- ;;
- -ptx*)
- vendor=sequent
- ;;
- -vxsim* | -vxworks* | -windiss*)
- vendor=wrs
- ;;
- -aux*)
- vendor=apple
- ;;
- -hms*)
- vendor=hitachi
- ;;
- -mpw* | -macos*)
- vendor=apple
- ;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
- vendor=atari
- ;;
- -vos*)
- vendor=stratus
- ;;
- esac
- basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
- ;;
-esac
-
-echo $basic_machine$os
-exit 0
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
+++ /dev/null
-#! /bin/sh
-# From configure.in @(#) Id (LBL).
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.62.
-#
-# Copyright (c) 1995, 1996, 1997, 2006, 2009
-# The Regents of the University of California. All rights reserved.
-#
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
-esac
-
-fi
-
-
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-case $0 in
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- { (exit 1); exit 1; }
-fi
-
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-
-# Name of the executable.
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# CDPATH.
-$as_unset CDPATH
-
-
-if test "x$CONFIG_SHELL" = x; then
- if (eval ":") 2>/dev/null; then
- as_have_required=yes
-else
- as_have_required=no
-fi
-
- if test $as_have_required = yes && (eval ":
-(as_func_return () {
- (exit \$1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
-
-exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
- :
-else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
- :
-else
- exitcode=1
- echo positional parameters were not saved.
-fi
-
-test \$exitcode = 0) || { (exit 1); exit 1; }
-
-(
- as_lineno_1=\$LINENO
- as_lineno_2=\$LINENO
- test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
- test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
-") 2> /dev/null; then
- :
-else
- as_candidate_shells=
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- case $as_dir in
- /*)
- for as_base in sh bash ksh sh5; do
- as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
- done;;
- esac
-done
-IFS=$as_save_IFS
-
-
- for as_shell in $as_candidate_shells $SHELL; do
- # Try only shells that exist, to save several forks.
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { ("$as_shell") 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
-esac
-
-fi
-
-
-:
-_ASEOF
-}; then
- CONFIG_SHELL=$as_shell
- as_have_required=yes
- if { "$as_shell" 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
-esac
-
-fi
-
-
-:
-(as_func_return () {
- (exit $1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
-
-exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
- :
-else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = "$1" ); then
- :
-else
- exitcode=1
- echo positional parameters were not saved.
-fi
-
-test $exitcode = 0) || { (exit 1); exit 1; }
-
-(
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
-
-_ASEOF
-}; then
- break
-fi
-
-fi
-
- done
-
- if test "x$CONFIG_SHELL" != x; then
- for as_var in BASH_ENV ENV
- do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
- done
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
-fi
-
-
- if test $as_have_required = no; then
- echo This script requires a shell more modern than all the
- echo shells that I found on your system. Please install a
- echo modern shell, or manually run the script under such a
- echo shell if you do have one.
- { (exit 1); exit 1; }
-fi
-
-
-fi
-
-fi
-
-
-
-(eval "as_func_return () {
- (exit \$1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
-
-exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
- :
-else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
- :
-else
- exitcode=1
- echo positional parameters were not saved.
-fi
-
-test \$exitcode = 0") || {
- echo No shell found that supports shell functions.
- echo Please tell bug-autoconf@gnu.org about your system,
- echo including any error possibly output before this message.
- echo This can help us improve future autoconf versions.
- echo Configuration will now proceed without shell functions.
-}
-
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
-
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line after each line using $LINENO; the second 'sed'
- # does the real work. The second script uses 'N' to pair each
- # line-number line with the line containing $LINENO, and appends
- # trailing '-' during substitution so that $LINENO is not a special
- # case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # scripts with optimization help from Paolo Bonzini. Blame Lee
- # E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
--n*)
- case `echo 'x\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- *) ECHO_C='\c';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -p'
- fi
-else
- as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-
-exec 7<&0 </dev/null 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-# Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
-
-ac_unique_file="nslint.c"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif
-#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-# include <memory.h>
-# endif
-# include <string.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_subst_vars='SHELL
-PATH_SEPARATOR
-PACKAGE_NAME
-PACKAGE_TARNAME
-PACKAGE_VERSION
-PACKAGE_STRING
-PACKAGE_BUGREPORT
-exec_prefix
-prefix
-program_transform_name
-bindir
-sbindir
-libexecdir
-datarootdir
-datadir
-sysconfdir
-sharedstatedir
-localstatedir
-includedir
-oldincludedir
-docdir
-infodir
-htmldir
-dvidir
-pdfdir
-psdir
-libdir
-localedir
-mandir
-DEFS
-ECHO_C
-ECHO_N
-ECHO_T
-LIBS
-build_alias
-host_alias
-target_alias
-build
-build_cpu
-build_vendor
-build_os
-host
-host_cpu
-host_vendor
-host_os
-target
-target_cpu
-target_vendor
-target_os
-CC
-CFLAGS
-LDFLAGS
-CPPFLAGS
-ac_ct_CC
-EXEEXT
-OBJEXT
-CPP
-GREP
-EGREP
-SHLICC2
-INSTALL_PROGRAM
-INSTALL_SCRIPT
-INSTALL_DATA
-LIBOBJS
-V_CCOPT
-V_INCLS
-LTLIBOBJS'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_optimization
-with_gcc
-enable_largefile
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-CPP'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *) ac_optarg=yes ;;
- esac
-
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
- { (exit 1); exit 1; }; }
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
- { (exit 1); exit 1; }; }
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
- { (exit 1); exit 1; }; }
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
- { (exit 1); exit 1; }; }
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) { $as_echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; }
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
- { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2
- { (exit 1); exit 1; }; }
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- { $as_echo "$as_me: error: missing argument to $ac_option" >&2
- { (exit 1); exit 1; }; }
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) { $as_echo "$as_me: error: Unrecognized options: $ac_unrecognized_opts" >&2
- { (exit 1); exit 1; }; } ;;
- *) $as_echo "$as_me: WARNING: Unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
- { (exit 1); exit 1; }; }
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
- If a cross compiler is detected then cross compile mode will be used." >&2
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- { $as_echo "$as_me: error: Working directory cannot be determined" >&2
- { (exit 1); exit 1; }; }
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- { $as_echo "$as_me: error: pwd does not report name of working directory" >&2
- { (exit 1); exit 1; }; }
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
- { (exit 1); exit 1; }; }
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2
- { (exit 1); exit 1; }; }
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
- --target=TARGET configure for building compilers for TARGET [HOST]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --disable-optimization turn off gcc optimization
- --disable-largefile omit support for large files
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --without-gcc don't use gcc
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- CPP C preprocessor
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for guested configure.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-configure
-generated by GNU Autoconf 2.62
-
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-
-Copyright (c) 1995, 1996, 1997, 2006, 2009
- The Regents of the University of California. All rights reserved.
-_ACEOF
- exit
-fi
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by $as_me, which was
-generated by GNU Autoconf 2.62. Invocation command line was
-
- $ $0 $@
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- $as_echo "PATH: $as_dir"
-done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
- 2)
- ac_configure_args1="$ac_configure_args1 '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- ac_configure_args="$ac_configure_args '$ac_arg'"
- ;;
- esac
- done
-done
-$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
-$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- cat <<\_ASBOX
-## ---------------- ##
-## Cache variables. ##
-## ---------------- ##
-_ASBOX
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-$as_echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) $as_unset $ac_var ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- cat <<\_ASBOX
-## ----------------- ##
-## Output variables. ##
-## ----------------- ##
-_ASBOX
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- cat <<\_ASBOX
-## ------------------- ##
-## File substitutions. ##
-## ------------------- ##
-_ASBOX
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- cat <<\_ASBOX
-## ----------- ##
-## confdefs.h. ##
-## ----------- ##
-_ASBOX
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- $as_echo "$as_me: caught signal $ac_signal"
- $as_echo "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-ac_site_file1=NONE
-ac_site_file2=NONE
-if test -n "$CONFIG_SITE"; then
- ac_site_file1=$CONFIG_SITE
-elif test "x$prefix" != xNONE; then
- ac_site_file1=$prefix/share/config.site
- ac_site_file2=$prefix/etc/config.site
-else
- ac_site_file1=$ac_default_prefix/share/config.site
- ac_site_file2=$ac_default_prefix/etc/config.site
-fi
-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
-do
- test "x$ac_site_file" = xNONE && continue
- if test -r "$ac_site_file"; then
- { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file"
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special
- # files actually), so we avoid doing that.
- if test -f "$cache_file"; then
- { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5
-$as_echo "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5
-$as_echo "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { $as_echo "$as_me:$LINENO: former value: \`$ac_old_val'" >&5
-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
- { $as_echo "$as_me:$LINENO: current value: \`$ac_new_val'" >&5
-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
- break
- fi
-done
-if test -z "$ac_aux_dir"; then
- { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
-$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
-
-
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
-$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
- { (exit 1); exit 1; }; }
-
-{ $as_echo "$as_me:$LINENO: checking build system type" >&5
-$as_echo_n "checking build system type... " >&6; }
-if test "${ac_cv_build+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
-test "x$ac_build_alias" = x &&
- { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
-$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
- { (exit 1); exit 1; }; }
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
-$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-$as_echo "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
-$as_echo "$as_me: error: invalid value of canonical build" >&2;}
- { (exit 1); exit 1; }; };;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ $as_echo "$as_me:$LINENO: checking host system type" >&5
-$as_echo_n "checking host system type... " >&6; }
-if test "${ac_cv_host+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
-$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-$as_echo "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
-$as_echo "$as_me: error: invalid value of canonical host" >&2;}
- { (exit 1); exit 1; }; };;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-{ $as_echo "$as_me:$LINENO: checking target system type" >&5
-$as_echo_n "checking target system type... " >&6; }
-if test "${ac_cv_target+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test "x$target_alias" = x; then
- ac_cv_target=$ac_cv_host
-else
- ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` ||
- { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&5
-$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_target" >&5
-$as_echo "$ac_cv_target" >&6; }
-case $ac_cv_target in
-*-*-*) ;;
-*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical target" >&5
-$as_echo "$as_me: error: invalid value of canonical target" >&2;}
- { (exit 1); exit 1; }; };;
-esac
-target=$ac_cv_target
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_target
-shift
-target_cpu=$1
-target_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-target_os=$*
-IFS=$ac_save_IFS
-case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac
-
-
-# The aliases save the names the user supplied, while $host etc.
-# will get canonicalized.
-test -n "$target_alias" &&
- test "$program_prefix$program_suffix$program_transform_name" = \
- NONENONEs,x,x, &&
- program_prefix=${target_alias}-
-
-umask 002
-
-if test -z "$PWD" ; then
- PWD=`pwd`
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-
-
-test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-
-# Provide some information about the compiler.
-$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-{ (ac_try="$ac_compiler --version >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compiler --version >&5") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compiler -v >&5") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compiler -V >&5") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
-$as_echo_n "checking for C compiler default output file name... " >&6; }
-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { (ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else
- ac_file=''
-fi
-
-{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5
-$as_echo "$ac_file" >&6; }
-if test -z "$ac_file"; then
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: C compiler cannot create executables
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
-fi
-
-ac_exeext=$ac_cv_exeext
-
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-$as_echo_n "checking whether the C compiler works... " >&6; }
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
- if { ac_try='./$ac_file'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
- fi
- fi
-fi
-{ $as_echo "$as_me:$LINENO: result: yes" >&5
-$as_echo "yes" >&6; }
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-$as_echo_n "checking whether we are cross compiling... " >&6; }
-{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5
-$as_echo "$cross_compiling" >&6; }
-
-{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5
-$as_echo_n "checking for suffix of executables... " >&6; }
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else
- { { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest$ac_cv_exeext
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-$as_echo "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5
-$as_echo_n "checking for suffix of object files... " >&6; }
-if test "${ac_cv_objext+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-$as_echo "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_compiler_gnu=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_compiler_gnu=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_g=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- CFLAGS=""
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- :
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_g=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_c89=$ac_arg
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:$LINENO: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:$LINENO: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-$as_echo_n "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- :
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- # Broken: fails on valid input.
-continue
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- # Broken: success on invalid input.
-continue
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- break
-fi
-
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ $as_echo "$as_me:$LINENO: result: $CPP" >&5
-$as_echo "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- :
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- # Broken: fails on valid input.
-continue
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- # Broken: success on invalid input.
-continue
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- :
-else
- { { $as_echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ $as_echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if test "${ac_cv_path_GREP+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
-done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- { { $as_echo "$as_me:$LINENO: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-$as_echo "$as_me: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
- { (exit 1); exit 1; }; }
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5
-$as_echo "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-{ $as_echo "$as_me:$LINENO: checking for egrep" >&5
-$as_echo_n "checking for egrep... " >&6; }
-if test "${ac_cv_path_EGREP+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
-done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- { { $as_echo "$as_me:$LINENO: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-$as_echo "$as_me: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
- { (exit 1); exit 1; }; }
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5
-$as_echo "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-{ $as_echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_header_stdc=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_header_stdc=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then
- :
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then
- :
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then
- :
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- :
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
-$as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -rf conftest.dSYM
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do
-as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
-$as_echo_n "checking for $ac_header... " >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- eval "$as_ac_Header=yes"
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval 'as_val=${'$as_ac_Header'}
- $as_echo "$as_val"'`
- { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if test `eval 'as_val=${'$as_ac_Header'}
- $as_echo "$as_val"'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
- # Check whether --enable-optimization was given.
-if test "${enable_optimization+set}" = set; then
- enableval=$enable_optimization; ac_cv_without_optimization=${withval}
-fi
-
-
-
-
-
-# Check whether --with-gcc was given.
-if test "${with_gcc+set}" = set; then
- withval=$with_gcc;
-fi
-
-
- if test "${ac_cv_header_minix_config_h+set}" = set; then
- { $as_echo "$as_me:$LINENO: checking for minix/config.h" >&5
-$as_echo_n "checking for minix/config.h... " >&6; }
-if test "${ac_cv_header_minix_config_h+set}" = set; then
- $as_echo_n "(cached) " >&6
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_minix_config_h" >&5
-$as_echo "$ac_cv_header_minix_config_h" >&6; }
-else
- # Is the header compilable?
-{ $as_echo "$as_me:$LINENO: checking minix/config.h usability" >&5
-$as_echo_n "checking minix/config.h usability... " >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <minix/config.h>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-$as_echo "$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ $as_echo "$as_me:$LINENO: checking minix/config.h presence" >&5
-$as_echo_n "checking minix/config.h presence... " >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <minix/config.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-$as_echo "$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: accepted by the compiler, rejected by the preprocessor!" >&5
-$as_echo "$as_me: WARNING: minix/config.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: minix/config.h: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: present but cannot be compiled" >&5
-$as_echo "$as_me: WARNING: minix/config.h: present but cannot be compiled" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: check for missing prerequisite headers?" >&5
-$as_echo "$as_me: WARNING: minix/config.h: check for missing prerequisite headers?" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: see the Autoconf documentation" >&5
-$as_echo "$as_me: WARNING: minix/config.h: see the Autoconf documentation" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: section \"Present But Cannot Be Compiled\"" >&5
-$as_echo "$as_me: WARNING: minix/config.h: section \"Present But Cannot Be Compiled\"" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: proceeding with the preprocessor's result" >&5
-$as_echo "$as_me: WARNING: minix/config.h: proceeding with the preprocessor's result" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: minix/config.h: in the future, the compiler will take precedence" >&5
-$as_echo "$as_me: WARNING: minix/config.h: in the future, the compiler will take precedence" >&2;}
-
- ;;
-esac
-{ $as_echo "$as_me:$LINENO: checking for minix/config.h" >&5
-$as_echo_n "checking for minix/config.h... " >&6; }
-if test "${ac_cv_header_minix_config_h+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_cv_header_minix_config_h=$ac_header_preproc
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_minix_config_h" >&5
-$as_echo "$ac_cv_header_minix_config_h" >&6; }
-
-fi
-if test $ac_cv_header_minix_config_h = yes; then
- MINIX=yes
-else
- MINIX=
-fi
-
-
- if test "$MINIX" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define _POSIX_SOURCE 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define _POSIX_1_SOURCE 2
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define _MINIX 1
-_ACEOF
-
- fi
-
-
-
- { $as_echo "$as_me:$LINENO: checking whether it is safe to define __EXTENSIONS__" >&5
-$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; }
-if test "${ac_cv_safe_to_define___extensions__+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-# define __EXTENSIONS__ 1
- $ac_includes_default
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_safe_to_define___extensions__=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_safe_to_define___extensions__=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_safe_to_define___extensions__" >&5
-$as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
- test $ac_cv_safe_to_define___extensions__ = yes &&
- cat >>confdefs.h <<\_ACEOF
-#define __EXTENSIONS__ 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-#define _ALL_SOURCE 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-#define _GNU_SOURCE 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-#define _POSIX_PTHREAD_SEMANTICS 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-#define _TANDEM_SOURCE 1
-_ACEOF
-
-
- V_CCOPT=""
- if test "${ac_cv_without_optimization+set}" != set; then
- V_CCOPT="-O"
- fi
- V_INCLS=""
- if test "${srcdir}" != "." ; then
- V_INCLS="-I\$\(srcdir\)"
- fi
- if test -z "$CC" ; then
- case "$target_os" in
-
- bsdi*)
- # Extract the first word of "shlicc2", so it can be a program name with args.
-set dummy shlicc2; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_SHLICC2+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$SHLICC2"; then
- ac_cv_prog_SHLICC2="$SHLICC2" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_SHLICC2="yes"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_SHLICC2" && ac_cv_prog_SHLICC2="no"
-fi
-fi
-SHLICC2=$ac_cv_prog_SHLICC2
-if test -n "$SHLICC2"; then
- { $as_echo "$as_me:$LINENO: result: $SHLICC2" >&5
-$as_echo "$SHLICC2" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- if test $SHLICC2 = yes ; then
- CC=shlicc2
- export CC
- fi
- ;;
- esac
- fi
- if test -z "$CC" -a "$with_gcc" = no ; then
- CC=cc
- export CC
- fi
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:$LINENO: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:$LINENO: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-$as_echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-
-
-test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-
-# Provide some information about the compiler.
-$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-{ (ac_try="$ac_compiler --version >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compiler --version >&5") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compiler -v >&5") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compiler -V >&5") 2>&5
- ac_status=$?
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-
-{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_compiler_gnu=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_compiler_gnu=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_g=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- CFLAGS=""
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- :
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_g=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_c89=$ac_arg
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:$LINENO: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:$LINENO: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # Check whether --enable-largefile was given.
-if test "${enable_largefile+set}" = set; then
- enableval=$enable_largefile;
-fi
-
-if test "$enable_largefile" != no; then
-
- { $as_echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5
-$as_echo_n "checking for special C compiler options needed for large files... " >&6; }
-if test "${ac_cv_sys_largefile_CC+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_cv_sys_largefile_CC=no
- if test "$GCC" != yes; then
- ac_save_CC=$CC
- while :; do
- # IRIX 6.2 and later do not support large files by default,
- # so use the C compiler's -n32 option if that helps.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
- rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- break
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
- CC="$CC -n32"
- rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_sys_largefile_CC=' -n32'; break
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
- break
- done
- CC=$ac_save_CC
- rm -f conftest.$ac_ext
- fi
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5
-$as_echo "$ac_cv_sys_largefile_CC" >&6; }
- if test "$ac_cv_sys_largefile_CC" != no; then
- CC=$CC$ac_cv_sys_largefile_CC
- fi
-
- { $as_echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5
-$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
-if test "${ac_cv_sys_file_offset_bits+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_sys_file_offset_bits=no; break
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#define _FILE_OFFSET_BITS 64
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_sys_file_offset_bits=64; break
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_cv_sys_file_offset_bits=unknown
- break
-done
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5
-$as_echo "$ac_cv_sys_file_offset_bits" >&6; }
-case $ac_cv_sys_file_offset_bits in #(
- no | unknown) ;;
- *)
-cat >>confdefs.h <<_ACEOF
-#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
-_ACEOF
-;;
-esac
-rm -rf conftest*
- if test $ac_cv_sys_file_offset_bits = unknown; then
- { $as_echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5
-$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; }
-if test "${ac_cv_sys_large_files+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_sys_large_files=no; break
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#define _LARGE_FILES 1
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_sys_large_files=1; break
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_cv_sys_large_files=unknown
- break
-done
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5
-$as_echo "$ac_cv_sys_large_files" >&6; }
-case $ac_cv_sys_large_files in #(
- no | unknown) ;;
- *)
-cat >>confdefs.h <<_ACEOF
-#define _LARGE_FILES $ac_cv_sys_large_files
-_ACEOF
-;;
-esac
-rm -rf conftest*
- fi
-fi
-
- if test "$GCC" != yes ; then
- { $as_echo "$as_me:$LINENO: checking that $CC handles ansi prototypes" >&5
-$as_echo_n "checking that $CC handles ansi prototypes... " >&6; }
- if test "${ac_cv_lbl_cc_ansi_prototypes+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/types.h>
-int
-main ()
-{
-int frob(int, char *)
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_lbl_cc_ansi_prototypes=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lbl_cc_ansi_prototypes=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
- { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_ansi_prototypes" >&5
-$as_echo "$ac_cv_lbl_cc_ansi_prototypes" >&6; }
- if test $ac_cv_lbl_cc_ansi_prototypes = no ; then
- case "$target_os" in
-
- hpux*)
- { $as_echo "$as_me:$LINENO: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5
-$as_echo_n "checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)... " >&6; }
- savedcflags="$CFLAGS"
- CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS"
- if test "${ac_cv_lbl_cc_hpux_cc_aa+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/types.h>
-int
-main ()
-{
-int frob(int, char *)
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_lbl_cc_hpux_cc_aa=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lbl_cc_hpux_cc_aa=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
- { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_hpux_cc_aa" >&5
-$as_echo "$ac_cv_lbl_cc_hpux_cc_aa" >&6; }
- if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then
- { { $as_echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5
-$as_echo "$as_me: error: see the INSTALL doc for more info" >&2;}
- { (exit 1); exit 1; }; }
- fi
- CFLAGS="$savedcflags"
- V_CCOPT="-Aa $V_CCOPT"
-
-cat >>confdefs.h <<\_ACEOF
-#define _HPUX_SOURCE /**/
-_ACEOF
-
- ;;
-
- *)
- { { $as_echo "$as_me:$LINENO: error: see the INSTALL doc for more info" >&5
-$as_echo "$as_me: error: see the INSTALL doc for more info" >&2;}
- { (exit 1); exit 1; }; }
- ;;
- esac
- fi
- V_INCLS="$V_INCLS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
-
- case "$target_os" in
-
- irix*)
- V_CCOPT="$V_CCOPT -xansi -signed -g3"
- ;;
-
- osf*)
- V_CCOPT="$V_CCOPT -std1 -g3"
- ;;
-
- ultrix*)
- { $as_echo "$as_me:$LINENO: checking that Ultrix $CC hacks const in prototypes" >&5
-$as_echo_n "checking that Ultrix $CC hacks const in prototypes... " >&6; }
- if test "${ac_cv_lbl_cc_const_proto+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/types.h>
-int
-main ()
-{
-struct a { int b; };
- void c(const struct a *)
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_lbl_cc_const_proto=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lbl_cc_const_proto=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
- { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_const_proto" >&5
-$as_echo "$ac_cv_lbl_cc_const_proto" >&6; }
- if test $ac_cv_lbl_cc_const_proto = no ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define const /**/
-_ACEOF
-
- fi
- ;;
- esac
- fi
-
-# Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-$as_echo_n "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
- ./ | .// | /cC/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
-done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test "${ac_cv_path_install+set}" = set; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5
-$as_echo "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-
-
-
-for ac_header in fcntl.h memory.h
-do
-as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
-$as_echo_n "checking for $ac_header... " >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- $as_echo_n "(cached) " >&6
-fi
-ac_res=`eval 'as_val=${'$as_ac_Header'}
- $as_echo "$as_val"'`
- { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-else
- # Is the header compilable?
-{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5
-$as_echo_n "checking $ac_header usability... " >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-$as_echo "$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5
-$as_echo_n "checking $ac_header presence... " >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-$as_echo "$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-
- ;;
-esac
-{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
-$as_echo_n "checking for $ac_header... " >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- $as_echo_n "(cached) " >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval 'as_val=${'$as_ac_Header'}
- $as_echo "$as_val"'`
- { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-
-fi
-if test `eval 'as_val=${'$as_ac_Header'}
- $as_echo "$as_val"'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_func in strerror
-do
-as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
-$as_echo_n "checking for $ac_func... " >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then
- eval "$as_ac_var=yes"
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- eval "$as_ac_var=no"
-fi
-
-rm -rf conftest.dSYM
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval 'as_val=${'$as_ac_var'}
- $as_echo "$as_val"'`
- { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if test `eval 'as_val=${'$as_ac_var'}
- $as_echo "$as_val"'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-else
- case " $LIBOBJS " in
- *" $ac_func.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
- ;;
-esac
-
-fi
-done
-
-
-
-{ $as_echo "$as_me:$LINENO: checking for main in -lnsl" >&5
-$as_echo_n "checking for main in -lnsl... " >&6; }
-if test "${ac_cv_lib_nsl_main+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnsl $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-return main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then
- ac_cv_lib_nsl_main=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_nsl_main=no
-fi
-
-rm -rf conftest.dSYM
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_main" >&5
-$as_echo "$ac_cv_lib_nsl_main" >&6; }
-if test $ac_cv_lib_nsl_main = yes; then
- cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBNSL 1
-_ACEOF
-
- LIBS="-lnsl $LIBS"
-
-fi
-
-
-{ $as_echo "$as_me:$LINENO: checking for main in -lsocket" >&5
-$as_echo_n "checking for main in -lsocket... " >&6; }
-if test "${ac_cv_lib_socket_main+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsocket $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-return main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
- }; then
- ac_cv_lib_socket_main=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_socket_main=no
-fi
-
-rm -rf conftest.dSYM
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_socket_main" >&5
-$as_echo "$ac_cv_lib_socket_main" >&6; }
-if test $ac_cv_lib_socket_main = yes; then
- cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBSOCKET 1
-_ACEOF
-
- LIBS="-lsocket $LIBS"
-
-fi
-
-
-{ $as_echo "$as_me:$LINENO: checking for int32_t using $CC" >&5
-$as_echo_n "checking for int32_t using $CC... " >&6; }
- if test "${ac_cv_lbl_have_int32_t+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-# include "confdefs.h"
-# include <sys/types.h>
-# if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-# endif
-int
-main ()
-{
-int32_t i
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_lbl_have_int32_t=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lbl_have_int32_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
- { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_have_int32_t" >&5
-$as_echo "$ac_cv_lbl_have_int32_t" >&6; }
- if test $ac_cv_lbl_have_int32_t = no ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define int32_t int
-_ACEOF
-
- fi
-{ $as_echo "$as_me:$LINENO: checking for u_int32_t using $CC" >&5
-$as_echo_n "checking for u_int32_t using $CC... " >&6; }
- if test "${ac_cv_lbl_have_u_int32_t+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-# include "confdefs.h"
-# include <sys/types.h>
-# if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-# endif
-int
-main ()
-{
-u_int32_t i
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_lbl_have_u_int32_t=yes
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lbl_have_u_int32_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
- { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_have_u_int32_t" >&5
-$as_echo "$ac_cv_lbl_have_u_int32_t" >&6; }
- if test $ac_cv_lbl_have_u_int32_t = no ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define u_int32_t u_int
-_ACEOF
-
- fi
-
-
-
- rm -f os-proto.h
- if test -f .devel ; then
- if test "$GCC" = yes ; then
- if test "$SHLICC2" = yes ; then
- ac_cv_lbl_gcc_vers=2
- V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O3/'`"
- else
- { $as_echo "$as_me:$LINENO: checking gcc version" >&5
-$as_echo_n "checking gcc version... " >&6; }
- if test "${ac_cv_lbl_gcc_vers+set}" = set; then
- $as_echo_n "(cached) " >&6
-else
- # Gag, the gcc folks keep changing the output...
- # try to grab N.N.N
- ac_cv_lbl_gcc_vers=`$CC --version 2>&1 |
- sed -e '1!d' -e 's/[^0-9]*\([0-9][0-9]*\)\.[0-9\][0-9]*\.[0-9][0-9]*.*/\1/'`
-fi
-
- { $as_echo "$as_me:$LINENO: result: $ac_cv_lbl_gcc_vers" >&5
-$as_echo "$ac_cv_lbl_gcc_vers" >&6; }
- if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then
- V_CCOPT="`echo $V_CCOPT | sed -e 's/-O/-O3/'`"
- fi
- fi
- if test "$ac_cv_prog_cc_g" = yes ; then
- V_CCOPT="-g $V_CCOPT"
- fi
- V_CCOPT="$V_CCOPT -Wall"
- if test "$ac_cv_lbl_gcc_vers" -gt 1 ; then
- V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes"
- if [ "`uname -s`" = "FreeBSD" ]; then
- V_CCOPT="$V_CCOPT -Werror"
- fi
- fi
- else
- case "$target_os" in
-
- irix6*)
- V_CCOPT="$V_CCOPT -fullwarn -n32"
- ;;
-
- *)
- ;;
- esac
- fi
- os=`echo $target_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'`
- name="lbl/os-$os.h"
- if test -f $name ; then
- ln -s $name os-proto.h
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OS_PROTO_H /**/
-_ACEOF
-
- else
- { $as_echo "$as_me:$LINENO: WARNING: can't find $name" >&5
-$as_echo "$as_me: WARNING: can't find $name" >&2;}
- fi
- fi
-
-if test -r lbl/gnuc.h ; then
- rm -f gnuc.h
- ln -s lbl/gnuc.h gnuc.h
-fi
-
-
-
-
-
-
-
-ac_config_files="$ac_config_files Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-$as_echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) $as_unset $ac_var ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \).
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- test "x$cache_file" != "x/dev/null" &&
- { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5
-$as_echo "$as_me: updating cache $cache_file" >&6;}
- cat confcache >$cache_file
- else
- { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# Transform confdefs.h into DEFS.
-# Protect against shell expansion while executing Makefile rules.
-# Protect against Makefile macro expansion.
-#
-# If the first sed substitution is executed (which looks for macros that
-# take arguments), then branch to the quote section. Otherwise,
-# look for a macro that doesn't take arguments.
-ac_script='
-:mline
-/\\$/{
- N
- s,\\\n,,
- b mline
-}
-t clear
-:clear
-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-b any
-:quote
-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
-s/\[/\\&/g
-s/\]/\\&/g
-s/\$/$$/g
-H
-:any
-${
- g
- s/^\n//
- s/\n/ /g
- p
-}
-'
-DEFS=`sed -n "$ac_script" confdefs.h`
-
-
-ac_libobjs=
-ac_ltlibobjs=
-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIBOBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-
-: ${CONFIG_STATUS=./config.status}
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
-esac
-
-fi
-
-
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-case $0 in
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- { (exit 1); exit 1; }
-fi
-
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-
-# Name of the executable.
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# CDPATH.
-$as_unset CDPATH
-
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
-
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line after each line using $LINENO; the second 'sed'
- # does the real work. The second script uses 'N' to pair each
- # line-number line with the line containing $LINENO, and appends
- # trailing '-' during substitution so that $LINENO is not a special
- # case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # scripts with optimization help from Paolo Bonzini. Blame Lee
- # E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
--n*)
- case `echo 'x\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- *) ECHO_C='\c';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -p'
- fi
-else
- as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-
-# Save the log message, to keep $[0] and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.62. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
-
-Usage: $0 [OPTIONS] [FILE]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- -q, --quiet do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
-
-Configuration files:
-$config_files
-
-Report bugs to <bug-autoconf@gnu.org>."
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.62,
- with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
-
-Copyright (C) 2008 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- $as_echo "$ac_cs_version"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h | --help | --hel | -h )
- $as_echo "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) { $as_echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; } ;;
-
- *) ac_config_targets="$ac_config_targets $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
- $as_echo "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-
- *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
- { (exit 1); exit 1; }; };;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp=
- trap 'exit_status=$?
- { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
-' 0
- trap '{ (exit 1); exit 1; }' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} ||
-{
- $as_echo "$as_me: cannot create a temporary directory in ." >&2
- { (exit 1); exit 1; }
-}
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr='\r'
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
-
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` = $ac_delim_num; then
- break
- elif $ac_last_try; then
- { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\).*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\).*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "\a"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
- || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
-$as_echo "$as_me: error: could not setup config files machinery" >&2;}
- { (exit 1); exit 1; }; }
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=/{
-s/:*\$(srcdir):*/:/
-s/:*\${srcdir}:*/:/
-s/:*@srcdir@:*/:/
-s/^\([^=]*=[ ]*\):*/\1/
-s/:*$//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-
-eval set X " :F $CONFIG_FILES "
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5
-$as_echo "$as_me: error: Invalid tag $ac_tag." >&2;}
- { (exit 1); exit 1; }; };;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
-$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
- { (exit 1); exit 1; }; };;
- esac
- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- ac_file_inputs="$ac_file_inputs '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
-$as_echo "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`$as_echo "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$tmp/stdin" \
- || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
-$as_echo "$as_me: error: could not create $ac_file" >&2;}
- { (exit 1); exit 1; }; } ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { as_dir="$ac_dir"
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
-$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
- { (exit 1); exit 1; }; }; }
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p
-'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
- || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
-$as_echo "$as_me: error: could not create $ac_file" >&2;}
- { (exit 1); exit 1; }; }
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
- { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined." >&5
-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined." >&2;}
-
- rm -f "$tmp/stdin"
- case $ac_file in
- -) cat "$tmp/out" && rm -f "$tmp/out";;
- *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
- esac \
- || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
-$as_echo "$as_me: error: could not create $ac_file" >&2;}
- { (exit 1); exit 1; }; }
- ;;
-
-
-
- esac
-
-done # for ac_tag
-
-
-{ (exit 0); exit 0; }
-_ACEOF
-chmod +x $CONFIG_STATUS
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || { (exit 1); exit 1; }
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { $as_echo "$as_me:$LINENO: WARNING: Unrecognized options: $ac_unrecognized_opts" >&5
-$as_echo "$as_me: WARNING: Unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
-
-if test -f .devel ; then
- make depend
-fi
-exit 0
+++ /dev/null
-AC_REVISION([@(#) $Id: configure.in 241 2009-10-10 23:31:13Z leres $ (LBL)])
-dnl
-AC_COPYRIGHT([Copyright (c) 1995, 1996, 1997, 2006, 2009
- The Regents of the University of California. All rights reserved.])
-dnl
-dnl Process this file with autoconf to produce a configure script.
-dnl
-
-AC_INIT
-AC_CONFIG_SRCDIR(nslint.c)
-
-AC_CANONICAL_TARGET
-
-umask 002
-
-if test -z "$PWD" ; then
- PWD=`pwd`
-fi
-
-AC_LBL_C_INIT(V_CCOPT, V_INCLS)
-AC_PROG_INSTALL
-
-AC_CHECK_HEADERS(fcntl.h memory.h)
-
-AC_REPLACE_FUNCS(strerror)
-AC_CHECK_LIB(nsl, main)
-AC_CHECK_LIB(socket, main)
-
-AC_LBL_CHECK_TYPE(int32_t, int)
-AC_LBL_CHECK_TYPE(u_int32_t, u_int)
-
-AC_LBL_DEVEL(V_CCOPT)
-
-if test -r lbl/gnuc.h ; then
- rm -f gnuc.h
- ln -s lbl/gnuc.h gnuc.h
-fi
-
-AC_SUBST(CFLAGS)
-AC_SUBST(LDFLAGS)
-AC_SUBST(LIBS)
-AC_SUBST(V_CCOPT)
-AC_SUBST(V_INCLS)
-
-AC_CONFIG_FILES(Makefile)
-AC_OUTPUT
-
-if test -f .devel ; then
- make depend
-fi
-exit 0
+++ /dev/null
-#!/bin/sh
-# install - install a program, script, or datafile
-
-scriptversion=2006-12-25.00
-
-# This originates from X11R5 (mit/util/scripts/install.sh), which was
-# later released in X11R6 (xc/config/util/install.sh) with the
-# following copyright and license.
-#
-# Copyright (C) 1994 X Consortium
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
-# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-# Except as contained in this notice, the name of the X Consortium shall not
-# be used in advertising or otherwise to promote the sale, use or other deal-
-# ings in this Software without prior written authorization from the X Consor-
-# tium.
-#
-#
-# FSF changes to this file are in the public domain.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-
-nl='
-'
-IFS=" "" $nl"
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit=${DOITPROG-}
-if test -z "$doit"; then
- doit_exec=exec
-else
- doit_exec=$doit
-fi
-
-# Put in absolute file names if you don't have them in your path;
-# or use environment vars.
-
-chgrpprog=${CHGRPPROG-chgrp}
-chmodprog=${CHMODPROG-chmod}
-chownprog=${CHOWNPROG-chown}
-cmpprog=${CMPPROG-cmp}
-cpprog=${CPPROG-cp}
-mkdirprog=${MKDIRPROG-mkdir}
-mvprog=${MVPROG-mv}
-rmprog=${RMPROG-rm}
-stripprog=${STRIPPROG-strip}
-
-posix_glob='?'
-initialize_posix_glob='
- test "$posix_glob" != "?" || {
- if (set -f) 2>/dev/null; then
- posix_glob=
- else
- posix_glob=:
- fi
- }
-'
-
-posix_mkdir=
-
-# Desired mode of installed file.
-mode=0755
-
-chgrpcmd=
-chmodcmd=$chmodprog
-chowncmd=
-mvcmd=$mvprog
-rmcmd="$rmprog -f"
-stripcmd=
-
-src=
-dst=
-dir_arg=
-dst_arg=
-
-copy_on_change=false
-no_target_directory=
-
-usage="\
-Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
- or: $0 [OPTION]... SRCFILES... DIRECTORY
- or: $0 [OPTION]... -t DIRECTORY SRCFILES...
- or: $0 [OPTION]... -d DIRECTORIES...
-
-In the 1st form, copy SRCFILE to DSTFILE.
-In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
-In the 4th, create DIRECTORIES.
-
-Options:
- --help display this help and exit.
- --version display version info and exit.
-
- -c (ignored)
- -C install only if different (preserve the last data modification time)
- -d create directories instead of installing files.
- -g GROUP $chgrpprog installed files to GROUP.
- -m MODE $chmodprog installed files to MODE.
- -o USER $chownprog installed files to USER.
- -s $stripprog installed files.
- -t DIRECTORY install into DIRECTORY.
- -T report an error if DSTFILE is a directory.
-
-Environment variables override the default commands:
- CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
- RMPROG STRIPPROG
-"
-
-while test $# -ne 0; do
- case $1 in
- -c) ;;
-
- -C) copy_on_change=true;;
-
- -d) dir_arg=true;;
-
- -g) chgrpcmd="$chgrpprog $2"
- shift;;
-
- --help) echo "$usage"; exit $?;;
-
- -m) mode=$2
- case $mode in
- *' '* | *' '* | *'
-'* | *'*'* | *'?'* | *'['*)
- echo "$0: invalid mode: $mode" >&2
- exit 1;;
- esac
- shift;;
-
- -o) chowncmd="$chownprog $2"
- shift;;
-
- -s) stripcmd=$stripprog;;
-
- -t) dst_arg=$2
- shift;;
-
- -T) no_target_directory=true;;
-
- --version) echo "$0 $scriptversion"; exit $?;;
-
- --) shift
- break;;
-
- -*) echo "$0: invalid option: $1" >&2
- exit 1;;
-
- *) break;;
- esac
- shift
-done
-
-if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
- # When -d is used, all remaining arguments are directories to create.
- # When -t is used, the destination is already specified.
- # Otherwise, the last argument is the destination. Remove it from $@.
- for arg
- do
- if test -n "$dst_arg"; then
- # $@ is not empty: it contains at least $arg.
- set fnord "$@" "$dst_arg"
- shift # fnord
- fi
- shift # arg
- dst_arg=$arg
- done
-fi
-
-if test $# -eq 0; then
- if test -z "$dir_arg"; then
- echo "$0: no input file specified." >&2
- exit 1
- fi
- # It's OK to call `install-sh -d' without argument.
- # This can happen when creating conditional directories.
- exit 0
-fi
-
-if test -z "$dir_arg"; then
- trap '(exit $?); exit' 1 2 13 15
-
- # Set umask so as not to create temps with too-generous modes.
- # However, 'strip' requires both read and write access to temps.
- case $mode in
- # Optimize common cases.
- *644) cp_umask=133;;
- *755) cp_umask=22;;
-
- *[0-7])
- if test -z "$stripcmd"; then
- u_plus_rw=
- else
- u_plus_rw='% 200'
- fi
- cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
- *)
- if test -z "$stripcmd"; then
- u_plus_rw=
- else
- u_plus_rw=,u+rw
- fi
- cp_umask=$mode$u_plus_rw;;
- esac
-fi
-
-for src
-do
- # Protect names starting with `-'.
- case $src in
- -*) src=./$src;;
- esac
-
- if test -n "$dir_arg"; then
- dst=$src
- dstdir=$dst
- test -d "$dstdir"
- dstdir_status=$?
- else
-
- # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
- # might cause directories to be created, which would be especially bad
- # if $src (and thus $dsttmp) contains '*'.
- if test ! -f "$src" && test ! -d "$src"; then
- echo "$0: $src does not exist." >&2
- exit 1
- fi
-
- if test -z "$dst_arg"; then
- echo "$0: no destination specified." >&2
- exit 1
- fi
-
- dst=$dst_arg
- # Protect names starting with `-'.
- case $dst in
- -*) dst=./$dst;;
- esac
-
- # If destination is a directory, append the input filename; won't work
- # if double slashes aren't ignored.
- if test -d "$dst"; then
- if test -n "$no_target_directory"; then
- echo "$0: $dst_arg: Is a directory" >&2
- exit 1
- fi
- dstdir=$dst
- dst=$dstdir/`basename "$src"`
- dstdir_status=0
- else
- # Prefer dirname, but fall back on a substitute if dirname fails.
- dstdir=`
- (dirname "$dst") 2>/dev/null ||
- expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$dst" : 'X\(//\)[^/]' \| \
- X"$dst" : 'X\(//\)$' \| \
- X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
- echo X"$dst" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'
- `
-
- test -d "$dstdir"
- dstdir_status=$?
- fi
- fi
-
- obsolete_mkdir_used=false
-
- if test $dstdir_status != 0; then
- case $posix_mkdir in
- '')
- # Create intermediate dirs using mode 755 as modified by the umask.
- # This is like FreeBSD 'install' as of 1997-10-28.
- umask=`umask`
- case $stripcmd.$umask in
- # Optimize common cases.
- *[2367][2367]) mkdir_umask=$umask;;
- .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
- *[0-7])
- mkdir_umask=`expr $umask + 22 \
- - $umask % 100 % 40 + $umask % 20 \
- - $umask % 10 % 4 + $umask % 2
- `;;
- *) mkdir_umask=$umask,go-w;;
- esac
-
- # With -d, create the new directory with the user-specified mode.
- # Otherwise, rely on $mkdir_umask.
- if test -n "$dir_arg"; then
- mkdir_mode=-m$mode
- else
- mkdir_mode=
- fi
-
- posix_mkdir=false
- case $umask in
- *[123567][0-7][0-7])
- # POSIX mkdir -p sets u+wx bits regardless of umask, which
- # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
- ;;
- *)
- tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
- trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-
- if (umask $mkdir_umask &&
- exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
- then
- if test -z "$dir_arg" || {
- # Check for POSIX incompatibilities with -m.
- # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
- # other-writeable bit of parent directory when it shouldn't.
- # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
- ls_ld_tmpdir=`ls -ld "$tmpdir"`
- case $ls_ld_tmpdir in
- d????-?r-*) different_mode=700;;
- d????-?--*) different_mode=755;;
- *) false;;
- esac &&
- $mkdirprog -m$different_mode -p -- "$tmpdir" && {
- ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
- test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
- }
- }
- then posix_mkdir=:
- fi
- rmdir "$tmpdir/d" "$tmpdir"
- else
- # Remove any dirs left behind by ancient mkdir implementations.
- rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
- fi
- trap '' 0;;
- esac;;
- esac
-
- if
- $posix_mkdir && (
- umask $mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
- )
- then :
- else
-
- # The umask is ridiculous, or mkdir does not conform to POSIX,
- # or it failed possibly due to a race condition. Create the
- # directory the slow way, step by step, checking for races as we go.
-
- case $dstdir in
- /*) prefix='/';;
- -*) prefix='./';;
- *) prefix='';;
- esac
-
- eval "$initialize_posix_glob"
-
- oIFS=$IFS
- IFS=/
- $posix_glob set -f
- set fnord $dstdir
- shift
- $posix_glob set +f
- IFS=$oIFS
-
- prefixes=
-
- for d
- do
- test -z "$d" && continue
-
- prefix=$prefix$d
- if test -d "$prefix"; then
- prefixes=
- else
- if $posix_mkdir; then
- (umask=$mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
- # Don't fail if two instances are running concurrently.
- test -d "$prefix" || exit 1
- else
- case $prefix in
- *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
- *) qprefix=$prefix;;
- esac
- prefixes="$prefixes '$qprefix'"
- fi
- fi
- prefix=$prefix/
- done
-
- if test -n "$prefixes"; then
- # Don't fail if two instances are running concurrently.
- (umask $mkdir_umask &&
- eval "\$doit_exec \$mkdirprog $prefixes") ||
- test -d "$dstdir" || exit 1
- obsolete_mkdir_used=true
- fi
- fi
- fi
-
- if test -n "$dir_arg"; then
- { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
- { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
- { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
- test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
- else
-
- # Make a couple of temp file names in the proper directory.
- dsttmp=$dstdir/_inst.$$_
- rmtmp=$dstdir/_rm.$$_
-
- # Trap to clean up those temp files at exit.
- trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
-
- # Copy the file name to the temp name.
- (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
-
- # and set any options; do chmod last to preserve setuid bits.
- #
- # If any of these fail, we abort the whole thing. If we want to
- # ignore errors from any of these, just make sure not to ignore
- # errors from the above "$doit $cpprog $src $dsttmp" command.
- #
- { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
- { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
- { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
- { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
-
- # If -C, don't bother to copy if it wouldn't change the file.
- if $copy_on_change &&
- old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
- new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
-
- eval "$initialize_posix_glob" &&
- $posix_glob set -f &&
- set X $old && old=:$2:$4:$5:$6 &&
- set X $new && new=:$2:$4:$5:$6 &&
- $posix_glob set +f &&
-
- test "$old" = "$new" &&
- $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
- then
- rm -f "$dsttmp"
- else
- # Rename the file to the real destination.
- $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
-
- # The rename failed, perhaps because mv can't rename something else
- # to itself, or perhaps because mv is so ancient that it does not
- # support -f.
- {
- # Now remove or move aside any old file at destination location.
- # We try this two ways since rm can't unlink itself on some
- # systems and the destination file might be busy for other
- # reasons. In this case, the final cleanup might fail but the new
- # file should still install successfully.
- {
- test ! -f "$dst" ||
- $doit $rmcmd -f "$dst" 2>/dev/null ||
- { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
- { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
- } ||
- { echo "$0: cannot unlink or rename $dst" >&2
- (exit 1); exit 1
- }
- } &&
-
- # Now rename the file to the real destination.
- $doit $mvcmd "$dsttmp" "$dst"
- }
- fi || exit 1
-
- trap '' 0
- fi
-done
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
+++ /dev/null
-/* @(#) $Id: gnuc.h,v 1.4 2006/04/30 03:58:45 leres Exp $ (LBL) */
-
-/* Define __P() macro, if necessary */
-#ifndef __P
-#if __STDC__
-#define __P(protos) protos
-#else
-#define __P(protos) ()
-#endif
-#endif
-
-/* inline foo */
-#ifdef __GNUC__
-#define inline __inline
-#else
-#define inline
-#endif
-
-/*
- * Handle new and old "dead" routine prototypes
- *
- * For example:
- *
- * __dead void foo(void) __attribute__((noreturn));
- *
- */
-#ifdef __GNUC__
-#ifndef __dead
-#if __GNUC__ >= 4
-#define __dead
-#define noreturn __noreturn__
-#else
-#define __dead volatile
-#define noreturn volatile
-#endif
-#endif
-#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#ifndef __attribute__
-#define __attribute__(args)
-#endif
-#endif
-#else
-#ifndef __dead
-#define __dead
-#endif
-#ifndef __attribute__
-#define __attribute__(args)
-#endif
-#endif
+++ /dev/null
-#!/bin/sh -
-#
-# Copyright (c) 1994, 1996
-# The Regents of the University of California. All rights reserved.
-#
-# Redistribution and use in source and binary forms are permitted
-# provided that this notice is preserved and that due credit is given
-# to the University of California at Berkeley. The name of the University
-# may not be used to endorse or promote products derived from this
-# software without specific prior written permission. This software
-# is provided ``as is'' without express or implied warranty.
-#
-# @(#)mkdep.sh 5.11 (Berkeley) 5/5/88
-#
-
-PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin
-export PATH
-
-MAKE=Makefile # default makefile name is "Makefile"
-CC=cc # default C compiler is "cc"
-
-while :
- do case "$1" in
- # -c allows you to specify the C compiler
- -c)
- CC=$2
- shift; shift ;;
-
- # -f allows you to select a makefile name
- -f)
- MAKE=$2
- shift; shift ;;
-
- # the -p flag produces "program: program.c" style dependencies
- # so .o's don't get produced
- -p)
- SED='s;\.o;;'
- shift ;;
- *)
- break ;;
- esac
-done
-
-if [ $# = 0 ] ; then
- echo 'usage: mkdep [-p] [-c cc] [-f makefile] [flags] file ...'
- exit 1
-fi
-
-if [ ! -w $MAKE ]; then
- echo "mkdep: no writeable file \"$MAKE\""
- exit 1
-fi
-
-TMP=/tmp/mkdep$$
-
-trap 'rm -f $TMP ; exit 1' 1 2 3 13 15
-
-cp $MAKE ${MAKE}.bak
-
-sed -e '/DO NOT DELETE THIS LINE/,$d' < $MAKE > $TMP
-
-cat << _EOF_ >> $TMP
-# DO NOT DELETE THIS LINE -- mkdep uses it.
-# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
-
-_EOF_
-
-# If your compiler doesn't have -M, add it. If you can't, the next two
-# lines will try and replace the "cc -M". The real problem is that this
-# hack can't deal with anything that requires a search path, and doesn't
-# even try for anything using bracket (<>) syntax.
-#
-# egrep '^#include[ ]*".*"' /dev/null $* |
-# sed -e 's/:[^"]*"\([^"]*\)".*/: \1/' -e 's/\.c/.o/' |
-
-# XXX this doesn't work with things like "-DDECLWAITSTATUS=union\ wait"
-$CC -M $* |
-sed "
- s; \./; ;g
- $SED" |
-awk '{
- if ($1 != prev) {
- if (rec != "")
- print rec;
- rec = $0;
- prev = $1;
- }
- else {
- if (length(rec $2) > 78) {
- print rec;
- rec = $0;
- }
- else
- rec = rec " " $2
- }
-}
-END {
- print rec
-}' >> $TMP
-
-cat << _EOF_ >> $TMP
-
-# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
-_EOF_
-
-# copy to preserve permissions
-cp $TMP $MAKE
-rm -f ${MAKE}.bak $TMP
-exit 0
+++ /dev/null
-.\" @(#) $Id: nslint.8 238 2009-03-14 05:43:37Z leres $ (LBL)
-.\"
-.\" Copyright (c) 1994, 1996, 1997, 1999, 2001, 2002, 2009
-.\" The Regents of the University of California. All rights reserved.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that: (1) source code distributions
-.\" retain the above copyright notice and this paragraph in its entirety, (2)
-.\" distributions including binary code include the above copyright notice and
-.\" this paragraph in its entirety in the documentation or other materials
-.\" provided with the distribution, and (3) all advertising materials mentioning
-.\" features or use of this software display the following acknowledgement:
-.\" ``This product includes software developed by the University of California,
-.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
-.\" the University nor the names of its contributors may be used to endorse
-.\" or promote products derived from this software without specific prior
-.\" written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.TH nslint 8 "2 May 2002"
-.UC 4
-.SH NAME
-nslint - perform consistency checks on dns files
-.SH SYNOPSIS
-.B nslint
-[
-.B -d
-] [
-.B -c
-.I named.conf
-] [
-.B -C
-.I nslint.conf
-]
-.br
-.B nslint
-[
-.B -d
-] [
-.B -b
-.I named.boot
-] [
-.B -B
-.I nslint.boot
-]
-.SH DESCRIPTION
-.B Nslint
-reads the nameserver configuration files and performs a number of
-consistency checks on the dns records. If any problems are discovered,
-error messages are displayed on
-.I stderr
-and
-.B nslint
-exits with a non-zero status.
-.LP
-Here is a partial list of errors
-.B nslint
-detects:
-.IP
-Records that are malformed.
-.IP
-Names that contain dots but are missing a trailing dot.
-.IP
-.B PTR
-records with names that are missing a trailing dot.
-.IP
-Names that contain illegal characters (rfc1034).
-.IP
-.B A
-records
-without matching
-.B PTR
-records
-.IP
-.B PTR
-records
-without matching
-.B A
-records
-.IP
-Names with more than one address on the same subnet.
-.IP
-Addresses in use by more than one name.
-.IP
-Names with
-.B CNAME
-and other records (rfc1033).
-.IP
-Unknown service and/or protocol keywords in
-.B WKS
-records.
-.IP
-Missing semicolons and quotes.
-.LP
-.SH OPTIONS
-.TP
-.B -b
-Specify an alternate
-.I named.boot
-file. The default is
-.IR /etc/named.boot .
-.TP
-.TP
-.B -c
-Specify an alternate
-.I named.conf
-file. The default is
-.IR /etc/named.conf .
-.TP
-.B -B
-Specify an alternate
-.I nslint.boot
-file. The default is
-.I nslint.boot
-in the last
-.B directory
-line processed in
-.I named.boot
-(or the current working directory).
-This file is processed like a second
-.IR named.boot .
-The most common use is to tell
-.B nslint
-about
-.B A
-records that match
-.B PTR
-records that point outside the domains listed in
-.IR named.boot .
-.TP
-.B -C
-Specify an alternate
-.I nslint.conf
-file. The default is
-.I nslint.conf
-in the last
-.B directory
-line processed in
-.I named.conf
-(or the current working directory).
-This file is processed like a second
-.IR named.conf .
-.TP
-.B -d
-Raise the debugging level. Debugging information is
-displayed on
-.IR stdout .
-.LP
-.B Nslint
-knows how to read
-BIND 8 and 9's
-.I named.conf
-configuration file and also
-older BIND's
-.I named.boot
-file. If both files exist,
-.B nslint
-will prefer
-.I named.conf
-(on the theory that you forgot to delete
-.I named.boot
-when you upgraded BIND).
-.LP
-.SH "ADVANCED CONFIGURATION"
-There are some cases where it is necessary to use the
-advanced configuration features of
-.BR nslint .
-Advanced configuration is done with the
-.I nslint.conf
-file. (You can also use
-.I nslint.boot
-which has a syntax similar to
-.I named.boot
-but is not described here.)
-.LP
-The most common is when a site has a demilitarized zone (DMZ).
-The problem here is that the DMZ network will have
-.B PTR
-records for hosts outside its domain. For example lets say
-we have
-.I 128.0.rev
-with:
-.LP
-.RS
-.nf
-.sp .5
-1.1 604800 in ptr gateway.lbl.gov.
-2.1 604800 in ptr gateway.es.net.
-.sp .5
-.fi
-.RE
-.LP
-Obviously we will define an
-.B A
-record for
-.I gateway.lbl.gov
-pointing to
-.I 128.0.1.1
-but we will get errors because there is no
-.B A
-record defined for
-.IR gateway.es.net .
-The solution is to create a
-.I nslint.conf
-file (in the same directory as the other dns files)
-with:
-.LP
-.RS
-.nf
-.sp .5
-zone "es.net" {
-.RS
-type master;
-file "nslint.es.net";
-.RE
-};
-.sp .5
-.fi
-.RE
-.LP
-And then create the file
-.I nslint.es.net
-with:
-.LP
-.RS
-.nf
-.sp .5
-gateway 1 in a 128.0.1.2
-.sp .5
-.fi
-.RE
-.LP
-Another problem occurs when there is a
-.B CNAME
-that points to a host outside the local domains. Let's say we have
-.I info.lbl.gov
-pointing to
-.IR larry.es.net :
-.LP
-.RS
-.nf
-.sp .5
-info 604800 in cname larry.es.net.
-.sp .5
-.fi
-.RE
-.LP
-In this case we would need:
-.LP
-.RS
-.nf
-.sp .5
-zone "es.net" {
-.RS
-type master;
-file "nslint.es.net";
-.RE
-};
-.sp .5
-.fi
-.RE
-.LP
-in
-.I nslint.boot
-and:
-.LP
-.RS
-.nf
-.sp .5
-larry 1 in txt "place holder"
-.sp .5
-.fi
-.RE
-.LP
-.IR nslint.es.net .
-.LP
-One last problem
-when a pseudo host is setup to allow two more
-more actual hosts provide a service. For, let's say that
-.I lbl.gov
-contains:
-.LP
-.RS
-.nf
-.sp .5
-server 604800 in a 128.0.6.6
-server 604800 in a 128.0.6.94
-;
-tom 604800 in a 128.0.6.6
-tom 604800 in mx 0 lbl.gov.
-;
-jerry 604800 in a 128.0.6.94
-jerry 604800 in mx 0 lbl.gov.
-.sp .5
-.fi
-.RE
-.LP
-In this case
-.B nslint
-would complain about missing
-.B PTR
-records and ip addresses in use by more than one host.
-To suppress these warnings, add you would the lines:
-.LP
-.RS
-.nf
-.sp .5
-zone "lbl.gov" {
-.RS
-type master;
-file "nslint.lbl.gov";
-.RE
-};
-.LP
-zone "0.128.in-addr.arpa" {
-.RS
-type master;
-file "nslint.128.0.rev";
-.RE
-};
-.sp .5
-.fi
-.RE
-.LP
-to
-.I nslint.conf
-and create
-.I nslint.lbl.gov
-with:
-.LP
-.RS
-.nf
-.sp .5
-server 1 in allowdupa 128.0.6.6
-server 1 in allowdupa 128.0.6.94
-.sp .5
-.fi
-.RE
-.LP
-and create
-.I nslint.128.0.rev
-with:
-.LP
-.RS
-.nf
-.sp .5
-6.6 604800 in ptr server.lbl.gov.
-94.6 604800 in ptr server.lbl.gov.
-.sp .5
-.fi
-.RE
-.LP
-In this example, the
-.B allowdupa
-keyword tells
-.B nslint
-that it's ok for
-.I 128.0.6.6
-and
-.I 128.0.6.94
-to be shared by
-.IR server.lbl.gov ,
-.IR tom.lbl.gov ,
-and
-.IR jerry.lbl.gov .
-.LP
-Another
-.B nslint
-feature helps detect hosts that have mistakenly had two ip addresses
-assigned on the same subnet. This can happen when two different
-people request an ip address for the same hostname or when someone
-forgets an address has been assigned and requests a new number.
-.LP
-To detect such
-.B A
-records, add a
-.B nslint
-section to your
-.I nslint.conf
-containing something similar to:
-.LP
-.RS
-.nf
-.sp .5
-nslint {
-.RS
-network "128.0.6/22";
-.RE
-};
-.sp .5
-.fi
-.RE
-.LP
-or:
-.LP
-.RS
-.nf
-.sp .5
-nslint {
-.RS
-network "128.0.6 255.255.252.0";
-.RE
-};
-.sp .5
-.fi
-.RE
-.LP
-These two examples are are equivalent ways of saying the same thing;
-that subnet
-.I 128.0.6
-has a 22 bit wide subnet mask.
-.LP
-Using information from the above
-.B network
-statement,
-.B nslint
-would would flag the following
-.B A
-records as being in error:
-.LP
-.RS
-.nf
-.sp .5
-server 1 in a 128.0.6.48
-server 1 in a 128.0.7.16
-.sp .5
-.fi
-.RE
-.LP
-Note that if you specify any
-.B network
-lines in your
-.I nslint.conf
-file,
-.B nslint
-requires you to include lines for all networks;
-otherwise you might forget to add
-.B network
-lines for new networks.
-.LP
-Sometimes you have a zone that
-.B nslint
-just can't deal with. A good example is
-a dynamic dns zone. To handle this, you can
-add the following to
-.IB nslint.com :
-.LP
-.RS
-.nf
-.sp .5
-nslint {
-.RS
-ignorezone "dhcp.lbl.gov";
-.RE
-};
-.sp .5
-.fi
-.RE
-.LP
-This will suppress "name referenced without other records" warnings.
-.LP
-.SH FILES
-.na
-.nh
-.nf
-/etc/named.conf - default named configuration file
-/etc/named.boot - old style named configuration file
-nslint.conf - default nslint configuration file
-nslint.boot - old style nslint configuration file
-.ad
-.hy
-.fi
-.LP
-.SH "SEE ALSO"
-.na
-.nh
-.IR named (8),
-rfc1033,
-rfc1034
-.ad
-.hy
-.SH AUTHOR
-Craig Leres of the
-Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.
-.LP
-The current version is available via anonymous ftp:
-.LP
-.RS
-.I ftp://ftp.ee.lbl.gov/nslint.tar.gz
-.RE
-.SH BUGS
-Please send bug reports to nslint@ee.lbl.gov.
-.LP
-Not everyone is guaranteed to agree with all the checks done.
+++ /dev/null
-/*
- * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2007, 2008, 2009
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that: (1) source code distributions
- * retain the above copyright notice and this paragraph in its entirety, (2)
- * distributions including binary code include the above copyright notice and
- * this paragraph in its entirety in the documentation or other materials
- * provided with the distribution, and (3) all advertising materials mentioning
- * features or use of this software display the following acknowledgement:
- * ``This product includes software developed by the University of California,
- * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
- * the University nor the names of its contributors may be used to endorse
- * or promote products derived from this software without specific prior
- * written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-#ifndef lint
-static const char copyright[] =
- "@(#) Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2007, 2008, 2009\n\
-The Regents of the University of California. All rights reserved.\n";
-static const char rcsid[] =
- "@(#) $Id: nslint.c 247 2009-10-14 17:54:05Z leres $ (LBL)";
-#endif
-/*
- * nslint - perform consistency checks on dns files
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-
-#include <arpa/inet.h>
-
-#include <ctype.h>
-#include <errno.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_MEMORY_H
-#include <memory.h>
-#endif
-#include <netdb.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "savestr.h"
-#include "version.h"
-
-#include "gnuc.h"
-#ifdef HAVE_OS_PROTO_H
-#include "os-proto.h"
-#endif
-
-#define NSLINTBOOT "nslint.boot" /* default nslint.boot file */
-#define NSLINTCONF "nslint.conf" /* default nslint.conf file */
-
-/* Is the string just a dot by itself? */
-#define CHECKDOT(p) (p[0] == '.' && p[1] == '\0')
-
-/* Address (network order) */
-struct addr {
- u_int family;
- union {
- struct in_addr _a_addr4;
- struct in6_addr _a_addr6;
- } addr;
-};
-#define a_addr4 addr._a_addr4.s_addr
-#define a_addr6 addr._a_addr6.s6_addr
-
-/* Network */
-struct network {
- u_int family;
- union {
- struct in_addr _n_addr4;
- struct in6_addr _n_addr6;
- } addr;
- union {
- struct in_addr _n_mask4;
- struct in6_addr _n_mask6;
- } mask;
-};
-#define n_addr4 addr._n_addr4.s_addr
-#define n_mask4 mask._n_mask4.s_addr
-#define n_addr6 addr._n_addr6.s6_addr
-#define n_mask6 mask._n_mask6.s6_addr
-
-/* Item struct */
-struct item {
- char *host; /* pointer to hostname */
- struct addr addr; /* ip address */
- u_int ttl; /* ttl of A records */
- int records; /* resource records seen */
- int flags; /* flags word */
-};
-
-/* Ignored zone struct */
-struct ignoredzone {
- char *zone; /* zone name */
- int len; /* length of zone */
-};
-
-/* Resource records seen */
-#define REC_A 0x0001
-#define REC_AAAA 0x0002
-#define REC_PTR 0x0004
-#define REC_WKS 0x0008
-#define REC_HINFO 0x0010
-#define REC_MX 0x0020
-#define REC_CNAME 0x0040
-#define REC_NS 0x0080
-#define REC_SOA 0x0100
-#define REC_RP 0x0200
-#define REC_TXT 0x0400
-#define REC_SRV 0x0800
-
-/* These aren't real records */
-#define REC_OTHER 0x1000
-#define REC_REF 0x2000
-#define REC_UNKNOWN 0x4000
-
-/* resource record types for parsing */
-enum rrtype {
- RR_UNDEF = 0,
- RR_A,
- RR_AAAA,
- RR_ALLOWDUPA,
- RR_CNAME,
- RR_DNSKEY,
- RR_HINFO,
- RR_MX,
- RR_NS,
- RR_PTR,
- RR_RP,
- RR_SOA,
- RR_SRV,
- RR_TXT,
- RR_WKS,
- RR_RRSIG,
- RR_NSEC,
-};
-
-/* Test for records we want to map to REC_OTHER */
-#define MASK_TEST_REC (REC_WKS | REC_HINFO | \
- REC_MX | REC_SOA | REC_RP | REC_TXT | REC_SRV | REC_UNKNOWN)
-
-/* Mask away records we don't care about in the final processing to REC_OTHER */
-#define MASK_CHECK_REC \
- (REC_A | REC_AAAA | REC_PTR | REC_CNAME | REC_REF | REC_OTHER)
-
-/* Test for records we want to check for duplicate name detection */
-#define MASK_TEST_DUP \
- (REC_A | REC_AAAA | REC_HINFO | REC_CNAME)
-
-/* Flags */
-#define FLG_SELFMX 0x001 /* mx record refers to self */
-#define FLG_MXREF 0x002 /* this record referred to by a mx record */
-#define FLG_SMTPWKS 0x004 /* saw wks with smtp/tcp */
-#define FLG_ALLOWDUPA 0x008 /* allow duplicate a records */
-
-/* doconf() and doboot() flags */
-#define CONF_MUSTEXIST 0x001 /* fatal for files to not exist */
-#define CONF_NOZONE 0x002 /* do not parse zone files */
-
-/* Test for smtp problems */
-#define MASK_TEST_SMTP \
- (FLG_SELFMX | FLG_SMTPWKS)
-
-#define ITEMSIZE (1 << 17) /* power of two */
-
-struct item items[ITEMSIZE];
-int itemcnt; /* count of items */
-
-/* Hostname string storage */
-#define STRSIZE 8192; /* size to malloc when more space is needed */
-char *strptr; /* pointer to string pool */
-int strsize; /* size of space left in pool */
-
-int debug;
-int errors;
-#ifdef __FreeBSD__
-char *bootfile = "/etc/namedb/named.boot";
-char *conffile = "/etc/namedb/named.conf";
-#else
-char *bootfile = "/etc/named.boot";
-char *conffile = "/etc/named.conf";
-#endif
-char *nslintboot;
-char *nslintconf;
-char *prog;
-char *cwd = ".";
-
-static struct network *netlist;
-static u_int netlistsize; /* size of array */
-static u_int netlistcnt; /* next free element */
-
-char **protoserv; /* valid protocol/service names */
-int protoserv_init;
-int protoserv_last;
-int protoserv_len;
-
-static char inaddr[] = ".in-addr.arpa.";
-static char inaddr6[] = ".ip6.arpa.";
-
-/* XXX should be dynamic */
-static struct ignoredzone ignoredzones[10];
-static int numignoredzones = 0;
-#define SIZEIGNOREDZONES (sizeof(ignoredzones) / sizeof(ignoredzones[0]))
-
-/* SOA record */
-#define SOA_SERIAL 0
-#define SOA_REFRESH 1
-#define SOA_RETRY 2
-#define SOA_EXPIRE 3
-#define SOA_MINIMUM 4
-
-static u_int soaval[5];
-static int nsoaval;
-#define NSOAVAL (sizeof(soaval) / sizeof(soaval[0]))
-
-/* Forwards */
-void add_domain(char *, const char *);
-const char *addr2str(struct addr *);
-int checkaddr(const char *);
-int checkdots(const char *);
-void checkdups(struct item *, int);
-int checkignoredzone(const char *);
-int checkserv(const char *, char **p);
-int checkwks(FILE *, char *, int *, char **);
-int cmpaddr(const void *, const void *);
-int cmpitemaddr(const void *, const void *);
-int cmpitemhost(const void *, const void *);
-int cmpnetwork(const void *, const void *);
-void doboot(const char *, int);
-void doconf(const char *, int);
-const char *extractaddr(const char *, struct addr *);
-const char *extractnetwork(const char *, struct network *);
-struct network *findnetwork(struct addr *);
-void initprotoserv(void);
-int main(int, char **);
-int maskwidth(struct network *);
-const char *network2str(struct network *);
-void nslint(void);
-const char *parsenetwork(const char *);
-const char *parseptr(const char *, struct addr *);
-char *parsequoted(char *);
-int parserrsig(const char *, char **);
-int parsesoa(const char *, char **);
-void process(const char *, const char *, const char *);
-int rfc1034host(const char *, int);
-enum rrtype txt2rrtype(const char *);
-int samesubnet(struct addr *, struct addr *, struct network *);
-void setmaskwidth(u_int w, struct network *);
-int updateitem(const char *, struct addr *, int, u_int, int);
-void usage(void) __attribute__((noreturn));
-
-extern char *optarg;
-extern int optind, opterr;
-
-int
-main(int argc, char **argv)
-{
- char *cp;
- int op, donamedboot, donamedconf;
-
- if ((cp = strrchr(argv[0], '/')) != NULL)
- prog = cp + 1;
- else
- prog = argv[0];
-
- donamedboot = 0;
- donamedconf = 0;
- while ((op = getopt(argc, argv, "b:c:B:C:d")) != -1)
- switch (op) {
-
- case 'b':
- bootfile = optarg;
- ++donamedboot;
- break;
-
- case 'c':
- conffile = optarg;
- ++donamedconf;
- break;
-
- case 'B':
- nslintboot = optarg;
- ++donamedboot;
- break;
-
- case 'C':
- nslintconf = optarg;
- ++donamedconf;
- break;
-
- case 'd':
- ++debug;
- break;
-
- default:
- usage();
- }
- if (optind != argc || (donamedboot && donamedconf))
- usage();
-
- /* Find config file if not manually specified */
- if (!donamedboot && !donamedconf) {
- if (access(conffile, R_OK) >= 0)
- ++donamedconf;
- if (access(bootfile, R_OK) >= 0)
- ++donamedboot;
-
- if (donamedboot && donamedconf) {
- fprintf(stderr,
- "%s: nslint: both %s and %s exist; use -b or -c\n",
- prog, conffile, bootfile);
- exit(1);
- }
- }
-
- if (donamedboot) {
- doboot(bootfile, CONF_MUSTEXIST | CONF_NOZONE);
- if (nslintboot != NULL)
- doboot(nslintboot, CONF_MUSTEXIST);
- else
- doboot(NSLINTBOOT, 0);
- doboot(bootfile, CONF_MUSTEXIST);
- } else {
- doconf(conffile, CONF_MUSTEXIST | CONF_NOZONE);
- if (nslintconf != NULL)
- doconf(nslintconf, CONF_MUSTEXIST);
- else
- doconf(NSLINTCONF, 0);
- doconf(conffile, CONF_MUSTEXIST);
- }
-
- /* Sort network list */
- if (netlistcnt > 0)
- qsort(netlist, netlistcnt, sizeof(netlist[0]), cmpnetwork);
-
- nslint();
- exit (errors != 0);
-}
-
-/* add domain if necessary */
-void
-add_domain(char *name, const char *domain)
-{
- char *cp;
-
- /* Kill trailing white space and convert to lowercase */
- for (cp = name; *cp != '\0' && !isspace(*cp); ++cp)
- if (isupper(*cp))
- *cp = tolower(*cp);
- *cp-- = '\0';
- /* If necessary, append domain */
- if (cp >= name && *cp++ != '.') {
- if (*domain != '.')
- *cp++ = '.';
- (void)strcpy(cp, domain);
- }
- /* XXX should we insure a trailing dot? */
-}
-
-const char *
-addr2str(struct addr *ap)
-{
- struct network net;
-
- memset(&net, 0, sizeof(net));
- net.family = ap->family;
- switch (ap->family) {
-
- case AF_INET:
- net.n_addr4 = ap->a_addr4;
- setmaskwidth(32, &net);
- break;
-
- case AF_INET6:
- memmove(net.n_addr6, &ap->a_addr6, sizeof(ap->a_addr6));
- setmaskwidth(128, &net);
- break;
-
- default:
- return ("<nil>");
- }
- return (network2str(&net));
-}
-
-/*
- * Returns true if name is really an ip address.
- */
-int
-checkaddr(const char *name)
-{
- struct in_addr addr;
-
- return (inet_pton(AF_INET, name, (char *)&addr));
-}
-
-/*
- * Returns true if name contains a dot but not a trailing dot.
- * Special case: allow a single dot if the second part is not one
- * of the 3 or 4 letter top level domains or is any 2 letter TLD
- */
-int
-checkdots(const char *name)
-{
- const char *cp, *cp2;
-
- if ((cp = strchr(name, '.')) == NULL)
- return (0);
- cp2 = name + strlen(name) - 1;
- if (cp2 >= name && *cp2 == '.')
- return (0);
-
- /* Return true of more than one dot*/
- ++cp;
- if (strchr(cp, '.') != NULL)
- return (1);
-
- if (strlen(cp) == 2 ||
- strcasecmp(cp, "gov") == 0 ||
- strcasecmp(cp, "edu") == 0 ||
- strcasecmp(cp, "com") == 0 ||
- strcasecmp(cp, "net") == 0 ||
- strcasecmp(cp, "org") == 0 ||
- strcasecmp(cp, "mil") == 0 ||
- strcasecmp(cp, "int") == 0 ||
- strcasecmp(cp, "nato") == 0 ||
- strcasecmp(cp, "arpa") == 0)
- return (1);
- return (0);
-}
-
-/* Records we use to detect duplicates */
-static struct duprec {
- int record;
- char *name;
-} duprec[] = {
- { REC_A, "a" },
- { REC_AAAA, "aaaa" },
- { REC_HINFO, "hinfo" },
- { REC_CNAME, "cname" },
- { 0, NULL },
-};
-
-void
-checkdups(struct item *ip, int records)
-{
- struct duprec *dp;
-
- records &= (ip->records & MASK_TEST_DUP);
- if (records == 0)
- return;
- for (dp = duprec; dp->name != NULL; ++dp)
- if ((records & dp->record) != 0) {
- ++errors;
- fprintf(stderr, "%s: multiple \"%s\" records for %s\n",
- prog, dp->name, ip->host);
- records &= ~dp->record;
- }
- if (records != 0)
- fprintf(stderr, "%s: checkdups: records not zero %s (0x%x)\n",
- prog, ip->host, records);
-}
-
-/* Check for an "ignored zone" (usually dynamic dns) */
-int
-checkignoredzone(const char *name)
-{
- int i, len, len2;
-
- len = strlen(name);
- if (len > 1 && name[len - 1] == '.')
- --len;
- for (i = 0; i < numignoredzones; ++i) {
- len2 = len - ignoredzones[i].len;
- if (len2 >= 0 &&
- strncasecmp(name + len2,
- ignoredzones[i].zone, len - len2) == 0)
- return (1);
- }
- return (0);
-}
-
-int
-checkserv(const char *serv, char **p)
-{
- for (; *p != NULL; ++p)
- if (*serv == **p && strcmp(serv, *p) == 0)
- return (1);
- return (0);
-}
-
-int
-checkwks(FILE *f, char *proto, int *smtpp, char **errstrp)
-{
- int n, sawparen;
- char *cp, *serv, **p;
- static char errstr[132];
- char buf[1024];
- char psbuf[512];
-
- if (!protoserv_init) {
- initprotoserv();
- ++protoserv_init;
- }
-
- /* Line count */
- n = 0;
-
- /* Terminate protocol */
- cp = proto;
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
- if (*cp != '\0')
- *cp++ = '\0';
-
- /* Find services */
- *smtpp = 0;
- sawparen = 0;
- if (*cp == '(') {
- ++sawparen;
- ++cp;
- while (isspace(*cp))
- ++cp;
- }
- for (;;) {
- if (*cp == '\0') {
- if (!sawparen)
- break;
- if (fgets(buf, sizeof(buf), f) == NULL) {
- *errstrp = "mismatched parens";
- return (n);
- }
- ++n;
- cp = buf;
- while (isspace(*cp))
- ++cp;
- }
- /* Find end of service, converting to lowercase */
- for (serv = cp; !isspace(*cp) && *cp != '\0'; ++cp)
- if (isupper(*cp))
- *cp = tolower(*cp);
- if (*cp != '\0')
- *cp++ = '\0';
- if (sawparen && *cp == ')') {
- /* XXX should check for trailing junk */
- break;
- }
-
- (void)sprintf(psbuf, "%s/%s", serv, proto);
-
- if (*serv == 's' && strcmp(psbuf, "tcp/smtp") == 0)
- ++*smtpp;
-
- for (p = protoserv; *p != NULL; ++p)
- if (*psbuf == **p && strcmp(psbuf, *p) == 0) {
- break;
- }
- if (*p == NULL) {
- sprintf(errstr, "%s unknown", psbuf);
- *errstrp = errstr;
- break;
- }
- }
-
- return (n);
-}
-
-int
-cmpaddr(const void *arg1, const void *arg2)
-{
- int i, r1;
- const struct network *n1, *n2;
-
- n1 = (const struct network *)arg1;
- n2 = (const struct network *)arg2;
-
- /* IPv4 before IPv6 */
- if (n1->family != n2->family)
- return ((n1->family == AF_INET) ? -1 : 1);
-
- switch (n1->family) {
-
- case AF_INET:
- /* Address */
- if (ntohl(n1->n_addr4) < ntohl(n2->n_addr4))
- return (-1);
- else if (ntohl(n1->n_addr4) > ntohl(n2->n_addr4))
- return (1);
- return (0);
-
- case AF_INET6:
- /* Address */
- r1 = 0;
- for (i = 0; i < 16; ++i) {
- if (ntohl(n1->n_addr6[i]) < ntohl(n2->n_addr6[i]))
- return (-1);
- if (ntohl(n1->n_addr6[i]) > ntohl(n2->n_addr6[i]))
- return (1);
- }
- return (0);
-
- default:
- abort();
- }
-}
-
-int
-cmpitemaddr(const void *arg1, const void *arg2)
-{
- struct item *i1, *i2;
-
- i1 = (struct item *)arg1;
- i2 = (struct item *)arg2;
-
- return (cmpaddr(&i1->addr, &i2->addr));
-}
-
-int
-cmpitemhost(const void *arg1, const void *arg2)
-{
- struct item *i1, *i2;
-
- i1 = (struct item *)arg1;
- i2 = (struct item *)arg2;
-
- return (strcasecmp(i1->host, i1->host));
-}
-
-/* Sort by network number (use mask when networks are the same) */
-int
-cmpnetwork(const void *arg1, const void *arg2)
-{
- int i, r1, r2;
- const struct network *n1, *n2;
-
- n1 = (const struct network *)arg1;
- n2 = (const struct network *)arg2;
-
- /* IPv4 before IPv6 */
- if (n1->family != n2->family)
- return ((n1->family == AF_INET) ? -1 : 1);
-
- switch (n1->family) {
-
- case AF_INET:
- /* Address */
- if (ntohl(n1->n_addr4) < ntohl(n2->n_addr4))
- return (-1);
- else if (ntohl(n1->n_addr4) > ntohl(n2->n_addr4))
- return (1);
-
- /* Mask */
- if (ntohl(n1->n_mask4) < ntohl(n2->n_mask4))
- return (1);
- else if (ntohl(n1->n_mask4) > ntohl(n2->n_mask4))
- return (-1);
- return (0);
-
- case AF_INET6:
- /* Address */
- r1 = 0;
- for (i = 0; i < 16; ++i) {
- if (ntohl(n1->n_addr6[i]) < ntohl(n2->n_addr6[i]))
- return (-1);
- if (ntohl(n1->n_addr6[i]) > ntohl(n2->n_addr6[i]))
- return (1);
- }
-
- /* Mask */
- r2 = 0;
- for (i = 0; i < 16; ++i) {
- if (n1->n_mask6[i] < n2->n_mask6[i])
- return (1);
- if (n1->n_mask6[i] > n2->n_mask6[i])
- return (-1);
- }
- return (0);
- break;
-
- default:
- abort();
- }
- abort();
-}
-
-void
-doboot(const char *file, int flags)
-{
- int n;
- char *cp, *cp2;
- FILE *f;
- const char *errstr;
- char buf[1024], name[128];
-
- errno = 0;
- f = fopen(file, "r");
- if (f == NULL) {
- /* Not an error if it doesn't exist */
- if ((flags & CONF_MUSTEXIST) == 0 && errno == ENOENT) {
- if (debug > 1)
- printf(
- "%s: doit: %s doesn't exist (ignoring)\n",
- prog, file);
- return;
- }
- fprintf(stderr, "%s: %s: %s\n", prog, file, strerror(errno));
- exit(1);
- }
- if (debug > 1)
- printf("%s: doit: opened %s\n", prog, file);
-
- n = 0;
- while (fgets(buf, sizeof(buf), f) != NULL) {
- ++n;
-
- /* Skip comments */
- if (buf[0] == ';')
- continue;
- cp = strchr(buf, ';');
- if (cp)
- *cp = '\0';
- cp = buf + strlen(buf) - 1;
- if (cp >= buf && *cp == '\n')
- *cp = '\0';
- cp = buf;
-
- /* Eat leading whitespace */
- while (isspace(*cp))
- ++cp;
-
- /* Skip blank lines */
- if (*cp == '\n' || *cp == '\0')
- continue;
-
- /* Get name */
- cp2 = cp;
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
- *cp++ = '\0';
-
- /* Find next keyword */
- while (isspace(*cp))
- ++cp;
- if (strcasecmp(cp2, "directory") == 0) {
- /* Terminate directory */
- cp2 = cp;
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
- *cp = '\0';
- if (chdir(cp2) < 0) {
- ++errors;
- fprintf(stderr, "%s: can't chdir %s: %s\n",
- prog, cp2, strerror(errno));
- exit(1);
- }
- cwd = savestr(cp2);
- continue;
- }
- if (strcasecmp(cp2, "primary") == 0) {
- /* Extract domain, converting to lowercase */
- for (cp2 = name; !isspace(*cp) && *cp != '\0'; ++cp)
- if (isupper(*cp))
- *cp2++ = tolower(*cp);
- else
- *cp2++ = *cp;
- /* Insure trailing dot */
- if (cp2 > name && cp2[-1] != '.')
- *cp2++ = '.';
- *cp2 = '\0';
-
- /* Find file */
- while (isspace(*cp))
- ++cp;
-
- /* Terminate directory */
- cp2 = cp;
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
- *cp = '\0';
-
- /* Process it! (zone is the same as the domain) */
- nsoaval = -1;
- memset(soaval, 0, sizeof(soaval));
- if ((flags & CONF_NOZONE) == 0)
- process(cp2, name, name);
- continue;
- }
- if (strcasecmp(cp2, "network") == 0) {
- errstr = parsenetwork(cp);
- if (errstr != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d: bad network: %s\n",
- prog, file, n, errstr);
- }
- continue;
- }
- if (strcasecmp(cp2, "include") == 0) {
- /* Terminate include file */
- cp2 = cp;
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
- *cp = '\0';
- doboot(cp2, 1);
- continue;
- }
- /* Eat any other options */
- }
- (void)fclose(f);
-}
-
-void
-doconf(const char *file, int flags)
-{
- int n, fd, cc, i, depth;
- char *cp, *cp2, *buf;
- const char *p;
- char *name, *zonename, *filename, *typename;
- int namelen, zonenamelen, filenamelen, typenamelen;
- struct stat sbuf;
- char zone[128], includefile[256];
-
- errno = 0;
- fd = open(file, O_RDONLY, 0);
- if (fd < 0) {
- /* Not an error if it doesn't exist */
- if ((flags & CONF_MUSTEXIST) == 0 && errno == ENOENT) {
- if (debug > 1)
- printf(
- "%s: doconf: %s doesn't exist (ignoring)\n",
- prog, file);
- return;
- }
- fprintf(stderr, "%s: %s: %s\n", prog, file, strerror(errno));
- exit(1);
- }
- if (debug > 1)
- printf("%s: doconf: opened %s\n", prog, file);
-
- if (fstat(fd, &sbuf) < 0) {
- fprintf(stderr, "%s: fstat(%s) %s\n",
- prog, file, strerror(errno));
- exit(1);
- }
- buf = (char *)malloc(sbuf.st_size + 1);
- if (buf == NULL) {
- fprintf(stderr, "%s: malloc: %s\n", prog, strerror(errno));
- exit(1);
- }
-
- /* Slurp entire config file */
- n = sbuf.st_size;
- cp = buf;
- do {
- cc = read(fd, cp, n);
- if (cc < 0) {
- fprintf(stderr, "%s: read(%s) %s\n",
- prog, file, strerror(errno));
- exit(1);
- }
- cp += cc;
- n -= cc;
- } while (cc != 0 && cc < n);
- buf[cc] = '\0';
-
-#define EATWHITESPACE \
- while (isspace(*cp)) { \
- if (*cp == '\n') \
- ++n; \
- ++cp; \
- }
-
-/* Handle both to-end-of-line and C style comments */
-#define EATCOMMENTS \
- { \
- int sawcomment; \
- do { \
- EATWHITESPACE \
- sawcomment = 0; \
- if (*cp == '#') { \
- sawcomment = 1; \
- ++cp; \
- while (*cp != '\n' && *cp != '\0') \
- ++cp; \
- } \
- else if (strncmp(cp, "//", 2) == 0) { \
- sawcomment = 1; \
- cp += 2; \
- while (*cp != '\n' && *cp != '\0') \
- ++cp; \
- } \
- else if (strncmp(cp, "/*", 2) == 0) { \
- sawcomment = 1; \
- for (cp += 2; *cp != '\0'; ++cp) { \
- if (*cp == '\n') \
- ++n; \
- else if (strncmp(cp, "*/", 2) == 0) { \
- cp += 2; \
- break; \
- } \
- } \
- } \
- } while (sawcomment); \
- }
-
-#define GETNAME(name, len) \
- { \
- (name) = cp; \
- (len) = 0; \
- while (!isspace(*cp) && *cp != ';' && *cp != '\0') { \
- ++(len); \
- ++cp; \
- } \
- }
-
-#define GETQUOTEDNAME(name, len) \
- { \
- if (*cp != '"') { \
- ++errors; \
- fprintf(stderr, "%s: %s:%d missing left quote\n", \
- prog, file, n); \
- } else \
- ++cp; \
- (name) = cp; \
- (len) = 0; \
- while (*cp != '"' && *cp != '\n' && *cp != '\0') { \
- ++(len); \
- ++cp; \
- } \
- if (*cp != '"') { \
- ++errors; \
- fprintf(stderr, "%s: %s:%d missing right quote\n", \
- prog, file, n); \
- } else \
- ++cp; \
- }
-
-/* Eat everything to the next semicolon, perhaps eating matching qbraces */
-#define EATSEMICOLON \
- { \
- int depth = 0; \
- while (*cp != '\0') { \
- EATCOMMENTS \
- if (*cp == ';') { \
- ++cp; \
- if (depth == 0) \
- break; \
- continue; \
- } \
- if (*cp == '{') { \
- ++depth; \
- ++cp; \
- continue; \
- } \
- if (*cp == '}') { \
- --depth; \
- ++cp; \
- continue; \
- } \
- ++cp; \
- } \
- }
-
-/* Eat everything to the next left qbrace */
-#define EATSLEFTBRACE \
- while (*cp != '\0') { \
- EATCOMMENTS \
- if (*cp == '{') { \
- ++cp; \
- break; \
- } \
- ++cp; \
- }
-
- n = 1;
- zone[0] = '\0';
- cp = buf;
- while (*cp != '\0') {
- EATCOMMENTS
- if (*cp == '\0')
- break;
- GETNAME(name, namelen)
- if (namelen == 0) {
- ++errors;
- fprintf(stderr, "%s: %s:%d garbage char '%c' (1)\n",
- prog, file, n, *cp);
- ++cp;
- continue;
- }
- EATCOMMENTS
- if (strncasecmp(name, "options", namelen) == 0) {
- EATCOMMENTS
- if (*cp != '{') {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d missing left qbrace in options\n",
- prog, file, n);
- } else
- ++cp;
- EATCOMMENTS
- while (*cp != '}' && *cp != '\0') {
- EATCOMMENTS
- GETNAME(name, namelen)
- if (namelen == 0) {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d garbage char '%c' (2)\n",
- prog, file, n, *cp);
- ++cp;
- break;
- }
-
- /* If not the "directory" option, just eat it */
- if (strncasecmp(name, "directory",
- namelen) == 0) {
- EATCOMMENTS
- GETQUOTEDNAME(cp2, i)
- cp2[i] = '\0';
- if (chdir(cp2) < 0) {
- ++errors;
- fprintf(stderr,
- "%s: %s:.%d can't chdir %s: %s\n",
- prog, file, n, cp2,
- strerror(errno));
- exit(1);
- }
- cwd = savestr(cp2);
- }
- EATSEMICOLON
- EATCOMMENTS
- }
- ++cp;
- EATCOMMENTS
- if (*cp != ';') {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d missing options semi\n",
- prog, file, n);
- } else
- ++cp;
- continue;
- }
- if (strncasecmp(name, "zone", namelen) == 0) {
- EATCOMMENTS
- GETQUOTEDNAME(zonename, zonenamelen)
- typename = NULL;
- filename = NULL;
- typenamelen = 0;
- filenamelen = 0;
- EATCOMMENTS
- if (strncasecmp(cp, "in", 2) == 0) {
- cp += 2;
- EATWHITESPACE
- } else if (strncasecmp(cp, "chaos", 5) == 0) {
- cp += 5;
- EATWHITESPACE
- }
- if (*cp != '{') { /* } */
- ++errors;
- fprintf(stderr,
- "%s: %s:%d missing left qbrace in zone\n",
- prog, file, n);
- continue;
- }
- depth = 0;
- EATCOMMENTS
- while (*cp != '\0') {
- if (*cp == '{') {
- ++cp;
- ++depth;
- } else if (*cp == '}') {
- if (--depth <= 1)
- break;
- ++cp;
- }
- EATCOMMENTS
- GETNAME(name, namelen)
- if (namelen == 0) {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d garbage char '%c' (3)\n",
- prog, file, n, *cp);
- ++cp;
- break;
- }
- if (strncasecmp(name, "type",
- namelen) == 0) {
- EATCOMMENTS
- GETNAME(typename, typenamelen)
- if (namelen == 0) {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d garbage char '%c' (4)\n",
- prog, file, n, *cp);
- ++cp;
- break;
- }
- } else if (strncasecmp(name, "file",
- namelen) == 0) {
- EATCOMMENTS
- GETQUOTEDNAME(filename, filenamelen)
- }
- /* Just ignore keywords we don't understand */
- EATSEMICOLON
- EATCOMMENTS
- }
- /* { */
- if (*cp != '}') {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d missing zone right qbrace\n",
- prog, file, n);
- } else
- ++cp;
- if (*cp != ';') {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d missing zone semi\n",
- prog, file, n);
- } else
- ++cp;
- EATCOMMENTS
- /* If we got something interesting, process it */
- if (typenamelen == 0) {
- ++errors;
- fprintf(stderr, "%s: missing zone type!\n",
- prog);
- continue;
- }
- if (strncasecmp(typename, "master", typenamelen) == 0) {
- if (filenamelen == 0) {
- ++errors;
- fprintf(stderr,
- "%s: missing zone filename!\n",
- prog);
- continue;
- }
- strncpy(zone, zonename, zonenamelen);
- zone[zonenamelen] = '\0';
- for (cp2 = zone; *cp2 != '\0'; ++cp2)
- if (isupper(*cp2))
- *cp2 = tolower(*cp2);
- /* Insure trailing dot */
- if (cp2 > zone && cp2[-1] != '.') {
- *cp2++ = '.';
- *cp2 = '\0';
- }
- filename[filenamelen] = '\0';
- nsoaval = -1;
- memset(soaval, 0, sizeof(soaval));
- if ((flags & CONF_NOZONE) == 0)
- process(filename, zone, zone);
- }
- continue;
- }
- if (strncasecmp(name, "nslint", namelen) == 0) {
- EATCOMMENTS
- if (*cp != '{') {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d missing left qbrace in nslint\n",
- prog, file, n);
- } else
- ++cp;
- ++cp;
- EATCOMMENTS
- while (*cp != '}' && *cp != '\0') {
- EATCOMMENTS
- GETNAME(name, namelen)
- if (strncasecmp(name, "network",
- namelen) == 0) {
- EATCOMMENTS
- GETQUOTEDNAME(cp2, i)
-
- cp2[i] = '\0';
- p = parsenetwork(cp2);
- if (p != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d: bad network: %s\n",
- prog, file, n, p);
- }
- } else if (strncasecmp(name, "ignorezone",
- namelen) == 0) {
- EATCOMMENTS
- GETQUOTEDNAME(cp2, i)
- cp2[i] = '\0';
- if (numignoredzones + 1 <
- sizeof(ignoredzones) /
- sizeof(ignoredzones[0])) {
- ignoredzones[numignoredzones].zone =
- savestr(cp2);
- if (ignoredzones[numignoredzones].zone != NULL) {
- ignoredzones[numignoredzones].len = strlen(cp2);
- ++numignoredzones;
- }
- }
- } else {
- ++errors;
- fprintf(stderr,
- "%s: unknown nslint \"%.*s\"\n",
- prog, namelen, name);
- }
- EATSEMICOLON
- EATCOMMENTS
- }
- ++cp;
- EATCOMMENTS
- if (*cp != ';') {
- ++errors;
- fprintf(stderr,
- "%s: %s:%d: missing nslint semi\n",
- prog, file, n);
- } else
- ++cp;
- continue;
- }
- if (strncasecmp(name, "include", namelen) == 0) {
- EATCOMMENTS
- GETQUOTEDNAME(filename, filenamelen)
- strncpy(includefile, filename, filenamelen);
- includefile[filenamelen] = '\0';
- doconf(includefile, 1);
- EATSEMICOLON
- continue;
- }
- if (strncasecmp(name, "view", namelen) == 0) {
- EATSLEFTBRACE
- continue;
- }
-
- /* Skip over statements we don't understand */
- EATSEMICOLON
- }
-
- free(buf);
- close(fd);
-}
-
-const char *
-extractaddr(const char *str, struct addr *ap)
-{
-
- memset(ap, 0, sizeof(*ap));
-
- /* Let's see what we've got here */
- if (strchr(str, '.') != NULL) {
- ap->family = AF_INET;
- } else if (strchr(str, ':') != NULL) {
- ap->family = AF_INET6;
- } else
- return ("unrecognized address type");
-
- switch (ap->family) {
-
- case AF_INET:
- if (!inet_pton(ap->family, str, &ap->a_addr4))
- return ("cannot parse IPv4 address");
-
- break;
-
- case AF_INET6:
- if (!inet_pton(ap->family, str, &ap->a_addr6))
- return ("cannot parse IPv6 address");
- break;
-
- default:
- abort();
- }
-
- return (NULL);
-}
-
-const char *
-extractnetwork(const char *str, struct network *np)
-{
- int i;
- long w;
- char *cp, *ep;
- const char *p;
- char temp[64];
-
- memset(np, 0, sizeof(*np));
-
- /* Let's see what we've got here */
- if (strchr(str, '.') != NULL) {
- np->family = AF_INET;
- w = 32;
- } else if (strchr(str, ':') != NULL) {
- np->family = AF_INET6;
- w = 128;
- } else
- return ("unrecognized address type");
-
- p = strchr(str, '/');
- if (p != NULL) {
- /* Mask length was specified */
- strncpy(temp, str, sizeof(temp));
- temp[sizeof(temp) - 1] = '\0';
- cp = strchr(temp, '/');
- if (cp == NULL)
- abort();
- *cp++ = '\0';
- ep = NULL;
- w = strtol(cp, &ep, 10);
- if (*ep != '\0')
- return ("garbage following mask width");
- str = temp;
- }
-
- switch (np->family) {
-
- case AF_INET:
- if (!inet_pton(np->family, str, &np->n_addr4))
- return ("cannot parse IPv4 address");
-
- if (w > 32)
- return ("mask length must be <= 32");
- setmaskwidth(w, np);
-
- if ((np->n_addr4 & ~np->n_mask4) != 0)
- return ("non-network bits set in addr");
-
-#ifdef notdef
- if ((ntohl(np->n_addr4) & 0xff000000) == 0)
- return ("high octet must be non-zero");
-#endif
- break;
-
- case AF_INET6:
- if (!inet_pton(np->family, str, &np->n_addr6))
- return ("cannot parse IPv6 address");
- if (w > 128)
- return ("mask length must be <= 128");
- setmaskwidth(w, np);
-
- for (i = 0; i < 16; ++i) {
- if ((np->n_addr6[i] & ~np->n_mask6[i]) != 0)
- return ("non-network bits set in addr");
- }
- break;
-
- default:
- abort();
- }
-
- return (NULL);
-}
-
-struct network *
-findnetwork(struct addr *ap)
-{
- int i, j;
- struct network *np;
-
- switch (ap->family) {
-
- case AF_INET:
- for (i = 0, np = netlist; i < netlistcnt; ++i, ++np)
- if ((ap->a_addr4 & np->n_mask4) == np->n_addr4)
- return (np);
- break;
-
- case AF_INET6:
- for (i = 0, np = netlist; i < netlistcnt; ++i, ++np) {
- for (j = 0; j < sizeof(ap->a_addr6); ++j) {
- if ((ap->a_addr6[j] & np->n_mask6[j]) !=
- np->n_addr6[j])
- break;
- }
- if (j >= sizeof(ap->a_addr6))
- return (np);
- }
- break;
-
- default:
- abort();
- }
- return (NULL);
-}
-
-void
-initprotoserv(void)
-{
- char *cp;
- struct servent *sp;
- char psbuf[512];
-
- protoserv_len = 256;
- protoserv = (char **)malloc(protoserv_len * sizeof(*protoserv));
- if (protoserv == NULL) {
- fprintf(stderr, "%s: nslint: malloc: %s\n",
- prog, strerror(errno));
- exit(1);
- }
-
- while ((sp = getservent()) != NULL) {
- (void)sprintf(psbuf, "%s/%s", sp->s_name, sp->s_proto);
-
- /* Convert to lowercase */
- for (cp = psbuf; *cp != '\0'; ++cp)
- if (isupper(*cp))
- *cp = tolower(*cp);
-
- if (protoserv_last + 1 >= protoserv_len) {
- protoserv_len <<= 1;
- protoserv = realloc(protoserv,
- protoserv_len * sizeof(*protoserv));
- if (protoserv == NULL) {
- fprintf(stderr, "%s: nslint: realloc: %s\n",
- prog, strerror(errno));
- exit(1);
- }
- }
- protoserv[protoserv_last] = savestr(psbuf);
- ++protoserv_last;
- }
- protoserv[protoserv_last] = NULL;
-}
-
-int
-maskwidth(struct network *np)
-{
- int w;
- int i, j;
- u_int32_t m, tm;
-
- /* Work backwards until we find a set bit */
- switch (np->family) {
-
- case AF_INET:
- m = ntohl(np->n_mask4);
- for (w = 32; w > 0; --w) {
- tm = 0xffffffff << (32 - w);
- if (tm == m)
- break;
- }
- break;
-
- case AF_INET6:
- w = 128;
- for (j = 15; j >= 0; --j) {
- m = np->n_mask6[j];
- for (i = 8; i > 0; --w, --i) {
- tm = (0xff << (8 - i)) & 0xff;
- if (tm == m)
- return (w);
- }
- }
- break;
-
- default:
- abort();
- }
- return (w);
-}
-
-const char *
-network2str(struct network *np)
-{
- int w;
- size_t len, size;
- char *cp;
- static char buf[128];
-
- w = maskwidth(np);
- switch (np->family) {
-
- case AF_INET:
- if (inet_ntop(np->family, &np->n_addr4,
- buf, sizeof(buf)) == NULL) {
- fprintf(stderr, "network2str: v4 botch");
- abort();
- }
- if (w == 32)
- return (buf);
- break;
-
- case AF_INET6:
- if (inet_ntop(np->family, &np->n_addr6,
- buf, sizeof(buf)) == NULL) {
- fprintf(stderr, "network2str: v6 botch");
- abort();
- }
- if (w == 128)
- return (buf);
- break;
-
- default:
- return ("<nil>");
- }
-
- /* Append address mask width */
- cp = buf;
- len = strlen(cp);
- cp += len;
- size = sizeof(buf) - len;
- (void)snprintf(cp, size, "/%d", w);
- return (buf);
-}
-
-void
-nslint(void)
-{
- int n, records, flags;
- struct item *ip, *lastaip, **ipp, **itemlist;
- struct addr addr, lastaddr;
- struct network *np;
-
- itemlist = (struct item **)calloc(itemcnt, sizeof(*ipp));
- if (itemlist == NULL) {
- fprintf(stderr, "%s: nslint: calloc: %s\n",
- prog, strerror(errno));
- exit(1);
- }
- ipp = itemlist;
- for (n = 0, ip = items; n < ITEMSIZE; ++n, ++ip) {
- if (ip->host == NULL)
- continue;
- /* Save entries with addresses for later check */
- if (ip->addr.family != 0)
- *ipp++ = ip;
-
- if (debug > 1) {
- if (debug > 2)
- printf("%d\t", n);
- printf("%s\t%s\t0x%x\t0x%x\n",
- ip->host, addr2str(&ip->addr),
- ip->records, ip->flags);
- }
-
- /* Check for illegal hostnames (rfc1034) */
- if (rfc1034host(ip->host, ip->records))
- ++errors;
-
- /* Check for missing ptr records (ok if also an ns record) */
- records = ip->records & MASK_CHECK_REC;
- if ((ip->records & MASK_TEST_REC) != 0)
- records |= REC_OTHER;
- switch (records) {
-
- case REC_A | REC_OTHER | REC_PTR | REC_REF:
- case REC_A | REC_OTHER | REC_PTR:
- case REC_A | REC_PTR | REC_REF:
- case REC_A | REC_PTR:
- case REC_AAAA | REC_OTHER | REC_PTR | REC_REF:
- case REC_AAAA | REC_OTHER | REC_PTR:
- case REC_AAAA | REC_PTR | REC_REF:
- case REC_AAAA | REC_PTR:
- case REC_CNAME:
- /* These are O.K. */
- break;
-
- case REC_CNAME | REC_REF:
- ++errors;
- fprintf(stderr, "%s: \"cname\" referenced by other"
- " \"cname\" or \"mx\": %s\n", prog, ip->host);
- break;
-
- case REC_OTHER | REC_REF:
- case REC_OTHER:
- /*
- * This is only an error if there is an address
- * associated with the hostname; this means
- * there was a wks entry with bogus address.
- * Otherwise, we have an mx or hinfo.
- *
- * XXX ignore localhost for now
- * (use flag to indicate loopback?)
- */
- if (ip->addr.family == AF_INET &&
- ip->addr.a_addr4 != htonl(INADDR_LOOPBACK)) {
- ++errors;
- fprintf(stderr,
- "%s: \"wks\" without \"a\" and \"ptr\": %s -> %s\n",
- prog, ip->host, addr2str(&ip->addr));
- }
- break;
-
- case REC_REF:
- if (!checkignoredzone(ip->host)) {
- ++errors;
- fprintf(stderr, "%s: Name referenced without"
- " other records: %s\n", prog, ip->host);
- }
- break;
-
- case REC_A | REC_OTHER | REC_REF:
- case REC_A | REC_OTHER:
- case REC_A | REC_REF:
- case REC_A:
- case REC_AAAA | REC_OTHER | REC_REF:
- case REC_AAAA | REC_OTHER:
- case REC_AAAA | REC_REF:
- case REC_AAAA:
- ++errors;
- fprintf(stderr, "%s: Missing \"ptr\": %s -> %s\n",
- prog, ip->host, addr2str(&ip->addr));
- break;
-
- case REC_OTHER | REC_PTR | REC_REF:
- case REC_OTHER | REC_PTR:
- case REC_PTR | REC_REF:
- case REC_PTR:
- ++errors;
- fprintf(stderr, "%s: Missing \"a\": %s -> %s\n",
- prog, ip->host, addr2str(&ip->addr));
- break;
-
- case REC_A | REC_CNAME | REC_OTHER | REC_PTR | REC_REF:
- case REC_A | REC_CNAME | REC_OTHER | REC_PTR:
- case REC_A | REC_CNAME | REC_OTHER | REC_REF:
- case REC_A | REC_CNAME | REC_OTHER:
- case REC_A | REC_CNAME | REC_PTR | REC_REF:
- case REC_A | REC_CNAME | REC_PTR:
- case REC_A | REC_CNAME | REC_REF:
- case REC_A | REC_CNAME:
- case REC_AAAA | REC_CNAME | REC_OTHER | REC_PTR | REC_REF:
- case REC_AAAA | REC_CNAME | REC_OTHER | REC_PTR:
- case REC_AAAA | REC_CNAME | REC_OTHER | REC_REF:
- case REC_AAAA | REC_CNAME | REC_OTHER:
- case REC_AAAA | REC_CNAME | REC_PTR | REC_REF:
- case REC_AAAA | REC_CNAME | REC_PTR:
- case REC_AAAA | REC_CNAME | REC_REF:
- case REC_AAAA | REC_CNAME:
- case REC_CNAME | REC_OTHER | REC_PTR | REC_REF:
- case REC_CNAME | REC_OTHER | REC_PTR:
- case REC_CNAME | REC_OTHER | REC_REF:
- case REC_CNAME | REC_OTHER:
- case REC_CNAME | REC_PTR | REC_REF:
- case REC_CNAME | REC_PTR:
- ++errors;
- fprintf(stderr, "%s: \"cname\" %s has other records\n",
- prog, ip->host);
- break;
-
- case 0:
- /* Second level test */
- if ((ip->records & ~(REC_NS | REC_TXT)) == 0)
- break;
- /* Fall through... */
-
- default:
- ++errors;
- fprintf(stderr,
- "%s: records == 0x%x: can't happen (%s 0x%x)\n",
- prog, records, ip->host, ip->records);
- break;
- }
-
- /* Check for smtp problems */
- flags = ip->flags & MASK_TEST_SMTP;
-
- if ((flags & FLG_SELFMX) != 0 &&
- (ip->records & (REC_A | REC_AAAA)) == 0) {
- ++errors;
- fprintf(stderr,
- "%s: Self \"mx\" for %s missing"
- " \"a\" or \"aaaa\" record\n",
- prog, ip->host);
- }
-
- switch (flags) {
-
- case 0:
- case FLG_SELFMX | FLG_SMTPWKS:
- /* These are O.K. */
- break;
-
- case FLG_SELFMX:
- if ((ip->records & REC_WKS) != 0) {
- ++errors;
- fprintf(stderr,
- "%s: smtp/tcp missing from \"wks\": %s\n",
- prog, ip->host);
- }
- break;
-
- case FLG_SMTPWKS:
- ++errors;
- fprintf(stderr,
- "%s: Saw smtp/tcp without self \"mx\": %s\n",
- prog, ip->host);
- break;
-
- default:
- ++errors;
- fprintf(stderr,
- "%s: flags == 0x%x: can't happen (%s)\n",
- prog, flags, ip->host);
- }
-
- /* Check for chained MX records */
- if ((ip->flags & (FLG_SELFMX | FLG_MXREF)) == FLG_MXREF &&
- (ip->records & REC_MX) != 0) {
- ++errors;
- fprintf(stderr, "%s: \"mx\" referenced by other"
- " \"mx\" record: %s\n", prog, ip->host);
- }
- }
-
- /* Check for doubly booked addresses */
- n = ipp - itemlist;
- qsort(itemlist, n, sizeof(itemlist[0]), cmpaddr);
- memset(&lastaddr, 0, sizeof(lastaddr));
- ip = NULL;
- for (ipp = itemlist; n > 0; ++ipp, --n) {
- addr = (*ipp)->addr;
- if (cmpaddr(&lastaddr, &addr) == 0 &&
- ((*ipp)->flags & FLG_ALLOWDUPA) == 0 &&
- (ip->flags & FLG_ALLOWDUPA) == 0) {
- ++errors;
- fprintf(stderr, "%s: %s in use by %s and %s\n",
- prog, addr2str(&addr), (*ipp)->host, ip->host);
- }
- memmove(&lastaddr, &addr, sizeof(addr));
- ip = *ipp;
- }
-
- /* Check for hosts with multiple addresses on the same subnet */
- n = ipp - itemlist;
- qsort(itemlist, n, sizeof(itemlist[0]), cmpitemhost);
- if (netlistcnt > 0) {
- n = ipp - itemlist;
- lastaip = NULL;
- for (ipp = itemlist; n > 0; ++ipp, --n) {
- ip = *ipp;
- if ((ip->records & (REC_A | REC_AAAA)) == 0 ||
- (ip->flags & FLG_ALLOWDUPA) != 0)
- continue;
- if (lastaip != NULL &&
- strcasecmp(ip->host, lastaip->host) == 0) {
- np = findnetwork(&ip->addr);
- if (np == NULL) {
- ++errors;
- fprintf(stderr,
- "%s: Can't find subnet mask"
- " for %s (%s)\n",
- prog, ip->host,
- addr2str(&ip->addr));
- } else if (samesubnet(&lastaip->addr,
- &ip->addr, np)) {
- ++errors;
- fprintf(stderr,
- "%s: Multiple \"a\" records for %s on subnet %s",
- prog, ip->host,
- network2str(np));
- fprintf(stderr, "\n\t(%s",
- addr2str(&lastaip->addr));
- fprintf(stderr, " and %s)\n",
- addr2str(&ip->addr));
- }
- }
- lastaip = ip;
- }
- }
-
- if (debug)
- printf("%s: %d/%d items used, %d error%s\n", prog, itemcnt,
- ITEMSIZE, errors, errors == 1 ? "" : "s");
-}
-
-const char *
-parsenetwork(const char *cp)
-{
- const char *p;
- struct network net;
-
- while (isspace(*cp))
- ++cp;
-
- p = extractnetwork(cp, &net);
- if (p != NULL)
- return (p);
-
- while (isspace(*cp))
- ++cp;
-
- /* Make sure there's room */
- if (netlistsize <= netlistcnt) {
- if (netlistsize == 0) {
- netlistsize = 32;
- netlist = (struct network *)
- malloc(netlistsize * sizeof(*netlist));
- } else {
- netlistsize <<= 1;
- netlist = (struct network *)
- realloc(netlist, netlistsize * sizeof(*netlist));
- }
- if (netlist == NULL) {
- fprintf(stderr,
- "%s: parsenetwork: malloc/realloc: %s\n",
- prog, strerror(errno));
- exit(1);
- }
- }
-
- /* Add to list */
- memmove(netlist + netlistcnt, &net, sizeof(net));
- ++netlistcnt;
-
- return (NULL);
-}
-
-const char *
-parseptr(const char *str, struct addr *ap)
-{
- int i, n, base;
- u_long v, v2;
- char *cp;
- const char *p;
- u_char *up;
-
- memset(ap, 0, sizeof(*ap));
- base = -1;
-
- /* IPv4 */
- p = str + strlen(str) - sizeof(inaddr) + 1;
- if (p >= str && strcasecmp(p, inaddr) == 0) {
- ap->family = AF_INET;
- n = 4;
- base = 10;
- } else {
- /* IPv6 */
- p = str + strlen(str) - sizeof(inaddr6) + 1;
- if (p >= str && strcasecmp(p, inaddr6) == 0) {
- ap->family = AF_INET6;
- n = 16;
- base = 16;
- }
- }
-
- if (base < 0)
- return ("Not a IPv4 or IPv6 \"ptr\" record");
-
- up = (u_char *)&ap->addr;
- for (i = 0; i < n; ++i) {
- /* Back up to previous dot or beginning of string */
- while (p > str && p[-1] != '.')
- --p;
- v = strtoul(p, &cp, base);
-
- if (base == 10) {
- if (v > 0xff)
- return ("Octet larger than 8 bits");
- } else {
- if (v > 0xf)
- return ("Octet larger than 4 bits");
- if (*cp != '.')
- return ("Junk in \"ptr\" record");
-
- /* Back up over dot */
- if (p > str)
- --p;
-
- /* Back up to previous dot or beginning of string */
- while (p > str && p[-1] != '.')
- --p;
- v2 = strtoul(p, &cp, base);
- if (v2 > 0xf)
- return ("Octet larger than 4 bits");
- if (*cp != '.')
- return ("Junk in \"ptr\" record");
- v = (v << 4) | v2;
- }
- if (*cp != '.')
- return ("Junk in \"ptr\" record");
-
- *up++ = v & 0xff;
-
- /* Back up over dot */
- if (p > str)
- --p;
- else if (p == str)
- break;
- }
- if (i < n - 1)
- return ("Too many octets in \"ptr\" record");
- if (p != str)
- return ("Not enough octets in \"ptr\" record");
-
- return (NULL);
-}
-
-/* Returns a pointer after the next token or quoted string, else NULL */
-char *
-parsequoted(char *cp)
-{
-
- if (*cp == '"') {
- ++cp;
- while (*cp != '"' && *cp != '\0')
- ++cp;
- if (*cp != '"')
- return (NULL);
- ++cp;
- } else {
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
- }
- return (cp);
-}
-
-/* Return true when done */
-int
-parserrsig(const char *str, char **errstrp)
-{
- const char *cp;
-
- /* XXX just look for closing paren */
- cp = str + strlen(str) - 1;
- while (cp >= str)
- if (*cp-- == ')')
- return (1);
- return (0);
-}
-
-/* Return true when done */
-int
-parsesoa(const char *cp, char **errstrp)
-{
- char ch, *garbage;
- static char errstr[132];
-
- /* Eat leading whitespace */
- while (isspace(*cp))
- ++cp;
-
- /* Find opening paren */
- if (nsoaval < 0) {
- cp = strchr(cp, '(');
- if (cp == NULL)
- return (0);
- ++cp;
- while (isspace(*cp))
- ++cp;
- nsoaval = 0;
- }
-
- /* Grab any numbers we find */
- garbage = "leading garbage";
- while (isdigit(*cp) && nsoaval < NSOAVAL) {
- soaval[nsoaval] = atoi(cp);
- do {
- ++cp;
- } while (isdigit(*cp));
- if (nsoaval == SOA_SERIAL && *cp == '.' && isdigit(cp[1])) {
- do {
- ++cp;
- } while (isdigit(*cp));
- } else {
- ch = *cp;
- if (isupper(ch))
- ch = tolower(ch);
- switch (ch) {
-
- case 'w':
- soaval[nsoaval] *= 7;
- /* fall through */
-
- case 'd':
- soaval[nsoaval] *= 24;
- /* fall through */
-
- case 'h':
- soaval[nsoaval] *= 60;
- /* fall through */
-
- case 'm':
- soaval[nsoaval] *= 60;
- /* fall through */
-
- case 's':
- ++cp;
- break;
-
- default:
- ; /* none */
- }
- }
- while (isspace(*cp))
- ++cp;
- garbage = "trailing garbage";
- ++nsoaval;
- }
-
- /* If we're done, do some sanity checks */
- if (nsoaval >= NSOAVAL && *cp == ')') {
- ++cp;
- if (*cp != '\0')
- *errstrp = garbage;
- else if (soaval[SOA_EXPIRE] <
- soaval[SOA_REFRESH] + 10 * soaval[SOA_RETRY]) {
- (void)sprintf(errstr,
- "expire less than refresh + 10 * retry (%u < %u + 10 * %u)",
- soaval[SOA_EXPIRE],
- soaval[SOA_REFRESH],
- soaval[SOA_RETRY]);
- *errstrp = errstr;
- } else if (soaval[SOA_REFRESH] < 2 * soaval[SOA_RETRY]) {
- (void)sprintf(errstr,
- "refresh less than 2 * retry (%u < 2 * %u)",
- soaval[SOA_REFRESH],
- soaval[SOA_RETRY]);
- *errstrp = errstr;
- }
- return (1);
- }
-
- if (*cp != '\0') {
- *errstrp = garbage;
- return (1);
- }
-
- return (0);
-}
-
-void
-process(const char *file, const char *domain, const char *zone)
-{
- FILE *f;
- char ch, *cp, *cp2, *cp3, *rtype;
- const char *p;
- int n, sawsoa, sawrrsig, flags, i;
- u_int ttl;
- enum rrtype rrtype;
- struct addr *ap;
- struct addr addr;
- // struct network *net;
- int smtp;
- char buf[2048], name[256], lastname[256], odomain[256];
- char *errstr;
- const char *addrfmt =
- "%s: %s/%s:%d \"%s\" target is an ip address: %s\n";
- const char *dotfmt =
- "%s: %s/%s:%d \"%s\" target missing trailing dot: %s\n";
-
- /* Check for an "ignored zone" (usually dynamic dns) */
- if (checkignoredzone(zone))
- return;
-
- f = fopen(file, "r");
- if (f == NULL) {
- fprintf(stderr, "%s: %s/%s: %s\n",
- prog, cwd, file, strerror(errno));
- ++errors;
- return;
- }
- if (debug > 1)
- printf("%s: process: opened %s/%s\n", prog, cwd, file);
-
- /* Line number */
- n = 0;
-
- ap = &addr;
-
- lastname[0] = '\0';
- sawsoa = 0;
- sawrrsig = 0;
- while (fgets(buf, sizeof(buf), f) != NULL) {
- ++n;
- cp = buf;
- while (*cp != '\0') {
- /* Handle quoted strings (but don't report errors) */
- if (*cp == '"') {
- ++cp;
- while (*cp != '"' && *cp != '\n' && *cp != '\0')
- ++cp;
- continue;
- }
- if (*cp == '\n' || *cp == ';')
- break;
- ++cp;
- }
- *cp-- = '\0';
-
- /* Nuke trailing white space */
- while (cp >= buf && isspace(*cp))
- *cp-- = '\0';
-
- cp = buf;
- if (*cp == '\0')
- continue;
-
- /* Handle multi-line soa records */
- if (sawsoa) {
- errstr = NULL;
- if (parsesoa(cp, &errstr))
- sawsoa = 0;
- if (errstr != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"soa\" record (%s)\n",
- prog, cwd, file, n, errstr);
- }
- continue;
- }
-
- /* Handle multi-line rrsig records */
- if (sawrrsig) {
- errstr = NULL;
- if (parserrsig(cp, &errstr))
- sawsoa = 0;
- if (errstr != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"rrsig\" record (%s)\n",
- prog, cwd, file, n, errstr);
- }
- continue;
- }
-
- if (debug > 3)
- printf(">%s<\n", cp);
-
- /* Look for name */
- if (isspace(*cp)) {
- /* Same name as last record */
- if (lastname[0] == '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d No default name\n",
- prog, cwd, file, n);
- continue;
- }
- (void)strcpy(name, lastname);
- } else {
- /* Extract name, converting to lowercase */
- for (cp2 = name; !isspace(*cp) && *cp != '\0'; ++cp)
- if (isupper(*cp))
- *cp2++ = tolower(*cp);
- else
- *cp2++ = *cp;
- *cp2 = '\0';
-
- /* Check for domain shorthand */
- if (name[0] == '@' && name[1] == '\0')
- (void)strcpy(name, domain);
- }
-
- /* Find next token */
- while (isspace(*cp))
- ++cp;
-
- /* Handle includes (gag) */
- if (name[0] == '$' && strcasecmp(name, "$include") == 0) {
- /* Extract filename */
- cp2 = name;
- while (!isspace(*cp) && *cp != '\0')
- *cp2++ = *cp++;
- *cp2 = '\0';
-
- /* Look for optional domain */
- while (isspace(*cp))
- ++cp;
- if (*cp == '\0')
- process(name, domain, zone);
- else {
- cp2 = cp;
- /* Convert optional domain to lowercase */
- for (; !isspace(*cp) && *cp != '\0'; ++cp)
- if (isupper(*cp))
- *cp = tolower(*cp);
- *cp = '\0';
- process(name, cp2, cp2);
- }
- continue;
- }
-
- /* Handle $origin */
- if (name[0] == '$' && strcasecmp(name, "$origin") == 0) {
- /* Extract domain, converting to lowercase */
- for (cp2 = odomain; !isspace(*cp) && *cp != '\0'; ++cp)
- if (isupper(*cp))
- *cp2++ = tolower(*cp);
- else
- *cp2++ = *cp;
- *cp2 = '\0';
- domain = odomain;
- lastname[0] = '\0';
- continue;
- }
-
- /* Handle ttl */
- if (name[0] == '$' && strcasecmp(name, "$ttl") == 0) {
- cp2 = cp;
- while (isdigit(*cp))
- ++cp;
- ch = *cp;
- if (isupper(ch))
- ch = tolower(ch);
- if (strchr("wdhms", ch) != NULL)
- ++cp;
- while (isspace(*cp))
- ++cp;
- if (*cp != '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad $ttl \"%s\"\n",
- prog, cwd, file, n, cp2);
- }
- (void)strcpy(name, lastname);
- continue;
- }
-
- /* Parse ttl or use default */
- if (isdigit(*cp)) {
- ttl = atoi(cp);
- do {
- ++cp;
- } while (isdigit(*cp));
-
- ch = *cp;
- if (isupper(ch))
- ch = tolower(ch);
- switch (ch) {
-
- case 'w':
- ttl *= 7;
- /* fall through */
-
- case 'd':
- ttl *= 24;
- /* fall through */
-
- case 'h':
- ttl *= 60;
- /* fall through */
-
- case 'm':
- ttl *= 60;
- /* fall through */
-
- case 's':
- ++cp;
- break;
-
- default:
- ; /* none */
- }
-
- if (!isspace(*cp)) {
- ++errors;
- fprintf(stderr, "%s: %s/%s:%d Bad ttl\n",
- prog, cwd, file, n);
- continue;
- }
-
- /* Find next token */
- ++cp;
- while (isspace(*cp))
- ++cp;
- } else
- ttl = soaval[SOA_MINIMUM];
-
- /* Eat optional "in" */
- if ((cp[0] == 'i' || cp[0] == 'I') &&
- (cp[1] == 'n' || cp[1] == 'N') && isspace(cp[2])) {
- /* Find next token */
- cp += 3;
- while (isspace(*cp))
- ++cp;
- } else if ((cp[0] == 'c' || cp[0] == 'C') &&
- isspace(cp[5]) && strncasecmp(cp, "chaos", 5) == 0) {
- /* Find next token */
- cp += 5;
- while (isspace(*cp))
- ++cp;
- }
-
- /* Find end of record type, converting to lowercase */
- rtype = cp;
- for (rtype = cp; !isspace(*cp) && *cp != '\0'; ++cp)
- if (isupper(*cp))
- *cp = tolower(*cp);
- *cp++ = '\0';
-
- /* Find "the rest" */
- while (isspace(*cp))
- ++cp;
-
- /* Check for non-ptr names with dots but no trailing dot */
- if (!isdigit(*name) &&
- checkdots(name) && strcmp(domain, ".") != 0) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"%s\" name missing trailing dot: %s\n",
- prog, cwd, file, n, rtype, name);
- }
-
- /* Check for FQDNs outside the zone */
- cp2 = name + strlen(name) - 1;
- if (cp2 >= name && *cp2 == '.' && strchr(name, '.') != NULL) {
- cp2 = name + strlen(name) - strlen(zone);
- if (cp2 >= name && strcasecmp(cp2, zone) != 0) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"%s\" outside zone %s\n",
- prog, cwd, file, n, name, zone);
- }
- }
-
- rrtype = txt2rrtype(rtype);
- switch (rrtype) {
-
- case RR_A:
- /* Handle "a" record */
- add_domain(name, domain);
- p = extractaddr(cp, ap);
- if (p != NULL) {
- ++errors;
- cp2 = cp + strlen(cp) - 1;
- if (cp2 >= cp && *cp2 == '\n')
- *cp2 = '\0';
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"a\" record ip addr \"%s\"\n",
- prog, cwd, file, n, cp);
- continue;
- }
- if (ap->family != AF_INET) {
- ++errors;
- cp2 = cp + strlen(cp) - 1;
- if (cp2 >= cp && *cp2 == '\n')
- *cp2 = '\0';
- fprintf(stderr,
- "%s: %s/%s:%d \"a\"record not AF_INET \"%s\"\n",
- prog, cwd, file, n, cp);
- continue;
- }
- errors += updateitem(name, ap, REC_A, ttl, 0);
- break;
-
- case RR_AAAA:
- /* Handle "aaaa" record */
- add_domain(name, domain);
- p = extractaddr(cp, ap);
- if (p != NULL) {
- ++errors;
- cp2 = cp + strlen(cp) - 1;
- if (cp2 >= cp && *cp2 == '\n')
- *cp2 = '\0';
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"aaaa\" record ip addr \"%s\"\n",
- prog, cwd, file, n, cp);
- continue;
- }
- if (ap->family != AF_INET6) {
- ++errors;
- cp2 = cp + strlen(cp) - 1;
- if (cp2 >= cp && *cp2 == '\n')
- *cp2 = '\0';
- fprintf(stderr,
- "%s: %s/%s:%d \"aaaa\"record not AF_INET6 \"%s\"\n",
- prog, cwd, file, n, cp);
- continue;
- }
- errors += updateitem(name, ap, REC_AAAA, ttl, 0);
- break;
-
- case RR_PTR:
- /* Handle "ptr" record */
- add_domain(name, domain);
- if (strcmp(cp, "@") == 0)
- (void)strcpy(cp, zone);
- if (checkdots(cp)) {
- ++errors;
- fprintf(stderr,
- checkaddr(cp) ? addrfmt : dotfmt,
- prog, cwd, file, n, rtype, cp);
- }
- add_domain(cp, domain);
- p = parseptr(name, ap);
- if (p != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"ptr\" record (%s) ip addr \"%s\"\n",
- prog, cwd, file, n, p, name);
- continue;
- }
- errors += updateitem(cp, ap, REC_PTR, 0, 0);
- break;
-
- case RR_SOA:
- /* Handle "soa" record */
- if (!CHECKDOT(name)) {
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_SOA, 0, 0);
- }
- errstr = NULL;
- if (!parsesoa(cp, &errstr))
- ++sawsoa;
- if (errstr != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"soa\" record (%s)\n",
- prog, cwd, file, n, errstr);
- continue;
- }
- break;
-
- case RR_WKS:
- /* Handle "wks" record */
- p = extractaddr(cp, ap);
- if (p != NULL) {
- ++errors;
- cp2 = cp;
- while (!isspace(*cp2) && *cp2 != '\0')
- ++cp2;
- *cp2 = '\0';
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"wks\" record ip addr \"%s\"\n",
- prog, cwd, file, n, cp);
- continue;
- }
- /* Step over ip address */
- while (*cp == '.' || isdigit(*cp))
- ++cp;
- while (isspace(*cp))
- *cp++ = '\0';
- /* Make sure services are legit */
- errstr = NULL;
- n += checkwks(f, cp, &smtp, &errstr);
- if (errstr != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"wks\" record (%s)\n",
- prog, cwd, file, n, errstr);
- continue;
- }
- add_domain(name, domain);
- errors += updateitem(name, ap, REC_WKS,
- 0, smtp ? FLG_SMTPWKS : 0);
- /* XXX check to see if ip address records exists? */
- break;
-
- case RR_HINFO:
- /* Handle "hinfo" record */
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_HINFO, 0, 0);
- cp2 = cp;
- cp = parsequoted(cp);
- if (cp == NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"hinfo\" missing quote: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- if (!isspace(*cp)) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"hinfo\" missing white space: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- ++cp;
- while (isspace(*cp))
- ++cp;
- if (*cp == '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"hinfo\" missing keyword: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- cp = parsequoted(cp);
- if (cp == NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"hinfo\" missing quote: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- if (*cp != '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"hinfo\" garbage after keywords: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- break;
-
- case RR_MX:
- /* Handle "mx" record */
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_MX, ttl, 0);
-
- /* Look for priority */
- if (!isdigit(*cp)) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"mx\" priority: %s\n",
- prog, cwd, file, n, cp);
- }
-
- /* Skip over priority */
- ++cp;
- while (isdigit(*cp))
- ++cp;
- while (isspace(*cp))
- ++cp;
- if (*cp == '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Missing \"mx\" hostname\n",
- prog, cwd, file, n);
- }
- if (strcmp(cp, "@") == 0)
- (void)strcpy(cp, zone);
- if (checkdots(cp)) {
- ++errors;
- fprintf(stderr,
- checkaddr(cp) ? addrfmt : dotfmt,
- prog, cwd, file, n, rtype, cp);
- }
-
- /* Check to see if mx host exists */
- add_domain(cp, domain);
- flags = FLG_MXREF;
- if (*name == *cp && strcmp(name, cp) == 0)
- flags |= FLG_SELFMX;
- errors += updateitem(cp, NULL, REC_REF, 0, flags);
- break;
-
- case RR_CNAME:
- /* Handle "cname" record */
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_CNAME, 0, 0);
- if (checkdots(cp)) {
- ++errors;
- fprintf(stderr,
- checkaddr(cp) ? addrfmt : dotfmt,
- prog, cwd, file, n, rtype, cp);
- }
-
- /* Make sure cname points somewhere */
- if (strcmp(cp, "@") == 0)
- (void)strcpy(cp, zone);
- add_domain(cp, domain);
- errors += updateitem(cp, NULL, REC_REF, 0, 0);
- break;
-
- case RR_SRV:
- /* Handle "srv" record */
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_SRV, 0, 0);
- cp2 = cp;
-
- /* Skip over three values */
- for (i = 0; i < 3; ++i) {
- if (!isdigit(*cp)) {
- ++errors;
- fprintf(stderr, "%s: %s/%s:%d"
- " Bad \"srv\" value: %s\n",
- prog, cwd, file, n, cp);
- }
-
- /* Skip over value */
- ++cp;
- while (isdigit(*cp))
- ++cp;
- while (isspace(*cp))
- ++cp;
- }
-
- /* Check to see if mx host exists */
- add_domain(cp, domain);
- errors += updateitem(cp, NULL, REC_REF, 0, 0);
- break;
-
- case RR_TXT:
- /* Handle "txt" record */
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_TXT, 0, 0);
- cp2 = cp;
- cp = parsequoted(cp);
- if (cp == NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"txt\" missing quote: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- while (isspace(*cp))
- ++cp;
- if (*cp != '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"txt\" garbage after text: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- break;
-
- case RR_NS:
- /* Handle "ns" record */
- errors += updateitem(zone, NULL, REC_NS, 0, 0);
- if (strcmp(cp, "@") == 0)
- (void)strcpy(cp, zone);
- if (checkdots(cp)) {
- ++errors;
- fprintf(stderr,
- checkaddr(cp) ? addrfmt : dotfmt,
- prog, cwd, file, n, rtype, cp);
- }
- add_domain(cp, domain);
- errors += updateitem(cp, NULL, REC_REF, 0, 0);
- break;
-
- case RR_RP:
- /* Handle "rp" record */
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_RP, 0, 0);
- cp2 = cp;
-
- /* Step over mailbox name */
- /* XXX could add_domain() and check further */
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
- if (*cp == '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"rp\" missing text name: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
- ++cp;
- cp3 = cp;
-
- /* Step over text name */
- while (!isspace(*cp) && *cp != '\0')
- ++cp;
-
- if (*cp != '\0') {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d \"rp\" garbage after text name: %s\n",
- prog, cwd, file, n, cp2);
- continue;
- }
-
- /* Make sure text name points somewhere (if not ".") */
- if (!CHECKDOT(cp3)) {
- add_domain(cp3, domain);
- errors += updateitem(cp3, NULL, REC_REF, 0, 0);
- }
- break;
-
- case RR_ALLOWDUPA:
- /* Handle "allow duplicate a" record */
- add_domain(name, domain);
- p = extractaddr(cp, ap);
- if (p != NULL) {
- ++errors;
- cp2 = cp + strlen(cp) - 1;
- if (cp2 >= cp && *cp2 == '\n')
- *cp2 = '\0';
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"allowdupa\" record ip addr \"%s\"\n",
- prog, cwd, file, n, cp);
- continue;
- }
- errors += updateitem(name, ap, 0, 0, FLG_ALLOWDUPA);
- break;
-
- case RR_DNSKEY:
- /* Handle "dnskey" record */
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_CNAME, 0, 0);
- if (checkdots(cp)) {
- ++errors;
- fprintf(stderr,
- checkaddr(cp) ? addrfmt : dotfmt,
- prog, cwd, file, n, rtype, cp);
- }
-
- /* Make sure cname points somewhere */
- if (strcmp(cp, "@") == 0)
- (void)strcpy(cp, zone);
- add_domain(cp, domain);
- errors += updateitem(cp, NULL, REC_REF, 0, 0);
- break;
-
- case RR_RRSIG:
- errstr = NULL;
- if (!parserrsig(cp, &errstr))
- ++sawrrsig;
- if (errstr != NULL) {
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Bad \"rrsig\" record (%s)\n",
- prog, cwd, file, n, errstr);
- continue;
- }
- break;
-
- case RR_NSEC:
- /* XXX */
- continue;
-
- default:
- /* Unknown record type */
- ++errors;
- fprintf(stderr,
- "%s: %s/%s:%d Unknown record type \"%s\"\n",
- prog, cwd, file, n, rtype);
- add_domain(name, domain);
- errors += updateitem(name, NULL, REC_UNKNOWN, 0, 0);
- break;
- }
- (void)strcpy(lastname, name);
- }
- (void)fclose(f);
- return;
-}
-
-static const char *microlist[] = {
- "_tcp",
- "_udp",
- "_msdcs",
- "_sites",
- NULL
-};
-
-int
-rfc1034host(const char *host, int recs)
-{
- const char *cp, **p;
- int underok;
-
- underok = 0;
- for (p = microlist; *p != NULL ;++p)
- if ((cp = strstr(host, *p)) != NULL &&
- cp > host &&
- cp[-1] == '.' &&
- cp[strlen(*p)] == '.') {
- ++underok;
- break;
- }
-
- cp = host;
- if (!(isalpha(*cp) || isdigit(*cp) || (*cp == '_' && underok))) {
- fprintf(stderr,
- "%s: illegal hostname \"%s\" (starts with non-alpha/numeric)\n",
- prog, host);
- return (1);
- }
- for (++cp; *cp != '.' && *cp != '\0'; ++cp)
- if (!(isalpha(*cp) || isdigit(*cp) || *cp == '-' ||
- (*cp == '/' && (recs & REC_SOA) != 0))) {
- fprintf(stderr,
- "%s: Illegal hostname \"%s\" ('%c' illegal character)\n",
- prog, host, *cp);
- return (1);
- }
- if (--cp >= host && *cp == '-') {
- fprintf(stderr, "%s: Illegal hostname \"%s\" (ends with '-')\n",
- prog, host);
- return (1);
- }
- return (0);
-}
-
-enum rrtype
-txt2rrtype(const char *str)
-{
- if (strcasecmp(str, "aaaa") == 0)
- return (RR_AAAA);
- if (strcasecmp(str, "a") == 0)
- return (RR_A);
- if (strcasecmp(str, "allowdupa") == 0)
- return (RR_ALLOWDUPA);
- if (strcasecmp(str, "cname") == 0)
- return (RR_CNAME);
- if (strcasecmp(str, "dnskey") == 0)
- return (RR_DNSKEY);
- if (strcasecmp(str, "hinfo") == 0)
- return (RR_HINFO);
- if (strcasecmp(str, "mx") == 0)
- return (RR_MX);
- if (strcasecmp(str, "ns") == 0)
- return (RR_NS);
- if (strcasecmp(str, "ptr") == 0)
- return (RR_PTR);
- if (strcasecmp(str, "rp") == 0)
- return (RR_RP);
- if (strcasecmp(str, "soa") == 0)
- return (RR_SOA);
- if (strcasecmp(str, "srv") == 0)
- return (RR_SRV);
- if (strcasecmp(str, "txt") == 0)
- return (RR_TXT);
- if (strcasecmp(str, "wks") == 0)
- return (RR_WKS);
- if (strcasecmp(str, "RRSIG") == 0)
- return (RR_RRSIG);
- if (strcasecmp(str, "NSEC") == 0)
- return (RR_NSEC);
- return (RR_UNDEF);
-}
-
-int
-samesubnet(struct addr *a1, struct addr *a2, struct network *np)
-{
- int i;
- u_int32_t v1, v2;
-
- /* IPv4 before IPv6 */
- if (a1->family != a2->family)
- return (0);
-
- switch (a1->family) {
-
- case AF_INET:
- /* Apply the mask to both values */
- v1 = a1->a_addr4 & np->n_mask4;
- v2 = a2->a_addr4 & np->n_mask4;
- return (v1 == v2);
-
- case AF_INET6:
- /* Apply the mask to both values */
- for (i = 0; i < 16; ++i) {
- v1 = a1->a_addr6[i] & np->n_mask6[i];
- v2 = a2->a_addr6[i] & np->n_mask6[i];
- if (v1 != v2)
- return (0);
- }
- break;
-
- default:
- abort();
- }
- return (1);
-}
-
-/* Set address mask in network order */
-void
-setmaskwidth(u_int w, struct network *np)
-{
- int i, j;
-
- switch (np->family) {
-
- case AF_INET:
- if (w <= 0)
- np->n_mask4 = 0;
- else
- np->n_mask4 = htonl(0xffffffff << (32 - w));
- break;
-
- case AF_INET6:
- /* XXX is this right? */
- memset(np->n_mask6, 0, sizeof(np->n_mask6));
- for (i = 0; i < w / 8; ++i)
- np->n_mask6[i] = 0xff;
- i = w / 8;
- j = w % 8;
- if (j > 0 && i < 16)
- np->n_mask6[i] = 0xff << (8 - j);
- break;
-
- default:
- abort();
- }
-}
-
-int
-updateitem(const char *host, struct addr *ap, int records, u_int ttl, int flags)
-{
- const char *ccp;
- int n, errs;
- u_int i;
- struct item *ip;
- int foundsome;
-
- n = 0;
- foundsome = 0;
- errs = 0;
-
- /* Hash the host name */
- i = 0;
- ccp = host;
- while (*ccp != '\0')
- i = i * 37 + *ccp++;
- ip = &items[i & (ITEMSIZE - 1)];
-
- /* Look for a match or any empty slot */
- while (n < ITEMSIZE && ip->host != NULL) {
-
- if ((ap == NULL || ip->addr.family == 0 ||
- cmpaddr(ap, &ip->addr) == 0) &&
- *host == *ip->host && strcmp(host, ip->host) == 0) {
- ++foundsome;
- if (ip->addr.family == 0 && ap != NULL)
- memmove(&ip->addr, ap, sizeof(*ap));
- if ((records & MASK_TEST_DUP) != 0)
- checkdups(ip, records);
- ip->records |= records;
- /* Only check differing ttl's for A and MX records */
- if (ip->ttl == 0)
- ip->ttl = ttl;
- else if (ttl != 0 && ip->ttl != ttl) {
- fprintf(stderr,
- "%s: Differing ttls for %s (%u != %u)\n",
- prog, ip->host, ttl, ip->ttl);
- ++errs;
- }
- ip->flags |= flags;
- /* Not done if we wildcard matched the name */
- if (ap != NULL)
- return (errs);
- }
- ++n;
- ++ip;
- if (ip >= &items[ITEMSIZE])
- ip = items;
- }
-
- if (n >= ITEMSIZE) {
- fprintf(stderr, "%s: Out of item slots (max %d)\n",
- prog, ITEMSIZE);
- exit(1);
- }
-
- /* Done if we were wildcarding the name (and found entries for it) */
- if (ap == NULL && foundsome) {
- return (errs);
- }
-
- /* Didn't find it, make new entry */
- ++itemcnt;
- if (ip->host) {
- fprintf(stderr, "%s: Reusing bucket!\n", prog);
- exit(1);
- }
- if (ap != NULL)
- memmove(&ip->addr, ap, sizeof(*ap));
- ip->host = savestr(host);
- if ((records & MASK_TEST_DUP) != 0)
- checkdups(ip, records);
- ip->records |= records;
- if (ttl != 0)
- ip->ttl = ttl;
- ip->flags |= flags;
- return (errs);
-}
-
-void
-usage(void)
-{
-
- fprintf(stderr, "Version %s\n", version);
- fprintf(stderr, "usage: %s [-d] [-b named.boot] [-B nslint.boot]\n",
- prog);
- fprintf(stderr, " %s [-d] [-c named.conf] [-C nslint.conf]\n",
- prog);
- exit(1);
-}
+++ /dev/null
-/*
- * Copyright (c) 1997
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that: (1) source code distributions
- * retain the above copyright notice and this paragraph in its entirety, (2)
- * distributions including binary code include the above copyright notice and
- * this paragraph in its entirety in the documentation or other materials
- * provided with the distribution, and (3) all advertising materials mentioning
- * features or use of this software display the following acknowledgement:
- * ``This product includes software developed by the University of California,
- * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
- * the University nor the names of its contributors may be used to endorse
- * or promote products derived from this software without specific prior
- * written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-static const char rcsid[] =
- "@(#) $Id: savestr.c,v 1.2 2006/03/09 02:27:11 leres Exp $ (LBL)";
-#endif
-
-#include <sys/types.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "gnuc.h"
-#ifdef HAVE_OS_PROTO_H
-#include "os-proto.h"
-#endif
-
-#include "savestr.h"
-
-/* A replacement for strdup() that cuts down on malloc() overhead */
-char *
-savestr(register const char *str)
-{
- register u_int size;
- register char *p;
- static char *strptr = NULL;
- static u_int strsize = 0;
-
- size = strlen(str) + 1;
- if (size > strsize) {
- strsize = 1024;
- if (strsize < size)
- strsize = size;
- strptr = (char *)malloc(strsize);
- if (strptr == NULL) {
- fprintf(stderr, "savestr: malloc\n");
- exit(1);
- }
- }
- (void)strcpy(strptr, str);
- p = strptr;
- strptr += size;
- strsize -= size;
- return (p);
-}
+++ /dev/null
-/*
- * Copyright (c) 1997
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that: (1) source code distributions
- * retain the above copyright notice and this paragraph in its entirety, (2)
- * distributions including binary code include the above copyright notice and
- * this paragraph in its entirety in the documentation or other materials
- * provided with the distribution, and (3) all advertising materials mentioning
- * features or use of this software display the following acknowledgement:
- * ``This product includes software developed by the University of California,
- * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
- * the University nor the names of its contributors may be used to endorse
- * or promote products derived from this software without specific prior
- * written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * @(#) $Header: savestr.h,v 1.1 97/04/22 13:30:21 leres Exp $ (LBL)
- */
-
-extern char *savestr(const char *);
+++ /dev/null
-/*
- * Copyright (c) 1988, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static const char sccsid[] = "@(#)strerror.c 8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-#include <sys/types.h>
-
-#include <string.h>
-
-#include "gnuc.h"
-#ifdef HAVE_OS_PROTO_H
-#include "os-proto.h"
-#endif
-
-char *
-strerror(num)
- int num;
-{
- extern int sys_nerr;
- extern char *sys_errlist[];
-#define UPREFIX "Unknown error: "
- static char ebuf[40] = UPREFIX; /* 64-bit number + slop */
- register unsigned int errnum;
- register char *p, *t;
- char tmp[40];
-
- errnum = num; /* convert to unsigned */
- if (errnum < sys_nerr)
- return(sys_errlist[errnum]);
-
- /* Do this by hand, so we don't include stdio(3). */
- t = tmp;
- do {
- *t++ = "0123456789"[errnum % 10];
- } while (errnum /= 10);
- for (p = ebuf + sizeof(UPREFIX) - 1;;) {
- *p++ = *--t;
- if (t <= tmp)
- break;
- }
- *p = '\0';
- return(ebuf);
-}
+++ /dev/null
-/* @(#) $Id: version.h 239 2009-03-14 05:44:54Z leres $ (LBL) */
-
-extern const char version[];
+++ /dev/null
-The following machines, at least today seem to have LOC
-records:
-
-147.210.73.0/24 (note the two /25 have different LOC, inherited differently)
-130.104.3.*
-Melanie.Tolna.Net
-204.92.254.*
-alink.net
-caida.org
-ckdhr.com
-distributed.net (rc5stats.distributed.net)
-nikhef.nl
-yahoo.com
-nic.af
-
-$Id: ADDRESSES,v 1.1 2008/02/15 01:47:15 marka Exp $
+++ /dev/null
-Just for info, can be out of date.
-
-
-RFC 1876, 5.2, specially 5.2.3
-
-Important points:
-
-- LOC RRs are always attached to a *name*.
-- we can have two (or more) RRs for one address, one more specific than the other
-
-main
- if (host is a name)
- getLOCbyname
- else # host is an IP address
- gethostbyaddr
- if (name)
- getLOCbyname
- # If there is none, do not search. We assume the above was sufficient # (But check 5.2.2)
- else
- getLOCbyaddress
-
-getLOCbyname (host)
- get LOC for host
- if (it exists)
- OK
- else
- get all A records of the name
- foreach A record
- getLOCbyaddress
- OK at the first one found
- # we assume they are consistent
- END
-
-getLOCbyaddress (address)
- # May receive a mask. Otherwise, deduce it from the class
- makeNetAddress
- getLOCbynetwork
-
-getLOCbynetwork
- get PTR and A for it
- if (exist)
- getLOCbyname
- ******* DIFFICULT : we have to manage a stack. See the code
- makeNetAddress (level--)
- getLOCbynetwork
- else
- END
-
+++ /dev/null
-Type './configure', then 'make' and (as root if necessary) 'make
-install'.
-
-It requires a recent libresolv, with loc_ntoa, but use an alternative
-which I provide, if not found.
-
-Tested on Linux (i386 and Alpha), Solaris (Sparc) and Digital Unix (Alpha).
-
-$Id: INSTALL,v 1.1 2008/02/15 01:47:15 marka Exp $
+++ /dev/null
-# $Id: Makefile.in,v 1.1 2008/02/15 01:47:15 marka Exp $
-CC=@CC@
-CFLAGS=@CFLAGS@
-LIBS=@LIBS@
-DESTDIR=@prefix@
-BINDIR=@prefix@/bin
-MANDIR=@prefix@/share/man/man1
-DISTRIB= README INSTALL ALGO USAGE ADDRESSES Makefile.in configure configure.in config.h.in install-sh loc.h loc.c query-loc.c loc_ntoa.c query-loc.1 reconf
-OBJS=query-loc.o loc.o @LOC_NTOA@
-VERSION=`grep VERSION loc.h | cut -d ' ' -f 3 | sed s/\"//g`
-
-all: query-loc
-
-query-loc: $(OBJS)
- $(CC) -o $@ $(OBJS) $(LIBS)
-
-%.o: %.c loc.h
- $(CC) $(CFLAGS) -c $<
-
-clean:
- rm -f *.o query-loc *~
-
-distclean: clean
- rm -f config.h config.cache config.log config.status Makefile
-
-dist: distrib
-
-distrib: clean
- ./reconf
- @(echo Query-Loc is version ${VERSION}; \
- mkdir query-loc-${VERSION}; \
- cp $(DISTRIB) query-loc-${VERSION};\
- tar cvf query-loc-${VERSION}.tar query-loc-${VERSION}; \
- rm -rf query-loc-${VERSION}; \
- gzip -v -9 -f query-loc-${VERSION}.tar);
-
-install:
- @INSTALL@ -m 0755 query-loc $(BINDIR)
- if [ ! -d $(MANDIR) ]; then \
- mkdir $(MANDIR); \
- fi
- @INSTALL@ -m 0644 query-loc.1 $(MANDIR)
+++ /dev/null
- query-loc: a program to retrieve and display the location
- information in the DNS.
-
- It uses the algorithms described in
- RFC 1876 (and RFC 1101 to get the network names).
- You can find examples of networks wchich implement this scheme
- in the ADDRESSES file.
-
- It is under the General Public Licence (GPL, which
- you can fetch from <http://www.gnu.org/copyleft/gpl.html>.
-
- Copyright Stéphane Bortzmeyer <bortzmeyer@sources.org>, 1998-2007.
-
- Thanks to Paul Vixie for the RFC and its encouragements. Thanks
- to Björn Augustsson for the xtraceroute program
- <http://www.dtek.chalmers.se/~d3august/xt/>. Thanks to Roland
- Dirlewanger for extensive patching.
-
-$Id: README,v 1.1 2008/02/15 01:47:15 marka Exp $
-
-
+++ /dev/null
-query-loc [-v] [-d nnn] host-name-or-address
-
-Examples of hosts with LOCation info (quite uncommon, if you know more,
-please tell me):
-
-See the ADDRESSES file
-
+++ /dev/null
-/* config.h.in. Generated from configure.in by autoheader. */
-
-/* Define to 1 if you have the <arpa/nameser_compat.h> header file. */
-#undef HAVE_ARPA_NAMESER_COMPAT_H
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you have the `resolv' library (-lresolv). */
-#undef HAVE_LIBRESOLV
-
-/* Is there a loc_ntoa on this system? */
-#undef HAVE_LOC_NTOA
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the home page for this package. */
-#undef PACKAGE_URL
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* The size of `char', as computed by sizeof. */
-#undef SIZEOF_CHAR
-
-/* The size of `int', as computed by sizeof. */
-#undef SIZEOF_INT
-
-/* The size of `long', as computed by sizeof. */
-#undef SIZEOF_LONG
-
-/* The size of `short', as computed by sizeof. */
-#undef SIZEOF_SHORT
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
+++ /dev/null
-#! /bin/sh
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69.
-#
-#
-# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
-#
-#
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-# Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
- _as_can_reexec=no; export _as_can_reexec;
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-as_fn_exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else
- case \`(set -o) 2>/dev/null\` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
-
-else
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1
-test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1"
- if (eval "$as_required") 2>/dev/null; then :
- as_have_required=yes
-else
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
-
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- as_found=:
- case $as_dir in #(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir/$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi; }
-IFS=$as_save_IFS
-
-
- if test "x$CONFIG_SHELL" != x; then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
-fi
-
- if test x$as_have_required = xno; then :
- $as_echo "$0: This script requires a shell more modern than all"
- $as_echo "$0: the shells that I found on your system."
- if test x${ZSH_VERSION+set} = xset ; then
- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
- else
- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
-$0: including any error possibly output before this
-$0: message. Then install a modern shell, or manually run
-$0: the script under such a shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- $as_echo "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
- # in an infinite loop. This has already happened in practice.
- _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
-PACKAGE_URL=
-
-ac_unique_file="query-loc.c"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif
-#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-# include <memory.h>
-# endif
-# include <string.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_subst_vars='LTLIBOBJS
-LIBOBJS
-LOC_NTOA
-EGREP
-GREP
-CPP
-INSTALL_DATA
-INSTALL_SCRIPT
-INSTALL_PROGRAM
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-CPP'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-
- cat <<\_ACEOF
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- CPP C preprocessor
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to the package provider.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for guested configure.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-configure
-generated by GNU Autoconf 2.69
-
-Copyright (C) 2012 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-# ac_fn_c_try_compile LINENO
-# --------------------------
-# Try to compile conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_compile
-
-# ac_fn_c_try_link LINENO
-# -----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_link
-
-# ac_fn_c_try_cpp LINENO
-# ----------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_cpp
-
-# ac_fn_c_try_run LINENO
-# ----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
-# that executables *can* be run.
-ac_fn_c_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- ac_retval=0
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_run
-
-# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists, giving a warning if it cannot be compiled using
-# the include files in INCLUDES and setting the cache variable VAR
-# accordingly.
-ac_fn_c_check_header_mongrel ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if eval \${$3+:} false; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-else
- # Is the header compilable?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
-$as_echo_n "checking $2 usability... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_header_compiler=yes
-else
- ac_header_compiler=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
-$as_echo "$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
-$as_echo_n "checking $2 presence... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <$2>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- ac_header_preproc=yes
-else
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
-$as_echo "$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
- yes:no: )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
-$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
- no:yes:* )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
-$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
-$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
-$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
-$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
-esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- eval "$3=\$ac_header_compiler"
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_mongrel
-
-# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists and can be compiled using the include files in
-# INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- eval "$3=yes"
-else
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_compile
-
-# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
-# --------------------------------------------
-# Tries to find the compile-time value of EXPR in a program that includes
-# INCLUDES, setting VAR accordingly. Returns whether the value could be
-# computed
-ac_fn_c_compute_int ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) >= 0)];
-test_array [0] = 0;
-return test_array [0];
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_lo=0 ac_mid=0
- while :; do
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) <= $ac_mid)];
-test_array [0] = 0;
-return test_array [0];
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_hi=$ac_mid; break
-else
- as_fn_arith $ac_mid + 1 && ac_lo=$as_val
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) < 0)];
-test_array [0] = 0;
-return test_array [0];
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_hi=-1 ac_mid=-1
- while :; do
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) >= $ac_mid)];
-test_array [0] = 0;
-return test_array [0];
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_lo=$ac_mid; break
-else
- as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- ac_lo= ac_hi=
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main ()
-{
-static int test_array [1 - 2 * !(($2) <= $ac_mid)];
-test_array [0] = 0;
-return test_array [0];
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_hi=$ac_mid
-else
- as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in #((
-?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
-'') ac_retval=1 ;;
-esac
- else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-static long int longval () { return $2; }
-static unsigned long int ulongval () { return $2; }
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- return 1;
- if (($2) < 0)
- {
- long int i = longval ();
- if (i != ($2))
- return 1;
- fprintf (f, "%ld", i);
- }
- else
- {
- unsigned long int i = ulongval ();
- if (i != ($2))
- return 1;
- fprintf (f, "%lu", i);
- }
- /* Do not output a trailing newline, as this causes \r\n confusion
- on some platforms. */
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- echo >>conftest.val; read $3 <conftest.val; ac_retval=0
-else
- ac_retval=1
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-rm -f conftest.val
-
- fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_compute_int
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
-
- $ $0 $@
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- $as_echo "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- $as_echo "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- $as_echo "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- $as_echo "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- $as_echo "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- $as_echo "$as_me: caught signal $ac_signal"
- $as_echo "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-$as_echo "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_URL "$PACKAGE_URL"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-ac_site_file1=NONE
-ac_site_file2=NONE
-if test -n "$CONFIG_SITE"; then
- # We do not want a PATH search for config.site.
- case $CONFIG_SITE in #((
- -*) ac_site_file1=./$CONFIG_SITE;;
- */*) ac_site_file1=$CONFIG_SITE;;
- *) ac_site_file1=./$CONFIG_SITE;;
- esac
-elif test "x$prefix" != xNONE; then
- ac_site_file1=$prefix/share/config.site
- ac_site_file2=$prefix/etc/config.site
-else
- ac_site_file1=$ac_default_prefix/share/config.site
- ac_site_file2=$ac_default_prefix/etc/config.site
-fi
-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
-do
- test "x$ac_site_file" = xNONE && continue
- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-$as_echo "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-$as_echo "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-
-
-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-$as_echo_n "checking whether the C compiler works... " >&6; }
-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else
- ac_file=''
-fi
-if test -z "$ac_file"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-$as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-$as_echo_n "checking for C compiler default output file name... " >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-$as_echo "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-$as_echo_n "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-$as_echo "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdio.h>
-int
-main ()
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-$as_echo_n "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-$as_echo "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-$as_echo_n "checking for suffix of object files... " >&6; }
-if ${ac_cv_objext+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-$as_echo "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if ${ac_cv_c_compiler_gnu+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_compiler_gnu=yes
-else
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if ${ac_cv_prog_cc_g+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-else
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-else
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if ${ac_cv_prog_cc_c89+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c89" != xno; then :
-
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test "$GCC" = "yes"; then
- CFLAGS="${CFLAGS} -Wall"
-fi
-ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
- break
- fi
-done
-if test -z "$ac_aux_dir"; then
- as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
-fi
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
-
-
-# Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-$as_echo_n "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if ${ac_cv_path_install+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in #((
- ./ | .// | /[cC]/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
- done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test "${ac_cv_path_install+set}" = set; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-$as_echo "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
-$as_echo_n "checking for res_query in -lresolv... " >&6; }
-if ${ac_cv_lib_resolv_res_query+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lresolv $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char res_query ();
-int
-main ()
-{
-return res_query ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_resolv_res_query=yes
-else
- ac_cv_lib_resolv_res_query=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5
-$as_echo "$ac_cv_lib_resolv_res_query" >&6; }
-if test "x$ac_cv_lib_resolv_res_query" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBRESOLV 1
-_ACEOF
-
- LIBS="-lresolv $LIBS"
-
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-$as_echo_n "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if ${ac_cv_prog_CPP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
- break
-fi
-
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-$as_echo "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
-
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if ${ac_cv_path_GREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_GREP" || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-$as_echo "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-$as_echo_n "checking for egrep... " >&6; }
-if ${ac_cv_path_EGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_EGREP" || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-$as_echo "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if ${ac_cv_header_stdc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_stdc=yes
-else
- ac_cv_header_stdc=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then :
- :
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-$as_echo "#define STDC_HEADERS 1" >>confdefs.h
-
-fi
-
-ac_config_headers="$ac_config_headers config.h"
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-ac_fn_c_check_header_mongrel "$LINENO" "resolv.h" "ac_cv_header_resolv_h" "$ac_includes_default"
-if test "x$ac_cv_header_resolv_h" = xyes; then :
-
-else
- as_fn_error $? "\"No headers for name service applications\"" "$LINENO" 5
-fi
-
-
-ac_fn_c_check_header_mongrel "$LINENO" "arpa/nameser.h" "ac_cv_header_arpa_nameser_h" "$ac_includes_default"
-if test "x$ac_cv_header_arpa_nameser_h" = xyes; then :
-
-else
- as_fn_error $? "\"No headers for name service applications\"" "$LINENO" 5
-fi
-
-
-for ac_header in arpa/nameser_compat.h
-do :
- ac_fn_c_check_header_mongrel "$LINENO" "arpa/nameser_compat.h" "ac_cv_header_arpa_nameser_compat_h" "$ac_includes_default"
-if test "x$ac_cv_header_arpa_nameser_compat_h" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_ARPA_NAMESER_COMPAT_H 1
-_ACEOF
-
-fi
-
-done
-
-ac_fn_c_check_header_mongrel "$LINENO" "sys/time.h" "ac_cv_header_sys_time_h" "$ac_includes_default"
-if test "x$ac_cv_header_sys_time_h" = xyes; then :
-
-else
- as_fn_error $? "\"Mandatory header missing on your system\"" "$LINENO" 5
-fi
-
-
-ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
-if test "x$ac_cv_header_unistd_h" = xyes; then :
-
-else
- as_fn_error $? "\"Mandatory header missing on your system\"" "$LINENO" 5
-fi
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libnsl is mandatory" >&5
-$as_echo_n "checking if libnsl is mandatory... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
- #include <netinet/in.h>
- #include <arpa/nameser.h>
- #ifdef HAVE_ARPA_NAMESER_COMPAT_H
- #include <arpa/nameser_compat.h>
- #endif
- #include <resolv.h>
- union
- {
- HEADER hdr;
- u_char buf[4096]; /* With RFC 2671, otherwise 512 is enough */
- }
- response;
- char *domain;
- int requested_type;
-int
-main ()
-{
-res_query(domain,
- C_IN,
- requested_type,
- (u_char *) & response,
- sizeof (response))
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }; LIBS="${LIBS} -lnsl"
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking loc_ntoa" >&5
-$as_echo_n "checking loc_ntoa... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <resolv.h>
-int
-main ()
-{
-u_char *cp; char *result; loc_ntoa(cp, result)
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; };
-$as_echo "#define HAVE_LOC_NTOA /**/" >>confdefs.h
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using the alternative" >&5
-$as_echo "no, using the alternative" >&6; }; LOC_NTOA=loc_ntoa.o
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
-if ${ac_cv_c_const+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this sort of thing. */
- typedef int charset[2];
- const charset cs = { 0, 0 };
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* AIX XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this sort of thing. */
- char tx;
- char *t = &tx;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; } bx;
- struct s *b = &bx; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_c_const=yes
-else
- ac_cv_c_const=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-$as_echo "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-$as_echo "#define const /**/" >>confdefs.h
-
-fi
-
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
-$as_echo_n "checking size of long... " >&6; }
-if ${ac_cv_sizeof_long+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then :
-
-else
- if test "$ac_cv_type_long" = yes; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (long)
-See \`config.log' for more details" "$LINENO" 5; }
- else
- ac_cv_sizeof_long=0
- fi
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
-$as_echo "$ac_cv_sizeof_long" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_LONG $ac_cv_sizeof_long
-_ACEOF
-
-
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
-$as_echo_n "checking size of int... " >&6; }
-if ${ac_cv_sizeof_int+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
-
-else
- if test "$ac_cv_type_int" = yes; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (int)
-See \`config.log' for more details" "$LINENO" 5; }
- else
- ac_cv_sizeof_int=0
- fi
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
-$as_echo "$ac_cv_sizeof_int" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_INT $ac_cv_sizeof_int
-_ACEOF
-
-
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short" >&5
-$as_echo_n "checking size of short... " >&6; }
-if ${ac_cv_sizeof_short+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short))" "ac_cv_sizeof_short" "$ac_includes_default"; then :
-
-else
- if test "$ac_cv_type_short" = yes; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (short)
-See \`config.log' for more details" "$LINENO" 5; }
- else
- ac_cv_sizeof_short=0
- fi
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short" >&5
-$as_echo "$ac_cv_sizeof_short" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_SHORT $ac_cv_sizeof_short
-_ACEOF
-
-
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char" >&5
-$as_echo_n "checking size of char... " >&6; }
-if ${ac_cv_sizeof_char+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char))" "ac_cv_sizeof_char" "$ac_includes_default"; then :
-
-else
- if test "$ac_cv_type_char" = yes; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (char)
-See \`config.log' for more details" "$LINENO" 5; }
- else
- ac_cv_sizeof_char=0
- fi
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char" >&5
-$as_echo "$ac_cv_sizeof_char" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_CHAR $ac_cv_sizeof_char
-_ACEOF
-
-
-
-ac_config_files="$ac_config_files Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-$as_echo "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
- case $cache_file in #(
- */* | ?:*)
- mv -f confcache "$cache_file"$$ &&
- mv -f "$cache_file"$$ "$cache_file" ;; #(
- *)
- mv -f confcache "$cache_file" ;;
- esac
- fi
- fi
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-DEFS=-DHAVE_CONFIG_H
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIBOBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-
-: "${CONFIG_STATUS=./config.status}"
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- $as_echo "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-case $ac_config_headers in *"
-"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
-esac
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_headers="$ac_config_headers"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Report bugs to the package provider."
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
-ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.69,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2012 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- $as_echo "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- $as_echo "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --header | --heade | --head | --hea )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append CONFIG_HEADERS " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h)
- # Conflict between --help and --header
- as_fn_error $? "ambiguous option: \`$1'
-Try \`$0 --help' for more information.";;
- --help | --hel | -h )
- $as_echo "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
- $as_echo "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
- test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp= ac_tmp=
- trap 'exit_status=$?
- : "${ac_tmp:=$tmp}"
- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-ac_tmp=$tmp
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "\a"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-# Set up the scripts for CONFIG_HEADERS section.
-# No need to generate them if there are no CONFIG_HEADERS.
-# This happens for instance with `./config.status Makefile'.
-if test -n "$CONFIG_HEADERS"; then
-cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
-BEGIN {
-_ACEOF
-
-# Transform confdefs.h into an awk script `defines.awk', embedded as
-# here-document in config.status, that substitutes the proper values into
-# config.h.in to produce config.h.
-
-# Create a delimiter string that does not exist in confdefs.h, to ease
-# handling of long lines.
-ac_delim='%!_!# '
-for ac_last_try in false false :; do
- ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
- if test -z "$ac_tt"; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-
-# For the awk script, D is an array of macro values keyed by name,
-# likewise P contains macro parameters if any. Preserve backslash
-# newline sequences.
-
-ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
-sed -n '
-s/.\{148\}/&'"$ac_delim"'/g
-t rset
-:rset
-s/^[ ]*#[ ]*define[ ][ ]*/ /
-t def
-d
-:def
-s/\\$//
-t bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3"/p
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
-d
-:bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3\\\\\\n"\\/p
-t cont
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
-t cont
-d
-:cont
-n
-s/.\{148\}/&'"$ac_delim"'/g
-t clear
-:clear
-s/\\$//
-t bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/"/p
-d
-:bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
-b cont
-' <confdefs.h | sed '
-s/'"$ac_delim"'/"\\\
-"/g' >>$CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- for (key in D) D_is_set[key] = 1
- FS = "\a"
-}
-/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
- line = \$ 0
- split(line, arg, " ")
- if (arg[1] == "#") {
- defundef = arg[2]
- mac1 = arg[3]
- } else {
- defundef = substr(arg[1], 2)
- mac1 = arg[2]
- }
- split(mac1, mac2, "(") #)
- macro = mac2[1]
- prefix = substr(line, 1, index(line, defundef) - 1)
- if (D_is_set[macro]) {
- # Preserve the white space surrounding the "#".
- print prefix "define", macro P[macro] D[macro]
- next
- } else {
- # Replace #undef with comments. This is necessary, for example,
- # in the case of _POSIX_SOURCE, which is predefined and required
- # on some systems where configure will not decide to define it.
- if (defundef == "undef") {
- print "/*", prefix defundef, macro, "*/"
- next
- }
- }
-}
-{ print }
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
- as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
-fi # test -n "$CONFIG_HEADERS"
-
-
-eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$ac_tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-$as_echo "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`$as_echo "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$ac_tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
- case $ac_file in
- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
- :H)
- #
- # CONFIG_HEADER
- #
- if test x"$ac_file" != x-; then
- {
- $as_echo "/* $configure_input */" \
- && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
- } >"$ac_tmp/config.h" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
-$as_echo "$as_me: $ac_file is unchanged" >&6;}
- else
- rm -f "$ac_file"
- mv "$ac_tmp/config.h" "$ac_file" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- fi
- else
- $as_echo "/* $configure_input */" \
- && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
- || as_fn_error $? "could not create -" "$LINENO" 5
- fi
- ;;
-
-
- esac
-
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
+++ /dev/null
-dnl Process this file with autoconf to produce a configure script.
-AC_RELEASE("$Id: configure.in,v 1.1 2008/02/15 01:47:15 marka Exp $")
-AC_INIT(query-loc.c)
-
-dnl Checks for programs.
-AC_PROG_CC
-if test "$GCC" = "yes"; then
- CFLAGS="${CFLAGS} -Wall"
-fi
-AC_PROG_INSTALL
-
-dnl Checks for libraries.
-AC_CHECK_LIB(resolv, res_query)
-
-dnl Checks for header files.
-AC_HEADER_STDC
-AC_CONFIG_HEADER(config.h)
-AC_CHECK_HEADER(resolv.h, , AC_MSG_ERROR("No headers for name service applications"))
-AC_CHECK_HEADER(arpa/nameser.h, , AC_MSG_ERROR("No headers for name service applications"))
-AC_CHECK_HEADERS(arpa/nameser_compat.h)
-AC_CHECK_HEADER(sys/time.h, , AC_MSG_ERROR("Mandatory header missing on your system"))
-AC_CHECK_HEADER(unistd.h, , AC_MSG_ERROR("Mandatory header missing on your system"))
-
-
-dnl This one is only useful for Solaris?
-AC_MSG_CHECKING(if libnsl is mandatory)
-AC_TRY_LINK([#include <sys/types.h>
- #include <netinet/in.h>
- #include <arpa/nameser.h>
- #ifdef HAVE_ARPA_NAMESER_COMPAT_H
- #include <arpa/nameser_compat.h>
- #endif
- #include <resolv.h>
- union
- {
- HEADER hdr;
- u_char buf[4096]; /* With RFC 2671, otherwise 512 is enough */
- }
- response;
- char *domain;
- int requested_type; ],
- [res_query(domain,
- C_IN,
- requested_type,
- (u_char *) & response,
- sizeof (response)) ],
- [AC_MSG_RESULT(no)],
- [AC_MSG_RESULT(yes); LIBS="${LIBS} -lnsl"])
-
-dnl Check for the loc_ntoa macro/function
-AC_MSG_CHECKING(loc_ntoa)
-AC_TRY_LINK([#include <resolv.h>],
- [u_char *cp; char *result; loc_ntoa(cp, result)],
- [AC_MSG_RESULT(yes); AC_DEFINE(HAVE_LOC_NTOA,,[Is there a loc_ntoa on this system?])],
- [AC_MSG_RESULT([no, using the alternative]); LOC_NTOA=loc_ntoa.o])
-AC_SUBST(LOC_NTOA)
-
-dnl Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_CHECK_SIZEOF(long)
-AC_CHECK_SIZEOF(int)
-AC_CHECK_SIZEOF(short)
-AC_CHECK_SIZEOF(char)
-
-dnl Misc.
-AC_OUTPUT(Makefile)
+++ /dev/null
-#!/bin/sh
-# install - install a program, script, or datafile
-
-scriptversion=2005-02-02.21
-
-# This originates from X11R5 (mit/util/scripts/install.sh), which was
-# later released in X11R6 (xc/config/util/install.sh) with the
-# following copyright and license.
-#
-# Copyright (C) 1994 X Consortium
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
-# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-# Except as contained in this notice, the name of the X Consortium shall not
-# be used in advertising or otherwise to promote the sale, use or other deal-
-# ings in this Software without prior written authorization from the X Consor-
-# tium.
-#
-#
-# FSF changes to this file are in the public domain.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch. It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-chmodcmd="$chmodprog 0755"
-chowncmd=
-chgrpcmd=
-stripcmd=
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=
-dst=
-dir_arg=
-dstarg=
-no_target_directory=
-
-usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
- or: $0 [OPTION]... SRCFILES... DIRECTORY
- or: $0 [OPTION]... -t DIRECTORY SRCFILES...
- or: $0 [OPTION]... -d DIRECTORIES...
-
-In the 1st form, copy SRCFILE to DSTFILE.
-In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
-In the 4th, create DIRECTORIES.
-
-Options:
--c (ignored)
--d create directories instead of installing files.
--g GROUP $chgrpprog installed files to GROUP.
--m MODE $chmodprog installed files to MODE.
--o USER $chownprog installed files to USER.
--s $stripprog installed files.
--t DIRECTORY install into DIRECTORY.
--T report an error if DSTFILE is a directory.
---help display this help and exit.
---version display version info and exit.
-
-Environment variables override the default commands:
- CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
-"
-
-while test -n "$1"; do
- case $1 in
- -c) shift
- continue;;
-
- -d) dir_arg=true
- shift
- continue;;
-
- -g) chgrpcmd="$chgrpprog $2"
- shift
- shift
- continue;;
-
- --help) echo "$usage"; exit $?;;
-
- -m) chmodcmd="$chmodprog $2"
- shift
- shift
- continue;;
-
- -o) chowncmd="$chownprog $2"
- shift
- shift
- continue;;
-
- -s) stripcmd=$stripprog
- shift
- continue;;
-
- -t) dstarg=$2
- shift
- shift
- continue;;
-
- -T) no_target_directory=true
- shift
- continue;;
-
- --version) echo "$0 $scriptversion"; exit $?;;
-
- *) # When -d is used, all remaining arguments are directories to create.
- # When -t is used, the destination is already specified.
- test -n "$dir_arg$dstarg" && break
- # Otherwise, the last argument is the destination. Remove it from $@.
- for arg
- do
- if test -n "$dstarg"; then
- # $@ is not empty: it contains at least $arg.
- set fnord "$@" "$dstarg"
- shift # fnord
- fi
- shift # arg
- dstarg=$arg
- done
- break;;
- esac
-done
-
-if test -z "$1"; then
- if test -z "$dir_arg"; then
- echo "$0: no input file specified." >&2
- exit 1
- fi
- # It's OK to call `install-sh -d' without argument.
- # This can happen when creating conditional directories.
- exit 0
-fi
-
-for src
-do
- # Protect names starting with `-'.
- case $src in
- -*) src=./$src ;;
- esac
-
- if test -n "$dir_arg"; then
- dst=$src
- src=
-
- if test -d "$dst"; then
- mkdircmd=:
- chmodcmd=
- else
- mkdircmd=$mkdirprog
- fi
- else
- # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
- # might cause directories to be created, which would be especially bad
- # if $src (and thus $dsttmp) contains '*'.
- if test ! -f "$src" && test ! -d "$src"; then
- echo "$0: $src does not exist." >&2
- exit 1
- fi
-
- if test -z "$dstarg"; then
- echo "$0: no destination specified." >&2
- exit 1
- fi
-
- dst=$dstarg
- # Protect names starting with `-'.
- case $dst in
- -*) dst=./$dst ;;
- esac
-
- # If destination is a directory, append the input filename; won't work
- # if double slashes aren't ignored.
- if test -d "$dst"; then
- if test -n "$no_target_directory"; then
- echo "$0: $dstarg: Is a directory" >&2
- exit 1
- fi
- dst=$dst/`basename "$src"`
- fi
- fi
-
- # This sed command emulates the dirname command.
- dstdir=`echo "$dst" | sed -e 's,/*$,,;s,[^/]*$,,;s,/*$,,;s,^$,.,'`
-
- # Make sure that the destination directory exists.
-
- # Skip lots of stat calls in the usual case.
- if test ! -d "$dstdir"; then
- defaultIFS='
- '
- IFS="${IFS-$defaultIFS}"
-
- oIFS=$IFS
- # Some sh's can't handle IFS=/ for some reason.
- IFS='%'
- set x `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'`
- shift
- IFS=$oIFS
-
- pathcomp=
-
- while test $# -ne 0 ; do
- pathcomp=$pathcomp$1
- shift
- if test ! -d "$pathcomp"; then
- $mkdirprog "$pathcomp"
- # mkdir can fail with a `File exist' error in case several
- # install-sh are creating the directory concurrently. This
- # is OK.
- test -d "$pathcomp" || exit
- fi
- pathcomp=$pathcomp/
- done
- fi
-
- if test -n "$dir_arg"; then
- $doit $mkdircmd "$dst" \
- && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
- && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
- && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
- && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; }
-
- else
- dstfile=`basename "$dst"`
-
- # Make a couple of temp file names in the proper directory.
- dsttmp=$dstdir/_inst.$$_
- rmtmp=$dstdir/_rm.$$_
-
- # Trap to clean up those temp files at exit.
- trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
- trap '(exit $?); exit' 1 2 13 15
-
- # Copy the file name to the temp name.
- $doit $cpprog "$src" "$dsttmp" &&
-
- # and set any options; do chmod last to preserve setuid bits.
- #
- # If any of these fail, we abort the whole thing. If we want to
- # ignore errors from any of these, just make sure not to ignore
- # errors from the above "$doit $cpprog $src $dsttmp" command.
- #
- { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
- && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
- && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
- && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } &&
-
- # Now rename the file to the real destination.
- { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \
- || {
- # The rename failed, perhaps because mv can't rename something else
- # to itself, or perhaps because mv is so ancient that it does not
- # support -f.
-
- # Now remove or move aside any old file at destination location.
- # We try this two ways since rm can't unlink itself on some
- # systems and the destination file might be busy for other
- # reasons. In this case, the final cleanup might fail but the new
- # file should still install successfully.
- {
- if test -f "$dstdir/$dstfile"; then
- $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \
- || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \
- || {
- echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2
- (exit 1); exit 1
- }
- else
- :
- fi
- } &&
-
- # Now rename the file to the real destination.
- $doit $mvcmd "$dsttmp" "$dstdir/$dstfile"
- }
- }
- fi || { (exit 1); exit 1; }
-done
-
-# The final little trick to "correctly" pass the exit status to the exit trap.
-{
- (exit 0); exit 0
-}
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
+++ /dev/null
-#include "loc.h"
-
-/* $Id: loc.c,v 1.1 2008/02/15 01:47:15 marka Exp $ */
-
-/* Global variables */
-
-short rr_errno;
-
-/*
- Prints the actual usage
- */
-void
-usage ()
-{
- (void) fprintf (stderr,
- "Usage: %s: [-v] [-d nnn] hostname\n", progname);
- exit (2);
-}
-
-/*
- Panics
- */
-void
-panic (message)
- char *message;
-{
- (void) fprintf (stderr,
- "%s: %s\n", progname, message);
- exit (2);
-}
-
-/*
- ** IN_ADDR_ARPA -- Convert dotted quad string to reverse in-addr.arpa
- ** ------------------------------------------------------------------
- **
- ** Returns:
- ** Pointer to appropriate reverse in-addr.arpa name
- ** with trailing dot to force absolute domain name.
- ** NULL in case of invalid dotted quad input string.
- */
-
-#ifndef ARPA_ROOT
-#define ARPA_ROOT "in-addr.arpa"
-#endif
-
-char *
-in_addr_arpa (dottedquad)
- char *dottedquad; /* input string with dotted quad */
-{
- static char addrbuf[4 * 4 + sizeof (ARPA_ROOT) + 2];
- unsigned int a[4];
- register int n;
-
- n = sscanf (dottedquad, "%u.%u.%u.%u", &a[0], &a[1], &a[2], &a[3]);
- switch (n)
- {
- case 4:
- (void) sprintf (addrbuf, "%u.%u.%u.%u.%s.",
- a[3] & 0xff, a[2] & 0xff, a[1] & 0xff, a[0] & 0xff, ARPA_ROOT);
- break;
-
- case 3:
- (void) sprintf (addrbuf, "%u.%u.%u.%s.",
- a[2] & 0xff, a[1] & 0xff, a[0] & 0xff, ARPA_ROOT);
- break;
-
- case 2:
- (void) sprintf (addrbuf, "%u.%u.%s.",
- a[1] & 0xff, a[0] & 0xff, ARPA_ROOT);
- break;
-
- case 1:
- (void) sprintf (addrbuf, "%u.%s.",
- a[0] & 0xff, ARPA_ROOT);
- break;
-
- default:
- return (NULL);
- }
-
- while (--n >= 0)
- if (a[n] > 255)
- return (NULL);
-
- return (addrbuf);
-}
-
-/*
- Returns a human-readable version of the LOC information or
- NULL if it failed. Argument is a name (of a network or a machine)
- and a boolean telling is it is a network name or a machine name.
- */
-char *
-getlocbyname (name, is_network)
- const char *name;
- short is_network;
-{
- char *result;
- struct list_in_addr *list, *p;
- result = findRR (name, T_LOC);
- if (result != NULL)
- {
- if (debug >= 2)
- printf ("LOC record found for the name %s\n", name);
- return result;
- }
- else
- {
- if (!is_network)
- {
- list = findA (name);
- if (debug >= 2)
- printf ("No LOC record found for the name %s, trying addresses\n", name);
- if (list != NULL)
- {
- for (p = list; p != NULL; p = p->next)
- {
- if (debug >= 2)
- printf ("Trying address %s\n", inet_ntoa (p->addr));
- result = getlocbyaddr (p->addr, NULL);
- if (result != NULL)
- return result;
- }
- return NULL;
- }
- else
- {
- if (debug >= 2)
- printf (" No A record found for %s\n", name);
- return NULL;
- }
- }
- else
- {
- if (debug >= 2)
- printf ("No LOC record found for the network name %s\n", name);
- return NULL;
- }
- }
-}
-
-/*
- Returns a human-readable version of the LOC information or
- NULL if it failed. Argument is an IP address.
- */
-char *
-getlocbyaddr (addr, mask)
- const struct in_addr addr;
- const struct in_addr *mask;
-{
- struct in_addr netaddr;
- u_int32_t a;
- struct in_addr themask;
- char text_addr[sizeof("255.255.255.255")],
- text_mask[sizeof("255.255.255.255")];
-
- if (mask == NULL)
- {
- themask.s_addr = (u_int32_t) 0;
- }
- else
- {
- themask = *mask;
- }
-
- strcpy (text_addr, inet_ntoa (addr));
- strcpy (text_mask, inet_ntoa (themask));
-
- if (debug >= 2)
- printf ("Testing address %s/%s\n", text_addr, text_mask);
-
- if (mask == NULL)
- {
- a = ntohl (addr.s_addr);
- if (IN_CLASSA (a))
- {
- netaddr.s_addr = htonl (a & IN_CLASSA_NET);
- themask.s_addr = htonl(IN_CLASSA_NET);
- }
- else if (IN_CLASSB (a))
- {
- netaddr.s_addr = htonl (a & IN_CLASSB_NET);
- themask.s_addr = htonl(IN_CLASSB_NET);
- }
- else if (IN_CLASSC (a))
- {
- netaddr.s_addr = htonl (a & IN_CLASSC_NET);
- themask.s_addr = htonl(IN_CLASSC_NET);
- }
- else
- {
- /* Error */
- return NULL;
- }
- return getlocbynet (in_addr_arpa (inet_ntoa (netaddr)), addr, &themask);
- }
- else
- {
- netaddr.s_addr = addr.s_addr & themask.s_addr;
- return getlocbynet (in_addr_arpa (inet_ntoa (netaddr)), addr, mask);
- }
-}
-
-/*
- Returns a human-readable LOC.
- Argument is a network name in the 0.z.y.x.in-addr.arpa format
- and the original address
- */
-char *
-getlocbynet (name, addr, mask)
- char *name;
- struct in_addr addr;
- struct in_addr *mask;
-{
- char *network;
- char *result;
- struct list_in_addr *list;
- struct in_addr newmask;
- u_int32_t a;
- char newname[4 * 4 + sizeof (ARPA_ROOT) + 2];
-
- if (debug >= 2)
- printf ("Testing network %s with mask %s\n", name, inet_ntoa(*mask));
-
- /* Check if this network has an A RR */
- list = findA (name);
- if (list != NULL)
- {
- /* Yes, it does. This A record will be used as the
- * new mask for recursion if it is longer than
- * the actual mask. */
- if (mask != NULL && mask->s_addr < list->addr.s_addr)
- {
- /* compute the new arguments for recursion
- * - compute the new network by applying the new mask
- * to the address and get the in_addr_arpa representation
- * of it.
- * - the address remains unchanged
- * - the new mask is the one given in the A record
- */
- a = ntohl(addr.s_addr); /* start from host address */
- a &= ntohl(list->addr.s_addr); /* apply new mask */
- newname[sizeof newname - 1] = 0;
- strncpy(
- newname,
- in_addr_arpa(inet_ntoa(inet_makeaddr(a, 0))),
- sizeof newname);
- newmask = inet_makeaddr(ntohl(list->addr.s_addr), 0);
- result = getlocbynet (newname, addr, &newmask);
- if (result != NULL)
- {
- return result;
- }
- }
- /* couldn't find a LOC. Fall through and try with name */
- }
-
- /* Check if this network has a name */
- network = findRR (name, T_PTR);
- if (network == NULL)
- {
- if (debug >= 2)
- printf ("No name for network %s\n", name);
- return NULL;
- }
- else
- {
- return getlocbyname (network, TRUE);
- }
-}
-
-/*
- The code for these two functions is stolen from the examples in Liu and Albitz
- book "DNS and BIND" (O'Reilly).
- */
-
-/****************************************************************
- * skipName -- This routine skips over a domain name. If the *
- * domain name expansion fails, it crashes. *
- * dn_skipname() is probably not on your manual *
- * page; it is similar to dn_expand() except that it just *
- * skips over the name. dn_skipname() is in res_comp.c if *
- * you need to find it. *
- ****************************************************************/
-int
-skipName (cp, endOfMsg)
- u_char *cp;
- u_char *endOfMsg;
-{
- int n;
-
- if ((n = dn_skipname (cp, endOfMsg)) < 0)
- {
- panic ("dn_skipname failed\n");
- }
- return (n);
-}
-
-/****************************************************************
- * skipToData -- This routine advances the cp pointer to the *
- * start of the resource record data portion. On the way, *
- * it fills in the type, class, ttl, and data length *
- ****************************************************************/
-int
-skipToData (cp, type, class, ttl, dlen, endOfMsg)
- u_char *cp;
- u_short *type;
- u_short *class;
- u_int32_t *ttl;
- u_short *dlen;
- u_char *endOfMsg;
-{
- u_char *tmp_cp = cp; /* temporary version of cp */
-
- /* Skip the domain name; it matches the name we looked up */
- tmp_cp += skipName (tmp_cp, endOfMsg);
-
- /*
- * Grab the type, class, and ttl. GETSHORT and GETLONG
- * are macros defined in arpa/nameser.h.
- */
- GETSHORT (*type, tmp_cp);
- GETSHORT (*class, tmp_cp);
- GETLONG (*ttl, tmp_cp);
- GETSHORT (*dlen, tmp_cp);
-
- return (tmp_cp - cp);
-}
-
-
-/*
- Returns a human-readable version of a DNS RR (resource record)
- associated with the name 'domain'.
- If it does not find, ir returns NULL and sets rr_errno to explain why.
-
- The code for this function is stolen from the examples in Liu and Albitz
- book "DNS and BIND" (O'Reilly).
- */
-char *
-findRR (domain, requested_type)
- char *domain;
- int requested_type;
-{
- char *result, *message;
-
- union
- {
- HEADER hdr; /* defined in resolv.h */
- u_char buf[PACKETSZ]; /* defined in arpa/nameser.h */
- }
- response; /* response buffers */
-short found = 0;
-int responseLen; /* buffer length */
-
- u_char *cp; /* character pointer to parse DNS packet */
- u_char *endOfMsg; /* need to know the end of the message */
- u_short class; /* classes defined in arpa/nameser.h */
- u_short type; /* types defined in arpa/nameser.h */
- u_int32_t ttl; /* resource record time to live */
- u_short dlen; /* size of resource record data */
-
- int i, count, dup; /* misc variables */
-
- char *ptrList[1];
- int ptrNum = 0;
- struct in_addr addr;
-
- result = (char *) malloc (256);
- message = (char *) malloc (256);
- if (result == NULL || message == NULL)
- {
- panic ("Malloc failed");
- }
- /*
- * Look up the records for the given domain name.
- * We expect the domain to be a fully qualified name, so
- * we use res_query(). If we wanted the resolver search
- * algorithm, we would have used res_search() instead.
- */
- if ((responseLen =
- res_query (domain, /* the domain we care about */
- C_IN, /* Internet class records */
- requested_type, /* Look up name server records */
- (u_char *) & response, /*response buffer */
- sizeof (response))) /*buffer size */
- < 0)
- { /*If negative */
- rr_errno = h_errno;
- return NULL;
- }
-
- /*
- * Keep track of the end of the message so we don't
- * pass it while parsing the response. responseLen is
- * the value returned by res_query.
- */
- endOfMsg = response.buf + responseLen;
-
- /*
- * Set a pointer to the start of the question section,
- * which begins immediately AFTER the header.
- */
- cp = response.buf + sizeof (HEADER);
-
- /*
- * Skip over the whole question section. The question
- * section is comprised of a name, a type, and a class.
- * QFIXEDSZ (defined in arpa/nameser.h) is the size of
- * the type and class portions, which is fixed. Therefore,
- * we can skip the question section by skipping the
- * name (at the beginning) and then advancing QFIXEDSZ.
- * After this calculation, cp points to the start of the
- * answer section, which is a list of NS records.
- */
- cp += skipName (cp, endOfMsg) + QFIXEDSZ;
-
- count = ntohs (response.hdr.ancount) +
- ntohs (response.hdr.nscount);
- while ((--count >= 0) /* still more records */
- && (cp < endOfMsg))
- { /* still inside the packet */
-
-
- /* Skip to the data portion of the resource record */
- cp += skipToData (cp, &type, &class, &ttl, &dlen, endOfMsg);
-
- if (type == requested_type)
- {
- switch (requested_type)
- {
- case (T_LOC):
- loc_ntoa (cp, result);
- return result;
- break;
- case (T_PTR):
- ptrList[ptrNum] = (char *) malloc (MAXDNAME);
- if (ptrList[ptrNum] == NULL)
- {
- panic ("Malloc failed");
- }
-
- if (dn_expand (response.buf, /* Start of the packet */
- endOfMsg, /* End of the packet */
- cp, /* Position in the packet */
- (char *) ptrList[ptrNum], /* Result */
- MAXDNAME) /* size of ptrList buffer */
- < 0)
- { /* Negative: error */
- panic ("dn_expand failed");
- }
-
- /*
- * Check the name we've just unpacked and add it to
- * the list if it is not a duplicate.
- * If it is a duplicate, just ignore it.
- */
- for (i = 0, dup = 0; (i < ptrNum) && !dup; i++)
- dup = !strcasecmp (ptrList[i], ptrList[ptrNum]);
- if (dup)
- free (ptrList[ptrNum]);
- else
- ptrNum++;
- strcpy (result, ptrList[0]);
- return result;
- break;
- case (T_A):
- bcopy ((char *) cp, (char *) &addr, INADDRSZ);
- strcat (result, " ");
- strcat (result, inet_ntoa (addr));
- found = 1;
- break;
- default:
- sprintf (message, "Unexpected type %u", requested_type);
- panic (message);
- }
- }
-
- /* Advance the pointer over the resource record data */
- cp += dlen;
-
- } /* end of while */
- if (found)
- return result;
-else
-return NULL;
-}
-
-struct list_in_addr *
-findA (domain)
- char *domain;
-{
-
- struct list_in_addr *result, *end;
-
- union
- {
- HEADER hdr; /* defined in resolv.h */
- u_char buf[PACKETSZ]; /* defined in arpa/nameser.h */
- }
- response; /* response buffers */
- int responseLen; /* buffer length */
-
- u_char *cp; /* character pointer to parse DNS packet */
- u_char *endOfMsg; /* need to know the end of the message */
- u_short class; /* classes defined in arpa/nameser.h */
- u_short type; /* types defined in arpa/nameser.h */
- u_int32_t ttl; /* resource record time to live */
- u_short dlen; /* size of resource record data */
-
- int count; /* misc variables */
-
- struct in_addr addr;
-
- end = NULL;
- result = NULL;
-
- /*
- * Look up the records for the given domain name.
- * We expect the domain to be a fully qualified name, so
- * we use res_query(). If we wanted the resolver search
- * algorithm, we would have used res_search() instead.
- */
- if ((responseLen =
- res_query (domain, /* the domain we care about */
- C_IN, /* Internet class records */
- T_A,
- (u_char *) & response, /*response buffer */
- sizeof (response))) /*buffer size */
- < 0)
- { /*If negative */
- rr_errno = h_errno;
- return NULL;
- }
-
- /*
- * Keep track of the end of the message so we don't
- * pass it while parsing the response. responseLen is
- * the value returned by res_query.
- */
- endOfMsg = response.buf + responseLen;
-
- /*
- * Set a pointer to the start of the question section,
- * which begins immediately AFTER the header.
- */
- cp = response.buf + sizeof (HEADER);
-
- /*
- * Skip over the whole question section. The question
- * section is comprised of a name, a type, and a class.
- * QFIXEDSZ (defined in arpa/nameser.h) is the size of
- * the type and class portions, which is fixed. Therefore,
- * we can skip the question section by skipping the
- * name (at the beginning) and then advancing QFIXEDSZ.
- * After this calculation, cp points to the start of the
- * answer section, which is a list of NS records.
- */
- cp += skipName (cp, endOfMsg) + QFIXEDSZ;
-
- count = ntohs (response.hdr.ancount) +
- ntohs (response.hdr.nscount);
- while ((--count >= 0) /* still more records */
- && (cp < endOfMsg))
- { /* still inside the packet */
-
-
- /* Skip to the data portion of the resource record */
- cp += skipToData (cp, &type, &class, &ttl, &dlen, endOfMsg);
-
- if (type == T_A)
- {
- bcopy ((char *) cp, (char *) &addr, INADDRSZ);
- if (end == NULL)
- {
- result = (void *) malloc (sizeof (struct list_in_addr));
- if (result == NULL)
- {
- panic ("Malloc failed");
- }
- result->addr = addr;
- result->next = NULL;
- end = result;
- }
- else
- {
- end->next = (void *) malloc (sizeof (struct list_in_addr));
- if (end->next == NULL)
- {
- panic ("Malloc failed");
- }
- end = end->next;
- end->addr = addr;
- end->next = NULL;
- }
- }
-
- /* Advance the pointer over the resource record data */
- cp += dlen;
-
- } /* end of while */
- return result;
-}
+++ /dev/null
-/* $Id: loc.h,v 1.1 2008/02/15 01:47:15 marka Exp $ */
-
-#define VERSION "0.4.0"
-
-#include "config.h"
-
-/* Probably too many inclusions but this is to keep 'gcc -Wall' happy... */
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <netdb.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <sys/time.h>
-#include <errno.h>
-#include <unistd.h>
-#include <string.h>
-#include <signal.h>
-#include <arpa/nameser.h>
-#ifdef HAVE_ARPA_NAMESER_COMPAT_H
-#include <arpa/nameser_compat.h>
-#endif
-#include <resolv.h>
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE 1
-#endif
-
-#if SIZEOF_LONG == 4
-#define u_int32_t unsigned long
-#ifndef int32_t
-#define int32_t long
-#endif
-#else
-#define u_int32_t unsigned int
-#ifndef int32_t
-#define int32_t int
-#endif
-#endif
-
-#if SIZEOF_CHAR == 1
-#define u_int8_t unsigned char
-#ifndef int8_t
-#define int8_t char
-#endif
-#else
-#if SIZEOF_SHORT == 1
-#define u_int8_t unsigned short
-#ifndef int8_t
-#define int8_t short
-#endif
-#else
-#error "No suitable native type for storing bytes"
-#endif
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE (in_addr_t)-1
-#endif
-
-struct list_in_addr
- {
- struct in_addr addr;
- void *next;
- };
-
-void usage ();
-void panic ();
-
-char *getlocbyname ();
-char *getlocbyaddr ();
-char *getlocbynet ();
-char *findRR ();
-struct list_in_addr *findA ();
-
-extern char *progname;
-extern short debug;
+++ /dev/null
-/* Stolen from BIND */
-
-/*
- * Copyright (c) 1985
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Portions Copyright (c) 1993 by Digital Equipment Corporation.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies, and that
- * the name of Digital Equipment Corporation not be used in advertising or
- * publicity pertaining to distribution of the document or software without
- * specific, written prior permission.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
- * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/*
- * Portions Copyright (c) 1995 by International Business Machines, Inc.
- *
- * International Business Machines, Inc. (hereinafter called IBM) grants
- * permission under its copyrights to use, copy, modify, and distribute this
- * Software with or without fee, provided that the above copyright notice and
- * all paragraphs of this notice appear in all copies, and that the name of IBM
- * not be used in connection with the marketing of any product incorporating
- * the Software or modifications thereof, without specific, written prior
- * permission.
- *
- * To the extent it has a right to do so, IBM grants an immunity from suit
- * under its patents, if any, for the use, sale or manufacture of products to
- * the extent that such products are used for performing Domain Name System
- * dynamic updates in TCP/IP networks by means of the Software. No immunity is
- * granted for any product per se or for any other function of any product.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
- * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
- * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
- */
-
-/*
- * Copyright (C) 1996-1999, 2016 Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <arpa/nameser.h>
-
-#include <ctype.h>
-#include <errno.h>
-#include <math.h>
-#include <netdb.h>
-#include <resolv.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#include "loc.h"
-
-const char *precsize_ntoa();
-
-/* takes an on-the-wire LOC RR and formats it in a human readable format. */
-const char *
-loc_ntoa(binary, ascii)
- const u_char *binary;
- char *ascii;
-{
- static char *error = "?";
- static char tmpbuf[sizeof
-"1000 60 60.000 N 1000 60 60.000 W -12345678.00m 90000000.00m 90000000.00m 90000000.00m"];
- const u_char *cp = binary;
-
- int latdeg, latmin, latsec, latsecfrac;
- int longdeg, longmin, longsec, longsecfrac;
- char northsouth, eastwest;
- int altmeters, altfrac, altsign;
-
- const u_int32_t referencealt = 100000 * 100;
-
- int32_t latval, longval, altval;
- u_int32_t templ;
- u_int8_t sizeval, hpval, vpval, versionval;
-
- char *sizestr, *hpstr, *vpstr;
-
- versionval = *cp++;
-
- if (ascii == NULL)
- ascii = tmpbuf;
-
- if (versionval) {
- (void) sprintf(ascii, "; error: unknown LOC RR version");
- return (ascii);
- }
-
- sizeval = *cp++;
-
- hpval = *cp++;
- vpval = *cp++;
-
- GETLONG(templ, cp);
- latval = (templ - ((unsigned)1<<31));
-
- GETLONG(templ, cp);
- longval = (templ - ((unsigned)1<<31));
-
- GETLONG(templ, cp);
- if (templ < referencealt) { /* below WGS 84 spheroid */
- altval = referencealt - templ;
- altsign = -1;
- } else {
- altval = templ - referencealt;
- altsign = 1;
- }
-
- if (latval < 0) {
- northsouth = 'S';
- latval = -latval;
- } else
- northsouth = 'N';
-
- latsecfrac = latval % 1000;
- latval = latval / 1000;
- latsec = latval % 60;
- latval = latval / 60;
- latmin = latval % 60;
- latval = latval / 60;
- latdeg = latval;
-
- if (longval < 0) {
- eastwest = 'W';
- longval = -longval;
- } else
- eastwest = 'E';
-
- longsecfrac = longval % 1000;
- longval = longval / 1000;
- longsec = longval % 60;
- longval = longval / 60;
- longmin = longval % 60;
- longval = longval / 60;
- longdeg = longval;
-
- altfrac = altval % 100;
- altmeters = (altval / 100) * altsign;
-
- if ((sizestr = strdup(precsize_ntoa(sizeval))) == NULL)
- sizestr = error;
- if ((hpstr = strdup(precsize_ntoa(hpval))) == NULL)
- hpstr = error;
- if ((vpstr = strdup(precsize_ntoa(vpval))) == NULL)
- vpstr = error;
-
- sprintf(ascii,
- "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm",
- latdeg, latmin, latsec, latsecfrac, northsouth,
- longdeg, longmin, longsec, longsecfrac, eastwest,
- altmeters, altfrac, sizestr, hpstr, vpstr);
-
- if (sizestr != error)
- free(sizestr);
- if (hpstr != error)
- free(hpstr);
- if (vpstr != error)
- free(vpstr);
-
- return (ascii);
-}
-
-static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000,
- 1000000,10000000,100000000,1000000000};
-
-/* takes an XeY precision/size value, returns a string representation. */
-const char *
-precsize_ntoa(prec)
- u_int8_t prec;
-{
- static char retbuf[sizeof "90000000.00"]; /* XXX nonreentrant */
- unsigned long val;
- int mantissa, exponent;
-
- mantissa = (int)((prec >> 4) & 0x0f) % 10;
- exponent = (int)((prec >> 0) & 0x0f) % 10;
-
- val = mantissa * poweroften[exponent];
-
- (void) sprintf(retbuf, "%ld.%.2ld", val/100, val%100);
- return (retbuf);
-}
-
+++ /dev/null
-.\" Hey, EMACS: -*- nroff -*-
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH QUERY-LOC 1 "January 11, 2005"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-query-loc \- to retrieve and display the location information in the DNS
-.SH SYNOPSIS
-.B query-loc
-.RI [-v] [-d nnn] " host"
-.SH DESCRIPTION
-This manual page documents briefly the
-.B query-loc
-command.
-.PP
-.\" TeX users may be more comfortable with the \fB<whatever>\fP and
-.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
-.\" respectively.
-\fBquery-loc\fP is a program to retrieve and display the location
-information in the DNS.
-
-It uses the algorithms described in
-RFC 1876 (and RFC 1101 to get the network names).
-You can find examples of networks wchich implement this scheme
-in the ADDRESSES file.
-
-.SH OPTIONS
-.TP
-.B \-v
-Verbose mode.
-.TP
-.B \-d nnn
-Debug mode. Displays the RFC's algorithm
-
-.SH BUGS
-
-Very few hosts have location information.
-
-.SH AUTHOR
-This manual page was written by Stephane Bortzmeyer
-<bortzmeyer@debian.org>.
-
-.\" $Id: query-loc.1,v 1.1 2008/02/15 01:47:15 marka Exp $
+++ /dev/null
-#include "loc.h"
-
-/* $Id: query-loc.c,v 1.1 2008/02/15 01:47:15 marka Exp $ */
-
-/* Global variables */
-char *progname;
-short debug;
-
-int
-main (argc, argv)
- int argc;
- char *argv[];
-{
- extern char *optarg;
- extern int optind;
-
- short verbose = FALSE;
- char *host;
-
- char ch;
-
- char *loc = NULL;
- struct in_addr addr;
- struct hostent *hp;
-
- progname = argv[0];
- while ((ch = getopt (argc, argv, "vd:")) != EOF)
- {
- switch (ch)
- {
- case 'v':
- verbose = TRUE;
- break;
- case 'd':
- debug = atoi (optarg);
- if (debug <= 0)
- {
- (void) fprintf (stderr,
- "%s: illegal debug value.\n", progname);
- exit (2);
- }
- break;
- default:
- usage ();
- }
- }
- argc -= optind;
- argv += optind;
- if (argc != 1)
- {
- usage ();
- }
- if (verbose || debug)
- {
- printf ("\nThis is %s, version %s.\n\n", progname, VERSION);
- }
- host = argv[0];
- (void) res_init ();
-
- if ((addr.s_addr = inet_addr (host)) == INADDR_NONE)
- {
- if (debug >= 1)
- printf ("%s is a name\n", host);
- loc = getlocbyname (host, FALSE);
- }
- else
- {
- if (debug >= 1)
- printf ("%s is an IP address ", host);
- hp = (struct hostent *) gethostbyaddr
- ((char *) &addr, sizeof (addr), AF_INET);
- if (hp)
- {
- if (debug >= 1)
- printf ("and %s is its official name\n",
- hp->h_name);
- loc = getlocbyname (hp->h_name, FALSE);
- }
- else
- {
- if (debug >= 1)
- printf ("which has no name\n");
- loc = getlocbyaddr (addr, NULL);
- }
- }
- if (loc == NULL)
- {
- printf ("No LOCation found for %s\n", host);
- exit (1);
- }
- else
- {
- if (verbose || debug)
- printf ("LOCation for %s is ", host);
- printf ("%s\n", loc);
- exit (0);
- }
-}
+++ /dev/null
-#!/bin/sh
-
-# $Id: reconf,v 1.1 2008/02/15 01:47:15 marka Exp $
-
-autoreconf
-# We do not use automake but we need its install-sh file. We do not
-# care about the exit code.
-automake --add-missing || true
+++ /dev/null
-/zkt-conf
-/zkt-keyman
-/zkt-ls
-/zkt-signer
-/zkt-soaserial
+++ /dev/null
-zkt 1.1.3 -- 21. Nov 2014
-
-* func New Config Parameter DependFiles added.
- Contains a (comma separated) list of files which are
- included into the ZoneFile. The timestamps of this files
- are checked additional to the timestamp of the ZoneFile.
- Based on a suggestion from Sven Strickroth
-
-* misc Makefile changed to build tar file out of git repository
-
-* misc Minimum supported BIND version is now 9.8
-
-* bug Fixed bug in BIND version parsing (9.10.1 was parsed as 910
- which is similar to 9.1.0)
- Version 9.10.1 is parsed now as 091001
-
-* misc Remove flag to request large exponent when creating keys
- (BIND always creates keys with large exponents since BIND 9.5.0)
-
-* misc Project moved to github
- Thanks to Jakob Schlyter for doing the initial stuff
-
-zkt 1.1.2 -- 05. Dec 2012
-
-* bug Fixed bug introduced by changes on inc_soa_serial()
-
-zkt 1.1.1 -- 27. Nov 2012
-
-* bug Error fixed in zkt-conf in parsing the version number
-
-* misc inc_soa_serial() now returns 0 on success
-
-* bug Fixed bug in inc_serial()
- The zone file wasn't closed on succesful change of the soa record.
- Many thanks to Frederik Soderblom for fixing this.
-
-zkt 1.1 -- 30. Jan 2012
-
-* misc Release numbering changed to three level "major.minor.revison" scheme
-
-* bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson)
-
-* doc Improved README file (Thanks to Jan-Piet Mens)
-
-* misc Fixed some typos in log messages
-
-* bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked)
-
-* misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode)
- Default Sig Lifetime changed from 10 days to 3 weeks (21 days)
- Default ZSK lifetime changed from 3 months to 4 times the sig lifetime
- Default KSK lifetime changed from 1 year to 2 years
- Parameter checks in checkconfig() adapted.
- KSK random device changed back from /dev/urandom to BIND default
- (Be aware of some possibly long delay in key generation)
-
-* func New configure option to set the bind utility path manually (--enable-bindutil_path)
- BIND_UTIL_PATH in config_zkt.h will no longer used
- (Thanks to Mans Nilsson)
-
-* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1
- or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead.
- (Thanks to Holger Wirtz)
-
-* bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz)
-
-* func Description added to (some of the) dnssec.conf parameters
-
-* func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs
-
-* misc Config file syntax changed to parameter names without underscores.
- zkt-conf uses ZKT_VERSION string as config version
-
-* bug "make install-man" now installs all man page
-
-* bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already
- included dnskey.db file if another file was included.
-
-* misc destination dnssec-zkt removed from Makefile.in
-
-* func dki_prt_managedkeys() added to dki.c
- zkt_list_managedkeys() added to zkt.c
- zkt-ls has new option -M to print out a list of managed-keys
-
-* bug Bug fixed in the config parser (zconf.c). Couldn't parse
- agorithm RSASHA512 correctly (Thanks to Michael Sinatra)
-
-zkt 1.0 -- 15. June 2010
-
-* func "/dev/urandom" check added to checkconfig()
-
-* func Config compability switch (-C) added to zkt-conf
-
-* func zkt-ls has a new switch -s to change sorting of domains from
- subdomain before parent to subdomain below the parent
-
-* func "zkt-ls -T" prints only parent trust anchor
-
-zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) )
-
-* func Several config parameter are printed now in a more consistent and
- user friendly form.
- SerialFormat "Incremental" could be abbreviated as "inc" on input.
-
-* bug use of AC_ARG_ENABLE macros changed in a way that it is possible
- to use it as a "--disable-FEATURE" switch.
-
-* port no longer checking for malloc() in configue script.
- Mainly because it checks only if malloc(0) is allowed and we do
- not need this.
-
-* port --disable-color-mode added to configure script
-
-* bug Makro PRINT_AGE_OF_YEAR renamed to PRINT_AGE_WITH_YEAR in configure.ac
-
-* misc man page zkt-keyman added
-
-* misc New command zkt-keyman added as replacement for dnssec-zkt's key
- management functionality
-
-* misc man page zkt-ls added
-
-* port Check for ncurses added to Makefile.in
-
-* misc Color mode (Option -C) added to zkt-ls (experimental)
- New source file tcap.c.
-
-* misc Deprecate "single linked list" version of ZKT. The binary tree
- version is the default for years, so the VERSION string does no
- longer contain a "T". Now, if someone insist on the single link
- list version (configure --disable-tree) a "S" is added to the
- version string.
- Anyway, the code for the single link list version does no longer
- have the same functionality and will be removed in one of the later
- releases.
-
-* misc New command zkt-ls added as replacement for dnssec-zkt's key
- listing functionality
-
-* func New key algorithms RSASHA256 and RSAHSHA512 added to dki.[ch]
- and zconf.c
- New parameter NSEC3 added. Now it's possible to configure
- an NSEC3_OPTOUT zone.
-
-* bug Token parsing function gettok() fixed to recognize tokens
- with dashes ("zone-statistics" was seen as "zone").
- Thanks to Andreas Baess for finding this bug.
-
-* bug Fixed bug in (re)salting dynamic zones.
- sig_zone() and gensalt() needs parameter change for this
-
-* func New option -a added to zkt-conf
-
-* func In zconf.c CONF_TIMEINT parameter are now able to recognize
- "unset" values (which is represented internaly as 0)
-
-* func Set Max_TTL to sig lifetime for dynamic zones or if Max_TTL
- is less than 1.
- max_ttl checks in checkconfig() fixed.
-
-* func printconfigdiff() added to zconf.c and used by zkt-conf.
- Now local configs are printed as diff to site wide config.
-
-* misc man page zkt-signer.8 changed to new command syntax
-
-* func Per domain logging added. Use parameter LogDomainDir to
- enable it. For more details see file README.logging.
-
-* func distribute.sh supports new action type "distkeys" but is
- currently not used
-
-* misc LOG_FNAMETMPL changed and moved from config_zkt.h to log.h
-
-* misc Default soa serial format changed from "Incremental"
- to "Unixtime"
-
-* func dnssec-signer command renamed to zkt-signer. Man page updated.
-
-* func New command zkt-conf added as replacement for dnssec-zkt -Z
-
-* misc timeint2str() is now global (zconf.c)
-
-* func zfparse.c - a rudimentary zone file parser
- scans minimum and maximum ttl values; adds $INCLUDE dnskey.db
-
-zkt 0.99d -- Not released
-
-* func Option SIG_DnsKeyKSK for DNSKEY signing with KSK only
- added (only useful with BIND9.7)
-
-* misc For BIND 9.7 compability:
- Run dnssec-signzone in compability mode ("-C") if
- SigGenerateDS is true.
- Run dnssec-keygen in compability mode ("-C -q")
- Add option -u to dnssec-signzone if NSEC3 chaining is requested
-
-zkt 0.99c -- 1. Aug 2009
-
-* misc dnssec-signer command line option vars changed to storage
- class static.
-
-* port setenv() replaced by putenv() in misc.c
-
-* misc Install binaries in prefix/bin instead of $HOME/bin.
- Fixing some spelling errors in dnssec-signzone.8 and
- dnssec-zkt.8.
- Thanks to Mans Nilsson.
-
-* port timegm() check added to configure.ac
-
-* misc configure.ac, Makefile.in, and doc is now part of distribution
-
-* bug off by one error fixed in splitpath()
-
-* misc is_dotfile() renamed to is_dotfilename() (misc.c)
-
-* misc inc_soaserial() sourced out to soaserial.c
-
-* misc reload() functions sourced out to nscomm.c
-
-* bug Introducing parameter "KeyAlgorithm" for both ZSK and
- KSK keys instead of separate KSK and ZSK algorithms.
- New functions dki_algo() and dki_findalgo().
-
-* bug Redirect stderr message (additionally to stdout) of
- dnssec-signzone command to pipe.
- Pick up last line of output for logging.
-
-* misc "Sig_GenerateDS" is no longer a hidden parameter.
-
-* misc "make clean" now remove the binary files
- New target "distclean" added to Makefile
-
-* bug Wrong typecast in zconf.c parsing CONF_TIMEINT (Thanks to Frederick
- Soderblum and Peter Norin for the patch)
- Changed all TIMEINT parameter values to long.
-
-* bug If someone changes the zone.db file in dynamic mode, this will be treated
- the same way as an initial setup, so the zone.db file will be used as new
- input file (Thanks to Shane Wegner for this patch)
-
-* bug Option nsec3_param added to dnssec-signzone command for dynamic zones.
-
-* func New option "NamedChrootDir" added to dnssec.conf to specify the
- directory of a chrooted named. Without such an option
- "dnssec-signer -N named.conf" couldn't find the zone file directory.
-
-* misc Default ZSK lifetime set to 12 weeks instead of 3 months (30days) to
- suppress the warning message about ZSK keysize of 512 bits.
-
-zkt 0.98 -- 28. Dec 2008
-
-* misc Target "install-man" added to Makefile
- man files moved to sub directory "man"
-
-* func If a BIND version greater equal 9.6.0 is used, option -d doesn't
- initiate a resigning of a zone. It's just for key rollover.
-
-* func New pseudo algorithms for NSEC3 DNSKEYS added.
- Support of NSEC3 hashing if a BIND version greater equal 9.6.0
- is used. New parameter "SaltBits" added to the config file to
- set the salt length in bits (default is 24 which means 6 hex nibbles).
- The number of hash iterations is set to the default value of
- dnssec-signzone which depends on key size.
-
-* misc Renaming of all example zone directories so that the directory
- name does not end with a dot (Necessary for installing the
- source tree in an MS-Windows environment).
- str_tolowerdup() renamed to domain_canonicdup() and code added
- to append a dot to the domain name if it's not already there.
-
-* misc Add 'sec' (second) qualifier to debug output in kskrollover().
-
-* bug Remove a trailing '/' at the -D argument.
-
-* misc Configure script now uses the BIND_UTIL_PATH out of config_zkt.h
- if the BIND dnssec-signzone command is not found
-
-* bug A zone with only a standby key signing key (which means w/o an
- active ksk) aborts the dnssec-signer command.
- Fixed by Shane Kerr.
-
-* func Changed inc_serial() so that the SOA record parser accepts a label
- other than '@' and an optional ttl value before the class and SOA
- RR identifier (Both are case insensitive). Thanks to Shane Kerr
- for the suggestion.
-
-* bug Change of global configured key liftetime during a zone signing
- key rollover results in unnecessary additional pre-published
- zone signing keys (Thanks to Frank Behrens for the patch)
-
-* misc Sig_Random config file parameter defaults now to false
-
-* bug The man page refers the wrong licence (GPL instead of BSD)
-
-zkt 0.97 -- 5. Aug 2008
-
-* bug LG_* logging level wasn't mapped to syslog level in lg_mesg().
- gettock() in ncparse.c did not recognize C single line comments "//"
- (Thanks to Frank Behrens for finding this out)
-
-* misc dist_and_reload () now calls the "Distribute_Cmd" twice:
- First with argument "distribute" for signed zone file distribution,
- second with argument "reload" to initiate a reload.
- Again see example/flat/dist.sh for an example script.
-
-* bug full KSK rollover will (mostly) also work for dynamic zones
- This is a hack and requires further investigation. Currently
- it will not work if someone is using non standard zone file
- names.
-
-* misc default ZSK lifetime set to 3 month
-
-* misc get_mtime() renamed to file_mtime()
-
-* func is_exec_ok() added and called in dist_and_reload ()
-
-* func New parameter "Distribute_Cmd" added for specifing a user
- defined distribution (and reload) command (See example/flat/dist.sh).
-
-* misc Changed wording to be a bit more consistent to
- draft-gudmundsson-life-of-dnskey-00.txt
- - State of published key will be print as "pub" instead of "pre"
- by dnssec-zkt.
- - Option --pre-publish of dnssec-zkt changed to --published.
- - Changed wording in all comments and log message from "pre-publish"
- to "published".
-
-* func Highly experimental code to do a full automatic ksk rollover
- in hierachical mode.
- ksk_rollover() added in rollover.c; parameter change for ksk_status()
-
-* misc Changed name of "dnssec-soaserial" to "zkt-soaserial"
-
-* bug Fixed verbose logging error if -N or -D option was used
-
-* func Some LG_INFO messages added about key status change
-
-* func Remove of function to register a new ksk (zktr.[ch])
-
-* misc Changed licence from GNU GPLv2 to BSD licence
-
-* bug Fixed bug in logging of ZSK rollover
-
-* misc Changed tar file to zipped one and archive the files with
- toplevel directory
-
-* bug Fixed use of uninitialized vars in zconf.c (line)
-
-* port Preparation for use of autoconf
- - config.h renamed to config_zkt.h and change of include directives
- - conditional include of config.h
- - ./configure script is able to determine BIND utility path
- (BIND_UTIL_PATH) and version (BIND_VERSION)
- - compile time options are settable via configure script (--enable-xxx)
- - For now, the configure script is not able to set the install dir.
-
-* bug ksk rollover phase2 did not trigger resigning of parent
- (the parent file was copied to the parent directory only
- after child zone resigning)
-
-* bug fixed bad notice message in zskstatus ()
-
-* func dnssec-zkt -Z print out syslog facility & level with
- upper case letter and without quotation marks
-
-* func Syslog facility DAEMON added
-
-zkt 0.96 -- 19. June 2008
-
-* func Config file option "SIG_Parameter" added.
-
-* func Function verbmesg() added and used for verbose logging
- to stdout and/or to syslog resp. file.
- Config file parameter VerboseLog added to config file.
-
-* bug Option -O wasn't recognized by dnssec-signer
-
-* func Better support of initial setup of dynamic signed
- zones (just create an empty "zone.db.dsigned" file
- and run dnssec-signer with option -d).
-
-* func Improved error logging; incr_soa() errors are written
- as clear text message instead of error number
-
-* func elog_mesg() function replaced by a more general
- logging mechanism.
- ErrorLog config parameter replaced by LogFile,
- LogLevel and SyslogFacility, SyslogLevel parameter
-
-* func New function filesize() added
-
-* func dki_prt_trustedkey print out old key id if key
- is revoked
-
-* func dki_new() writes gentime (GMT) and proposed key
- lifetime (days) as comment into the *.key file
-
-* bug Doing some housekeeping
-
-zkt 0.95 -- 19. April 2008
-
-* misc This is not a public released version of zkt.
-
-* func All config file option are now settable via
- commandline option -O (--option or --config-option)
-
-* misc Function fatal() now has an exit code of 127.
- This is necessary because values from 1 to 64 are
- reflecting the number of errors occured.
-
-* func Errorlog functionality added
- All dnssec-signer errors will be logged in the file
- specified by the Errorlog config file parameter or
- specified by the command line option -L (--errorlog).
- If a directory is given, then the logging will occur
- in a file within this directory which is named
- like "zkt-<current-date>.log".
- The dnssec-signer command has an exit code of 0 if
- no error occured, an exit code of 127 on fatal errors,
- an exit code from 1 to 63 reflecting the number of errors
- occured, or an exit code of 64 if more than 63 errors
- occured.
-
-* func dnssec-signer: Introducing long options
-
-* bug New skript added to example/views directory to
- read in the right config file
-
-* func New option -f (--lifetime) and -F (--setlifetime)
- added to dnssec-zkt.
-
-* func New option -e (--expire) added to dnssec-zkt.
- (Seems to be that the dnssec-zkt command is a little
- bit overloaded with options.)
-
-* func dki.c and zkt.c supports storage of key lifetime,
- generation time and expiration time as a comment in the
- .key file. With this, it's possible to change the default
- lifetime without any impact on already used keys.
-
-zkt 0.94 -- 6. Dec 2007
-
-* bug Case mismatch of zone name and key file name prevent
- dki_read() from reading the key.
- Thanks to Alan Clegg for finding this out.
- Added some additional error processing and convert
- zone name to lower case.
-
-* misc Builtin default for KSK_randfile changed
- from NULL to "/dev/urandom".
-
-* bug dnssec-signer has to use private keys for signing
- even if the revoke bit is set.
- To achieve this the file pattern K*.private is added
- to the dnssec-signzone run.
-
-* bug Uninitialized variable "len" in sign_zone().
-
-* func Default config file is settable via environment
- variable ZKT_CONFFILE
-
-* func Support of views added
- Link dnssec-zkt to dnssec-zkt-<view> and
- dnssec-signer to dnssec-signer-<view>.
- Option -V and --view added to dnssec-zkt.
- Option -V added to dnssec-signer.
- View support added to parse_namedconf().
-
-zkt 0.93 -- 1. Nov 2007
-
-* func The ksk registration mechanism is disabled by
- default (see REG_URL in config.h).
-
-* func Basic support for revoke flag added (RFC5011).
- Semantic of option -R of dnssec-zkt changed.
-
-* func Undocumented option -S changed to lower case.
- Pre-pulished KSK will be shown as "standby" key.
- New Option -S (standby) for pre-publish KSK.
-
-* func New command dnssec-soaserial added.
-
-* bug dnssec-signer do not print the incremented serial
- number anymore.
- time2str() fixed bug in time format (HAS_STRFTIME=0).
-
-* port New build dependencies "solaris", "macos" and "help"
- added to Makefile.
-
-zkt 0.92 -- 1. Oct 2007
-
-* func Parameter "Serialformat" in dnssec.conf added .
- Now it is possible to use the unixtime format for
- the SOA serial number. If you use BIND 9.4 or
- greater in conjunction with this, than there is no
- need for the special SOA serial formating in
- the zonefile. (Thanks to Jakob Schlyter for the
- -N option of dnssec-signzone and the suggestion to
- add the unixtime support to zkt)
-
-* func Option --ksk-roll-stat added.
-
-* port Added macro HAS_GETOPT_LONG to support OS with
- lack of getopt_long() (e.g. solaris).
- Options -[01239] added.
-
-* misc Unused macro HAS_ULONG removed from config.h.
- Deklaration of unsigned types moved from dki.h to
- config.h (so it will be available in _all_ source
- files). Thanks to Mans Nilsson.
- Unused macro isblank() (ncparse.c) removed.
-
-* bug In dosigning(): freeze the dynamic zone _before_ copying
- the zone file.
-
-zkt 0.91 -- 1. Apr 2007
-
-* doc --ksk-rollover option added to usage().
-
-* func some experimental code for dynamic zones added.
- new functions added: copyzonefile(), dyn_update_freeze().
- New option "-d" added.
-
-zkt 0.90 -- 6. Dec 2006
-
-* func CHECK_RESIGN interval added to config.h.
- This is the dnssec-signer calling interval (at least 1 day or 86400 sec).
-
-* func new function dki_destroy() added; semantic of dk_remove()
- changed to rename the key files instead of physical deletion.
-
-* doc Setup of new example directory (flat and hierarchical).
-
-* doc dnssec-zkt man page updated.
- Added some comments in misc.c
-
-* misc function strtaint() renamed to str_untaint(),
- dki_keycmp() renamed to dki_tagcmp().
-
-* func New parameter key_ttl added to dnssec.conf.
- New func dki_prt_dnskeyttl () added.
- Now dnskey.db is written with key_ttl value.
-
-* func dnssec-signer: In hierarchical mode sign_zone() copies the
- parent-file (if such a file exist) instead of the
- keyset-file to the parent directory.
-
-* func dnssec-zkt: Option --ksk-roll-phase[123] and function
- ksk_rollover() added.
-
-* misc zconf: default values for sigvalidity, resign_int etc. changed,
- new dnssec.conf example file created.
-
-* func dnssec-zkt: Long option support added.
-
-zkt 0.83 -- 11. Sep 2006
-
-* bug dosigning(): Fixed bug in the bug fixing of printing undefined
- serial number if incr_serial() failed. (Thanks to Randy McCasskill).
-
-zkt 0.82 -- 8. Sep 2006
-
-* bug Use option -e for dnssec-keygen calls in dki_new(), because
- an RSA exponent of 3 is vulnerable.
-
-* bug dosigning(): Fixed bug in printing undefined serial
- number if incr_serial() failed.
-
- an RSA exponent of 3 is vulnerable.
-
-* bug dosigning(): Fixed bug in printing undefined serial
- number if incr_serial() failed.
-
-zkt 0.81 -- 13. July 2006
-
-* bug The function ceatekey() won't work with USE_TREE.
- Size of MAX_DNAME increased.
-
-zkt 0.8 -- 09. July 2006
-
-* func Now a hierarchical directory structure with subdomains stored in
- subfolders of the parent domain are allowed. Added copyfile(),
- cmpfile() and new_keysetfiles() for that.
-
-* func Config parameter added to choose if the domain name is
- right or left justified listed by dnssec-zkt (printkeyinfo).
-
-* func New class of key added ("sep"). A SEP key is a (public) key file
- without the private counterpart. So we could use the key solely
- as an secure entry point. (dki.h, dki_read).
-
-zkt 0.70 -- 15. Sep 2005
-
-* func Experimental code added to use a binary search tree instead of a
- single linked list. This is mainly for performance improvement for large
- sites. If you don't want to use it, set USE_TREE in config.h to zero.
- In the first step only dnssec-zkt use the new data structure.
- The tree is build over the domain names and each node is the starting point
- of a linked list of keys.
- As a result, it's not possible anymore to search on key tags only. You have
- to specify the domain name plus the tag. :-(
-
-* func Function parseurl added.
-
-* func Experimental code to register a new ksk. Currently it's more like
- a key announcement because of the lack of identification and
- authentication.
-
-zkt 0.65 -- 22. Aug 2005
-
-* misc Rewrite of the domaincmp() function. Now it's round about 2 times faster.
- After some additional changes and the compiler option -O3 the dnssec-zkt
- on the ~ 12000 zones requires only a minute
- $ time dnssec-zkt -z -r sec > /dev/null
- real 0m58.287s
- user 0m54.610s
- sys 0m3.680s
-
-* func A keyset directory is introduced (experimental)
- The parameter -d is added to the call of the dnssec-signzone command
- if the config option KeySetDir is set.
- As a result, all dsset-, keyset- and dlvset- files are stored in one directory.
- The advantage is, that the chain of trust of all local subzone is build
- automatically (This is the reason why we sort the zones with the child zones
- first).
- The disadvantage is that we store many files in single directory (3 files
- per zone).
-
-zkt 0.64 -- 1. Aug 2005
-
-* bug The code for option -Z of dnssec-zkt should be executed before we read the
- complete directory tree. This is usefull if we have a very deep directory
- structure and the recursive flag is switched on.
-
-* func SIG_Pseudorand parameter added.
-
-* func ([KZ]SK)|(SIG)_randfile parameter added.
-
-* func measure the time used for signing of each zone.
-
-* bug function logflush() added to misc.c and called by dosigning().
-
-* misc some perfomance test made:
- - Directory structure "sec/<firstletter>/domain" with round about 12200 domains
- - One of the domain is a big one (~ 820000 RRs), the others are mostly very small ones
- - We use a dsa with 704 bits as ksk and a rsamd5 with 512 bits as zsk on each domain.
- - All test made on Sun Fire V440 with 4 CPU and 4x2GB main memory
-
- # sequential signing of all zones
- $ time dnssec-signer -v -v -f -D sec
- real 434m (~ 7h 14min)
- user 188
- sys 175
-
- # with option -p and -r /dev/urandom
- $ time dnssec-signer -v -v -f -D sec > log
- real 96m28.306s
- user 290m41.980s
- sys 6m13.790s
-
- # one process for each firstletter subdirectory
- $ time par_signer.sh
- real 394m12.334s
- user 295m58.390s
- sys 786m42.479s
-
- # with option -p and -r /dev/urandom
- $ time par_signer.sh
- real 78m49.323s
- user 284m58.350s
- sys 5m39.340s
-
-
- $ time dnssec-zkt -z -r sec > /dev/null
- real 2m5.722s
- user 2m0.060s
- sys 0m4.510s
-
-
- # signing the big (820000 RR) domain only
- $ time dnssec-signer -v -v -f -D sec/b/big-domain
- real 196m23.165 (~ 3h 16min)
- user 176m57.610
- sys 167m27.570
-
- # with option -p and -r /dev/urandom
- $ time dnssec-signer -v -v -f -D sec/b/big-domain
- real 49m53.152
- user 173m59.520
- sys 1m40.150
-
-zkt 0.63 -- 14. June 2005
-
-* bug allow TTL value in keyfiles (see TTL_IN_KEYFILES_ALLOWED
- in dki_readfile()).
-
-* misc function strchop() added to misc.c.
-
-zkt 0.62 -- 13. May 2005
-
-* func dnssec-signer: Option -o added.
- Now it works a bit more like dnssec-signzone.
-
-* func strlist.c: prepstrlist and unprepstrlist functions get a
- second parameter for the delimiter.
-
-* bug fixed some typos and inaccurate usage of symbolic constants.
- Doing some housekeeping.
-
-zkt 0.61 -- 3. May 2005
-
-* bug local config file will not be mentioned if -N switch is used.
-
-zkt 0.6 -- 1. May 2005
-
-* doc dnssec-signer: man page added.
-
-* func dnssec-signer: Print out a warning message if ksk lifetime is exceeded.
-
-* func dnssec-signer: Remaining arguments will be interpreted as zone names
- (in_strarr () added).
-
-* func dnssec-signer: Option -D added.
-
-
-zkt 0.51 -- 8. April 2005
-
-* func dnssec-signer: Option -N added.
-
-* func dnssec-signer: change of keystatus from pre-published to active
- resets timestamp of key, thus age of active key counts 0.
-
-* bug prepstrlist: resulting string was not terminated with '\0'.
-
-* bug dnssec-signer: do signing if there are additional keys, or the
- status of any key is changed (function check_keytimestamp).
-
-* func dnssec-zkt: -l <list> option added.
-
-* func dnssec-zkt: -p flag defaults to on in key creation mode (-C).
+++ /dev/null
-Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
-
-This software is open source.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
-
-Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation
-and/or other materials provided with the distribution.
-
-Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-be used to endorse or promote products derived from this software without
-specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
+++ /dev/null
-#################################################################
-#
-# @(#) Makefile for dnssec zone key tool (c) Mar 2005 hoz
-#
-#################################################################
-
-prefix = @prefix@
-mandir = @mandir@
-
-CC = @CC@
-
-PROFILE = # -pg
-OPTIM = # -O3 -DNDEBUG
-
-#CFLAGS ?= @CFLAGS@ @DEFS@ -I@top_srcdir@
-CFLAGS += -g @DEFS@ -I@top_srcdir@
-CFLAGS += -Wall #-DDBG
-CFLAGS += -Wmissing-prototypes
-CFLAGS += $(PROFILE) $(OPTIM)
-LDFLAGS += $(PROFILE)
-LIBS = @LIBS@
-
-PROJECT = @PACKAGE_TARNAME@
-VERSION = @PACKAGE_VERSION@
-
-HEADER = dki.h misc.h domaincmp.h zconf.h config_zkt.h \
- config.h.in strlist.h zone.h zkt.h debug.h \
- ncparse.h log.h rollover.h nscomm.h soaserial.h \
- zfparse.h tcap.h
-SRC_ALL = dki.c misc.c domaincmp.c zconf.c log.c
-OBJ_ALL = $(SRC_ALL:.c=.o)
-
-SRC_SIG = zkt-signer.c zone.c ncparse.c rollover.c \
- nscomm.c soaserial.c
-OBJ_SIG = $(SRC_SIG:.c=.o)
-MAN_SIG = zkt-signer.8
-PROG_SIG= zkt-signer
-
-SRC_CNF = zkt-conf.c zfparse.c
-OBJ_CNF = $(SRC_CNF:.c=.o)
-MAN_CNF = zkt-conf.8
-PROG_CNF= zkt-conf
-
-# shared sources
-SRC_KLS = strlist.c zkt.c tcap.c
-OBJ_KLS = $(SRC_KLS:.c=.o)
-
-SRC_KEY = zkt-keyman.c
-OBJ_KEY = $(SRC_KEY:.c=.o) $(OBJ_KLS)
-MAN_KEY = zkt-keyman.8
-PROG_KEY= zkt-keyman
-
-SRC_LS = zkt-ls.c
-OBJ_LS = $(SRC_LS:.c=.o) $(OBJ_KLS)
-MAN_LS = zkt-ls.8
-PROG_LS= zkt-ls
-
-SRC_SER = zkt-soaserial.c
-OBJ_SER = $(SRC_SER:.c=.o)
-#MAN_SER = zkt-soaserial.8
-PROG_SER= zkt-soaserial
-
-SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_LS) $(SRC_SER) $(SRC_KEY)
-OBJ_PRG = $(SRC_PRG:.c=.o)
-PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_LS) $(PROG_SER) $(PROG_KEY)
-
-MAN_ALL = $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY)
-OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \
- configure distribute.sh examples
-SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KLS) \
- $(SRC_LS) $(SRC_KEY) $(SRC_SER) $(OTHER) \
- man configure.ac config.h.in doc
-#MNTSAVE = $(SAVE) configure.ac config.h.in doc
-
-
-all: $(PROG_CNF) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY)
-
-macos: ## for MAC OS (depreciated)
-macos:
- $(MAKE) CFLAGS="$(CFLAGS) -D HAS_UTYPES=0" all
-
-solaris: ## for solaris (depreciated)
-solaris:
- @$(MAKE) CFLAGS="$(CFLAGS) -D HAVE_GETOPT_LONG=0" all
-
-linux: ## for linux (default)
-linux:
- @$(MAKE) all
-
-$(PROG_SIG): $(OBJ_SIG) $(OBJ_ALL) Makefile
- $(CC) $(LDFLAGS) $(OBJ_SIG) $(OBJ_ALL) -o $(PROG_SIG)
-
-$(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile
- $(CC) $(LDFLAGS) $(OBJ_CNF) $(OBJ_ALL) -o $(PROG_CNF)
-
-$(PROG_KEY): $(OBJ_KEY) $(OBJ_ALL) Makefile
- $(CC) $(LDFLAGS) $(LIBS) $(OBJ_KEY) $(OBJ_ALL) -o $(PROG_KEY)
-
-$(PROG_LS): $(OBJ_LS) $(OBJ_ALL) Makefile
- $(CC) $(LDFLAGS) $(LIBS) $(OBJ_LS) $(OBJ_ALL) -o $(PROG_LS)
-
-$(PROG_SER): $(OBJ_SER) Makefile
- $(CC) $(LDFLAGS) $(OBJ_SER) -o $(PROG_SER)
-
-install: ## install binaries in prefix/bin
-install: $(PROG_PRG)
- test -d $(prefix)/bin || mkdir -p $(prefix)/bin
- cp $(PROG_PRG) $(prefix)/bin/
-
-install-man: ## install man pages in mandir
-install-man:
- test -d $(mandir)/man8/ || mkdir -p $(mandir)/man8/
- cp -p man/$(MAN_LS) man/$(MAN_SIG) man/$(MAN_KEY) man/$(MAN_CNF) $(mandir)/man8/
-
-
-
-tags: ## create tags file
-#tags: $(SRC_ALL) $(SRC_PRG)
-tags: $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KEY) $(SRC_LS) $(SRC_SER) $(SRC_KLS)
- ctags $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KEY) $(SRC_LS) $(SRC_SER) $(SRC_KLS)
-
-clean: ## remove objectfiles and binaries
-clean:
- -rm -f $(OBJ_PRG) $(OBJ_ALL) $(PROG_PRG)
-
-distclean: ## remove objectfiles, binaries and distribution files
-distclean: clean
- -rm -f Makefile config.h config.log config.status config.cache \
- $(PROJECT)-$(VERSION).tar.gz
-
-tar: ## create tar file for distribution
-tar: $(PROJECT)-$(VERSION).tar.gz
-
-configure: ## create configure script
-configure: configure.ac Makefile.in
- autoconf && autoheader
-
-man: man/$(MAN_KEY).html man/$(MAN_KEY).pdf \
- man/$(MAN_SIG).html man/$(MAN_SIG).pdf \
- man/$(MAN_LS).html man/$(MAN_LS).pdf \
- man/$(MAN_CNF).html man/$(MAN_CNF).pdf
-
-man/$(MAN_KEY).html: man/$(MAN_KEY)
- groff -Thtml -man -mhtml man/$(MAN_KEY) > man/$(MAN_KEY).html
-man/$(MAN_KEY).pdf: man/$(MAN_KEY)
- groff -Tps -man man/$(MAN_KEY) | ps2pdf - man/$(MAN_KEY).pdf
-man/$(MAN_LS).html: man/$(MAN_LS)
- groff -Thtml -man -mhtml man/$(MAN_LS) > man/$(MAN_LS).html
-man/$(MAN_LS).pdf: man/$(MAN_LS)
- groff -Tps -man man/$(MAN_LS) | ps2pdf - man/$(MAN_LS).pdf
-man/$(MAN_SIG).html: man/$(MAN_SIG)
- groff -Thtml -man -mhtml man/$(MAN_SIG) > man/$(MAN_SIG).html
-man/$(MAN_SIG).pdf: man/$(MAN_SIG)
- groff -Tps -man man/$(MAN_SIG) | ps2pdf - man/$(MAN_SIG).pdf
-man/$(MAN_CNF).html: man/$(MAN_CNF)
- groff -Thtml -man -mhtml man/$(MAN_CNF) > man/$(MAN_CNF).html
-man/$(MAN_CNF).pdf: man/$(MAN_CNF)
- groff -Tps -man man/$(MAN_CNF) | ps2pdf - man/$(MAN_CNF).pdf
-
-# generation of tar file out of the git archive
-# (use v$(VERSION) instead of HEAD if the tar file should depend on a tagged revision)
-$(PROJECT)-$(VERSION).tar.gz: $(SAVE)
- @test "`git tag -l $(VERSION)`" != $(VERSION) && echo "no tag $(VERSION) found in repository" && exit
- git archive --format=tar --prefix="$(PROJECT)-$(VERSION)/" $(VERSION) | \
- gzip > $(PROJECT)-$(VERSION).tar.gz
- # git archive --format=tar --prefix="$(PROJECT)-$(VERSION)/" HEAD | \
- # cat > $(PROJECT)-$(VERSION).tar
-
-depend:
- $(CC) -MM $(CFLAGS) $(SRC_PRG) $(SRC_ALL)
-
-help:
- @grep "^.*:[ ]*##" Makefile
-
-## all dependicies
-#:r !make depend
-#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c zkt-ls.c zkt-soaserial.c zkt-keyman.c dki.c misc.c domaincmp.c zconf.c log.c
-zkt-signer.o: zkt-signer.c config.h config_zkt.h zconf.h debug.h misc.h \
- ncparse.h nscomm.h zone.h dki.h log.h soaserial.h rollover.h
-zone.o: zone.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \
- dki.h zone.h
-ncparse.o: ncparse.c debug.h misc.h zconf.h log.h ncparse.h
-rollover.o: rollover.c config.h config_zkt.h zconf.h debug.h misc.h \
- zone.h dki.h log.h rollover.h
-nscomm.o: nscomm.c config.h config_zkt.h zconf.h nscomm.h zone.h dki.h \
- log.h misc.h debug.h
-soaserial.o: soaserial.c config.h config_zkt.h zconf.h log.h debug.h \
- soaserial.h
-zkt-conf.o: zkt-conf.c config.h config_zkt.h debug.h misc.h zconf.h \
- zfparse.h
-zfparse.o: zfparse.c config.h config_zkt.h zconf.h log.h debug.h \
- zfparse.h
-zkt-ls.o: zkt-ls.c config.h config_zkt.h debug.h misc.h zconf.h strlist.h \
- dki.h tcap.h zkt.h
-zkt-soaserial.o: zkt-soaserial.c config.h config_zkt.h
-zkt-keyman.o: zkt-keyman.c config.h config_zkt.h debug.h misc.h zconf.h \
- strlist.h dki.h zkt.h
-dki.o: dki.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \
- dki.h
-misc.o: misc.c config.h config_zkt.h zconf.h log.h debug.h misc.h
-domaincmp.o: domaincmp.c domaincmp.h
-zconf.o: zconf.c config.h config_zkt.h debug.h misc.h zconf.h dki.h
-log.o: log.c config.h config_zkt.h misc.h zconf.h debug.h log.h
+++ /dev/null
-#
-# README dnssec zone key tool
-#
-# (c) March 2005 - Aug 2014 by Holger Zuleger hznet
-# (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho)
-# (c) zconf.c by Jeroen Masar & Holger Zuleger
-#
-
-For more information about the DNSSEC Zone Key Tool please
-have a look at "http://www.hznet.de/dns/zkt/"
-
-You can also subscribe to the zkt-users@sourceforge.net mailing list
-on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users
-
-The ZKT software is licenced under BSD (see LICENCE file)
-
-To build the software:
-a) Get the current version of zkt
- $ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz
-
-b) Unpack
- $ tar xzvf zkt-1.1.tar.gz
-
-c) Change to source directory
- $ cd zkt-1.1
-
-d) Run configure script
- $ ./configure
-
-e) Compile
- $ make
-
-f) Install
- # make install
- # make install-man
-
-
-Prepare your setup:
-a) (optional) Install or rebuild the default dnssec.conf file
- $ zkt-conf -d -w # Install new file
- or
- $ zkt-conf -s -w # rebuild existing file
-
-b) (optional) Change default parameters
- $ zkt-conf -s -O "Zonedir: /var/named/zones" -w
- or use your prefered editor
- $ vi /var/named/dnssec.conf
- (optional) You'll probably want to have zkt-ls work recursively
- $ zkt-conf -s -O "Recursive: True" -w
-
-c) Prepare one of your zone for zkt
- $ cd /var/named/zones/net/example.net # change dir to zone directory
- $ cp <zonefile> zone.db # copy and rename existing zone file to "zone.db"
- $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file
-
-d) Prepare for initial signing
- $ cd /var/named/zones/net/example.net
- $ touch zone.db.signed
- $ zkt-signer -v -v -o example.net # -o is ORIGIN (i.e. zone name)
-
-e) Publish your zone
- @ add `zone.db.signed' as zone file to your name server
- @ publish DS contained in `dsset-example.net.' at your zone's parent
-
+++ /dev/null
-#
-# README.logging
-#
-# Introduction into the new logging feature
-# available since v0.96
-# Per domain logging is enabled since v1.0
-#
-
-In previous version of dnssec-signer every message was written
-to the default stdout and stderr channels, and the logging itself
-was handled by a redirection of those chanels to the logger command
-or to a file.
-
-Since v0.96, the dnssec-signer command is able to log all messages
-by itself. File and SYSLOG logging is supported.
-
-To enable the logging into a file channel, you have to specify
-the file or directory name via the commandline option -L (--logfile)
-or via the config file parameter "LogFile".
- LogFile: ""|"<file>"|"<directory>" (default is "")
-If a file is specified, than each run of dnssec-signer will append the
-messages to that file. If a directory is specified, than a file with a
-name of zkt-<ISOdate&timeUTC>+log" will be created on each dnssec-signer run.
-
-Since v1.0 per domain logging is possible.
-If the parameter "LogDomainDir:" is not empty, than the domain specific messages
-are written to a separate log file with a name like "zkt-<domainname>+log" in the
-directory specified by the parameter.
-If "LogDomainDir:" is set to ".", then the logfile will be created in the domain
-directory of the zone.
-
-Logging into the syslog channel could be enabled via the config file
-parameter "SyslogFacility".
- SyslogFacility: NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER)
-
-For both channels, the log level could be set to one of six log levels:
- LG_FATAL, LG_ERROR, LG_WARNING
- LB_NOTICE, LG_INFO, LG_DEBUG
-
-The loglevel is settable via the config file parameter :
- SyslogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
- (default is ERROR)
-and
- LogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
- (default is NOTICE)
-
-All the log parameters are settable on the commandline via the generic
-option -O "optstring" (--config-option="optstring").
-
-A verbose message output to stdout could be achieved by the commandline
-option -v (or -v -v).
-If you like to have this verbose messages also logged with a level of LG_DEBUG
-you should enable this by setting the config file option
-"VerboseLog" to a value of 1 or 2.
-
-Current logging messages:
- LG_FATAL: Not all of the fatal errors are logged
- (e.g.: config file or command line option fatal errors are
- not logged)
- LG_ERROR: All error messages will be logged
- LG_WARNING: KSK lifetime expiration
- LG_NOTICE:
- Start and stop of dnssec-signer
- Re-signing events
- Key rollover events
- KSK key generation and revoking
- Zone reload resp. freeze/thaw of dynamic zone
- LG_INFO:
- Messages for key generation/removal and ksk rollover
- LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages
-
-Some recomended and useful logging settings
-
-- The default setting
- LogFile: ""
- SyslogFacility: USER
- SyslogLevel: NOTICE
- VerboseLog: 0
-
-- Setting as in version v0.95
- LogFile: "zkt-error.log" # or a directory for separate logfiles
- LogLevel: ERROR
- SyslogFacility: NONE
- VerboseLog: 0
-
-- Setting as in previous versions
- LogFile: ""
- SyslogFacility: NONE
- VerboseLog: 0
-
-- Recommended setting for normal usage
- LogFile: "zkt.log" # or a directory for separate logfiles
- LogLevel: ERROR
- SyslogFacility: USER
- SyslogLevel: NOTICE
- VerboseLog: 0
-
-- Recommended setting for debugging
- LogFile: "zkt.log" # or a directory for separate logfiles
- LogLevel: DEBUG
- SyslogFacility: USER
- SyslogLevel: NOTICE
- VerboseLog: 2
+++ /dev/null
-TODO list as of zkt-1.1
-
-zkt-ls:
- feat option to specify the key age as remaining lifetime
- (Option -i inverse age ?).
-
-zkt-signer:
- bug Distribute_Cmd wouldn't work properly on dynamic zones
- (missing freeze, thaw; copy Keyfiles instead of signed zone file)
-
- bug Automatic KSK rollover of dynamic zones will only work if the parent
- uses the standard name for the signed zonefile (zonefile.db.signed).
-
- bug Phase3 of manual ksk rollover do not trigger a resigning of the zone
- (Key removal is not recognized by dosigning () function )
-
- bug There is no online checking of the key material by design.
- The signer command checks the status of the key as they
- are represented in the file system and not in the zone.
- The dnssec maintainer is responsible for the lifeliness of the
- data in the hosted domain.
- In other words: It's highly recommended to use the
- option -r when you use zkt-signer on a production zone.
- Than the time of propagation is (more or less) equal to the timestamp
- of the zone.db.signed file.
-
-zkt-rollover:
- feat New command to roll keys independent of zone signing
- (Usefull for dynamic zones managed by BIND9.7)
-
-dki:
- feat Use dynamic memory for dname in dki_t
+++ /dev/null
-/* config.h.in. Generated from configure.ac by autoheader. */
-
-/* Path to BIND utilities */
-#undef BIND_UTIL_PATH
-
-/* BIND version as integer number without dots */
-#undef BIND_VERSION
-
-/* Define to 1 if the `closedir' function returns void instead of `int'. */
-#undef CLOSEDIR_VOID
-
-/* zkt-ls with colors */
-#undef COLOR_MODE
-
-/* set path of config file (defaults to /var/named) */
-#undef CONFIG_PATH
-
-/* Define to 1 if you have the `alarm' function. */
-#undef HAVE_ALARM
-
-/* Define to 1 if you have the <curses.h> header file. */
-#undef HAVE_CURSES_H
-
-/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
- */
-#undef HAVE_DIRENT_H
-
-/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
-#undef HAVE_DOPRNT
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#undef HAVE_FCNTL_H
-
-/* Define to 1 if you have the <getopt.h> header file. */
-#undef HAVE_GETOPT_H
-
-/* Define to 1 if you have the `getopt_long' function. */
-#undef HAVE_GETOPT_LONG
-
-/* Define to 1 if you have the `gettimeofday' function. */
-#undef HAVE_GETTIMEOFDAY
-
-/* Define to 1 if you have the `getuid' function. */
-#undef HAVE_GETUID
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you have the `ncurses' library (-lncurses). */
-#undef HAVE_LIBNCURSES
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define to 1 if you have the `memset' function. */
-#undef HAVE_MEMSET
-
-/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
-#undef HAVE_NDIR_H
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#undef HAVE_NETDB_H
-
-/* Define to 1 if you have the `putenv' function. */
-#undef HAVE_PUTENV
-
-/* Define to 1 if you have the `socket' function. */
-#undef HAVE_SOCKET
-
-/* Define to 1 if `stat' has the bug that it succeeds when given the
- zero-length file name argument. */
-#undef HAVE_STAT_EMPTY_STRING_BUG
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define to 1 if you have the `strcasecmp' function. */
-#undef HAVE_STRCASECMP
-
-/* Define to 1 if you have the `strchr' function. */
-#undef HAVE_STRCHR
-
-/* Define to 1 if you have the `strdup' function. */
-#undef HAVE_STRDUP
-
-/* Define to 1 if you have the `strerror' function. */
-#undef HAVE_STRERROR
-
-/* Define to 1 if you have the `strftime' function. */
-#undef HAVE_STRFTIME
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the `strncasecmp' function. */
-#undef HAVE_STRNCASECMP
-
-/* Define to 1 if you have the `strrchr' function. */
-#undef HAVE_STRRCHR
-
-/* Define to 1 if you have the <syslog.h> header file. */
-#undef HAVE_SYSLOG_H
-
-/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
- */
-#undef HAVE_SYS_DIR_H
-
-/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
- */
-#undef HAVE_SYS_NDIR_H
-
-/* Define to 1 if you have the <sys/socket.h> header file. */
-#undef HAVE_SYS_SOCKET_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <term.h> header file. */
-#undef HAVE_TERM_H
-
-/* Define to 1 if you have the `timegm' function. */
-#undef HAVE_TIMEGM
-
-/* Define to 1 if you have the `tzset' function. */
-#undef HAVE_TZSET
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to 1 if you have the `utime' function. */
-#undef HAVE_UTIME
-
-/* Define to 1 if you have the <utime.h> header file. */
-#undef HAVE_UTIME_H
-
-/* Define to 1 if `utime(file, NULL)' sets file's timestamp to the present. */
-#undef HAVE_UTIME_NULL
-
-/* Define to 1 if you have the `vprintf' function. */
-#undef HAVE_VPRINTF
-
-/* log with level */
-#undef LOG_WITH_LEVEL
-
-/* log with progname */
-#undef LOG_WITH_PROGNAME
-
-/* log with timestamp */
-#undef LOG_WITH_TIMESTAMP
-
-/* Define to 1 if `lstat' dereferences a symlink specified with a trailing
- slash. */
-#undef LSTAT_FOLLOWS_SLASHED_SYMLINK
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the home page for this package. */
-#undef PACKAGE_URL
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* print age with year */
-#undef PRINT_AGE_WITH_YEAR
-
-/* print out timezone */
-#undef PRINT_TIMEZONE
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
-#undef TIME_WITH_SYS_TIME
-
-/* Define to 1 if your <sys/time.h> declares `struct tm'. */
-#undef TM_IN_SYS_TIME
-
-/* TTL in keyfiles allowed */
-#undef TTL_IN_KEYFILE_ALLOWED
-
-/* Use TREE data structure for dnssec-zkt */
-#undef USE_TREE
-
-/* ZKT copyright string */
-#undef ZKT_COPYRIGHT
-
-/* ZKT version string */
-#undef ZKT_VERSION
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef gid_t
-
-/* Define to `unsigned int' if <sys/types.h> does not define. */
-#undef size_t
-
-/* Define to `unsigned char' if <sys/types.h> does not define. */
-#undef uchar
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef uid_t
-
-/* Define to `unsigned int' if <sys/types.h> does not define. */
-#undef uint
-
-/* Define to `unsigned long' if <sys/types.h> does not define. */
-#undef ulong
-
-/* Define to `unsigned short' if <sys/types.h> does not define. */
-#undef ushort
+++ /dev/null
-/*****************************************************************
-**
-** @(#) config_zkt.h -- config options for ZKT
-**
-** Copyright (c) Aug 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef CONFIG_ZKT_H
-# define CONFIG_ZKT_H
-
-/* don't change anything below this */
-/* the values here are determined or settable via the ./configure script */
-
-#ifndef HAS_UTYPES
-# define HAS_UTYPES 1
-#endif
-
-/* # define HAVE_TIMEGM 1 */
-/* # define HAVE_GETOPT_LONG 1 */
-/* # define HAVE_STRFTIME 1 */
-
-#ifndef COLOR_MODE
-# define COLOR_MODE 1
-#endif
-
-#ifndef TTL_IN_KEYFILE_ALLOWED
-# define TTL_IN_KEYFILE_ALLOWED 1
-#endif
-
-#ifndef PRINT_TIMEZONE
-# define PRINT_TIMEZONE 0
-#endif
-
-#ifndef PRINT_AGE_WITH_YEAR
-# define PRINT_AGE_WITH_YEAR 0
-#endif
-
-#ifndef LOG_WITH_PROGNAME
-# define LOG_WITH_PROGNAME 0
-#endif
-
-#ifndef LOG_WITH_TIMESTAMP
-# define LOG_WITH_TIMESTAMP 1
-#endif
-
-#ifndef LOG_WITH_LEVEL
-# define LOG_WITH_LEVEL 1
-#endif
-
-#ifndef ALWAYS_CHECK_KEYSETFILES
-# define ALWAYS_CHECK_KEYSETFILES 1
-#endif
-
-#ifndef ALLOW_ALWAYS_PREPUBLISH_ZSK
-# define ALLOW_ALWAYS_PREPUBLISH_ZSK 1
-#endif
-
-#ifndef CONFIG_PATH
-# define CONFIG_PATH "/var/named/"
-#endif
-
-/* tree usage is setable by configure script parameter */
-#ifndef USE_TREE
-# define USE_TREE 1
-#endif
-
-/* BIND version and utility path *must* be set by ./configure script */
-#ifndef BIND_UTIL_PATH
-# error ("BIND_UTIL_PATH not set. Please run configure with --enable-bind_util_path=");
-#endif
-#ifndef BIND_VERSION
-# define BIND_VERSION 980
-#endif
-
-#ifndef ZKT_VERSION
-# if defined(USE_TREE) && USE_TREE
-# define ZKT_VERSION "vT1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de"
-# else
-# define ZKT_VERSION "v1.1.0 (c) Feb 2005 - Jan 2012 Holger Zuleger hznet.de"
-# endif
-#endif
-
-
-#if !defined(HAS_UTYPES) || !HAS_UTYPES
-typedef unsigned long ulong;
-typedef unsigned int uint;
-typedef unsigned short ushort;
-typedef unsigned char uchar;
-#endif
-
-#endif
+++ /dev/null
-#! /bin/sh
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ZKT 1.1.3.
-#
-# Report bugs to <Holger Zuleger hznet.de>.
-#
-#
-# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
-#
-#
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-# Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
- _as_can_reexec=no; export _as_can_reexec;
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-as_fn_exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else
- case \`(set -o) 2>/dev/null\` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
-
-else
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1
-test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1"
- if (eval "$as_required") 2>/dev/null; then :
- as_have_required=yes
-else
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
-
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- as_found=:
- case $as_dir in #(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir/$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi; }
-IFS=$as_save_IFS
-
-
- if test "x$CONFIG_SHELL" != x; then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
-fi
-
- if test x$as_have_required = xno; then :
- $as_echo "$0: This script requires a shell more modern than all"
- $as_echo "$0: the shells that I found on your system."
- if test x${ZSH_VERSION+set} = xset ; then
- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
- else
- $as_echo "$0: Please tell bug-autoconf@gnu.org and Holger Zuleger
-$0: hznet.de about your system, including any error
-$0: possibly output before this message. Then install a
-$0: modern shell, or manually run the script under such a
-$0: shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- $as_echo "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
- # in an infinite loop. This has already happened in practice.
- _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME='ZKT'
-PACKAGE_TARNAME='zkt'
-PACKAGE_VERSION='1.1.3'
-PACKAGE_STRING='ZKT 1.1.3'
-PACKAGE_BUGREPORT='Holger Zuleger hznet.de'
-PACKAGE_URL=''
-
-ac_unique_file="zkt-signer.c"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif
-#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-# include <memory.h>
-# endif
-# include <string.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_header_list=
-ac_func_list=
-ac_subst_vars='LTLIBOBJS
-LIBOBJS
-EGREP
-GREP
-CPP
-SIGNZONE_PROG
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_bind_util_path
-enable_color_mode
-with_curses
-enable_printtimezone
-enable_printyear
-enable_logprogname
-enable_logtimestamp
-enable_loglevel
-enable_ttl_in_keyfile
-enable_configpath
-enable_tree
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-CPP'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures ZKT 1.1.3 to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/zkt]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
- case $ac_init_help in
- short | recursive ) echo "Configuration of ZKT 1.1.3:";;
- esac
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --enable-bind_util_path=PATH
- Define path to BIND utilities, default is path to
- dnssec-signzone
- --disable-color-mode zkt without colors
- --enable-print-timezone print out timezone
- --enable-print-age print age with year
- --enable-log-progname log with progname
- --disable-log-timestamp do not log with timestamp
- --disable-log-level do not log with level
- --disable-ttl-in-keyfiles
- do not allow TTL values in keyfiles
- --enable-configpath=PATH
- set path of config file (defaults to /var/named)
- --disable-tree use single linked list instead of binary tree data
- structure for dnssec-zkt
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --without-curses Ignore presence of curses and disable color mode
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- CPP C preprocessor
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to <Holger Zuleger hznet.de>.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for guested configure.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-ZKT configure 1.1.3
-generated by GNU Autoconf 2.69
-
-Copyright (C) 2012 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-# ac_fn_c_try_compile LINENO
-# --------------------------
-# Try to compile conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_compile
-
-# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
-# -------------------------------------------
-# Tests whether TYPE exists after having included INCLUDES, setting cache
-# variable VAR accordingly.
-ac_fn_c_check_type ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- eval "$3=no"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main ()
-{
-if (sizeof ($2))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main ()
-{
-if (sizeof (($2)))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-else
- eval "$3=yes"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_type
-
-# ac_fn_c_try_cpp LINENO
-# ----------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_cpp
-
-# ac_fn_c_try_run LINENO
-# ----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
-# that executables *can* be run.
-ac_fn_c_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- ac_retval=0
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_run
-
-# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists and can be compiled using the include files in
-# INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- eval "$3=yes"
-else
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_compile
-
-# ac_fn_c_try_link LINENO
-# -----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_link
-
-# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists, giving a warning if it cannot be compiled using
-# the include files in INCLUDES and setting the cache variable VAR
-# accordingly.
-ac_fn_c_check_header_mongrel ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if eval \${$3+:} false; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-else
- # Is the header compilable?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
-$as_echo_n "checking $2 usability... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_header_compiler=yes
-else
- ac_header_compiler=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
-$as_echo "$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
-$as_echo_n "checking $2 presence... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <$2>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- ac_header_preproc=yes
-else
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
-$as_echo "$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
- yes:no: )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
-$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
- no:yes:* )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
-$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
-$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
-$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
-$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
-( $as_echo "## -------------------------------------- ##
-## Report this to Holger Zuleger hznet.de ##
-## -------------------------------------- ##"
- ) | sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- eval "$3=\$ac_header_compiler"
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_mongrel
-
-# ac_fn_c_check_func LINENO FUNC VAR
-# ----------------------------------
-# Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_c_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main ()
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- eval "$3=yes"
-else
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_func
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by ZKT $as_me 1.1.3, which was
-generated by GNU Autoconf 2.69. Invocation command line was
-
- $ $0 $@
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- $as_echo "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- $as_echo "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- $as_echo "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- $as_echo "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- $as_echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- $as_echo "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- $as_echo "$as_me: caught signal $ac_signal"
- $as_echo "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-$as_echo "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_URL "$PACKAGE_URL"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-ac_site_file1=NONE
-ac_site_file2=NONE
-if test -n "$CONFIG_SITE"; then
- # We do not want a PATH search for config.site.
- case $CONFIG_SITE in #((
- -*) ac_site_file1=./$CONFIG_SITE;;
- */*) ac_site_file1=$CONFIG_SITE;;
- *) ac_site_file1=./$CONFIG_SITE;;
- esac
-elif test "x$prefix" != xNONE; then
- ac_site_file1=$prefix/share/config.site
- ac_site_file2=$prefix/etc/config.site
-else
- ac_site_file1=$ac_default_prefix/share/config.site
- ac_site_file2=$ac_default_prefix/etc/config.site
-fi
-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
-do
- test "x$ac_site_file" = xNONE && continue
- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-$as_echo "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-$as_echo "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-as_fn_append ac_header_list " sys/time.h"
-as_fn_append ac_header_list " unistd.h"
-as_fn_append ac_func_list " alarm"
-as_fn_append ac_header_list " utime.h"
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-### Files to test to check if src dir contains the package
-
-ac_config_headers="$ac_config_headers config.h"
-
-
-
-### Checks for programs.
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-
-
-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-$as_echo_n "checking whether the C compiler works... " >&6; }
-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else
- ac_file=''
-fi
-if test -z "$ac_file"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-$as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-$as_echo_n "checking for C compiler default output file name... " >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-$as_echo "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-$as_echo_n "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-$as_echo "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdio.h>
-int
-main ()
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-$as_echo_n "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-$as_echo "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-$as_echo_n "checking for suffix of object files... " >&6; }
-if ${ac_cv_objext+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-$as_echo "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if ${ac_cv_c_compiler_gnu+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_compiler_gnu=yes
-else
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if ${ac_cv_prog_cc_g+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-else
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-else
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if ${ac_cv_prog_cc_c89+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c89" != xno; then :
-
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-### find out the path to BIND utils and version
-# Check whether --enable-bind_util_path was given.
-if test "${enable_bind_util_path+set}" = set; then :
- enableval=$enable_bind_util_path; bind_util_path=$enableval
-fi
-
-if test -n "$bind_util_path"
-then
- if test -x "$bind_util_path/dnssec-signzone"
- then
- { $as_echo "$as_me:${as_lineno-$LINENO}: BIND utilities path successfully set to $bind_util_path." >&5
-$as_echo "$as_me: BIND utilities path successfully set to $bind_util_path." >&6;}
- SIGNZONE_PROG=$bind_util_path/dnssec-signzone
- else
- as_fn_error $? "*** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***" "$LINENO" 5
- fi
-else
- # Extract the first word of "dnssec-signzone", so it can be a program name with args.
-set dummy dnssec-signzone; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_SIGNZONE_PROG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- case $SIGNZONE_PROG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_SIGNZONE_PROG="$SIGNZONE_PROG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_SIGNZONE_PROG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-SIGNZONE_PROG=$ac_cv_path_SIGNZONE_PROG
-if test -n "$SIGNZONE_PROG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SIGNZONE_PROG" >&5
-$as_echo "$SIGNZONE_PROG" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: BIND utility $SIGNZONE_PROG found" >&5
-$as_echo "$as_me: BIND utility $SIGNZONE_PROG found" >&6;}
- if test -n "$SIGNZONE_PROG"
- then
- bind_util_path=`dirname "$SIGNZONE_PROG"`
- { $as_echo "$as_me:${as_lineno-$LINENO}: BIND utilities path automatically set to $bind_util_path." >&5
-$as_echo "$as_me: BIND utilities path automatically set to $bind_util_path." >&6;}
- else
- as_fn_error $? "*** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***" "$LINENO" 5
- fi
-fi
-### By now, we have a path. We'll use it.
-# define BIND_UTIL_PATH in config.h.in
-
-cat >>confdefs.h <<_ACEOF
-#define BIND_UTIL_PATH "$bind_util_path/"
-_ACEOF
-
-
-# define BIND_VERSION in config.h.in
-bind_version=`$SIGNZONE_PROG 2>&1 | awk -F: '/^Version:/ { split ($2, v, "."); printf ("%2d%02d%02d\n", atoi (v[1]), atoi (v[2]), atoi (v[3])); };'`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: BIND_VERSION string set to $bind_version." >&5
-$as_echo "$as_me: BIND_VERSION string set to $bind_version." >&6;}
-
-cat >>confdefs.h <<_ACEOF
-#define BIND_VERSION $bind_version
-_ACEOF
-
-if test $bind_version -lt "90800"
-then
- as_fn_error $? "*** 'This version of ZKT requires a BIND version greater 9.7' ***" "$LINENO" 5
-fi
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-$as_echo_n "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if ${ac_cv_prog_CPP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
- break
-fi
-
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-$as_echo "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
-
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if ${ac_cv_path_GREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_GREP" || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-$as_echo "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-$as_echo_n "checking for egrep... " >&6; }
-if ${ac_cv_path_EGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_EGREP" || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- $as_echo 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-$as_echo "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if ${ac_cv_header_stdc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_stdc=yes
-else
- ac_cv_header_stdc=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then :
- :
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-$as_echo "#define STDC_HEADERS 1" >>confdefs.h
-
-fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-ac_fn_c_check_type "$LINENO" "uint" "ac_cv_type_uint" "$ac_includes_default"
-if test "x$ac_cv_type_uint" = xyes; then :
-
-else
-
-cat >>confdefs.h <<_ACEOF
-#define uint unsigned int
-_ACEOF
-
-fi
-
-ac_fn_c_check_type "$LINENO" "ulong" "ac_cv_type_ulong" "$ac_includes_default"
-if test "x$ac_cv_type_ulong" = xyes; then :
-
-else
-
-cat >>confdefs.h <<_ACEOF
-#define ulong unsigned long
-_ACEOF
-
-fi
-
-ac_fn_c_check_type "$LINENO" "ushort" "ac_cv_type_ushort" "$ac_includes_default"
-if test "x$ac_cv_type_ushort" = xyes; then :
-
-else
-
-cat >>confdefs.h <<_ACEOF
-#define ushort unsigned short
-_ACEOF
-
-fi
-
-ac_fn_c_check_type "$LINENO" "uchar" "ac_cv_type_uchar" "$ac_includes_default"
-if test "x$ac_cv_type_uchar" = xyes; then :
-
-else
-
-cat >>confdefs.h <<_ACEOF
-#define uchar unsigned char
-_ACEOF
-
-fi
-
-
-### define configure arguments
-# Check whether --enable-color_mode was given.
-if test "${enable_color_mode+set}" = set; then :
- enableval=$enable_color_mode;
-fi
-
-color_mode=1
-if test "$enable_color_mode" = "no"; then :
- color_mode=0
-fi
-
-
-# Check whether --with-curses was given.
-if test "${with_curses+set}" = set; then :
- withval=$with_curses;
-fi
-
-
-if test "x$with_curses" != "xno"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tgetent in -lncurses" >&5
-$as_echo_n "checking for tgetent in -lncurses... " >&6; }
-if ${ac_cv_lib_ncurses_tgetent+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lncurses $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char tgetent ();
-int
-main ()
-{
-return tgetent ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_ncurses_tgetent=yes
-else
- ac_cv_lib_ncurses_tgetent=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ncurses_tgetent" >&5
-$as_echo "$ac_cv_lib_ncurses_tgetent" >&6; }
-if test "x$ac_cv_lib_ncurses_tgetent" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBNCURSES 1
-_ACEOF
-
- LIBS="-lncurses $LIBS"
-
-fi
-
-else
- HAVE_LIB_NCURSES=0; color_mode=0
-fi
-
-
-cat >>confdefs.h <<_ACEOF
-#define COLOR_MODE $color_mode
-_ACEOF
-
-
-
-# Check whether --enable-printtimezone was given.
-if test "${enable_printtimezone+set}" = set; then :
- enableval=$enable_printtimezone;
-fi
-
-printtimezone=0
-if test "$enable_printtimezone" = "yes"; then :
- printtimezone=1
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define PRINT_TIMEZONE $printtimezone
-_ACEOF
-
-
-# Check whether --enable-printyear was given.
-if test "${enable_printyear+set}" = set; then :
- enableval=$enable_printyear;
-fi
-
-printyear=0
-if test "$enable_printyear" = "yes"; then :
- printyear=1
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define PRINT_AGE_WITH_YEAR $printyear
-_ACEOF
-
-
-# Check whether --enable-logprogname was given.
-if test "${enable_logprogname+set}" = set; then :
- enableval=$enable_logprogname;
-fi
-
-logprogname=0
-if test "$enable_logprogname" = "yes"; then :
- logprogname=1
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define LOG_WITH_PROGNAME $logprogname
-_ACEOF
-
-
-# Check whether --enable-logtimestamp was given.
-if test "${enable_logtimestamp+set}" = set; then :
- enableval=$enable_logtimestamp;
-fi
-
-logtimestamp=1
-if test "$enable_logtimestamp" = "no"; then :
- logtimestamp=0
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define LOG_WITH_TIMESTAMP $logtimestamp
-_ACEOF
-
-
-# Check whether --enable-loglevel was given.
-if test "${enable_loglevel+set}" = set; then :
- enableval=$enable_loglevel;
-fi
-
-loglevel=1
-if test "$enable_loglevel" = "no"; then :
- loglevel=0
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define LOG_WITH_LEVEL $loglevel
-_ACEOF
-
-
-# Check whether --enable-ttl_in_keyfile was given.
-if test "${enable_ttl_in_keyfile+set}" = set; then :
- enableval=$enable_ttl_in_keyfile;
-fi
-
-ttl_in_keyfile=1
-if test "$enable_ttl_in_keyfile" = "no"; then :
- ttl_in_keyfile=0
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define TTL_IN_KEYFILE_ALLOWED $ttl_in_keyfile
-_ACEOF
-
-
-configpath="/var/named"
-# Check whether --enable-configpath was given.
-if test "${enable_configpath+set}" = set; then :
- enableval=$enable_configpath; configpath=$enableval
-fi
-
-case "$configpath" in
-yes)
- configpath="/var/named"
- ;;
-no)
- configpath=""
- ;;
-*)
- ;;
-esac
-
-cat >>confdefs.h <<_ACEOF
-#define CONFIG_PATH "$configpath/"
-_ACEOF
-
-
-usetree=1
-t=""
-# Check whether --enable-tree was given.
-if test "${enable_tree+set}" = set; then :
- enableval=$enable_tree; usetree=$enableval
-fi
-
-if test "$usetree" = no
-then
- usetree=0
- t="S"
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define USE_TREE $usetree
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define ZKT_VERSION "$t$PACKAGE_VERSION"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define ZKT_COPYRIGHT "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de"
-_ACEOF
-
-
-### Checks for libraries.
-
-### Checks for header files.
-ac_header_dirent=no
-for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
- as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5
-$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; }
-if eval \${$as_ac_Header+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
-#include <$ac_hdr>
-
-int
-main ()
-{
-if ((DIR *) 0)
-return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- eval "$as_ac_Header=yes"
-else
- eval "$as_ac_Header=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-eval ac_res=\$$as_ac_Header
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
-_ACEOF
-
-ac_header_dirent=$ac_hdr; break
-fi
-
-done
-# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
-if test $ac_header_dirent = dirent.h; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
-$as_echo_n "checking for library containing opendir... " >&6; }
-if ${ac_cv_search_opendir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char opendir ();
-int
-main ()
-{
-return opendir ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' dir; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_search_opendir=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext
- if ${ac_cv_search_opendir+:} false; then :
- break
-fi
-done
-if ${ac_cv_search_opendir+:} false; then :
-
-else
- ac_cv_search_opendir=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
-$as_echo "$ac_cv_search_opendir" >&6; }
-ac_res=$ac_cv_search_opendir
-if test "$ac_res" != no; then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-fi
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
-$as_echo_n "checking for library containing opendir... " >&6; }
-if ${ac_cv_search_opendir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char opendir ();
-int
-main ()
-{
-return opendir ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' x; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_search_opendir=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext
- if ${ac_cv_search_opendir+:} false; then :
- break
-fi
-done
-if ${ac_cv_search_opendir+:} false; then :
-
-else
- ac_cv_search_opendir=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
-$as_echo "$ac_cv_search_opendir" >&6; }
-ac_res=$ac_cv_search_opendir
-if test "$ac_res" != no; then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-fi
-
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if ${ac_cv_header_stdc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_stdc=yes
-else
- ac_cv_header_stdc=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then :
- :
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-$as_echo "#define STDC_HEADERS 1" >>confdefs.h
-
-fi
-
-for ac_header in fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h term.h curses.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-### Checks for typedefs, structures, and compiler characteristics.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
-if ${ac_cv_c_const+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this sort of thing. */
- typedef int charset[2];
- const charset cs = { 0, 0 };
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* AIX XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this sort of thing. */
- char tx;
- char *t = &tx;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; } bx;
- struct s *b = &bx; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_c_const=yes
-else
- ac_cv_c_const=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-$as_echo "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-$as_echo "#define const /**/" >>confdefs.h
-
-fi
-
-ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
-if test "x$ac_cv_type_size_t" = xyes; then :
-
-else
-
-cat >>confdefs.h <<_ACEOF
-#define size_t unsigned int
-_ACEOF
-
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
-$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
-if ${ac_cv_header_time+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_time=yes
-else
- ac_cv_header_time=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
-$as_echo "$ac_cv_header_time" >&6; }
-if test $ac_cv_header_time = yes; then
-
-$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
-
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5
-$as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; }
-if ${ac_cv_struct_tm+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
-#include <time.h>
-
-int
-main ()
-{
-struct tm tm;
- int *p = &tm.tm_sec;
- return !p;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_struct_tm=time.h
-else
- ac_cv_struct_tm=sys/time.h
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5
-$as_echo "$ac_cv_struct_tm" >&6; }
-if test $ac_cv_struct_tm = sys/time.h; then
-
-$as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h
-
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
-$as_echo_n "checking for uid_t in sys/types.h... " >&6; }
-if ${ac_cv_type_uid_t+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "uid_t" >/dev/null 2>&1; then :
- ac_cv_type_uid_t=yes
-else
- ac_cv_type_uid_t=no
-fi
-rm -f conftest*
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
-$as_echo "$ac_cv_type_uid_t" >&6; }
-if test $ac_cv_type_uid_t = no; then
-
-$as_echo "#define uid_t int" >>confdefs.h
-
-
-$as_echo "#define gid_t int" >>confdefs.h
-
-fi
-
-
-
-### Checks for library functions.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether closedir returns void" >&5
-$as_echo_n "checking whether closedir returns void... " >&6; }
-if ${ac_cv_func_closedir_void+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "$cross_compiling" = yes; then :
- ac_cv_func_closedir_void=yes
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header_dirent>
-#ifndef __cplusplus
-int closedir ();
-#endif
-
-int
-main ()
-{
-return closedir (opendir (".")) != 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- ac_cv_func_closedir_void=no
-else
- ac_cv_func_closedir_void=yes
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_closedir_void" >&5
-$as_echo "$ac_cv_func_closedir_void" >&6; }
-if test $ac_cv_func_closedir_void = yes; then
-
-$as_echo "#define CLOSEDIR_VOID 1" >>confdefs.h
-
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_at_line" >&5
-$as_echo_n "checking for error_at_line... " >&6; }
-if ${ac_cv_lib_error_at_line+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <error.h>
-int
-main ()
-{
-error_at_line (0, 0, "", 0, "an error occurred");
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_error_at_line=yes
-else
- ac_cv_lib_error_at_line=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_error_at_line" >&5
-$as_echo "$ac_cv_lib_error_at_line" >&6; }
-if test $ac_cv_lib_error_at_line = no; then
- case " $LIBOBJS " in
- *" error.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS error.$ac_objext"
- ;;
-esac
-
-fi
-
-
-
-
- for ac_header in $ac_header_list
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-
-
- for ac_func in $ac_func_list
-do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working mktime" >&5
-$as_echo_n "checking for working mktime... " >&6; }
-if ${ac_cv_func_working_mktime+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "$cross_compiling" = yes; then :
- ac_cv_func_working_mktime=no
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Test program from Paul Eggert and Tony Leneis. */
-#ifdef TIME_WITH_SYS_TIME
-# include <sys/time.h>
-# include <time.h>
-#else
-# ifdef HAVE_SYS_TIME_H
-# include <sys/time.h>
-# else
-# include <time.h>
-# endif
-#endif
-
-#include <limits.h>
-#include <stdlib.h>
-
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-
-#ifndef HAVE_ALARM
-# define alarm(X) /* empty */
-#endif
-
-/* Work around redefinition to rpl_putenv by other config tests. */
-#undef putenv
-
-static time_t time_t_max;
-static time_t time_t_min;
-
-/* Values we'll use to set the TZ environment variable. */
-static const char *tz_strings[] = {
- (const char *) 0, "TZ=GMT0", "TZ=JST-9",
- "TZ=EST+3EDT+2,M10.1.0/00:00:00,M2.3.0/00:00:00"
-};
-#define N_STRINGS (sizeof (tz_strings) / sizeof (tz_strings[0]))
-
-/* Return 0 if mktime fails to convert a date in the spring-forward gap.
- Based on a problem report from Andreas Jaeger. */
-static int
-spring_forward_gap ()
-{
- /* glibc (up to about 1998-10-07) failed this test. */
- struct tm tm;
-
- /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0"
- instead of "TZ=America/Vancouver" in order to detect the bug even
- on systems that don't support the Olson extension, or don't have the
- full zoneinfo tables installed. */
- putenv ((char*) "TZ=PST8PDT,M4.1.0,M10.5.0");
-
- tm.tm_year = 98;
- tm.tm_mon = 3;
- tm.tm_mday = 5;
- tm.tm_hour = 2;
- tm.tm_min = 0;
- tm.tm_sec = 0;
- tm.tm_isdst = -1;
- return mktime (&tm) != (time_t) -1;
-}
-
-static int
-mktime_test1 (time_t now)
-{
- struct tm *lt;
- return ! (lt = localtime (&now)) || mktime (lt) == now;
-}
-
-static int
-mktime_test (time_t now)
-{
- return (mktime_test1 (now)
- && mktime_test1 ((time_t) (time_t_max - now))
- && mktime_test1 ((time_t) (time_t_min + now)));
-}
-
-static int
-irix_6_4_bug ()
-{
- /* Based on code from Ariel Faigon. */
- struct tm tm;
- tm.tm_year = 96;
- tm.tm_mon = 3;
- tm.tm_mday = 0;
- tm.tm_hour = 0;
- tm.tm_min = 0;
- tm.tm_sec = 0;
- tm.tm_isdst = -1;
- mktime (&tm);
- return tm.tm_mon == 2 && tm.tm_mday == 31;
-}
-
-static int
-bigtime_test (int j)
-{
- struct tm tm;
- time_t now;
- tm.tm_year = tm.tm_mon = tm.tm_mday = tm.tm_hour = tm.tm_min = tm.tm_sec = j;
- now = mktime (&tm);
- if (now != (time_t) -1)
- {
- struct tm *lt = localtime (&now);
- if (! (lt
- && lt->tm_year == tm.tm_year
- && lt->tm_mon == tm.tm_mon
- && lt->tm_mday == tm.tm_mday
- && lt->tm_hour == tm.tm_hour
- && lt->tm_min == tm.tm_min
- && lt->tm_sec == tm.tm_sec
- && lt->tm_yday == tm.tm_yday
- && lt->tm_wday == tm.tm_wday
- && ((lt->tm_isdst < 0 ? -1 : 0 < lt->tm_isdst)
- == (tm.tm_isdst < 0 ? -1 : 0 < tm.tm_isdst))))
- return 0;
- }
- return 1;
-}
-
-static int
-year_2050_test ()
-{
- /* The correct answer for 2050-02-01 00:00:00 in Pacific time,
- ignoring leap seconds. */
- unsigned long int answer = 2527315200UL;
-
- struct tm tm;
- time_t t;
- tm.tm_year = 2050 - 1900;
- tm.tm_mon = 2 - 1;
- tm.tm_mday = 1;
- tm.tm_hour = tm.tm_min = tm.tm_sec = 0;
- tm.tm_isdst = -1;
-
- /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0"
- instead of "TZ=America/Vancouver" in order to detect the bug even
- on systems that don't support the Olson extension, or don't have the
- full zoneinfo tables installed. */
- putenv ((char*) "TZ=PST8PDT,M4.1.0,M10.5.0");
-
- t = mktime (&tm);
-
- /* Check that the result is either a failure, or close enough
- to the correct answer that we can assume the discrepancy is
- due to leap seconds. */
- return (t == (time_t) -1
- || (0 < t && answer - 120 <= t && t <= answer + 120));
-}
-
-int
-main ()
-{
- time_t t, delta;
- int i, j;
-
- /* This test makes some buggy mktime implementations loop.
- Give up after 60 seconds; a mktime slower than that
- isn't worth using anyway. */
- alarm (60);
-
- for (;;)
- {
- t = (time_t_max << 1) + 1;
- if (t <= time_t_max)
- break;
- time_t_max = t;
- }
- time_t_min = - ((time_t) ~ (time_t) 0 == (time_t) -1) - time_t_max;
-
- delta = time_t_max / 997; /* a suitable prime number */
- for (i = 0; i < N_STRINGS; i++)
- {
- if (tz_strings[i])
- putenv ((char*) tz_strings[i]);
-
- for (t = 0; t <= time_t_max - delta; t += delta)
- if (! mktime_test (t))
- return 1;
- if (! (mktime_test ((time_t) 1)
- && mktime_test ((time_t) (60 * 60))
- && mktime_test ((time_t) (60 * 60 * 24))))
- return 1;
-
- for (j = 1; ; j <<= 1)
- if (! bigtime_test (j))
- return 1;
- else if (INT_MAX / 2 < j)
- break;
- if (! bigtime_test (INT_MAX))
- return 1;
- }
- return ! (irix_6_4_bug () && spring_forward_gap () && year_2050_test ());
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- ac_cv_func_working_mktime=yes
-else
- ac_cv_func_working_mktime=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_working_mktime" >&5
-$as_echo "$ac_cv_func_working_mktime" >&6; }
-if test $ac_cv_func_working_mktime = no; then
- case " $LIBOBJS " in
- *" mktime.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS mktime.$ac_objext"
- ;;
-esac
-
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat correctly handles trailing slash" >&5
-$as_echo_n "checking whether lstat correctly handles trailing slash... " >&6; }
-if ${ac_cv_func_lstat_dereferences_slashed_symlink+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- rm -f conftest.sym conftest.file
-echo >conftest.file
-if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then
- if test "$cross_compiling" = yes; then :
- ac_cv_func_lstat_dereferences_slashed_symlink=no
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-struct stat sbuf;
- /* Linux will dereference the symlink and fail, as required by POSIX.
- That is better in the sense that it means we will not
- have to compile and use the lstat wrapper. */
- return lstat ("conftest.sym/", &sbuf) == 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- ac_cv_func_lstat_dereferences_slashed_symlink=yes
-else
- ac_cv_func_lstat_dereferences_slashed_symlink=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-else
- # If the `ln -s' command failed, then we probably don't even
- # have an lstat function.
- ac_cv_func_lstat_dereferences_slashed_symlink=no
-fi
-rm -f conftest.sym conftest.file
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5
-$as_echo "$ac_cv_func_lstat_dereferences_slashed_symlink" >&6; }
-
-test $ac_cv_func_lstat_dereferences_slashed_symlink = yes &&
-
-cat >>confdefs.h <<_ACEOF
-#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1
-_ACEOF
-
-
-if test "x$ac_cv_func_lstat_dereferences_slashed_symlink" = xno; then
- case " $LIBOBJS " in
- *" lstat.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS lstat.$ac_objext"
- ;;
-esac
-
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat accepts an empty string" >&5
-$as_echo_n "checking whether stat accepts an empty string... " >&6; }
-if ${ac_cv_func_stat_empty_string_bug+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "$cross_compiling" = yes; then :
- ac_cv_func_stat_empty_string_bug=yes
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-struct stat sbuf;
- return stat ("", &sbuf) == 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- ac_cv_func_stat_empty_string_bug=no
-else
- ac_cv_func_stat_empty_string_bug=yes
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_stat_empty_string_bug" >&5
-$as_echo "$ac_cv_func_stat_empty_string_bug" >&6; }
-if test $ac_cv_func_stat_empty_string_bug = yes; then
- case " $LIBOBJS " in
- *" stat.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS stat.$ac_objext"
- ;;
-esac
-
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STAT_EMPTY_STRING_BUG 1
-_ACEOF
-
-fi
-
-for ac_func in strftime
-do :
- ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime"
-if test "x$ac_cv_func_strftime" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_STRFTIME 1
-_ACEOF
-
-else
- # strftime is in -lintl on SCO UNIX.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5
-$as_echo_n "checking for strftime in -lintl... " >&6; }
-if ${ac_cv_lib_intl_strftime+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lintl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strftime ();
-int
-main ()
-{
-return strftime ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_intl_strftime=yes
-else
- ac_cv_lib_intl_strftime=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5
-$as_echo "$ac_cv_lib_intl_strftime" >&6; }
-if test "x$ac_cv_lib_intl_strftime" = xyes; then :
- $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h
-
-LIBS="-lintl $LIBS"
-fi
-
-fi
-done
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether utime accepts a null argument" >&5
-$as_echo_n "checking whether utime accepts a null argument... " >&6; }
-if ${ac_cv_func_utime_null+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- rm -f conftest.data; >conftest.data
-# Sequent interprets utime(file, 0) to mean use start of epoch. Wrong.
-if test "$cross_compiling" = yes; then :
- ac_cv_func_utime_null='guessing yes'
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_includes_default
- #ifdef HAVE_UTIME_H
- # include <utime.h>
- #endif
-int
-main ()
-{
-struct stat s, t;
- return ! (stat ("conftest.data", &s) == 0
- && utime ("conftest.data", 0) == 0
- && stat ("conftest.data", &t) == 0
- && t.st_mtime >= s.st_mtime
- && t.st_mtime - s.st_mtime < 120);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- ac_cv_func_utime_null=yes
-else
- ac_cv_func_utime_null=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_utime_null" >&5
-$as_echo "$ac_cv_func_utime_null" >&6; }
-if test "x$ac_cv_func_utime_null" != xno; then
- ac_cv_func_utime_null=yes
-
-$as_echo "#define HAVE_UTIME_NULL 1" >>confdefs.h
-
-fi
-rm -f conftest.data
-
-for ac_func in vprintf
-do :
- ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf"
-if test "x$ac_cv_func_vprintf" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_VPRINTF 1
-_ACEOF
-
-ac_fn_c_check_func "$LINENO" "_doprnt" "ac_cv_func__doprnt"
-if test "x$ac_cv_func__doprnt" = xyes; then :
-
-$as_echo "#define HAVE_DOPRNT 1" >>confdefs.h
-
-fi
-
-fi
-done
-
-
-# 2008-07-04 getopt_long added
-# 2009-07-30 timegm added
-for ac_func in getopt_long gettimeofday memset putenv socket strcasecmp strchr strdup strerror strncasecmp strrchr tzset utime getuid timegm
-do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-ac_config_files="$ac_config_files Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-$as_echo "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
- case $cache_file in #(
- */* | ?:*)
- mv -f confcache "$cache_file"$$ &&
- mv -f "$cache_file"$$ "$cache_file" ;; #(
- *)
- mv -f confcache "$cache_file" ;;
- esac
- fi
- fi
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-DEFS=-DHAVE_CONFIG_H
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIBOBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-
-: "${CONFIG_STATUS=./config.status}"
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-as_nl='
-'
-export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- $as_echo "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by ZKT $as_me 1.1.3, which was
-generated by GNU Autoconf 2.69. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-case $ac_config_headers in *"
-"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
-esac
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_headers="$ac_config_headers"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Report bugs to <Holger Zuleger hznet.de>."
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
-ac_cs_version="\\
-ZKT config.status 1.1.3
-configured by $0, generated by GNU Autoconf 2.69,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2012 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- $as_echo "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- $as_echo "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --header | --heade | --head | --hea )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append CONFIG_HEADERS " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h)
- # Conflict between --help and --header
- as_fn_error $? "ambiguous option: \`$1'
-Try \`$0 --help' for more information.";;
- --help | --hel | -h )
- $as_echo "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
- $as_echo "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
- test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp= ac_tmp=
- trap 'exit_status=$?
- : "${ac_tmp:=$tmp}"
- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-ac_tmp=$tmp
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "\a"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-# Set up the scripts for CONFIG_HEADERS section.
-# No need to generate them if there are no CONFIG_HEADERS.
-# This happens for instance with `./config.status Makefile'.
-if test -n "$CONFIG_HEADERS"; then
-cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
-BEGIN {
-_ACEOF
-
-# Transform confdefs.h into an awk script `defines.awk', embedded as
-# here-document in config.status, that substitutes the proper values into
-# config.h.in to produce config.h.
-
-# Create a delimiter string that does not exist in confdefs.h, to ease
-# handling of long lines.
-ac_delim='%!_!# '
-for ac_last_try in false false :; do
- ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
- if test -z "$ac_tt"; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-
-# For the awk script, D is an array of macro values keyed by name,
-# likewise P contains macro parameters if any. Preserve backslash
-# newline sequences.
-
-ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
-sed -n '
-s/.\{148\}/&'"$ac_delim"'/g
-t rset
-:rset
-s/^[ ]*#[ ]*define[ ][ ]*/ /
-t def
-d
-:def
-s/\\$//
-t bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3"/p
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
-d
-:bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3\\\\\\n"\\/p
-t cont
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
-t cont
-d
-:cont
-n
-s/.\{148\}/&'"$ac_delim"'/g
-t clear
-:clear
-s/\\$//
-t bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/"/p
-d
-:bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
-b cont
-' <confdefs.h | sed '
-s/'"$ac_delim"'/"\\\
-"/g' >>$CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- for (key in D) D_is_set[key] = 1
- FS = "\a"
-}
-/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
- line = \$ 0
- split(line, arg, " ")
- if (arg[1] == "#") {
- defundef = arg[2]
- mac1 = arg[3]
- } else {
- defundef = substr(arg[1], 2)
- mac1 = arg[2]
- }
- split(mac1, mac2, "(") #)
- macro = mac2[1]
- prefix = substr(line, 1, index(line, defundef) - 1)
- if (D_is_set[macro]) {
- # Preserve the white space surrounding the "#".
- print prefix "define", macro P[macro] D[macro]
- next
- } else {
- # Replace #undef with comments. This is necessary, for example,
- # in the case of _POSIX_SOURCE, which is predefined and required
- # on some systems where configure will not decide to define it.
- if (defundef == "undef") {
- print "/*", prefix defundef, macro, "*/"
- next
- }
- }
-}
-{ print }
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
- as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
-fi # test -n "$CONFIG_HEADERS"
-
-
-eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$ac_tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-$as_echo "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`$as_echo "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$ac_tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
- case $ac_file in
- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
- :H)
- #
- # CONFIG_HEADER
- #
- if test x"$ac_file" != x-; then
- {
- $as_echo "/* $configure_input */" \
- && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
- } >"$ac_tmp/config.h" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
-$as_echo "$as_me: $ac_file is unchanged" >&6;}
- else
- rm -f "$ac_file"
- mv "$ac_tmp/config.h" "$ac_file" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- fi
- else
- $as_echo "/* $configure_input */" \
- && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
- || as_fn_error $? "could not create -" "$LINENO" 5
- fi
- ;;
-
-
- esac
-
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
+++ /dev/null
-# -*- Autoconf -*-
-# Process this file with autoconf to produce a configure script.
-#
-# @(#) configure.ac
-#
-# 2008-06-27 initial setup
-# 2008-06-29 add of BIND path checking
-# 2008-06-30 add of arg checkings
-# 2008-07-02 additional arg checkings
-# 2008-07-04 check for getopt_long() added
-# 2008-08-30 check for unsigned integer types
-# 2008-10-01 if BIND_UTIL_PATH check failed, use config_zkt.h setting as last resort
-# 2009-07-30 check for timegm() added
-# 2009-12-02 the tr command in bind_version= didn't work well under solaris
-# 2010-10-14 new option to specify BIND_UTIL_PATH on command line (thanks to Mans Nilsson)
-# No build in default BIND_UTIL_PATH used anymore
-#
-
-dnl AC_PREREQ(2.59)
-
-### Package name and current version
-AC_INIT(ZKT, 1.1.3, Holger Zuleger hznet.de)
-dnl AC_REVISION($Revision: 1.397 $)
-
-### Files to test to check if src dir contains the package
-AC_CONFIG_SRCDIR([zkt-signer.c])
-AC_CONFIG_HEADER([config.h])
-
-
-### Checks for programs.
-AC_PROG_CC
-
-### find out the path to BIND utils and version
-AC_ARG_ENABLE([bind_util_path], AS_HELP_STRING( [--enable-bind_util_path=PATH], [Define path to BIND utilities, default is path to dnssec-signzone]), [bind_util_path=$enableval])
-if test -n "$bind_util_path"
-then
- if test -x "$bind_util_path/dnssec-signzone"
- then
- AC_MSG_NOTICE([BIND utilities path successfully set to $bind_util_path.])
- SIGNZONE_PROG=$bind_util_path/dnssec-signzone
- else
- AC_MSG_ERROR([*** 'BIND utility not found in $bind_util_path, please use --enable-bind_util_path= to set it manually' ***])
- fi
-else
- AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone)
- AC_MSG_NOTICE([BIND utility $SIGNZONE_PROG found])
- if test -n "$SIGNZONE_PROG"
- then
- bind_util_path=`dirname "$SIGNZONE_PROG"`
- AC_MSG_NOTICE([BIND utilities path automatically set to $bind_util_path.])
- else
- AC_MSG_ERROR([*** 'could not determine BIND utility path, please use --enable-bind_util_path= ' to set it manually ***])
- fi
-fi
-### By now, we have a path. We'll use it.
-# define BIND_UTIL_PATH in config.h.in
-AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities)
-
-# define BIND_VERSION in config.h.in
-bind_version=`$SIGNZONE_PROG 2>&1 | awk -F: '/^Version:/ { split ($2, v, "."); printf ("%2d%02d%02d\n", atoi (v[[1]]), atoi (v[[2]]), atoi (v[[3]])); };'`
-AC_MSG_NOTICE([BIND_VERSION string set to $bind_version.])
-AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots)
-if test $bind_version -lt "90800"
-then
- AC_MSG_ERROR([*** 'This version of ZKT requires a BIND version greater 9.7' ***])
-fi
-
-
-AC_CHECK_TYPE(uint, unsigned int)
-AC_CHECK_TYPE(ulong, unsigned long)
-AC_CHECK_TYPE(ushort, unsigned short)
-AC_CHECK_TYPE(uchar, unsigned char)
-
-### define configure arguments
-AC_ARG_ENABLE([color_mode], AS_HELP_STRING([--disable-color-mode], [zkt without colors]))
-color_mode=1
-AS_IF([test "$enable_color_mode" = "no"], [color_mode=0])
-
-AC_ARG_WITH([curses],
- AS_HELP_STRING([--without-curses], [Ignore presence of curses and disable color mode]))
-
-AS_IF([test "x$with_curses" != "xno"],
- [AC_CHECK_LIB([ncurses],[tgetent])],
- [HAVE_LIB_NCURSES=0; color_mode=0])
-
-AC_DEFINE_UNQUOTED(COLOR_MODE, $color_mode, zkt-ls with colors)
-
-
-dnl printtimezone is a default-disabled feature
-AC_ARG_ENABLE([printtimezone], AS_HELP_STRING( [--enable-print-timezone], [print out timezone]))
-printtimezone=0
-AS_IF([test "$enable_printtimezone" = "yes"], [printtimezone=1])
-AC_DEFINE_UNQUOTED(PRINT_TIMEZONE, $printtimezone, print out timezone)
-
-AC_ARG_ENABLE([printyear], AS_HELP_STRING( [--enable-print-age], [print age with year]))
-printyear=0
-AS_IF([test "$enable_printyear" = "yes"], [printyear=1])
-AC_DEFINE_UNQUOTED(PRINT_AGE_WITH_YEAR, $printyear, print age with year)
-
-AC_ARG_ENABLE([logprogname], AS_HELP_STRING( [--enable-log-progname], [log with progname]))
-logprogname=0
-AS_IF([test "$enable_logprogname" = "yes"], [logprogname=1])
-AC_DEFINE_UNQUOTED(LOG_WITH_PROGNAME, $logprogname, log with progname)
-
-dnl logtimestamp is a default-enabled feature
-AC_ARG_ENABLE([logtimestamp], AS_HELP_STRING([--disable-log-timestamp], [do not log with timestamp]))
-logtimestamp=1
-AS_IF([test "$enable_logtimestamp" = "no"], [logtimestamp=0])
-AC_DEFINE_UNQUOTED(LOG_WITH_TIMESTAMP, $logtimestamp, log with timestamp)
-
-AC_ARG_ENABLE([loglevel], AS_HELP_STRING([--disable-log-level], [do not log with level]))
-loglevel=1
-AS_IF([test "$enable_loglevel" = "no"], [loglevel=0])
-AC_DEFINE_UNQUOTED(LOG_WITH_LEVEL, $loglevel, log with level)
-
-AC_ARG_ENABLE([ttl_in_keyfile], AS_HELP_STRING([--disable-ttl-in-keyfiles], [do not allow TTL values in keyfiles]))
-ttl_in_keyfile=1
-AS_IF([test "$enable_ttl_in_keyfile" = "no"], [ttl_in_keyfile=0])
-AC_DEFINE_UNQUOTED(TTL_IN_KEYFILE_ALLOWED, $ttl_in_keyfile, TTL in keyfiles allowed)
-
-configpath="/var/named"
-AC_ARG_ENABLE([configpath],
- AS_HELP_STRING( [--enable-configpath=PATH], [set path of config file (defaults to /var/named)]),
- [configpath=$enableval])
-case "$configpath" in
-yes)
- configpath="/var/named"
- ;;
-no)
- configpath=""
- ;;
-*)
- ;;
-esac
-AC_DEFINE_UNQUOTED(CONFIG_PATH, "$configpath/", [set path of config file (defaults to /var/named)])
-
-usetree=1
-t=""
-AC_ARG_ENABLE([tree],
- AS_HELP_STRING( [--disable-tree], [use single linked list instead of binary tree data structure for dnssec-zkt]),
- [usetree=$enableval])
-if test "$usetree" = no
-then
- usetree=0
- t="S"
-fi
-AC_DEFINE_UNQUOTED(USE_TREE, $usetree, Use TREE data structure for dnssec-zkt)
-
-AC_DEFINE_UNQUOTED(ZKT_VERSION, "$t$PACKAGE_VERSION", ZKT version string)
-AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Nov 2012 Holger Zuleger hznet.de", ZKT copyright string)
-
-### Checks for libraries.
-
-### Checks for header files.
-AC_HEADER_DIRENT
-AC_HEADER_STDC
-AC_CHECK_HEADERS([fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h term.h curses.h])
-
-
-### Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_TYPE_SIZE_T
-AC_HEADER_TIME
-AC_STRUCT_TM
-AC_TYPE_UID_T
-
-
-### Checks for library functions.
-dnl AC_FUNC_MALLOC
-AC_FUNC_CLOSEDIR_VOID
-AC_FUNC_ERROR_AT_LINE
-AC_FUNC_MKTIME
-AC_FUNC_STAT
-AC_FUNC_STRFTIME
-AC_FUNC_UTIME_NULL
-AC_FUNC_VPRINTF
-# 2008-07-04 getopt_long added
-# 2009-07-30 timegm added
-AC_CHECK_FUNCS([getopt_long gettimeofday memset putenv socket strcasecmp strchr strdup strerror strncasecmp strrchr tzset utime getuid timegm])
-
-
-AC_CONFIG_FILES([Makefile])
-AC_OUTPUT
+++ /dev/null
-/*****************************************************************
-**
-** @(#) debug.h -- macros for debug messages
-**
-** compile with cc -DDBG to activate
-**
-** Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef DEBUG_H
-# define DEBUG_H
-
-# ifdef DBG
-# define dbg_line() fprintf (stderr, "DBG: %s(%d) reached\n", __FILE__, __LINE__)
-# define dbg_msg(msg) fprintf (stderr, "DBG: %s(%d) %s\n", __FILE__, __LINE__, msg)
-# define dbg_val0(text) fprintf (stderr, "DBG: %s(%d) %s", __FILE__, __LINE__, text)
-# define dbg_val1(fmt, var) dbg_val (fmt, var)
-# define dbg_val(fmt, var) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, var)
-# define dbg_val2(fmt, v1, v2) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2)
-# define dbg_val3(fmt, v1, v2, v3) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3)
-# define dbg_val4(fmt, v1, v2, v3, v4) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4)
-# define dbg_val5(fmt, v1, v2, v3, v4, v5) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4, v5)
-# define dbg_val6(fmt, v1, v2, v3, v4, v5, v6) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4, v5, v6)
-# else
-# define dbg_line()
-# define dbg_msg(msg)
-# define dbg_val0(text)
-# define dbg_val1(fmt, var)
-# define dbg_val(fmt, str)
-# define dbg_val2(fmt, v1, v2)
-# define dbg_val3(fmt, v1, v2, v3)
-# define dbg_val4(fmt, v1, v2, v3, v4)
-# define dbg_val5(fmt, v1, v2, v3, v4, v5)
-# define dbg_val6(fmt, v1, v2, v3, v4, v5, v6)
-# endif
-
-#endif
+++ /dev/null
-#################################################################
-#
-# @(#) distribute.sh -- distribute and reload command for dnssec-signer
-#
-# (c) Jul 2008 Holger Zuleger hznet.de
-#
-# Feb 2010 action "distkeys" added but currently not used
-#
-# This shell script will be run by zkt-signer as a distribution
-# and reload command if:
-#
-# a) the dnssec.conf file parameter Distribute_Cmd: points
-# to this file
-# and
-# b) the user running the zkt-signer command is not
-# root (uid==0)
-# and
-# c) the owner of this shell script is the same as the
-# running user and the access rights don't allow writing
-# for anyone except the owner
-# or
-# d) the group of this shell script is the same as the
-# running user and the access rights don't allow writing
-# for anyone except the group
-#
-#################################################################
-
-# set path to rndc and scp
-PATH="/bin:/usr/bin:/usr/local/sbin"
-
-# remote server and directory
-server=localhost # fqdn of remote name server
-dir=/var/named # zone directory on remote name server
-
-progname=$0
-usage()
-{
- echo "usage: $progname distkeys|distribute|reload <zone> <path_to_zonefile> [<viewname>]" 1>&2
- test $# -gt 0 && echo $* 1>&2
- exit 1
-}
-
-if test $# -lt 3
-then
- usage
-fi
-action="$1"
-zone="$2"
-zonefile="$3"
-view=""
-test $# -gt 3 && view="$4"
-
-case $action in
-distkeys)
- if test -n "$view"
- then
- : echo "scp K$zone+* $server:$dir/$view/$zone/"
- scp K$zone+* $server:$dir/$view/$zone/
- else
- : echo "scp K$zone+* $server:$dir/$zone/"
- scp K$zone+* $server:$dir/$zone/
- fi
- ;;
-distribute)
- if test -n "$view"
- then
- : echo "scp $zonefile $server:$dir/$view/$zone/"
- scp $zonefile $server:$dir/$view/$zone/
- else
- : echo "scp $zonefile $server:$dir/$zone/"
- scp $zonefile $server:$dir/$zone/
- fi
- ;;
-reload)
- : echo "rndc $action $zone $view"
- rndc $action $zone $view
- ;;
-*)
- usage "illegal action $action"
- ;;
-esac
-
+++ /dev/null
-/*****************************************************************
-**
-** @(#) dki.c (c) Jan 2005 Holger Zuleger hznet.de
-**
-** A library for managing BIND dnssec key files.
-**
-** Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-**
-*****************************************************************/
-
-# include <stdio.h>
-# include <string.h>
-# include <ctype.h> /* tolower(), ... */
-# include <unistd.h> /* link(), unlink(), ... */
-# include <stdlib.h>
-# include <sys/types.h>
-# include <sys/time.h>
-# include <sys/stat.h>
-# include <dirent.h>
-# include <assert.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-# include "debug.h"
-# include "domaincmp.h"
-# include "misc.h"
-# include "zconf.h"
-#define extern
-# include "dki.h"
-#undef extern
-
-/*****************************************************************
-** private (static) function declaration and definition
-*****************************************************************/
-static char dki_estr[255+1];
-
-static dki_t *dki_alloc ()
-{
- dki_estr[0] = '\0';
- dki_t *dkp = malloc (sizeof (dki_t));
-
- if ( (dkp = malloc (sizeof (dki_t))) )
- {
- memset (dkp, 0, sizeof (dki_t));
- return dkp;
- }
-
- snprintf (dki_estr, sizeof (dki_estr),
- "dki_alloc: Out of memory");
- return NULL;
-}
-
-static int dki_readfile (FILE *fp, dki_t *dkp)
-{
- int algo, flags, type;
- int c;
- char *p;
- char buf[4095+1];
- char tag[25+1];
- char val[14+1]; /* e.g. "YYYYMMDDhhmmss" | "60d" */
-
- assert (dkp != NULL);
- assert (fp != NULL);
-
- while ( (c = getc (fp)) == ';' ) /* line start with comment ? */
- {
- tag[0] = val[0] = '\0';
- if ( (c = getc (fp)) == '%' ) /* special comment? */
- {
- while ( (c = getc (fp)) == ' ' || c == '\t' )
- ;
- ungetc (c, fp);
- /* then try to read in the creation, expire and lifetime */
- if ( fscanf (fp, "%25[a-zA-Z]=%14s", tag, val) == 2 )
- {
- dbg_val2 ("dki_readfile: tag=%s val=%s \n", tag, val);
- switch ( tolower (tag[0]) )
- {
- case 'g': dkp->gentime = timestr2time (val); break;
- case 'e': dkp->exptime = timestr2time (val); break;
- case 'l': dkp->lifetime = atoi (val) * DAYSEC; break;
- }
- }
- }
- else
- ungetc (c, fp);
- while ( (c = getc (fp)) != EOF && c != '\n' ) /* eat up rest of the line */
- ;
- }
- ungetc (c, fp); /* push back last char */
-
- if ( fscanf (fp, "%4095s", buf) != 1 ) /* read label */
- return -1;
-
- if ( strcmp (buf, dkp->name) != 0 )
- return -2;
-
-#if defined(TTL_IN_KEYFILE_ALLOWED) && TTL_IN_KEYFILE_ALLOWED
- /* skip optional TTL value */
- while ( (c = getc (fp)) != EOF && isspace (c) ) /* skip spaces */
- ;
- if ( isdigit (c) ) /* skip ttl */
- fscanf (fp, "%*d");
- else
- ungetc (c, fp); /* oops, no ttl */
-#endif
-
- if ( (c = fscanf (fp, " IN DNSKEY %d %d %d", &flags, &type, &algo)) != 3 &&
- (c = fscanf (fp, "KEY %d %d %d", &flags, &type, &algo)) != 3 )
- return -3;
- if ( type != 3 || algo != dkp->algo )
- return -4; /* no DNSKEY or algorithm mismatch */
- if ( ((flags >> 8) & 0xFF) != 01 )
- return -5; /* no ZONE key */
- dkp->flags = flags;
-
- if ( fgets (buf, sizeof buf, fp) == NULL || buf[0] == '\0' )
- return -6;
- p = buf + strlen (buf);
- *--p = '\0'; /* delete trailing \n */
- /* delete leading ws */
- for ( p = buf; *p && isspace (*p); p++ )
- ;
-
- dkp->pubkey = strdup (p);
-
- return 0;
-}
-
-static int dki_writeinfo (const dki_t *dkp, const char *path)
-{
- FILE *fp;
-
- assert (dkp != NULL);
- assert (path != NULL && path[0] != '\0');
-
- if ( (fp = fopen (path, "w")) == NULL )
- return 0;
- dbg_val1 ("dki_writeinfo %s\n", path);
- if ( dki_prt_dnskey_raw (dkp, fp) == 0 )
- return 0;
- fclose (fp);
- touch (path, dkp->time); /* restore time of key file */
-
- return 1;
-}
-
-static int dki_setstat (dki_t *dkp, int status, int preserve_time);
-
-/*****************************************************************
-** public function definition
-*****************************************************************/
-
-/*****************************************************************
-** dki_free ()
-*****************************************************************/
-void dki_free (dki_t *dkp)
-{
- assert (dkp != NULL);
-
- if ( dkp->pubkey )
- free (dkp->pubkey);
- free (dkp);
-}
-
-/*****************************************************************
-** dki_freelist ()
-*****************************************************************/
-void dki_freelist (dki_t **listp)
-{
- dki_t *curr;
- dki_t *next;
-
- assert (listp != NULL);
-
- curr = *listp;
- while ( curr )
- {
- next = curr->next;
- dki_free (curr);
- curr = next;
- }
- if ( *listp )
- *listp = NULL;
-}
-
-#if defined(USE_TREE) && USE_TREE
-/*****************************************************************
-** dki_tfree ()
-*****************************************************************/
-void dki_tfree (dki_t **tree)
-{
- assert (tree != NULL);
- // TODO: tdestroy is a GNU extension
- // tdestroy (*tree, dki_free);
-}
-#endif
-
-# define KEYGEN_COMPMODE "-C -q " /* this is the compability mode needed since BIND 9.7 */
-/*****************************************************************
-** dki_new ()
-** create new keyfile
-** allocate memory for new dki key and init with keyfile
-*****************************************************************/
-dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days)
-{
- char cmdline[511+1];
- char fname[254+1];
- char randfile[254+1];
- FILE *fp;
- int len;
- char *flag = "";
- char *expflag = "";
- dki_t *new;
-
- if ( ksk )
- flag = "-f KSK";
-
- randfile[0] = '\0';
- if ( rfile && *rfile )
- snprintf (randfile, sizeof (randfile), "-r %.250s ", rfile);
-
-#if defined(BIND_VERSION) && BIND_VERSION < 90902
- if ( algo == DK_ALGO_RSA || algo == DK_ALGO_RSASHA1 || algo == DK_ALGO_RSASHA256 || algo == DK_ALGO_RSASHA512 )
- expflag = "-e ";
-#endif
- if ( dir && *dir )
- snprintf (cmdline, sizeof (cmdline), "cd %s ; %s %s%s%s-n ZONE -a %s -b %d %s %s",
- dir, KEYGENCMD, KEYGEN_COMPMODE, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
- else
- snprintf (cmdline, sizeof (cmdline), "%s %s%s%s-n ZONE -a %s -b %d %s %s",
- KEYGENCMD, KEYGEN_COMPMODE, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
-
- dbg_msg (cmdline);
-
- if ( (fp = popen (cmdline, "r")) == NULL || fgets (fname, sizeof fname, fp) == NULL )
- return NULL;
- pclose (fp);
-
- len = strlen (fname) - 1;
- if ( len >= 0 && fname[len] == '\n' )
- fname[len] = '\0';
-
- new = dki_read (dir, fname);
- if ( new )
- dki_setlifetime (new, lf_days); /* sets gentime + proposed lifetime */
-
- return new;
-}
-
-/*****************************************************************
-** dki_read ()
-** read key from file 'filename' (independed of the extension)
-*****************************************************************/
-dki_t *dki_read (const char *dirname, const char *filename)
-{
- dki_t *dkp;
- FILE *fp;
- struct stat st;
- int len;
- int err;
- char fname[MAX_FNAMESIZE+1];
- char path[MAX_PATHSIZE+1];
-
- dki_estr[0] = '\0';
- if ( (dkp = dki_alloc ()) == NULL )
- return (NULL);
-
- len = sizeof (fname) - 1;
- fname[len] = '\0';
- strncpy (fname, filename, len);
-
- len = strlen (fname); /* delete extension */
- if ( len > 4 && strcmp (&fname[len - 4], DKI_KEY_FILEEXT) == 0 )
- fname[len - 4] = '\0';
- else if ( len > 10 && strcmp (&fname[len - 10], DKI_PUB_FILEEXT) == 0 )
- fname[len - 10] = '\0';
- else if ( len > 8 && strcmp (&fname[len - 8], DKI_ACT_FILEEXT) == 0 )
- fname[len - 8] = '\0';
- else if ( len > 12 && strcmp (&fname[len - 12], DKI_DEP_FILEEXT) == 0 )
- fname[len - 12] = '\0';
- dbg_line ();
-
- assert (strlen (dirname)+1 < sizeof (dkp->dname));
- strcpy (dkp->dname, dirname);
-
- assert (strlen (fname)+1 < sizeof (dkp->fname));
- strcpy (dkp->fname, fname);
- dbg_line ();
- if ( sscanf (fname, "K%254[^+]+%hd+%d", dkp->name, &dkp->algo, &dkp->tag) != 3 )
- {
- snprintf (dki_estr, sizeof (dki_estr),
- "dki_read: Filename don't match expected format (%s)", fname);
- return (NULL);
- }
-
- pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
- dbg_val ("dki_read: path \"%s\"\n", path);
- if ( (fp = fopen (path, "r")) == NULL )
- {
- snprintf (dki_estr, sizeof (dki_estr),
- "dki_read: Can\'t open file \"%s\" for reading", path);
- return (NULL);
- }
-
- dbg_line ();
- if ( (err = dki_readfile (fp, dkp)) != 0 )
- {
- dbg_line ();
- snprintf (dki_estr, sizeof (dki_estr),
- "dki_read: Can\'t read key from file %s (errno %d)", path, err);
- fclose (fp);
- return (NULL);
- }
-
- dbg_line ();
- if ( fstat (fileno(fp), &st) )
- {
- snprintf (dki_estr, sizeof (dki_estr),
- "dki_read: Can\'t stat file %s", fname);
- return (NULL);
- }
- dkp->time = st.st_mtime;
-
- dbg_line ();
- pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_ACT_FILEEXT);
- if ( fileexist (path) )
- {
- if ( dki_isrevoked (dkp) )
- dkp->status = DKI_REV;
- else
- dkp->status = DKI_ACT;
- }
- else
- {
- pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_PUB_FILEEXT);
- if ( fileexist (path) )
- dkp->status = DKI_PUB;
- else
- {
- pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_DEP_FILEEXT);
- if ( fileexist (path) )
- dkp->status = DKI_DEP;
- else
- dkp->status = DKI_SEP;
- }
- }
-
- dbg_line ();
- fclose (fp);
-
- dbg_line ();
- return dkp;
-}
-
-/*****************************************************************
-** dki_readdir ()
-** read key files from directory 'dir' and, if recursive is
-** true, from all directorys below that.
-*****************************************************************/
-int dki_readdir (const char *dir, dki_t **listp, int recursive)
-{
- dki_t *dkp;
- DIR *dirp;
- struct dirent *dentp;
- char path[MAX_PATHSIZE+1];
-
- dbg_val ("directory: opendir(%s)\n", dir);
- if ( (dirp = opendir (dir)) == NULL )
- return 0;
-
- while ( (dentp = readdir (dirp)) != NULL )
- {
- if ( is_dotfilename (dentp->d_name) )
- continue;
-
- dbg_val ("directory: check %s\n", dentp->d_name);
- pathname (path, sizeof (path), dir, dentp->d_name, NULL);
- if ( is_directory (path) && recursive )
- {
- dbg_val ("directory: recursive %s\n", path);
- dki_readdir (path, listp, recursive);
- }
- else if ( is_keyfilename (dentp->d_name) )
- if ( (dkp = dki_read (dir, dentp->d_name)) )
- dki_add (listp, dkp);
- }
- closedir (dirp);
- return 1;
-}
-
-/*****************************************************************
-** dki_setstatus_preservetime ()
-** set status of key and change extension to
-** ".published", ".private" or ".depreciated"
-*****************************************************************/
-int dki_setstatus_preservetime (dki_t *dkp, int status)
-{
- return dki_setstat (dkp, status, 1);
-}
-
-/*****************************************************************
-** dki_setstatus ()
-** set status of key and change extension to
-** ".published", ".private" or ".depreciated"
-*****************************************************************/
-int dki_setstatus (dki_t *dkp, int status)
-{
- return dki_setstat (dkp, status, 0);
-}
-
-/*****************************************************************
-** dki_setstat ()
-** low level function of dki_setstatus and dki_setstatus_preservetime
-*****************************************************************/
-static int dki_setstat (dki_t *dkp, int status, int preserve_time)
-{
- char frompath[MAX_PATHSIZE+1];
- char topath[MAX_PATHSIZE+1];
- time_t totime;
-
- if ( dkp == NULL )
- return 0;
-
- status = tolower (status);
- switch ( dkp->status ) /* look at old status */
- {
- case 'r':
- if ( status == 'r' )
- return 1;
- break;
- case 'a':
- if ( status == 'a' )
- return 1;
- pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_ACT_FILEEXT);
- break;
- case 'd':
- if ( status == 'd' )
- return 1;
- pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_DEP_FILEEXT);
- break;
- case 'p': /* or 's' */
- if ( status == 'p' || status == 's' )
- return 1;
- pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_PUB_FILEEXT);
- break;
- default:
- /* TODO: set error code */
- return 0;
- }
-
- dbg_val ("dki_setstat: \"%s\"\n", frompath);
- dbg_val ("dki_setstat: to status \"%c\"\n", status);
-
- /* a state change could result in different things: */
- /* 1) write a new keyfile when the REVOKE bit is set or unset */
- if ( status == 'r' || (status == 'a' && dki_isrevoked (dkp)) )
- {
- pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
-
- if ( status == 'r' )
- dki_setflag (dkp, DK_FLAG_REVOKE); /* set REVOKE bit */
- else
- dki_unsetflag (dkp, DK_FLAG_REVOKE); /* clear REVOKE bit */
-
-
- dki_writeinfo (dkp, topath); /* ..and write it to the key file */
-
- if ( !preserve_time )
- touch (topath, time (NULL));
-
- return 0;
- }
-
-
- /* 2) change the filename of the private key in all other cases */
- totime = 0L;
- if ( preserve_time )
- totime = file_mtime (frompath); /* get original timestamp */
- topath[0] = '\0';
- switch ( status )
- {
- case 'a':
- pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_ACT_FILEEXT);
- break;
- case 'd':
- pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_DEP_FILEEXT);
- break;
- case 's': /* standby means a "published KSK" */
- if ( !dki_isksk (dkp) )
- return 2;
- status = 'p';
- /* fall through */
- case 'p':
- pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_PUB_FILEEXT);
- break;
- }
-
- if ( topath[0] )
- {
- dbg_val ("dki_setstat: to \"%s\"\n", topath);
- if ( link (frompath, topath) == 0 )
- unlink (frompath);
- dkp->status = status;
- if ( !totime )
- totime = time (NULL); /* set .key file to current time */
- pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
- touch (topath, totime); /* store/restore time of status change */
- }
-
- return 0;
-}
-
-/*****************************************************************
-** dki_remove ()
-** rename files associated with key, so that the keys are not
-** recognized by the zkt tools e.g.
-** Kdo.ma.in.+001+12345.key ==> kdo.ma.in.+001+12345.key
-** (second one starts with a lower case 'k')
-*****************************************************************/
-dki_t *dki_remove (dki_t *dkp)
-{
- char path[MAX_PATHSIZE+1];
- char newpath[MAX_PATHSIZE+1];
- char newfile[MAX_FNAMESIZE+1];
- dki_t *next;
- const char **pext;
- static const char *ext[] = {
- DKI_KEY_FILEEXT, DKI_PUB_FILEEXT,
- DKI_ACT_FILEEXT, DKI_DEP_FILEEXT,
- NULL
- };
-
- if ( dkp == NULL )
- return NULL;
-
- strncpy (newfile, dkp->fname, sizeof (newfile));
- *newfile = tolower (*newfile);
- for ( pext = ext; *pext; pext++ )
- {
- pathname (path, sizeof (path), dkp->dname, dkp->fname, *pext);
- if ( fileexist (path) )
- {
- pathname (newpath, sizeof (newpath), dkp->dname, newfile, *pext);
-
- dbg_val2 ("dki_remove: %s ==> %s \n", path, newpath);
- rename (path, newpath);
- }
- }
- next = dkp->next;
- dki_free (dkp);
-
- return next;
-}
-
-/*****************************************************************
-** dki_destroy ()
-** delete files associated with key and free allocated memory
-*****************************************************************/
-dki_t *dki_destroy (dki_t *dkp)
-{
- char path[MAX_PATHSIZE+1];
- dki_t *next;
- const char **pext;
- static const char *ext[] = {
- DKI_KEY_FILEEXT, DKI_PUB_FILEEXT,
- DKI_ACT_FILEEXT, DKI_DEP_FILEEXT,
- NULL
- };
-
- if ( dkp == NULL )
- return NULL;
-
- for ( pext = ext; *pext; pext++ )
- {
- pathname (path, sizeof (path), dkp->dname, dkp->fname, *pext);
- if ( fileexist (path) )
- {
- dbg_val ("dki_remove: %s \n", path);
- unlink (path);
- }
- }
- next = dkp->next;
- dki_free (dkp);
-
- return next;
-}
-
-/*****************************************************************
-** dki_algo2str ()
-** return a string describing the key algorithm
-*****************************************************************/
-char *dki_algo2str (int algo)
-{
- switch ( algo )
- {
- case DK_ALGO_RSA: return ("RSAMD5");
- case DK_ALGO_DH: return ("DH");
- case DK_ALGO_DSA: return ("DSA");
- case DK_ALGO_EC: return ("EC");
- case DK_ALGO_RSASHA1: return ("RSASHA1");
- case DK_ALGO_NSEC3DSA: return ("NSEC3DSA");
- case DK_ALGO_NSEC3RSASHA1: return ("NSEC3RSASHA1");
- case DK_ALGO_RSASHA256: return ("RSASHA256");
- case DK_ALGO_RSASHA512: return ("RSASHA512");
- }
- return ("unknown");
-}
-
-/*****************************************************************
-** dki_algo2sstr ()
-** return a short string describing the key algorithm
-*****************************************************************/
-char *dki_algo2sstr (int algo)
-{
- switch ( algo )
- {
- case DK_ALGO_RSA: return ("RSAMD5");
- case DK_ALGO_DH: return ("DH");
- case DK_ALGO_DSA: return ("DSA");
- case DK_ALGO_EC: return ("EC");
- case DK_ALGO_RSASHA1: return ("RSASHA1");
- case DK_ALGO_NSEC3DSA: return ("N3DSA");
- case DK_ALGO_NSEC3RSASHA1: return ("N3RSA1");
- case DK_ALGO_RSASHA256: return ("RSASHA2");
- case DK_ALGO_RSASHA512: return ("RSASHA5");
- }
- return ("unknown");
-}
-
-/*****************************************************************
-** dki_geterrstr ()
-** return error string
-*****************************************************************/
-const char *dki_geterrstr ()
-{
- return dki_estr;
-}
-
-/*****************************************************************
-** dki_prt_dnskey ()
-*****************************************************************/
-int dki_prt_dnskey (const dki_t *dkp, FILE *fp)
-{
- return dki_prt_dnskeyttl (dkp, fp, 0);
-}
-
-/*****************************************************************
-** dki_prt_dnskeyttl ()
-*****************************************************************/
-int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl)
-{
- char *p;
-
- if ( dkp == NULL )
- return 0;
-
- fprintf (fp, "%s ", dkp->name);
- if ( ttl > 0 )
- fprintf (fp, "%d ", ttl);
- fprintf (fp, "IN DNSKEY ");
- fprintf (fp, "%d 3 %d (", dkp->flags, dkp->algo);
- fprintf (fp, "\n\t\t\t");
- for ( p = dkp->pubkey; *p ; p++ )
- if ( *p == ' ' )
- fprintf (fp, "\n\t\t\t");
- else
- putc (*p, fp);
- fprintf (fp, "\n\t\t");
- if ( dki_isrevoked (dkp) )
- fprintf (fp, ") ; key id = %u (original key id = %u)", (dkp->tag + 128) % 65535, dkp->tag);
- else
- fprintf (fp, ") ; key id = %u", dkp->tag);
- fprintf (fp, "\n");
-
- return 1;
-}
-
-/*****************************************************************
-** dki_prt_dnskey_raw ()
-*****************************************************************/
-int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp)
-{
- int days;
-
- if ( dkp == NULL )
- return 0;
-
- if ( dkp->gentime )
- fprintf (fp, ";%%\tgenerationtime=%s\n", time2isostr (dkp->gentime, 's'));
- if ( (days = dki_lifetimedays (dkp)) )
- fprintf (fp, ";%%\tlifetime=%dd\n", days);
- if ( dkp->exptime )
- fprintf (fp, ";%%\texpirationtime=%s\n", time2isostr (dkp->exptime, 's'));
-
- fprintf (fp, "%s ", dkp->name);
-#if 0
- if ( ttl > 0 )
- fprintf (fp, "%d ", ttl);
-#endif
- fprintf (fp, "IN DNSKEY ");
- fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo);
- fprintf (fp, "%s\n", dkp->pubkey);
-
- return 1;
-}
-
-/*****************************************************************
-** dki_prt_comment ()
-*****************************************************************/
-int dki_prt_comment (const dki_t *dkp, FILE *fp)
-{
- int len = 0;
-
- if ( dkp == NULL )
- return len;
- len += fprintf (fp, "; %s ", dkp->name);
- len += fprintf (fp, "tag=%u ", dkp->tag);
- len += fprintf (fp, "algo=%s ", dki_algo2str(dkp->algo));
- len += fprintf (fp, "generated %s\n", time2str (dkp->time, 's'));
-
- return len;
-}
-
-/*****************************************************************
-** dki_prt_trustedkey ()
-*****************************************************************/
-int dki_prt_trustedkey (const dki_t *dkp, FILE *fp)
-{
- char *p;
- int spaces;
- int len = 0;
-
- if ( dkp == NULL )
- return len;
- len += fprintf (fp, "\"%s\" ", dkp->name);
- spaces = 22 - (strlen (dkp->name) + 3);
- len += fprintf (fp, "%*s", spaces > 0 ? spaces : 0 , " ");
- len += fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo);
- if ( spaces < 0 )
- len += fprintf (fp, "\n\t\t\t%7s", " ");
- len += fprintf (fp, "\"");
- for ( p = dkp->pubkey; *p ; p++ )
- if ( *p == ' ' )
- len += fprintf (fp, "\n\t\t\t\t");
- else
- putc (*p, fp), len += 1;
-
- if ( dki_isrevoked (dkp) )
- len += fprintf (fp, "\" ; # key id = %u (original key id = %u)\n\n", (dkp->tag + 128) % 65535, dkp->tag);
- else
- len += fprintf (fp, "\" ; # key id = %u\n\n", dkp->tag);
- return len;
-}
-
-/*****************************************************************
-** dki_prt_managedkey ()
-*****************************************************************/
-int dki_prt_managedkey (const dki_t *dkp, FILE *fp)
-{
- char *p;
- int spaces;
- int len = 0;
-
- if ( dkp == NULL )
- return len;
- len += fprintf (fp, "\"%s\" ", dkp->name);
- spaces = 22 - (strlen (dkp->name) + 3);
- len += fprintf (fp, "initial-key ");
- spaces -= 13;
- len += fprintf (fp, "%*s", spaces > 0 ? spaces : 0 , " ");
- len += fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo);
- if ( spaces < 0 )
- len += fprintf (fp, "\n\t\t\t%7s", " ");
- len += fprintf (fp, "\"");
- for ( p = dkp->pubkey; *p ; p++ )
- if ( *p == ' ' )
- len += fprintf (fp, "\n\t\t\t\t");
- else
- putc (*p, fp), len += 1;
-
- if ( dki_isrevoked (dkp) )
- len += fprintf (fp, "\" ; # key id = %u (original key id = %u)\n\n", (dkp->tag + 128) % 65535, dkp->tag);
- else
- len += fprintf (fp, "\" ; # key id = %u\n\n", dkp->tag);
- return len;
-}
-
-
-/*****************************************************************
-** dki_cmp () return <0 | 0 | >0
-*****************************************************************/
-int dki_cmp (const dki_t *a, const dki_t *b)
-{
- int res;
-
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
- /* sort by domain name, */
- if ( (res = domaincmp (a->name, b->name)) != 0 )
- return res;
-
- /* then by key type, */
- if ( (res = dki_isksk (b) - dki_isksk (a)) != 0 )
- return res;
-
- /* and last by creation time, */
- return (ulong)a->time - (ulong)b->time;
-}
-
-#if defined(USE_TREE) && USE_TREE
-/*****************************************************************
-** dki_allcmp () return <0 | 0 | >0
-*****************************************************************/
-int dki_allcmp (const dki_t *a, const dki_t *b)
-{
- int res;
-
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
-// fprintf (stderr, "dki_allcmp %s, %s)\n", a->name, b->name);
- /* sort by domain name, */
- if ( (res = domaincmp (a->name, b->name)) != 0 )
- return res;
-
- /* then by key type, */
- if ( (res = dki_isksk (b) - dki_isksk (a)) != 0 )
- return res;
-
- /* creation time, */
- if ( (res = (ulong)a->time - (ulong)b->time) != 0 )
- return res;
-
- /* and last by tag */
- return a->tag - b->tag;
-}
-
-/*****************************************************************
-** dki_namecmp () return <0 | 0 | >0
-*****************************************************************/
-int dki_namecmp (const dki_t *a, const dki_t *b)
-{
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
- return domaincmp (a->name, b->name);
-}
-
-/*****************************************************************
-** dki_revnamecmp () return <0 | 0 | >0
-*****************************************************************/
-int dki_revnamecmp (const dki_t *a, const dki_t *b)
-{
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
- return domaincmp_dir (a->name, b->name, 0);
-}
-
-/*****************************************************************
-** dki_tagcmp () return <0 | 0 | >0
-*****************************************************************/
-int dki_tagcmp (const dki_t *a, const dki_t *b)
-{
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
- return a->tag - b->tag;
-}
-#endif
-
-/*****************************************************************
-** dki_timecmp ()
-*****************************************************************/
-int dki_timecmp (const dki_t *a, const dki_t *b)
-{
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
- return ((ulong)a->time - (ulong)b->time);
-}
-
-/*****************************************************************
-** dki_algo () return the algorithm of the key
-*****************************************************************/
-time_t dki_algo (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->algo);
-}
-
-/*****************************************************************
-** dki_time () return the timestamp of the key
-*****************************************************************/
-time_t dki_time (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->time);
-}
-
-/*****************************************************************
-** dki_exptime () return the expiration timestamp of the key
-*****************************************************************/
-time_t dki_exptime (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->exptime);
-}
-
-/*****************************************************************
-** dki_lifetime (dkp) return the lifetime of the key in sec!
-*****************************************************************/
-time_t dki_lifetime (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->lifetime);
-}
-
-/*****************************************************************
-** dki_lifetimedays (dkp) return the lifetime of the key in days!
-*****************************************************************/
-ushort dki_lifetimedays (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->lifetime / DAYSEC);
-}
-
-/*****************************************************************
-** dki_gentime (dkp) return the generation timestamp of the key
-*****************************************************************/
-time_t dki_gentime (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->gentime > 0L ? dkp->gentime: dkp->time);
-}
-
-/*****************************************************************
-** dki_setlifetime (dkp, int days)
-** set the lifetime in days (and also the gentime if not set)
-** return the old lifetime of the key in days!
-*****************************************************************/
-ushort dki_setlifetime (dki_t *dkp, int days)
-{
- ulong lifetsec;
- char path[MAX_PATHSIZE+1];
-
- assert (dkp != NULL);
-
- lifetsec = dkp->lifetime; /* old lifetime */
- dkp->lifetime = days * DAYSEC; /* set new lifetime */
-
- dbg_val1 ("dki_setlifetime (%d)\n", days);
- if ( lifetsec == 0 ) /* initial setup (old lifetime was zero)? */
- dkp->gentime = dkp->time;
-
- pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
- dki_writeinfo (dkp, path);
-
- return (lifetsec / DAYSEC);
-}
-
-/*****************************************************************
-** dki_setexptime (dkp, time_t sec)
-** set the expiration time of the key in seconds since the epoch
-** return the old exptime
-*****************************************************************/
-time_t dki_setexptime (dki_t *dkp, time_t sec)
-{
- char path[MAX_PATHSIZE+1];
- time_t oldexptime;
-
- assert (dkp != NULL);
-
- dbg_val1 ("dki_setexptime (%ld)\n", sec);
- oldexptime = dkp->exptime;
- dkp->exptime = sec;
-
- pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
- dki_writeinfo (dkp, path);
-
-#if 0 /* not necessary ? */
- touch (path, time (NULL));
-#endif
- return (oldexptime);
-}
-
-/*****************************************************************
-** dki_age () return age of key in seconds since 'curr'
-*****************************************************************/
-int dki_age (const dki_t *dkp, time_t curr)
-{
- assert (dkp != NULL);
- return ((ulong)curr - (ulong)dkp->time);
-}
-
-/*****************************************************************
-** dki_getflag () return the flags field of a key
-*****************************************************************/
-dk_flag_t dki_getflag (const dki_t *dkp, time_t curr)
-{
- return dkp->flags;
-}
-
-/*****************************************************************
-** dki_setflag () set a flag of a key
-*****************************************************************/
-dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag)
-{
- return dkp->flags |= (ushort)flag;
-}
-
-/*****************************************************************
-** dki_unsetflag () unset a flag of a key
-*****************************************************************/
-dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag)
-{
- return dkp->flags &= ~((ushort)flag);
-}
-
-/*****************************************************************
-** dki_isksk ()
-*****************************************************************/
-int dki_isksk (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->flags & DK_FLAG_KSK) == DK_FLAG_KSK;
-}
-
-/*****************************************************************
-** dki_isrevoked ()
-*****************************************************************/
-int dki_isrevoked (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->flags & DK_FLAG_REVOKE) == DK_FLAG_REVOKE;
-}
-
-/*****************************************************************
-** dki_isdepreciated ()
-*****************************************************************/
-int dki_isdepreciated (const dki_t *dkp)
-{
- return dki_status (dkp) == DKI_DEPRECIATED;
-}
-
-/*****************************************************************
-** dki_isactive ()
-*****************************************************************/
-int dki_isactive (const dki_t *dkp)
-{
- return dki_status (dkp) == DKI_ACTIVE;
-}
-
-/*****************************************************************
-** dki_ispublished ()
-*****************************************************************/
-int dki_ispublished (const dki_t *dkp)
-{
- return dki_status (dkp) == DKI_PUBLISHED;
-}
-
-
-/*****************************************************************
-** dki_status () return key status
-*****************************************************************/
-dk_status_t dki_status (const dki_t *dkp)
-{
- assert (dkp != NULL);
- return (dkp->status);
-}
-
-/*****************************************************************
-** dki_statusstr () return key status as string
-*****************************************************************/
-const char *dki_statusstr (const dki_t *dkp)
-{
- assert (dkp != NULL);
- switch ( dkp->status )
- {
- case DKI_ACT: return "active";
- case DKI_PUB: if ( dki_isksk (dkp) )
- return "standby";
- else
- return "published";
- case DKI_DEP: return "depreciated";
- case DKI_REV: return "revoked";
- case DKI_SEP: return "sep";
- }
- return "unknown";
-}
-
-/*****************************************************************
-** dki_add () add a key to the given list
-*****************************************************************/
-dki_t *dki_add (dki_t **list, dki_t *new)
-{
- dki_t *curr;
- dki_t *last;
-
- if ( list == NULL )
- return NULL;
- if ( new == NULL )
- return *list;
-
- last = curr = *list;
- while ( curr && dki_cmp (curr, new) < 0 )
- {
- last = curr;
- curr = curr->next;
- }
-
- if ( curr == *list ) /* add node at start of list */
- *list = new;
- else /* add node at end or between two nodes */
- last->next = new;
- new->next = curr;
-
- return *list;
-}
-
-/*****************************************************************
-** dki_search () search a key with the given tag, or the first
-** occurence of a key with the given name
-*****************************************************************/
-const dki_t *dki_search (const dki_t *list, int tag, const char *name)
-{
- const dki_t *curr;
-
- curr = list;
- if ( tag )
- while ( curr && (tag != curr->tag ||
- (name && *name && strcmp (name, curr->name) != 0)) )
- curr = curr->next;
- else if ( name && *name )
- while ( curr && strcmp (name, curr->name) != 0 )
- curr = curr->next;
- else
- curr = NULL;
-
- return curr;
-}
-
-#if defined(USE_TREE) && USE_TREE
-/*****************************************************************
-** dki_tadd () add a key to the given tree
-*****************************************************************/
-dki_t *dki_tadd (dki_t **tree, dki_t *new, int sub_before)
-{
- dki_t **p;
-
- if ( sub_before )
- p = tsearch (new, tree, dki_namecmp);
- else
- p = tsearch (new, tree, dki_revnamecmp);
- if ( *p == new )
- dbg_val ("dki_tadd: New entry %s added\n", new->name);
- else
- {
- dbg_val ("dki_tadd: New key added to %s\n", new->name);
- dki_add (p, new);
- }
-
- return *p;
-}
-
-/*****************************************************************
-** dki_tsearch () search a key with the given tag, or the first
-** occurence of a key with the given name
-*****************************************************************/
-const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name)
-{
- dki_t search;
- dki_t **p;
-
- search.tag = tag;
- snprintf (search.name, sizeof (search.name), "%s", name);
- p = tfind (&search, &tree, dki_namecmp);
- if ( p == NULL )
- return NULL;
-
- return dki_search (*p, tag, name);
-}
-#endif
-
-/*****************************************************************
-** dki_find () find the n'th ksk or zsk key with given status
-*****************************************************************/
-const dki_t *dki_find (const dki_t *list, int ksk, int status, int no)
-{
- const dki_t *dkp;
- const dki_t *last;
-
- last = NULL;
- for ( dkp = list; no > 0 && dkp; dkp = dkp->next )
- if ( dki_isksk (dkp) == ksk && dki_status (dkp) == status )
- {
- no--;
- last = dkp;
- }
-
- return last;
-}
-
-/*****************************************************************
-** dki_findalgo () find the n'th ksk or zsk key with given
-** algorithm and status
-*****************************************************************/
-const dki_t *dki_findalgo (const dki_t *list, int ksk, int alg, int status, int no)
-{
- const dki_t *dkp;
- const dki_t *last;
-
- last = NULL;
- for ( dkp = list; no > 0 && dkp; dkp = dkp->next )
- if ( dki_isksk (dkp) == ksk && dki_algo (dkp) == alg &&
- dki_status (dkp) == status )
- {
- no--;
- last = dkp;
- }
-
- return last;
-}
+++ /dev/null
-/*****************************************************************
-**
-** @(#) dki.h -- Header file for DNSsec Key info/manipulation
-**
-** Copyright (c) July 2004 - Jan 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef DKI_H
-# define DKI_H
-
-# ifndef TYPES_H
-# include <sys/types.h>
-# include <stdio.h>
-# include <time.h>
-# endif
-
-# define MAX_LABELSIZE (255)
-# define MAX_FNAMESIZE (1+255+2+3+1+5+1+11)
- /* Kdomain.+ALG+KEYID.type */
- /* domain == FQDN (max 255) */
- /* ALG == 3; KEYID == 5 chars */
- /* type == key||published|private|depreciated == 11 chars */
-//# define MAX_DNAMESIZE (254)
-# define MAX_DNAMESIZE (1023)
- /* /path/name / filename */
-# define MAX_PATHSIZE (MAX_DNAMESIZE + 1 + MAX_FNAMESIZE)
-
-/* algorithm types */
-# define DK_ALGO_RSA 1 /* RFC2537 */
-# define DK_ALGO_DH 2 /* RFC2539 */
-# define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */
-# define DK_ALGO_EC 4 /* */
-# define DK_ALGO_RSASHA1 5 /* RFC3110 */
-# define DK_ALGO_NSEC3DSA 6 /* symlink to alg 3 RFC5155 */
-# define DK_ALGO_NSEC3RSASHA1 7 /* symlink to alg 5 RFC5155 */
-# define DK_ALGO_RSASHA256 8 /* RFCxxx */
-# define DK_ALGO_RSASHA512 10 /* RFCxxx */
-# define DK_ALGO_NSEC3RSASHA256 DK_ALGO_RSASHA256 /* same as non nsec algorithm RFCxxx */
-# define DK_ALGO_NSEC3RSASHA512 DK_ALGO_RSASHA512 /* same as non nsec algorithm RFCxxx */
-
-/* protocol types */
-# define DK_PROTO_DNS 3
-
-/* flag bits */
-typedef enum { /* 11 1111 */
- /* 0123 4567 8901 2345 */
- DK_FLAG_KSK= 01, /* 0000 0000 0000 0001 Bit 15 RFC4034/RFC3757 */
- DK_FLAG_REVOKE= 0200, /* 0000 0000 1000 0000 Bit 8 RFC5011 */
- DK_FLAG_ZONE= 0400, /* 0000 0001 0000 0000 Bit 7 RFC4034 */
-} dk_flag_t;
-
-/* status types */
-typedef enum {
- DKI_SEP= 'e',
- DKI_SECUREENTRYPOINT= 'e',
- DKI_PUB= 'p',
- DKI_PUBLISHED= 'p',
- DKI_ACT= 'a',
- DKI_ACTIVE= 'a',
- DKI_DEP= 'd',
- DKI_DEPRECIATED= 'd',
- DKI_REV= 'r',
- DKI_REVOKED= 'r',
-} dk_status_t;
-
-# define DKI_KEY_FILEEXT ".key"
-# define DKI_PUB_FILEEXT ".published"
-# define DKI_ACT_FILEEXT ".private"
-# define DKI_DEP_FILEEXT ".depreciated"
-
-# define DKI_KSK 1
-# define DKI_ZSK 0
-
-typedef struct dki {
- char dname[MAX_DNAMESIZE+1]; /* directory */
- char fname[MAX_FNAMESIZE+1]; /* file name without extension */
- char name[MAX_LABELSIZE+1]; /* domain name or label */
- ushort algo; /* key algorithm */
- ushort proto; /* must be 3 (DNSSEC) */
- dk_flag_t flags; /* ZONE, optional SEP or REVOKE flag */
- time_t time; /* key file time */
- time_t gentime; /* key generation time (will be set on key generation and never changed) */
- time_t exptime; /* time the key was expired (0L if not) */
- ulong lifetime; /* proposed key life time at time of generation */
- uint tag; /* key id */
- dk_status_t status; /* key exist (".key") and name of private */
- /* key file is ".published", ".private" */
- /* or ".depreciated" */
- char *pubkey; /* base64 public key */
- struct dki *next; /* ptr to next entry in list */
-} dki_t;
-
-#if defined(USE_TREE) && USE_TREE
-/*
- * Instead of including <search.h>, which contains horrible false function
- * declarations, we declared it for our usage (Yes, these functions return
- * the adress of a pointer variable)
- */
-typedef enum
-{
- /* we change the naming to the new, and more predictive one, used by Knuth */
- PREORDER, /* preorder, */
- INORDER, /* postorder, */
- POSTORDER, /* endorder, */
- LEAF /* leaf */
-}
-VISIT;
-
-dki_t **tsearch (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
-dki_t **tfind (const dki_t *dkp, const dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
-dki_t **tdelete (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
-void twalk (const dki_t *root, void (*action)(const dki_t **nodep, VISIT which, int depth));
-
-extern void dki_tfree (dki_t **tree);
-extern dki_t *dki_tadd (dki_t **tree, dki_t *new, int sub_before);
-extern int dki_tagcmp (const dki_t *a, const dki_t *b);
-extern int dki_namecmp (const dki_t *a, const dki_t *b);
-extern int dki_revnamecmp (const dki_t *a, const dki_t *b);
-extern int dki_allcmp (const dki_t *a, const dki_t *b);
-#endif
-
-extern dki_t *dki_read (const char *dir, const char *fname);
-extern int dki_readdir (const char *dir, dki_t **listp, int recursive);
-extern int dki_prt_trustedkey (const dki_t *dkp, FILE *fp);
-extern int dki_prt_managedkey (const dki_t *dkp, FILE *fp);
-extern int dki_prt_dnskey (const dki_t *dkp, FILE *fp);
-extern int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl);
-extern int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp);
-extern int dki_prt_comment (const dki_t *dkp, FILE *fp);
-extern int dki_cmp (const dki_t *a, const dki_t *b);
-extern int dki_timecmp (const dki_t *a, const dki_t *b);
-extern int dki_age (const dki_t *dkp, time_t curr);
-extern dk_flag_t dki_getflag (const dki_t *dkp, time_t curr);
-extern dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag);
-extern dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag);
-extern dk_status_t dki_status (const dki_t *dkp);
-extern const char *dki_statusstr (const dki_t *dkp);
-extern int dki_isksk (const dki_t *dkp);
-extern int dki_isdepreciated (const dki_t *dkp);
-extern int dki_isrevoked (const dki_t *dkp);
-extern int dki_isactive (const dki_t *dkp);
-extern int dki_ispublished (const dki_t *dkp);
-extern time_t dki_algo (const dki_t *dkp);
-extern time_t dki_time (const dki_t *dkp);
-extern time_t dki_exptime (const dki_t *dkp);
-extern time_t dki_gentime (const dki_t *dkp);
-extern time_t dki_lifetime (const dki_t *dkp);
-extern ushort dki_lifetimedays (const dki_t *dkp);
-extern ushort dki_setlifetime (dki_t *dkp, int days);
-extern time_t dki_setexptime (dki_t *dkp, time_t sec);
-extern dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days);
-extern dki_t *dki_remove (dki_t *dkp);
-extern dki_t *dki_destroy (dki_t *dkp);
-extern int dki_setstatus (dki_t *dkp, int status);
-extern int dki_setstatus_preservetime (dki_t *dkp, int status);
-extern dki_t *dki_add (dki_t **dkp, dki_t *new);
-extern const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name);
-extern const dki_t *dki_search (const dki_t *list, int tag, const char *name);
-extern const dki_t *dki_find (const dki_t *list, int ksk, int status, int first);
-extern const dki_t *dki_findalgo (const dki_t *list, int ksk, int alg, int status, int no);
-extern void dki_free (dki_t *dkp);
-extern void dki_freelist (dki_t **listp);
-extern char *dki_algo2str (int algo);
-extern char *dki_algo2sstr (int algo);
-extern const char *dki_geterrstr (void);
-
-#endif
+++ /dev/null
-.NH 1
-DNS Key Status Types and Filenames
-.PP
-.TS
-cfB | cfB s | cfB s | cfB | cfB
-cfB | cfB | cfB | cfB | cfB | cfB | cfB
-l | l | n | l | l | c | lfCW .
-Status Key Filename used for dnssec-zkt
-\^ Type Flags public private signing? label
-_
-active ZSK 256 .key .private y act ive
- KSK 257 .key .private y act ive
-.sp 0.2
-published ZSK 256 .key .published n pub lished
- KSK 257 .key .private n sta ndby
-.sp 0.2
-depreciated (retired) ZSK 256 .key .depreciated n dep reciated
-.sp 0.2
-revoked KSK 385 .key .private y rev oked
-.sp 0.2
-removed KSK 257 k*.key k*.private n -
-.sp 0.2
-sep KSK 257 .key - n sep
-.ig
-.sp 0.2
-(master KSK 257 M...key .private n -)
-..
-.TE
-.SP 2
-.NH 1
-Key rollover
-.PP
-.NH 2
-Zone signing key rollover (pre-publish RFC4641)
-.PP
-.TS
-rfB cfB |cfB |cfB |cfB
-lfB |cfB |cfB |cfB |cfB
-l |l |l |l |l .
-action create change remove
-keys newkey sig key old key
-_
-zsk1 active active depreciated
-zsk2 published active active
-.sp 0.3
-RRSIG zsk1 zsk1 zsk2 zsk2
-.TE
-.SP 2
-.NH 2
-Key signing key rollover (double signature RFC4641)
-.PP
-.TS
-rfB cfB |cfB |cfB |cfB
-lfB |cfB |cfB |cfB |cfB
-l |l |l |l |l .
-action create change remove
-keys newkey delegation old key
-_
-ksk\d1\u active active active
-ksk\d2\u active active active
-.sp 0.3
-DNSKEY RRSIG ksk1 ksk1,ksk2 ksk1,ksk2 ksk2
-.sp 0.3
-DS at parent DS\d1\u DS\d1\u DS\d2\u DS\d2\u
-.TE
-.\"RRSIG DNSKEY\dksk1\u DNSKEY\dksk1,ksk2\u DNSKEY\dksk1,ksk2\u DNSKEY\dksk2\u
-.SP 2
-.NH 2
-Key signing key rollover (rfc5011)
-.PP
-.TS
-rfB cfB |cfB |cfB
-lfB |cfB |cfB |cfB
-l |l |l |l .
-action newkey change delegation
-keys & rollover & remove old key
-_
-ksk\d1\u active revoke\v'-0.2'\(dg\v'+0.2'
-ksk\d2\u standby active active
-ksk\d3\u standby\v'-0.2'\(dd\v'+0.2' standby
-.sp 0.3
-DNSKEY RRSIG ksk1 ksk1,ksk2 ksk2
-.sp 0.3
-Parent DS DS\d1\u DS\d1\u DS\d2\u
- DS\d2\u DS\d2\u DS\d3\u
-.TE
-.LP
-\v'-0.2'\(dg\v'0.2'
-Have to remain until the remove hold-down time is expired,
-which is 30days at a minimum.
-.LP
-\v'-0.2'\(dd\v'0.2'
-Will be the standby key after the hold-down time is expired
-.br
-Add holdtime \(eq max(30days, TTL of DNSKEY)
+++ /dev/null
-%!PS-Adobe-3.0
-%%Creator: groff version 1.19.2
-%%CreationDate: Mon Jul 14 23:23:30 2008
-%%DocumentNeededResources: font Times-Bold
-%%+ font Times-Roman
-%%+ font Courier
-%%+ font Symbol
-%%DocumentSuppliedResources: procset grops 1.19 2
-%%Pages: 1
-%%PageOrder: Ascend
-%%DocumentMedia: Default 595 842 0 () ()
-%%Orientation: Portrait
-%%EndComments
-%%BeginDefaults
-%%PageMedia: Default
-%%EndDefaults
-%%BeginProlog
-%%BeginResource: procset grops 1.19 2
-%!PS-Adobe-3.0 Resource-ProcSet
-/setpacking where{
-pop
-currentpacking
-true setpacking
-}if
-/grops 120 dict dup begin
-/SC 32 def
-/A/show load def
-/B{0 SC 3 -1 roll widthshow}bind def
-/C{0 exch ashow}bind def
-/D{0 exch 0 SC 5 2 roll awidthshow}bind def
-/E{0 rmoveto show}bind def
-/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
-/G{0 rmoveto 0 exch ashow}bind def
-/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/I{0 exch rmoveto show}bind def
-/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
-/K{0 exch rmoveto 0 exch ashow}bind def
-/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/M{rmoveto show}bind def
-/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
-/O{rmoveto 0 exch ashow}bind def
-/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/Q{moveto show}bind def
-/R{moveto 0 SC 3 -1 roll widthshow}bind def
-/S{moveto 0 exch ashow}bind def
-/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/SF{
-findfont exch
-[exch dup 0 exch 0 exch neg 0 0]makefont
-dup setfont
-[exch/setfont cvx]cvx bind def
-}bind def
-/MF{
-findfont
-[5 2 roll
-0 3 1 roll
-neg 0 0]makefont
-dup setfont
-[exch/setfont cvx]cvx bind def
-}bind def
-/level0 0 def
-/RES 0 def
-/PL 0 def
-/LS 0 def
-/MANUAL{
-statusdict begin/manualfeed true store end
-}bind def
-/PLG{
-gsave newpath clippath pathbbox grestore
-exch pop add exch pop
-}bind def
-/BP{
-/level0 save def
-1 setlinecap
-1 setlinejoin
-72 RES div dup scale
-LS{
-90 rotate
-}{
-0 PL translate
-}ifelse
-1 -1 scale
-}bind def
-/EP{
-level0 restore
-showpage
-}def
-/DA{
-newpath arcn stroke
-}bind def
-/SN{
-transform
-.25 sub exch .25 sub exch
-round .25 add exch round .25 add exch
-itransform
-}bind def
-/DL{
-SN
-moveto
-SN
-lineto stroke
-}bind def
-/DC{
-newpath 0 360 arc closepath
-}bind def
-/TM matrix def
-/DE{
-TM currentmatrix pop
-translate scale newpath 0 0 .5 0 360 arc closepath
-TM setmatrix
-}bind def
-/RC/rcurveto load def
-/RL/rlineto load def
-/ST/stroke load def
-/MT/moveto load def
-/CL/closepath load def
-/Fr{
-setrgbcolor fill
-}bind def
-/setcmykcolor where{
-pop
-/Fk{
-setcmykcolor fill
-}bind def
-}if
-/Fg{
-setgray fill
-}bind def
-/FL/fill load def
-/LW/setlinewidth load def
-/Cr/setrgbcolor load def
-/setcmykcolor where{
-pop
-/Ck/setcmykcolor load def
-}if
-/Cg/setgray load def
-/RE{
-findfont
-dup maxlength 1 index/FontName known not{1 add}if dict begin
-{
-1 index/FID ne{def}{pop pop}ifelse
-}forall
-/Encoding exch def
-dup/FontName exch def
-currentdict end definefont pop
-}bind def
-/DEFS 0 def
-/EBEGIN{
-moveto
-DEFS begin
-}bind def
-/EEND/end load def
-/CNT 0 def
-/level1 0 def
-/PBEGIN{
-/level1 save def
-translate
-div 3 1 roll div exch scale
-neg exch neg exch translate
-0 setgray
-0 setlinecap
-1 setlinewidth
-0 setlinejoin
-10 setmiterlimit
-[]0 setdash
-/setstrokeadjust where{
-pop
-false setstrokeadjust
-}if
-/setoverprint where{
-pop
-false setoverprint
-}if
-newpath
-/CNT countdictstack def
-userdict begin
-/showpage{}def
-/setpagedevice{}def
-}bind def
-/PEND{
-countdictstack CNT sub{end}repeat
-level1 restore
-}bind def
-end def
-/setpacking where{
-pop
-setpacking
-}if
-%%EndResource
-%%EndProlog
-%%BeginSetup
-%%BeginFeature: *PageSize Default
-<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice
-%%EndFeature
-%%IncludeResource: font Times-Bold
-%%IncludeResource: font Times-Roman
-%%IncludeResource: font Courier
-%%IncludeResource: font Symbol
-grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
-def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
-/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
-/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
-/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
-/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
-/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
-/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
-/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
-/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
-/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
-/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
-/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
-/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
-/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
-/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
-/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
-/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
-/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
-/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
-/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
-/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
-/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
-/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
-/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
-/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
-/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
-/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
-/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE
-/Times-Bold@0 ENC0/Times-Bold RE
-%%EndSetup
-%%Page: 1 1
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Bold@0 SF 2.5(1. DNS)72 84 R -.25(Ke)2.5 G 2.5(yS).25 G
-(tatus T)-2.5 E(ypes and Filenames)-.74 E -.25(Ke)189.22 105.6 S 63.235
-(yF).25 G 40.415(ilename used)-63.235 F -.25(fo)2.5 G 29.33(rd).25 G
-(nssec-zkt)-29.33 E -.74(Ty)168.35 117.6 S 12.5(pe Flags).74 F 23.57
-(public pri)16.95 F -.1(va)-.1 G 21.62(te signing?).1 F(label)40.72 E
-(Status)99.34 111.6 Q .4 LW 473.8 122.1 72 122.1 DL/F1 10/Times-Roman@0
-SF(acti)72 131.6 Q 70.67 -.15(ve Z)-.25 H 18.43(SK 256).15 F(.k)18.89 E
-26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F/F2 10
-/Courier@0 SF(act ive)30.285 E F1 17.32(KSK 257)168.35 143.6 R(.k)18.89
-E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F F2
-(act ive)30.285 E F1 54.96(published ZSK)72 158 R 16.39(256 .k)20.93 F
-26.69 -.15(ey .)-.1 H 34.985(published n).15 F F2(pub lished)30.285 E F1
-17.32(KSK 257)168.35 170 R(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E
--.25(va)-.25 G 46.605(te n).25 F F2(sta ndby)30.285 E F1
-(depreciated \(retired\))72 184.4 Q 18.43(ZSK 256)15 F(.k)18.89 E 26.69
--.15(ey .)-.1 H 27.785(depreciated n).15 F F2(dep reciated)30.285 E F1
-(re)72 198.8 Q -.2(vo)-.25 G -.1(ke).2 G 64.69(dK).1 G 17.32(SK 385)
--64.69 F(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G
-46.605(te y).25 F F2(rev oked)30.285 E F1(remo)72 213.2 Q -.15(ve)-.15 G
-61.66(dK).15 G 17.32(SK 257)-61.66 F(k*.k)18.89 E 16.69 -.15(ey k)-.1 H
-(*.pri).15 E -.25(va)-.25 G 36.605(te n).25 F F2(-)30.285 E F1 80.52
-(sep KSK)72 227.6 R 16.39(257 .k)19.82 F 26.69 -.15(ey -)-.1 H(n)75.695
-E F2(sep)30.285 E 394.3 96.1 394.3 230.1 DL 343.73 96.1 343.73 230.1 DL
-280.14 108.1 280.14 230.1 DL 234.56 96.1 234.56 230.1 DL 196.78 108.1
-196.78 230.1 DL 160.85 96.1 160.85 230.1 DL F0 2.5(2. K)72 257.6 R(ey r)
--.25 E(ollo)-.18 E -.1(ve)-.1 G(r).1 E 2.5(2.1. Zone)72 285.2 R
-(signing k)2.5 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G(pr)
--2.5 E(e-publish RFC4641\))-.18 E 57.47(action cr)75.34 306.8 R 27.035
-(eate change)-.18 F -.18(re)23.045 G(mo).18 E -.1(ve)-.1 G -.1(ke)72
-318.8 S 65.025(ys newk).1 F 24.395(ey sig)-.1 F -.1(ke)2.5 G 23.775(yo)
-.1 G(ld k)-23.775 E(ey)-.1 E 301.18 323.3 72 323.3 DL F1 23.62
-(zsk1 acti)72 332.8 R 12.8 -.15(ve a)-.25 H(cti).15 E 28.21 -.15(ve d)
--.25 H(epreciated).15 E 62.1(zsk2 published)72 344.8 R(acti)15 E 35.41
--.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G 12.5(RRSIG zsk1)72 360.4 R
-33.06(zsk1 zsk2)20.15 F(zsk2)42.76 E 262.41 297.3 262.41 362.9 DL 201.32
-297.3 201.32 362.9 DL 147.43 297.3 147.43 362.9 DL 108.95 309.3 108.95
-362.9 DL F0 2.5(2.2. K)72 390.4 R(ey signing k)-.25 E(ey r)-.1 E(ollo)
--.18 E -.1(ve)-.1 G 2.5(r\().1 G(double signatur)-2.5 E 2.5(eR)-.18 G
-(FC4641\))-2.5 E 58.165(action cr)118.39 412 R 26.63(eate change)-.18 F
--.18(re)21.945 G(mo).18 E -.1(ve)-.1 G -.1(ke)72 424 S 108.77(ys newk).1
-F 16.58(ey delegation)-.1 F(old k)15.265 E(ey)-.1 E 343.42 428.5 72
-428.5 DL F1(ksk)72 438 Q(1)5 I(acti)68.61 -5 M 12.8 -.15(ve a)-.25 H
-(cti).15 E 29.6 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 450 Q
-(2)5 I(acti)107.09 -5 M 29.6 -.15(ve a)-.25 H(cti).15 E 33.21 -.15(ve a)
--.25 H(cti).15 E -.15(ve)-.25 G(DNSKEY RRSIG)72 465.6 Q 17.09
-(ksk1 ksk1,ksk2)15 F 16.11(ksk1,ksk2 ksk2)15 F(DS at parent)72 481.2 Q
-(DS)37.51 E(1)5 I(DS)20.7 -5 M(1)5 I(DS)37.5 -5 M(2)5 I(DS)41.11 -5 M(2)
-5 I 304.65 402.5 304.65 483.7 DL 245.76 402.5 245.76 483.7 DL 190.48
-402.5 190.48 483.7 DL 152 414.5 152 483.7 DL F0 2.5(2.3. K)72 511.2 R
-(ey signing k)-.25 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G
-(rfc5011\))-2.5 E 63.465(action newk)118.39 532.8 R 19.855(ey change)-.1
-F(delegation)2.5 E -.1(ke)72 544.8 S 112.32(ys &).1 F -.18(ro)2.5 G(llo)
-.18 E -.1(ve)-.1 G 15.525(r&).1 G -.18(re)-13.025 G(mo).18 E .2 -.1
-(ve o)-.1 H(ld k).1 E(ey)-.1 E 341.33 549.3 72 549.3 DL F1(ksk)72 558.8
-Q(1)5 I(acti)68.61 -5 M 20.43 -.15(ve r)-.25 H -2.2 -.25(ev o).15 H -.1
-(ke).25 G<87>.1 -2.4 M(ksk)72 570.8 Q(2)5 I 12.5(standby acti)68.61 -5 N
-33.65 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 582.8 Q(3)5 I
-(standby)114.72 -5 M<88>-2.4 I(standby)23.22 2.4 M(DNSKEY RRSIG)72 598.4
-Q 24.72(ksk1 ksk1,ksk2)15 F(ksk2)19.05 E -.15(Pa)72 614 S(rent DS).15 E
-(DS)46.82 E(1)5 I(DS)28.33 -5 M(1)5 I(DS)41.55 -5 M(2)5 I(DS)159.5 626 Q
-(2)5 I(DS)28.33 -5 M(2)5 I(DS)41.55 -5 M(3)5 I 257.44 523.3 257.44 628.5
-DL 198.11 523.3 198.11 628.5 DL 152 535.3 152 628.5 DL<87>72 645.2 Q(Ha)
-2.5 2.4 M .3 -.15(ve t)-.2 H 2.5(or).15 G(emain until the remo)-2.5 E .3
--.15(ve h)-.15 H(old-do).15 E(wn time is e)-.25 E
-(xpired, which is 30days at a minimum.)-.15 E<88>72 660.8 Q -.4(Wi)2.5
-2.4 O(ll be the standby k).4 E .3 -.15(ey a)-.1 H(fter the hold-do).15 E
-(wn time is e)-.25 E(xpired)-.15 E(Add holdtime)72 675.2 Q/F3 10/Symbol
-SF(=)2.5 E F1(max\(30days, TTL of DNSKEY\))2.5 E 0 Cg EP
-%%Trailer
-end
-%%EOF
+++ /dev/null
-
-
-
-Intended Status: Informational O. Gudmundsson
-Network Working Group OGUD Consulting LLC
-Internet-Draft J. Ihren
-Expires: August 21, 2008 AAB
- February 18, 2008
-
-
- Names of States in the life of a DNSKEY
- draft-gudmundsson-life-of-dnskey-00
-
-Status of this Memo
-
- By submitting this Internet-Draft, each author represents that any
- applicable patent or other IPR claims of which he or she is aware
- have been or will be disclosed, and any of which he or she becomes
- aware will be disclosed, in accordance with Section 6 of BCP 79.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF), its areas, and its working groups. Note that
- other groups may also distribute working documents as Internet-
- Drafts.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as "work in progress."
-
- The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/ietf/1id-abstracts.txt.
-
- The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html.
-
- This Internet-Draft will expire on August 21, 2008.
-
-Copyright Notice
-
- Copyright (C) The IETF Trust (2008).
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 1]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-Abstract
-
- This document recommends a specific terminology to use when
- expressing the state that a DNSKEY is in at particular time. This
- does not affect how the protocol operates in any way.
-
-
-Table of Contents
-
- 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
- 2. DNSKEY timeline . . . . . . . . . . . . . . . . . . . . . . . 4
- 3. Life stages of a DNSKEY . . . . . . . . . . . . . . . . . . . 5
- 3.1. Generated . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3.2. Published . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3.2.1. Pre-Publication . . . . . . . . . . . . . . . . . . . 5
- 3.2.2. Out-Of-Band Publication . . . . . . . . . . . . . . . 5
- 3.3. Active . . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3.4. Retired . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3.5. Removed . . . . . . . . . . . . . . . . . . . . . . . . . 6
- 3.5.1. Lame . . . . . . . . . . . . . . . . . . . . . . . . . 6
- 3.5.2. Stale . . . . . . . . . . . . . . . . . . . . . . . . 6
- 3.6. Revoked . . . . . . . . . . . . . . . . . . . . . . . . . 6
- 4. Security considerations . . . . . . . . . . . . . . . . . . . 7
- 5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8
- 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
- 6.1. Normative References . . . . . . . . . . . . . . . . . . . 9
- 6.2. Informative References . . . . . . . . . . . . . . . . . . 9
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
- Intellectual Property and Copyright Statements . . . . . . . . . . 11
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 2]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-1. Introduction
-
- When the editors of this document where comparing their DNSSEC key
- management projects they discovered that they where discussing
- roughly the same thing but using different terminology.
-
- This document presents a unified terminology to use when describing
- the current state of a DNSKEY.
-
- The DNSSEC standards documents ([1], [2] and [3]) do not address the
- required states for the key management of a DNSSEC key. The DNSSEC
- Operational Practices [4] document does propose that keys be
- published before use but uses inconsistent or confusing terms. This
- document assumes basic understanding of DNSSEC and key management.
-
- The terms proposed in this document attempt to avoid any confusion
- and make the states of keys to be as clear as possible. The terms
- used in this document are intended as a operational supplement to the
- terms defined in Section 2 of [1].
-
- To large extent this discussion is motivated by Trust anchor keys but
- the same terminology can be used for zone signing keys.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 3]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-2. DNSKEY timeline
-
- The model in this document is that keys progress through a state
- machine along a one-way path, keys never move to an earlier states.
-
-
-
- GENERATED----------> PUBLISHED ---> ACTIVE ---> RETIRED --> REMOVED
- | ^ | | | ^
- | | | | v |
- +--> Pre-PUBLISHED--+ +--------+---------> REVOKED ---+
-
-
- DNSKEY time line.
-
- There are few more states that are defined below but these apply only
- to the publisher of TA's and the consumer of TA's. Two of these are
- sub-sets of the Published state, the other two are error states.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 4]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-3. Life stages of a DNSKEY
-
-3.1. Generated
-
- Once a key is generated it enters state Generated and stays there
- until the next state. While in this state only the owner of the key
- is aware of its existence and can prepare for its future use.
-
-3.2. Published
-
- Once the key is added to the DNSKEY set of a zone the key is there
- for the world to see, or published. The key needs to remain in this
- state for some time to propagate to all validators that have cached
- the prior version of the DNSKEY set. In the case of KSK the key
- should remain in this state for a longer time as documented in DNSSEC
- Timers RFC [5].
-
-3.2.1. Pre-Publication
-
- In certain circumstances a zone owner may want to give out a new
- Trust Anchor before exposing the actual public key. In this case the
- zone can publish a DS record of the key. This allows others to
- configure the trust anchor but will not be able to use the key until
- the key is published in the DNSKEY RRset.
-
-3.2.2. Out-Of-Band Publication
-
- In certain circumstances a domain may want to give out a new Trust
- Anchor outside DNS to give others a long lead time to configure the
- new key as trust anchor. The reason people may want to do this is to
- keep the size of the DNSKEY set smaller and only add new trust anchor
- just before the key goes into use. One likely use for this is the
- DNS "." root key as it does not have a parent that can publish a DS
- record for it. The publication mechanism does not matter it can be
- any one of web-site, advertisement in Financial Times and other
- international publication, e-mail to DNS related mailing lists, etc..
-
-3.3. Active
-
- The key is in ACTIVE state while it is actively signing data in the
- zone it resides in. It is one of the the keys that are signing the
- zone or parts of the zone.
-
-3.4. Retired
-
- When the key is no longer used for signing the zone it enters state
- Retired. In this state there may still be signatures by the key in
- cached data from the zone available at recursive servers, but the
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 5]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
- authoritative servers for the zone do no longer carry any signatures
- generated by the key.
-
-3.5. Removed
-
- Once the key is removed from the DNSKEY RRset it enters the state
- Removed. At this point all signatures by the key that may still be
- temporarily valid will fail to verify once the validator refreshes
- the DNSKEY RRset in its memory.
-
- Therefore "removal" of a key is typically not done until all the
- cached signatures have expired. Entering this state too early may
- cause number of validators to end up with STALE Trust Anchors.
-
-3.5.1. Lame
-
- A Trust Anchor is Lame if the parent continues to publish DS pointing
- to the key after it has been removed from the DNSKEY RRset. A Trust
- Anchor is arguably Lame if there are no signatures by a Retired KSK
- in the zone.
-
-3.5.2. Stale
-
- A Stale Trust Anchor is an old TA that remains in a validators list
- of active key(s) after the key has been removed from the zone's
- DNSKEY RRset.
-
-3.6. Revoked
-
- There are times when a zone wants to signal that a particular key
- should not be used at all. The mechanism to do this is to set the
- REVOKE bit [5]. Any key in any of the while the key is the DNSSKEY
- set can be exited to Revoked state. After some time in the Revoke
- state the key will be Removed.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 6]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-4. Security considerations
-
- TBD
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 7]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-5. IANA considerations
-
- This document does not have any IANA actions.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 8]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-6. References
-
-6.1. Normative References
-
-6.2. Informative References
-
- [1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "DNS Security Introduction and Requirements", RFC 4033,
- March 2005.
-
- [2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "Resource Records for the DNS Security Extensions", RFC 4034,
- March 2005.
-
- [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "Protocol Modifications for the DNS Security Extensions",
- RFC 4035, March 2005.
-
- [4] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices",
- RFC 4641, September 2006.
-
- [5] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust
- Anchors", RFC 5011, September 2007.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 9]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-Authors' Addresses
-
- Olafur Gudmundsson
- OGUD Consulting LLC
- 3821 Village Park Drive
- Chevy Chase, MD 20815
- USA
-
- Email: ogud@ogud.com
-
-
- Johan Ihren
- Automatica, AB
- Bellmansgatan 30
- Stockholm, SE-118 47
- Sweden
-
- Email: johani@automatica.se
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 10]
-\f
-Internet-Draft DNSSEC Key life stages. February 2008
-
-
-Full Copyright Statement
-
- Copyright (C) The IETF Trust (2008).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at
- ietf-ipr@ietf.org.
-
-
-Acknowledgment
-
- Funding for the RFC Editor function is provided by the IETF
- Administrative Support Activity (IASA).
-
-
-
-
-
-Gudmundsson & Ihren Expires August 21, 2008 [Page 11]
-\f
+++ /dev/null
-
-
-
-DNSOP O. Kolkman
-Internet-Draft NLnet Labs
-Obsoletes: 2541 (if approved) R. Gieben
-Intended status: BCP
-Expires: September 8, 2009 March 7, 2009
-
-
- DNSSEC Operational Practices, Version 2
- draft-ietf-dnsop-rfc4641bis-01
-
-Status of This Memo
-
- This Internet-Draft is submitted to IETF in full conformance with the
- provisions of BCP 78 and BCP 79. This document may contain material
- from IETF Documents or IETF Contributions published or made publicly
- available before November 10, 2008. The person(s) controlling the
- copyright in some of this material may not have granted the IETF
- Trust the right to allow modifications of such material outside the
- IETF Standards Process. Without obtaining an adequate license from
- the person(s) controlling the copyright in such materials, this
- document may not be modified outside the IETF Standards Process, and
- derivative works of it may not be created outside the IETF Standards
- Process, except to format it for publication as an RFC or to
- translate it into languages other than English.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF), its areas, and its working groups. Note that
- other groups may also distribute working documents as Internet-
- Drafts.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as "work in progress."
-
- The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/ietf/1id-abstracts.txt.
-
- The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html.
-
- This Internet-Draft will expire on September 8, 2009.
-
-Copyright Notice
-
- Copyright (c) 2009 IETF Trust and the persons identified as the
- document authors. All rights reserved.
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 1]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- This document is subject to BCP 78 and the IETF Trust's Legal
- Provisions Relating to IETF Documents in effect on the date of
- publication of this document (http://trustee.ietf.org/license-info).
- Please review these documents carefully, as they describe your rights
- and restrictions with respect to this document.
-
-Abstract
-
- This document describes a set of practices for operating the DNS with
- security extensions (DNSSEC). The target audience is zone
- administrators deploying DNSSEC.
-
- The document discusses operational aspects of using keys and
- signatures in the DNS. It discusses issues of key generation, key
- storage, signature generation, key rollover, and related policies.
-
- This document obsoletes RFC 2541, as it covers more operational
- ground and gives more up-to-date requirements with respect to key
- sizes and the new DNSSEC specification.
-
-Table of Contents
-
- 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
- 1.1. The Use of the Term 'key' . . . . . . . . . . . . . . . . 5
- 1.2. Time Definitions . . . . . . . . . . . . . . . . . . . . . 5
- 2. Keeping the Chain of Trust Intact . . . . . . . . . . . . . . 5
- 3. Keys Generation and Storage . . . . . . . . . . . . . . . . . 6
- 3.1. Zone and Key Signing Keys . . . . . . . . . . . . . . . . 6
- 3.1.1. Motivations for the KSK and ZSK Separation . . . . . . 7
- 3.1.2. Differentiation for 'High-Level' Zones . . . . . . . . 9
- 3.2. Key Generation . . . . . . . . . . . . . . . . . . . . . . 9
- 3.3. Key Effectivity Period . . . . . . . . . . . . . . . . . . 9
- 3.4. Key Algorithm . . . . . . . . . . . . . . . . . . . . . . 10
- 3.5. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 10
- 3.6. Private Key Storage . . . . . . . . . . . . . . . . . . . 11
- 4. Signature Generation, Key Rollover, and Related Policies . . . 12
- 4.1. Time in DNSSEC . . . . . . . . . . . . . . . . . . . . . . 12
- 4.1.1. Time Considerations . . . . . . . . . . . . . . . . . 13
- 4.2. Key Rollovers . . . . . . . . . . . . . . . . . . . . . . 15
- 4.2.1. Zone Signing Key Rollovers . . . . . . . . . . . . . . 15
- 4.2.1.1. Pre-Publish Key Rollover . . . . . . . . . . . . . 15
- 4.2.1.2. Double Signature Zone Signing Key Rollover . . . . 17
- 4.2.1.3. Pros and Cons of the Schemes . . . . . . . . . . . 19
- 4.2.2. Key Signing Key Rollovers . . . . . . . . . . . . . . 19
- 4.2.3. Difference Between ZSK and KSK Rollovers . . . . . . . 21
- 4.2.4. Key algorithm rollover . . . . . . . . . . . . . . . . 22
- 4.2.5. Automated Key Rollovers . . . . . . . . . . . . . . . 23
- 4.3. Planning for Emergency Key Rollover . . . . . . . . . . . 24
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 2]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- 4.3.1. KSK Compromise . . . . . . . . . . . . . . . . . . . . 24
- 4.3.1.1. Keeping the Chain of Trust Intact . . . . . . . . 25
- 4.3.1.2. Breaking the Chain of Trust . . . . . . . . . . . 26
- 4.3.2. ZSK Compromise . . . . . . . . . . . . . . . . . . . . 26
- 4.3.3. Compromises of Keys Anchored in Resolvers . . . . . . 26
- 4.4. Parental Policies . . . . . . . . . . . . . . . . . . . . 27
- 4.4.1. Initial Key Exchanges and Parental Policies
- Considerations . . . . . . . . . . . . . . . . . . . . 27
- 4.4.2. Storing Keys or Hashes? . . . . . . . . . . . . . . . 27
- 4.4.3. Security Lameness . . . . . . . . . . . . . . . . . . 28
- 4.4.4. DS Signature Validity Period . . . . . . . . . . . . . 28
- 4.4.5. (Non) Cooperating Registrars . . . . . . . . . . . . . 29
- 5. Security Considerations . . . . . . . . . . . . . . . . . . . 30
- 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 30
- 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 30
- 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31
- 8.1. Normative References . . . . . . . . . . . . . . . . . . . 31
- 8.2. Informative References . . . . . . . . . . . . . . . . . . 31
- Appendix A. Terminology . . . . . . . . . . . . . . . . . . . . . 32
- Appendix B. Zone Signing Key Rollover How-To . . . . . . . . . . 34
- Appendix C. Typographic Conventions . . . . . . . . . . . . . . . 34
- Appendix D. Document Editing History . . . . . . . . . . . . . . 37
- D.1. draft-ietf-dnsop-rfc4641-00 . . . . . . . . . . . . . . . 37
- D.2. version 0->1 . . . . . . . . . . . . . . . . . . . . . . . 37
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 3]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
-1. Introduction
-
- This document describes how to run a DNS Security (DNSSEC)-enabled
- environment. It is intended for operators who have knowledge of the
- DNS (see RFC 1034 [1] and RFC 1035 [2]) and want to deploy DNSSEC.
- See RFC 4033 [3] for an introduction to DNSSEC, RFC 4034 [4] for the
- newly introduced Resource Records (RRs), and RFC 4035 [5] for the
- protocol changes.
-
- During workshops and early operational deployment tests, operators
- and system administrators have gained experience about operating the
- DNS with security extensions (DNSSEC). This document translates
- these experiences into a set of practices for zone administrators.
- At the time of writing, there exists very little experience with
- DNSSEC in production environments; this document should therefore
- explicitly not be seen as representing 'Best Current Practices'.
- [OK: Is this document ripe enough to shoot for BCP?]
-
- The procedures herein are focused on the maintenance of signed zones
- (i.e., signing and publishing zones on authoritative servers). It is
- intended that maintenance of zones such as re-signing or key
- rollovers be transparent to any verifying clients on the Internet.
-
- The structure of this document is as follows. In Section 2, we
- discuss the importance of keeping the "chain of trust" intact.
- Aspects of key generation and storage of private keys are discussed
- in Section 3; the focus in this section is mainly on the private part
- of the key(s). Section 4 describes considerations concerning the
- public part of the keys. Since these public keys appear in the DNS
- one has to take into account all kinds of timing issues, which are
- discussed in Section 4.1. Section 4.2 and Section 4.3 deal with the
- rollover, or supercession, of keys. Finally, Section 4.4 discusses
- considerations on how parents deal with their children's public keys
- in order to maintain chains of trust.
-
- The typographic conventions used in this document are explained in
- Appendix C.
-
- Since this is a document with operational suggestions and there are
- no protocol specifications, the RFC 2119 [6] language does not apply.
-
- This document [OK: when approved] obsoletes RFC 4641 [16].
-
- [OK: Editorial comments and questions are indicated by square
- brackets and editor innitials]
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 4]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
-1.1. The Use of the Term 'key'
-
- It is assumed that the reader is familiar with the concept of
- asymmetric keys on which DNSSEC is based (public key cryptography
- RFC4949 [17]). Therefore, this document will use the term 'key'
- rather loosely. Where it is written that 'a key is used to sign
- data' it is assumed that the reader understands that it is the
- private part of the key pair that is used for signing. It is also
- assumed that the reader understands that the public part of the key
- pair is published in the DNSKEY Resource Record and that it is the
- public part that is used in key exchanges.
-
-1.2. Time Definitions
-
- In this document, we will be using a number of time-related terms.
- The following definitions apply:
-
- o "Signature validity period" The period that a signature is valid.
- It starts at the time specified in the signature inception field
- of the RRSIG RR and ends at the time specified in the expiration
- field of the RRSIG RR.
-
- o "Signature publication period" Time after which a signature (made
- with a specific key) is replaced with a new signature (made with
- the same key). This replacement takes place by publishing the
- relevant RRSIG in the master zone file. After one stops
- publishing an RRSIG in a zone, it may take a while before the
- RRSIG has expired from caches and has actually been removed from
- the DNS.
-
- o "Key effectivity period" The period during which a key pair is
- expected to be effective. This period is defined as the time
- between the first inception time stamp and the last expiration
- date of any signature made with this key, regardless of any
- discontinuity in the use of the key. The key effectivity period
- can span multiple signature validity periods.
-
- o "Maximum/Minimum Zone Time to Live (TTL)" The maximum or minimum
- value of the TTLs from the complete set of RRs in a zone. Note
- that the minimum TTL is not the same as the MINIMUM field in the
- SOA RR. See [9] for more information.
-
-2. Keeping the Chain of Trust Intact
-
- Maintaining a valid chain of trust is important because broken chains
- of trust will result in data being marked as Bogus (as defined in [3]
- Section 5), which may cause entire (sub)domains to become invisible
- to verifying clients. The administrators of secured zones have to
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 5]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- realize that their zone is, to verifying clients, part of a chain of
- trust.
-
- As mentioned in the introduction, the procedures herein are intended
- to ensure that maintenance of zones, such as re-signing or key
- rollovers, will be transparent to the verifying clients on the
- Internet.
-
- Administrators of secured zones will have to keep in mind that data
- published on an authoritative primary server will not be immediately
- seen by verifying clients; it may take some time for the data to be
- transferred to other secondary authoritative nameservers and clients
- may be fetching data from caching non-authoritative servers. In this
- light, note that the time for a zone transfer from master to slave is
- negligible when using NOTIFY [8] and incremental transfer (IXFR) [7].
- It increases when full zone transfers (AXFR) are used in combination
- with NOTIFY. It increases even more if you rely on full zone
- transfers based on only the SOA timing parameters for refresh.
-
- For the verifying clients, it is important that data from secured
- zones can be used to build chains of trust regardless of whether the
- data came directly from an authoritative server, a caching
- nameserver, or some middle box. Only by carefully using the
- available timing parameters can a zone administrator ensure that the
- data necessary for verification can be obtained.
-
- The responsibility for maintaining the chain of trust is shared by
- administrators of secured zones in the chain of trust. This is most
- obvious in the case of a 'key compromise' when a trade-off between
- maintaining a valid chain of trust and replacing the compromised keys
- as soon as possible must be made. Then zone administrators will have
- to make a trade-off, between keeping the chain of trust intact --
- thereby allowing for attacks with the compromised key -- or
- deliberately breaking the chain of trust and making secured
- subdomains invisible to security-aware resolvers. Also see
- Section 4.3.
-
-3. Keys Generation and Storage
-
- This section describes a number of considerations with respect to the
- security of keys. It deals with the generation, effectivity period,
- size, and storage of private keys.
-
-3.1. Zone and Key Signing Keys
-
- The DNSSEC validation protocol does not distinguish between different
- types of DNSKEYs. All DNSKEYs can be used during the validation. In
- practice, operators use Key Signing and Zone Signing Keys and use the
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 6]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- so-called Secure Entry Point (SEP) [5] flag to distinguish between
- them during operations. The dynamics and considerations are
- discussed below.
-
- To make zone re-signing and key rollover procedures easier to
- implement, it is possible to use one or more keys as Key Signing Keys
- (KSKs). These keys will only sign the apex DNSKEY RRSet in a zone.
- Other keys can be used to sign all the RRSets in a zone and are
- referred to as Zone Signing Keys (ZSKs). In this document, we assume
- that KSKs are the subset of keys that are used for key exchanges with
- the parent and potentially for configuration as trusted anchors --
- the SEP keys. In this document, we assume a one-to-one mapping
- between KSK and SEP keys and we assume the SEP flag to be set on all
- KSKs.
-
-3.1.1. Motivations for the KSK and ZSK Separation
-
- Differentiating between the KSK and ZSK functions has several
- advantages:
-
- o No parent/child interaction is required when ZSKs are updated.
-
- o [OK: Bullet removed, strawman Paul Hoffman]
-
- o As the KSK is only used to sign a key set, which is most probably
- updated less frequently than other data in the zone, it can be
- stored separately from and in a safer location than the ZSK.
-
- o A KSK can have a longer key effectivity period.
-
- For almost any method of key management and zone signing, the KSK is
- used less frequently than the ZSK. Once a key set is signed with the
- KSK, all the keys in the key set can be used as ZSKs. If a ZSK is
- compromised, it can be simply dropped from the key set. The new key
- set is then re-signed with the KSK.
-
- Given the assumption that for KSKs the SEP flag is set, the KSK can
- be distinguished from a ZSK by examining the flag field in the DNSKEY
- RR. If the flag field is an odd number it is a KSK. If it is an
- even number it is a ZSK.
-
- The Zone Signing Key can be used to sign all the data in a zone on a
- regular basis. When a Zone Signing Key is to be rolled, no
- interaction with the parent is needed. This allows for signature
- validity periods on the order of days.
-
- The Key Signing Key is only to be used to sign the DNSKEY RRs in a
- zone. If a Key Signing Key is to be rolled over, there will be
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 7]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- interactions with parties other than the zone administrator. If
- there is a parent zone, these can include the registry of the parent
- zone or administrators of verifying resolvers that have the
- particular key configured as secure entry points. If this is a trust
- anchor, everyone relying on the trust anchor needs to roll over to
- the new key. The latter may be subject to stability costs if
- automated trust-anchor rollover mechanisms (such as e.g. RFC5011
- [18]) are not in place. Hence, the key effectivity period of these
- keys can and should be made much longer.
-
- There are two schools of thought on rolling a KSK that is not a trust
- anchor [OK: One can never be sure a KSK is _not_ a trust anchor]:
-
- o It should be done regularly (possibly every few months) so that a
- key rollover remains an operational routine.
-
- o It should only be done when it is known or strongly suspected that
- the key has been compromised in order to reduce the stability
- issues on systems where the rollover does not happen cleanly.
-
- There is no widespread agreement on which of these two schools of
- thought is better for different deployments of DNSSEC. There is a
- stability cost every time a non-anchor KSK is rolled over, but it is
- possibly low if the communication between the child and the parent is
- good. On the other hand, the only completely effective way to tell
- if the communication is good is to test it periodically. Thus,
- rolling a KSK with a parent is only done for two reasons: to test and
- verify the rolling system to prepare for an emergency, and in the
- case of an actual emergency.
-
- [OK: The paragraph below is a straw-man by Paul Hoffman] Because of
- the difficulty of getting all users of a trust anchor to replace an
- old trust anchor with a new one, a KSK that is a trust anchor should
- never be rolled unless it is known or strongly suspected that the key
- has been compromised.
-
- [OK: This is an alternative straw-man by Olaf Kolkman] The same
- operational concerns apply to the rollover of KSKs that are used as
- trust-anchors. Since the administrator of a zone can not be certain
- that the zone's KSK is in use as a trust-anchor she will have to
- assume that a rollover will cause a stability cost for the users that
- did configure her key as a trust-anchor. Those costs can be
- minimized by automating the rollover RFC5011 [18] and by rolling the
- key regularly, and advertising such, so that the operators of
- recursive nameservers will put the appropriate mechanism in place to
- deal with these stability costs, or, in other words, budget for these
- costs instead of incuring them unexpectedly.
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 8]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
-3.1.2. Differentiation for 'High-Level' Zones
-
- In an earlier version of this document we made a differentiation
- between KSKs used for zones that are high in the DNS hierarchy versus
- KSKs used for zones low in that hierarchy. We have come to realize
- that there are other considerations that argue such differentiation
- does not need to be made.
-
- Longer keys are not useful because the crypto guidance is that
- everyone should use keys that no one can break. Also, it is
- impossible to judge which zones are more or less valuable to an
- attacker. An attack can only be used if the compromise is unnoticed
- and the attacker can act as an man-in-the-middle attack (MITM) in an
- unnoticed way. If .example is compromised and the attacker forges
- answers for somebank.example and sends them out as an MITM, when the
- attack is discovered it will be simple to prove that .example has
- been compromised and the KSK will be rolled. Defining a long-term
- successful attack is difficult for keys at any level.
-
-3.2. Key Generation
-
- Careful generation of all keys is a sometimes overlooked but
- absolutely essential element in any cryptographically secure system.
- The strongest algorithms used with the longest keys are still of no
- use if an adversary can guess enough to lower the size of the likely
- key space so that it can be exhaustively searched. Technical
- suggestions for the generation of random keys will be found in RFC
- 4086 [14] and NIST SP 800-900 [20]. One should carefully assess if
- the random number generator used during key generation adheres to
- these suggestions.
-
- Keys with a long effectivity period are particularly sensitive as
- they will represent a more valuable target and be subject to attack
- for a longer time than short-period keys. It is strongly recommended
- that long-term key generation occur off-line in a manner isolated
- from the network via an air gap or, at a minimum, high-level secure
- hardware.
-
-3.3. Key Effectivity Period
-
- From a purely operational perspective, a reasonable key effectivity
- period for KSKs that have a parent zone is 13 months, with the intent
- to replace them after 12 months. An intended key effectivity period
- of a month is reasonable for Zone Signing Keys. This annual rollover
- gives operational practice to rollovers.
-
- Ignoring the operational perspective, a reasonable effectivity period
- for KSKs that have a parent zone is of the order of 2 decades or
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 9]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- longer. That is, if one does not plan to test the rollover
- procedure, the key should be effective essentially forever, and then
- only rolled over in case of emergency.
-
- The "operational habit" argument also applies to trust anchor
- reconfiguration. If a short key effectivity period is used and the
- trust anchor configuration has to be revisited on a regular basis,
- the odds that the configuration tends to be forgotten is smaller.
- The trade-off is against a system that is so dynamic that
- administrators of the validating clients will not be able to follow
- the modifications.Note that if a trust anchor replacement is done
- incorrectly, the entire zone that the trust anchor covers will become
- bogus until the trust anchor is corrected.
-
- Key effectivity periods can be made very short, as in a few minutes.
- But when replacing keys one has to take the considerations from
- Section 4.1 and Section 4.2 into account.
-
-3.4. Key Algorithm
-
- There are currently two types of signature algorithms that can be
- used in DNSSEC: RSA and DSA. Both are fully specified in many
- freely-available documents, and both are widely considered to be
- patent-free. The creation of signatures wiht RSA and DSA takes
- roughly the same time, but DSA is about ten times slower for
- signature verification.
-
- We suggest the use of either RSA/SHA-1 or RSA/SHA-256 as the
- preferred signature algorithms. Both have advantages and
- disadvantages. RSA/SHA-1 has been deployed for many years, while
- RSA/SHA-256 has only begun to be deployed. On the other hand, it is
- expected that if effective attacks on either algorithm appeark, they
- will appear for RSA/SHA-1 first. RSA/MD5 should not be considered
- for use because RSA/MD5 will very likely be the first common-use
- signature algorithm to have an effective attack.
-
- At the time of publication, it is known that the SHA-1 hash has
- cryptanalysis issues. There is work in progress on addressing these
- issues. We recommend the use of public key algorithms based on
- hashes stronger than SHA-1 (e.g., SHA-256), as soon as these
- algorithms are available in protocol specifications (see [21] and
- [22]) and implementations.
-
-3.5. Key Sizes
-
- DNSSEC signing keys should be large enough to avoid all know
- cryptographic attacks during the lifetime of the key. To date,
- despite huge efforts, no one has broken a regular 1024-bit key; in
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 10]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- fact, the best completed attack is estimated to be the equivalent of
- a 700-bit key. An attacker breaking a 1024-bit signing key would
- need expend phenominal amounts of networked computing power in a way
- that would not be detected in order to break a single key. Because
- of this, it is estimated that most zones can safely use 1024-bit keys
- for at least the next ten years. A 1024-bit asymmetric key has an
- approximate equivalent strength of a symmetric 80-bit key.
-
- Keys that are used as extremely high value trust anchors, or non-
- anchor keys that may be difficult to roll over, may want to use
- lengths longer than 1024 bits. Typically, the next larger key size
- used is 2048 bits, which have the approximate equivalent strength of
- a symmetric 112-bit key. In a standard CPU, it takes about four
- times as long to sign or verify with a 2048-bit key as it does with a
- 1024-bit key.
-
- Another way to decide on the size of key to use is to remember that
- the phenominal effort it takes for an attacker to break a 1024-bit
- key is the same regardless of how the key is used. If an attacker
- has the capability of breaking a 1024-bit DNSSEC key, he also has the
- capability of breaking one of the many 1024-bit TLS trust anchor keys
- that are installed with web browsers. If the value of a DNSSEC key
- is lower to the attacker than the value of a TLS trust anchor, the
- attacker will use the resources to attack the TLS trust anchor.
-
- It is possible that there is a unexpected improvement in the ability
- for attackers to beak keys, and that such an attack would make it
- feasible to break 1024-bit keys but not 2048-bit keys. If such an
- improvement happens, it is likely that there will be a huge amount of
- publicity, particularly because of the large number of 1024-bit TLS
- trust anchors build into popular web browsers. At that time, all
- 1024-bit keys (both ones with parent zones and ones that are trust
- anchors) can be rolled over and replaced with larger keys.
-
- Earlier documents (including the previous version of this document)
- urged the use of longer keys in situations where a particular key was
- "heavily used". That advice may have been true 15 years ago, but it
- is not true today when using RSA or DSA algorithms and keys of 1024
- bits or higher.
-
-3.6. Private Key Storage
-
- It is recommended that, where possible, zone private keys and the
- zone file master copy that is to be signed be kept and used in off-
- line, non-network-connected, physically secure machines only.
- Periodically, an application can be run to add authentication to a
- zone by adding RRSIG and NSEC RRs. Then the augmented file can be
- transferred.
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 11]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- When relying on dynamic update to manage a signed zone [11], be aware
- that at least one private key of the zone will have to reside on the
- master server. This key is only as secure as the amount of exposure
- the server receives to unknown clients and the security of the host.
- Although not mandatory, one could administer the DNS in the following
- way. The master that processes the dynamic updates is unavailable
- from generic hosts on the Internet, it is not listed in the NS RRSet,
- although its name appears in the SOA RRs MNAME field. The
- nameservers in the NS RRSet are able to receive zone updates through
- NOTIFY, IXFR, AXFR, or an out-of-band distribution mechanism. This
- approach is known as the "hidden master" setup.
-
- The ideal situation is to have a one-way information flow to the
- network to avoid the possibility of tampering from the network.
- Keeping the zone master file on-line on the network and simply
- cycling it through an off-line signer does not do this. The on-line
- version could still be tampered with if the host it resides on is
- compromised. For maximum security, the master copy of the zone file
- should be off-net and should not be updated based on an unsecured
- network mediated communication.
-
- In general, keeping a zone file off-line will not be practical and
- the machines on which zone files are maintained will be connected to
- a network. Operators are advised to take security measures to shield
- unauthorized access to the master copy.
-
- For dynamically updated secured zones [11], both the master copy and
- the private key that is used to update signatures on updated RRs will
- need to be on-line.
-
-4. Signature Generation, Key Rollover, and Related Policies
-
-4.1. Time in DNSSEC
-
- Without DNSSEC, all times in the DNS are relative. The SOA fields
- REFRESH, RETRY, and EXPIRATION are timers used to determine the time
- elapsed after a slave server synchronized with a master server. The
- Time to Live (TTL) value and the SOA RR minimum TTL parameter [9] are
- used to determine how long a forwarder should cache data after it has
- been fetched from an authoritative server. By using a signature
- validity period, DNSSEC introduces the notion of an absolute time in
- the DNS. Signatures in DNSSEC have an expiration date after which
- the signature is marked as invalid and the signed data is to be
- considered Bogus.
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 12]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
-4.1.1. Time Considerations
-
- Because of the expiration of signatures, one should consider the
- following:
-
- o We suggest the Maximum Zone TTL of your zone data to be a fraction
- of your signature validity period.
-
- If the TTL would be of similar order as the signature validity
- period, then all RRSets fetched during the validity period
- would be cached until the signature expiration time. Section
- 7.1 of [3] suggests that "the resolver may use the time
- remaining before expiration of the signature validity period of
- a signed RRSet as an upper bound for the TTL". As a result,
- query load on authoritative servers would peak at signature
- expiration time, as this is also the time at which records
- simultaneously expire from caches.
-
- To avoid query load peaks, we suggest the TTL on all the RRs in
- your zone to be at least a few times smaller than your
- signature validity period.
-
- o We suggest the signature publication period to end at least one
- Maximum Zone TTL duration before the end of the signature validity
- period.
-
- Re-signing a zone shortly before the end of the signature
- validity period may cause simultaneous expiration of data from
- caches. This in turn may lead to peaks in the load on
- authoritative servers.
-
- o We suggest the Minimum Zone TTL to be long enough to both fetch
- and verify all the RRs in the trust chain. In workshop
- environments, it has been demonstrated [19] that a low TTL (under
- 5 to 10 minutes) caused disruptions because of the following two
- problems:
-
- 1. During validation, some data may expire before the
- validation is complete. The validator should be able to keep
- all data until it is completed. This applies to all RRs needed
- to complete the chain of trust: DSes, DNSKEYs, RRSIGs, and the
- final answers, i.e., the RRSet that is returned for the initial
- query.
-
- 2. Frequent verification causes load on recursive nameservers.
- Data at delegation points, DSes, DNSKEYs, and RRSIGs benefit
- from caching. The TTL on those should be relatively long.
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 13]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- o Slave servers will need to be able to fetch newly signed zones
- well before the RRSIGs in the zone served by the slave server pass
- their signature expiration time.
-
- When a slave server is out of sync with its master and data in
- a zone is signed by expired signatures, it may be better for
- the slave server not to give out any answer.
-
- Normally, a slave server that is not able to contact a master
- server for an extended period will expire a zone. When that
- happens, the server will respond differently to queries for
- that zone. Some servers issue SERVFAIL, whereas others turn
- off the 'AA' bit in the answers. The time of expiration is set
- in the SOA record and is relative to the last successful
- refresh between the master and the slave servers. There exists
- no coupling between the signature expiration of RRSIGs in the
- zone and the expire parameter in the SOA.
-
- If the server serves a DNSSEC zone, then it may well happen
- that the signatures expire well before the SOA expiration timer
- counts down to zero. It is not possible to completely prevent
- this from happening by tweaking the SOA parameters.
-
- However, the effects can be minimized where the SOA expiration
- time is equal to or shorter than the signature validity period.
-
- The consequence of an authoritative server not being able to
- update a zone, whilst that zone includes expired signatures, is
- that non-secure resolvers will continue to be able to resolve
- data served by the particular slave servers while security-
- aware resolvers will experience problems because of answers
- being marked as Bogus.
-
- We suggest the SOA expiration timer being approximately one
- third or one fourth of the signature validity period. It will
- allow problems with transfers from the master server to be
- noticed before the actual signature times out.
-
- We also suggest that operators of nameservers that supply
- secondary services develop 'watch dogs' to spot upcoming
- signature expirations in zones they slave, and take appropriate
- action.
-
- When determining the value for the expiration parameter one has
- to take the following into account: What are the chances that
- all my secondaries expire the zone? How quickly can I reach an
- administrator of secondary servers to load a valid zone? These
- questions are not DNSSEC specific but may influence the choice
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 14]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- of your signature validity intervals.
-
-4.2. Key Rollovers
-
- Regardless of whether a zone uses periodic key rollovers in order to
- practice for emergencies, or only rolls over keys in an emergency,
- key rollovers are a fact of life when using DNSSEC. Zone
- administrators who are in the process of rolling their keys have to
- take into account that data published in previous versions of their
- zone still lives in caches. When deploying DNSSEC, this becomes an
- important consideration; ignoring data that may be in caches may lead
- to loss of service for clients.
-
- The most pressing example of this occurs when zone material signed
- with an old key is being validated by a resolver that does not have
- the old zone key cached. If the old key is no longer present in the
- current zone, this validation fails, marking the data "Bogus".
- Alternatively, an attempt could be made to validate data that is
- signed with a new key against an old key that lives in a local cache,
- also resulting in data being marked "Bogus".
-
-4.2.1. Zone Signing Key Rollovers
-
- For "Zone Signing Key rollovers", there are two ways to make sure
- that during the rollover data still cached can be verified with the
- new key sets or newly generated signatures can be verified with the
- keys still in caches. One schema, described in Section 4.2.1.2, uses
- double signatures; the other uses key pre-publication
- (Section 4.2.1.1). The pros, cons, and recommendations are described
- in Section 4.2.1.3.
-
-4.2.1.1. Pre-Publish Key Rollover
-
- This section shows how to perform a ZSK rollover without the need to
- sign all the data in a zone twice -- the "pre-publish key rollover".
- This method has advantages in the case of a key compromise. If the
- old key is compromised, the new key has already been distributed in
- the DNS. The zone administrator is then able to quickly switch to
- the new key and remove the compromised key from the zone. Another
- major advantage is that the zone size does not double, as is the case
- with the double signature ZSK rollover. A small "how-to" for this
- kind of rollover can be found in Appendix B.
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 15]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- Pre-publish key rollover involves four stages as follows:
-
- ----------------------------------------------------------------
- initial new DNSKEY new RRSIGs DNSKEY removal
- ----------------------------------------------------------------
- SOA0 SOA1 SOA2 SOA3
- RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) RRSIG11(SOA3)
-
- DNSKEY1 DNSKEY1 DNSKEY1 DNSKEY1
- DNSKEY10 DNSKEY10 DNSKEY10 DNSKEY11
- DNSKEY11 DNSKEY11
- RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) RRSIG1 (DNSKEY)
- RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY)
- ----------------------------------------------------------------
-
- Pre-Publish Key Rollover
-
- initial: Initial version of the zone: DNSKEY 1 is the Key Signing
- Key. DNSKEY 10 is used to sign all the data of the zone, the Zone
- Signing Key.
-
- new DNSKEY: DNSKEY 11 is introduced into the key set. Note that no
- signatures are generated with this key yet, but this does not
- secure against brute force attacks on the public key. The minimum
- duration of this pre-roll phase is the time it takes for the data
- to propagate to the authoritative servers plus TTL value of the
- key set.
-
- new RRSIGs: At the "new RRSIGs" stage (SOA serial 2), DNSKEY 11 is
- used to sign the data in the zone exclusively (i.e., all the
- signatures from DNSKEY 10 are removed from the zone). DNSKEY 10
- remains published in the key set. This way data that was loaded
- into caches from version 1 of the zone can still be verified with
- key sets fetched from version 2 of the zone. The minimum time
- that the key set including DNSKEY 10 is to be published is the
- time that it takes for zone data from the previous version of the
- zone to expire from old caches, i.e., the time it takes for this
- zone to propagate to all authoritative servers plus the Maximum
- Zone TTL value of any of the data in the previous version of the
- zone.
-
- DNSKEY removal: DNSKEY 10 is removed from the zone. The key set,
- now only containing DNSKEY 1 and DNSKEY 11, is re-signed with the
- DNSKEY 1.
-
- The above scheme can be simplified by always publishing the "future"
- key immediately after the rollover. The scheme would look as follows
- (we show two rollovers); the future key is introduced in "new DNSKEY"
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 16]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- as DNSKEY 12 and again a newer one, numbered 13, in "new DNSKEY
- (II)":
-
-
- initial new RRSIGs new DNSKEY
- -----------------------------------------------------------------
- SOA0 SOA1 SOA2
- RRSIG10(SOA0) RRSIG11(SOA1) RRSIG11(SOA2)
-
- DNSKEY1 DNSKEY1 DNSKEY1
- DNSKEY10 DNSKEY10 DNSKEY11
- DNSKEY11 DNSKEY11 DNSKEY12
- RRSIG1(DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY)
- RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY)
- ----------------------------------------------------------------
-
- ----------------------------------------------------------------
- new RRSIGs (II) new DNSKEY (II)
- ----------------------------------------------------------------
- SOA3 SOA4
- RRSIG12(SOA3) RRSIG12(SOA4)
-
- DNSKEY1 DNSKEY1
- DNSKEY11 DNSKEY12
- DNSKEY12 DNSKEY13
- RRSIG1(DNSKEY) RRSIG1(DNSKEY)
- RRSIG12(DNSKEY) RRSIG12(DNSKEY)
- ----------------------------------------------------------------
-
- Pre-Publish Key Rollover, Showing Two Rollovers
-
- Note that the key introduced in the "new DNSKEY" phase is not used
- for production yet; the private key can thus be stored in a
- physically secure manner and does not need to be 'fetched' every time
- a zone needs to be signed.
-
-4.2.1.2. Double Signature Zone Signing Key Rollover
-
- This section shows how to perform a ZSK key rollover using the double
- zone data signature scheme, aptly named "double signature rollover".
-
- During the "new DNSKEY" stage the new version of the zone file will
- need to propagate to all authoritative servers and the data that
- exists in (distant) caches will need to expire, requiring at least
- the Maximum Zone TTL.
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 17]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- Double signature ZSK rollover involves three stages as follows:
-
- ----------------------------------------------------------------
- initial new DNSKEY DNSKEY removal
- ----------------------------------------------------------------
- SOA0 SOA1 SOA2
- RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2)
- RRSIG11(SOA1)
- DNSKEY1 DNSKEY1 DNSKEY1
- DNSKEY10 DNSKEY10 DNSKEY11
- DNSKEY11
- RRSIG1(DNSKEY) RRSIG1(DNSKEY) RRSIG1(DNSKEY)
- RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY)
- RRSIG11(DNSKEY)
- ----------------------------------------------------------------
-
- Double Signature Zone Signing Key Rollover
-
- initial: Initial Version of the zone: DNSKEY 1 is the Key Signing
- Key. DNSKEY 10 is used to sign all the data of the zone, the Zone
- Signing Key.
-
- new DNSKEY: At the "New DNSKEY" stage (SOA serial 1) DNSKEY 11 is
- introduced into the key set and all the data in the zone is signed
- with DNSKEY 10 and DNSKEY 11. The rollover period will need to
- continue until all data from version 0 of the zone has expired
- from remote caches. This will take at least the Maximum Zone TTL
- of version 0 of the zone.
-
- DNSKEY removal: DNSKEY 10 is removed from the zone. All the
- signatures from DNSKEY 10 are removed from the zone. The key set,
- now only containing DNSKEY 11, is re-signed with DNSKEY 1.
-
- At every instance, RRSIGs from the previous version of the zone can
- be verified with the DNSKEY RRSet from the current version and the
- other way around. The data from the current version can be verified
- with the data from the previous version of the zone. The duration of
- the "new DNSKEY" phase and the period between rollovers should be at
- least the Maximum Zone TTL.
-
- Making sure that the "new DNSKEY" phase lasts until the signature
- expiration time of the data in the initial version of the zone is
- recommended. This way all caches are cleared of the old signatures.
- However, this duration could be considerably longer than the Maximum
- Zone TTL, making the rollover a lengthy procedure.
-
- Note that in this example we assumed that the zone was not modified
- during the rollover. New data can be introduced in the zone as long
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 18]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- as it is signed with both keys.
-
-4.2.1.3. Pros and Cons of the Schemes
-
- Pre-publish key rollover: This rollover does not involve signing the
- zone data twice. Instead, before the actual rollover, the new key
- is published in the key set and thus is available for
- cryptanalysis attacks. A small disadvantage is that this process
- requires four steps. Also the pre-publish scheme involves more
- parental work when used for KSK rollovers as explained in
- Section 4.2.3.
-
- Double signature ZSK rollover: The drawback of this signing scheme
- is that during the rollover the number of signatures in your zone
- doubles; this may be prohibitive if you have very big zones. An
- advantage is that it only requires three steps.
-
-4.2.2. Key Signing Key Rollovers
-
- For the rollover of a Key Signing Key, the same considerations as for
- the rollover of a Zone Signing Key apply. However, we can use a
- double signature scheme to guarantee that old data (only the apex key
- set) in caches can be verified with a new key set and vice versa.
- Since only the key set is signed with a KSK, zone size considerations
- do not apply.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 19]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- --------------------------------------------------------------------
- initial new DNSKEY DS change DNSKEY removal
- --------------------------------------------------------------------
- Parent:
- SOA0 --------> SOA1 -------->
- RRSIGpar(SOA0) --------> RRSIGpar(SOA1) -------->
- DS1 --------> DS2 -------->
- RRSIGpar(DS) --------> RRSIGpar(DS) -------->
-
-
- Child:
- SOA0 SOA1 --------> SOA2
- RRSIG10(SOA0) RRSIG10(SOA1) --------> RRSIG10(SOA2)
- -------->
- DNSKEY1 DNSKEY1 --------> DNSKEY2
- DNSKEY2 -------->
- DNSKEY10 DNSKEY10 --------> DNSKEY10
- RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) --------> RRSIG2 (DNSKEY)
- RRSIG2 (DNSKEY) -------->
- RRSIG10(DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY)
- --------------------------------------------------------------------
-
- Stages of Deployment for a Double Signature Key Signing Key Rollover
-
- initial: Initial version of the zone. The parental DS points to
- DNSKEY1. Before the rollover starts, the child will have to
- verify what the TTL is of the DS RR that points to DNSKEY1 -- it
- is needed during the rollover and we refer to the value as TTL_DS.
-
- new DNSKEY: During the "new DNSKEY" phase, the zone administrator
- generates a second KSK, DNSKEY2. The key is provided to the
- parent, and the child will have to wait until a new DS RR has been
- generated that points to DNSKEY2. After that DS RR has been
- published on all servers authoritative for the parent's zone, the
- zone administrator has to wait at least TTL_DS to make sure that
- the old DS RR has expired from caches.
-
- DS change: The parent replaces DS1 with DS2.
-
- DNSKEY removal: DNSKEY1 has been removed.
-
- The scenario above puts the responsibility for maintaining a valid
- chain of trust with the child. It also is based on the premise that
- the parent only has one DS RR (per algorithm) per zone. An
- alternative mechanism has been considered. Using an established
- trust relation, the interaction can be performed in-band, and the
- removal of the keys by the child can possibly be signaled by the
- parent. In this mechanism, there are periods where there are two DS
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 20]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- RRs at the parent. Since at the moment of writing the protocol for
- this interaction has not been developed, further discussion is out of
- scope for this document.
-
-4.2.3. Difference Between ZSK and KSK Rollovers
-
- Note that KSK rollovers and ZSK rollovers are different in the sense
- that a KSK rollover requires interaction with the parent (and
- possibly replacing of trust anchors) and the ensuing delay while
- waiting for it.
-
- A zone key rollover can be handled in two different ways: pre-publish
- (Section 4.2.1.1) and double signature (Section 4.2.1.2).
-
- As the KSK is used to validate the key set and because the KSK is not
- changed during a ZSK rollover, a cache is able to validate the new
- key set of the zone. The pre-publish method would also work for a
- KSK rollover. The records that are to be pre-published are the
- parental DS RRs. The pre-publish method has some drawbacks for KSKs.
- We first describe the rollover scheme and then indicate these
- drawbacks.
-
-
- --------------------------------------------------------------------
- initial new DS new DNSKEY DS/DNSKEY removal
- --------------------------------------------------------------------
- Parent:
- SOA0 SOA1 --------> SOA2
- RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2)
- DS1 DS1 --------> DS2
- DS2 -------->
- RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS)
-
- Child:
- SOA0 --------> SOA1 SOA1
- RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1)
- -------->
- DNSKEY1 --------> DNSKEY2 DNSKEY2
- -------->
- DNSKEY10 --------> DNSKEY10 DNSKEY10
- RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY)
- RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY)
- --------------------------------------------------------------------
-
- Stages of Deployment for a Pre-Publish Key Signing Key Rollover
-
- When the child zone wants to roll, it notifies the parent during the
- "new DS" phase and submits the new key (or the corresponding DS) to
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 21]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- the parent. The parent publishes DS1 and DS2, pointing to DNSKEY1
- and DNSKEY2, respectively. During the rollover ("new DNSKEY" phase),
- which can take place as soon as the new DS set propagated through the
- DNS, the child replaces DNSKEY1 with DNSKEY2. Immediately after that
- ("DS/DNSKEY removal" phase), it can notify the parent that the old DS
- record can be deleted.
-
- The drawbacks of this scheme are that during the "new DS" phase the
- parent cannot verify the match between the DS2 RR and DNSKEY2 using
- the DNS -- as DNSKEY2 is not yet published. Besides, we introduce a
- "security lame" key (see Section 4.4.3). Finally, the child-parent
- interaction consists of two steps. The "double signature" method
- only needs one interaction.
-
-4.2.4. Key algorithm rollover
-
- [OK: The txt of this section is a strawman for the issue in: http://
- www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/Key_algorithm_roll
- ]
-
- A special class of keyrollover is the rollover of key algorithms
- (either adding a new algorithm, removing an old algorithm, or both),
- additional steps are needed to retain integrity during the rollover.
-
- Because of the algorithm downgrade protection in RFC4035 section 2.2,
- you may not have a key of an algorithm for which you do not have
- signatures.
-
- When adding a new algorithm, the signatures should be added first.
- After the TTL has expired, and caches have dropped the old data
- covered by those signatures, the DNSKEY with the new algorithm can be
- added. When removing an old algorithm, the DNSKEY should be removed
- first.
-
- To do both, the following steps can be used. For simplicity, we use
- a zone that is only signed by one zone signing key.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 22]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- ----------------------------------------------------------------
- 1 Initial 2 New RRSIGS 3 New DNSKEY
- ----------------------------------------------------------------
- SOA0 SOA1 SOA2
- RRSIG1(SOA0) RRSIG1(SOA1) RRSIG1(SOA2)
- RRSIG2(SOA1) RRSIG2(SOA2)
-
- DNSKEY1 DNSKEY1 DNSKEY1
- RRSIG1(DNSKEY) RRSIG1(DNSKEY) DNSKEY2
- RRSIG2(DNSKEY) RRSIG1(DNSKEY)
- RRSIG2(DNSKEY)
- ----------------------------------------------------------------
- 4 Remove DNSKEY 5 Remove RRSIGS
- ----------------------------------------------------------------
- SOA3 SOA4
- RRSIG1(SOA3) RRSIG2(SOA4)
- RRSIG2(SOA3)
-
- DNSKEY2 DNSKEY2
- RRSIG1(DNSKEY) RRSIG2(DNSKEY)
- RRSIG2(DNSKEY)
- ----------------------------------------------------------------
-
- Stages of Deployment during an Algorithm Rollover.
-
- In step 2, the signatures for the new key are added, but the key
- itself is not. While in theory, the signatures of the keyset should
- always be synchronized with the keyset itself, it can be possible
- that RRSIGS are requested separately, so it might be prudent to also
- sign the DNSKEY set with the new signature.
-
- After the cache data has expired, the new key can be added to the
- zone, as done in step 3.
-
- The next step is to remove the old algorithm. This time the key
- needs to be removed first, before removing the signatures. The key
- is removed in step 4, and after the cache data has expired, the
- signatures can be removed in step 5.
-
- The above steps ensure that during the rollover to a new algorithm,
- the integrity of the zone is never broken.
-
-4.2.5. Automated Key Rollovers
-
- As keys must be renewed periodically, there is some motivation to
- automate the rollover process. Consider the following:
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 23]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- o ZSK rollovers are easy to automate as only the child zone is
- involved.
-
- o A KSK rollover needs interaction between parent and child. Data
- exchange is needed to provide the new keys to the parent;
- consequently, this data must be authenticated and integrity must
- be guaranteed in order to avoid attacks on the rollover.
-
-4.3. Planning for Emergency Key Rollover
-
- This section deals with preparation for a possible key compromise.
- Our advice is to have a documented procedure ready for when a key
- compromise is suspected or confirmed.
-
- When the private material of one of your keys is compromised it can
- be used for as long as a valid trust chain exists. A trust chain
- remains intact for
-
- o as long as a signature over the compromised key in the trust chain
- is valid,
-
- o as long as a parental DS RR (and signature) points to the
- compromised key,
-
- o as long as the key is anchored in a resolver and is used as a
- starting point for validation (this is generally the hardest to
- update).
-
- While a trust chain to your compromised key exists, your namespace is
- vulnerable to abuse by anyone who has obtained illegitimate
- possession of the key. Zone operators have to make a trade-off if
- the abuse of the compromised key is worse than having data in caches
- that cannot be validated. If the zone operator chooses to break the
- trust chain to the compromised key, data in caches signed with this
- key cannot be validated. However, if the zone administrator chooses
- to take the path of a regular rollover, the malicious key holder can
- spoof data so that it appears to be valid.
-
-4.3.1. KSK Compromise
-
- A zone containing a DNSKEY RRSet with a compromised KSK is vulnerable
- as long as the compromised KSK is configured as trust anchor or a
- parental DS points to it.
-
- A compromised KSK can be used to sign the key set of an attacker's
- zone. That zone could be used to poison the DNS.
-
- Therefore, when the KSK has been compromised, the trust anchor or the
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 24]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- parental DS should be replaced as soon as possible. It is local
- policy whether to break the trust chain during the emergency
- rollover. The trust chain would be broken when the compromised KSK
- is removed from the child's zone while the parent still has a DS
- pointing to the compromised KSK (the assumption is that there is only
- one DS at the parent. If there are multiple DSes this does not apply
- -- however the chain of trust of this particular key is broken).
-
- Note that an attacker's zone still uses the compromised KSK and the
- presence of a parental DS would cause the data in this zone to appear
- as valid. Removing the compromised key would cause the attacker's
- zone to appear as valid and the child's zone as Bogus. Therefore, we
- advise not to remove the KSK before the parent has a DS to a new KSK
- in place.
-
-4.3.1.1. Keeping the Chain of Trust Intact
-
- If we follow this advice, the timing of the replacement of the KSK is
- somewhat critical. The goal is to remove the compromised KSK as soon
- as the new DS RR is available at the parent. And also make sure that
- the signature made with a new KSK over the key set with the
- compromised KSK in it expires just after the new DS appears at the
- parent, thus removing the old cruft in one swoop.
-
- The procedure is as follows:
-
- 1. Introduce a new KSK into the key set, keep the compromised KSK in
- the key set.
-
- 2. Sign the key set, with a short validity period. The validity
- period should expire shortly after the DS is expected to appear
- in the parent and the old DSes have expired from caches.
-
- 3. Upload the DS for this new key to the parent.
-
- 4. Follow the procedure of the regular KSK rollover: Wait for the DS
- to appear in the authoritative servers and then wait as long as
- the TTL of the old DS RRs. If necessary re-sign the DNSKEY RRSet
- and modify/extend the expiration time.
-
- 5. Remove the compromised DNSKEY RR from the zone and re-sign the
- key set using your "normal" validity interval.
-
- An additional danger of a key compromise is that the compromised key
- could be used to facilitate a legitimate DNSKEY/DS rollover and/or
- nameserver changes at the parent. When that happens, the domain may
- be in dispute. An authenticated out-of-band and secure notify
- mechanism to contact a parent is needed in this case.
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 25]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- Note that this is only a problem when the DNSKEY and or DS records
- are used for authentication at the parent.
-
-4.3.1.2. Breaking the Chain of Trust
-
- There are two methods to break the chain of trust. The first method
- causes the child zone to appear 'Bogus' to validating resolvers. The
- other causes the child zone to appear 'insecure'. These are
- described below.
-
- In the method that causes the child zone to appear 'Bogus' to
- validating resolvers, the child zone replaces the current KSK with a
- new one and re-signs the key set. Next it sends the DS of the new
- key to the parent. Only after the parent has placed the new DS in
- the zone is the child's chain of trust repaired.
-
- An alternative method of breaking the chain of trust is by removing
- the DS RRs from the parent zone altogether. As a result, the child
- zone would become insecure.
-
-4.3.2. ZSK Compromise
-
- Primarily because there is no parental interaction required when a
- ZSK is compromised, the situation is less severe than with a KSK
- compromise. The zone must still be re-signed with a new ZSK as soon
- as possible. As this is a local operation and requires no
- communication between the parent and child, this can be achieved
- fairly quickly. However, one has to take into account that just as
- with a normal rollover the immediate disappearance of the old
- compromised key may lead to verification problems. Also note that as
- long as the RRSIG over the compromised ZSK is not expired the zone
- may be still at risk.
-
-4.3.3. Compromises of Keys Anchored in Resolvers
-
- A key can also be pre-configured in resolvers. For instance, if
- DNSSEC is successfully deployed the root key may be pre-configured in
- most security aware resolvers.
-
- If trust-anchor keys are compromised, the resolvers using these keys
- should be notified of this fact. Zone administrators may consider
- setting up a mailing list to communicate the fact that a SEP key is
- about to be rolled over. This communication will of course need to
- be authenticated, e.g., by using digital signatures.
-
- End-users faced with the task of updating an anchored key should
- always validate the new key. New keys should be authenticated out-
- of-band, for example, through the use of an announcement website that
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 26]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- is secured using secure sockets (TLS) [23].
-
-4.4. Parental Policies
-
-4.4.1. Initial Key Exchanges and Parental Policies Considerations
-
- The initial key exchange is always subject to the policies set by the
- parent. When designing a key exchange policy one should take into
- account that the authentication and authorization mechanisms used
- during a key exchange should be as strong as the authentication and
- authorization mechanisms used for the exchange of delegation
- information between parent and child. That is, there is no implicit
- need in DNSSEC to make the authentication process stronger than it
- was in DNS.
-
- Using the DNS itself as the source for the actual DNSKEY material,
- with an out-of-band check on the validity of the DNSKEY, has the
- benefit that it reduces the chances of user error. A DNSKEY query
- tool can make use of the SEP bit [5] to select the proper key from a
- DNSSEC key set, thereby reducing the chance that the wrong DNSKEY is
- sent. It can validate the self-signature over a key; thereby
- verifying the ownership of the private key material. Fetching the
- DNSKEY from the DNS ensures that the chain of trust remains intact
- once the parent publishes the DS RR indicating the child is secure.
-
- Note: the out-of-band verification is still needed when the key
- material is fetched via the DNS. The parent can never be sure
- whether or not the DNSKEY RRs have been spoofed.
-
-4.4.2. Storing Keys or Hashes?
-
- When designing a registry system one should consider which of the
- DNSKEYs and/or the corresponding DSes to store. Since a child zone
- might wish to have a DS published using a message digest algorithm
- not yet understood by the registry, the registry can't count on being
- able to generate the DS record from a raw DNSKEY. Thus, we recommend
- that registry systems at least support storing DS records.
-
- It may also be useful to store DNSKEYs, since having them may help
- during troubleshooting and, as long as the child's chosen message
- digest is supported, the overhead of generating DS records from them
- is minimal. Having an out-of-band mechanism, such as a registry
- directory (e.g., Whois), to find out which keys are used to generate
- DS Resource Records for specific owners and/or zones may also help
- with troubleshooting.
-
- The storage considerations also relate to the design of the customer
- interface and the method by which data is transferred between
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 27]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- registrant and registry; Will the child zone administrator be able to
- upload DS RRs with unknown hash algorithms or does the interface only
- allow DNSKEYs? In the registry-registrar model, one can use the
- DNSSEC extensions to the Extensible Provisioning Protocol (EPP) [15],
- which allows transfer of DS RRs and optionally DNSKEY RRs.
-
-4.4.3. Security Lameness
-
- Security lameness is defined as what happens when a parent has a DS
- RR pointing to a non-existing DNSKEY RR. When this happens, the
- child's zone may be marked "Bogus" by verifying DNS clients.
-
- As part of a comprehensive delegation check, the parent could, at key
- exchange time, verify that the child's key is actually configured in
- the DNS. However, if a parent does not understand the hashing
- algorithm used by child, the parental checks are limited to only
- comparing the key id.
-
- Child zones should be very careful in removing DNSKEY material,
- specifically SEP keys, for which a DS RR exists.
-
- Once a zone is "security lame", a fix (e.g., removing a DS RR) will
- take time to propagate through the DNS.
-
-4.4.4. DS Signature Validity Period
-
- Since the DS can be replayed as long as it has a valid signature, a
- short signature validity period over the DS minimizes the time a
- child is vulnerable in the case of a compromise of the child's
- KSK(s). A signature validity period that is too short introduces the
- possibility that a zone is marked "Bogus" in case of a configuration
- error in the signer. There may not be enough time to fix the
- problems before signatures expire. Something as mundane as operator
- unavailability during weekends shows the need for DS signature
- validity periods longer than 2 days. We recommend an absolute
- minimum for a DS signature validity period of a few days.
-
- The maximum signature validity period of the DS record depends on how
- long child zones are willing to be vulnerable after a key compromise.
- On the other hand, shortening the DS signature validity interval
- increases the operational risk for the parent. Therefore, the parent
- may have policy to use a signature validity interval that is
- considerably longer than the child would hope for.
-
- A compromise between the operational constraints of the parent and
- minimizing damage for the child may result in a DS signature validity
- period somewhere between a week and months.
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 28]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- In addition to the signature validity period, which sets a lower
- bound on the number of times the zone owner will need to sign the
- zone data and which sets an upper bound to the time a child is
- vulnerable after key compromise, there is the TTL value on the DS
- RRs. Shortening the TTL means that the authoritative servers will
- see more queries. But on the other hand, a short TTL lowers the
- persistence of DS RRSets in caches thereby increasing the speed with
- which updated DS RRSets propagate through the DNS.
-
-4.4.5. (Non) Cooperating Registrars
-
- [OK: this is a first strawman, and is intended to start the
- discussion of the issue. By no means this is intended to be a final
- text.]
-
- The parent-child relation is often described in terms of a (thin)
- registry model. Where a registry maintains the parent zone, and the
- registrant (the user of the child-domain name), deals with the
- registry through an intermediary called a registrar. (See [12] for a
- comprehensive definition). Registrants may out-source the
- maintenance of their DNS system, including the maintenance of DNSSEC
- key material, to the registrar or to another third party. The entity
- that has control over the DNS zone and its keys may prevent the
- registrant to make a timely move to a different registrar. [OK: I
- use the term registrar below while it is the operator of the DNS zone
- who is the actual culprit. For instance, the case also applies when
- a registrant passes a zone to another registrant. Should I just use
- "DNS Administrator"?]
-
- Suppose that the registrant wants to move from losing registrar A to
- gaining registrar B. Let us first look what would happen in a
- cooperative environment. The assumption is that registrar A will not
- hand off any private key material to registrar B because that would
- be a trivial case.
-
- In a cooperating environment one could proceed with a pre-publish ZSK
- rollover whereby registrar A pre-publishes the ZSK of registrar B,
- combined with a double signature KSK rollover where the two
- registrars exchange public keys and independently generate a
- signature over the keysets that they combine and both publish in the
- zone.
-
- In the non-cooperative case matters are more complicated. The
- loosing registrar A may not cooperate and leave the data in the DNS
- as is. In the extreme case registrar A may become obstructive and
- publish a DNSKEY RR with a high TTL and corresponding signature
- validity so that registrar A's DNSKEY, would end up in caches for, in
- theory, tens of years.
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 29]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- The problem arises when a validator tries to validate with A's key
- and there is no signature material produced with Registrars A
- available in the delegation path after redelegation from registrar A
- to registrar B has taken place. One could imagine a rollover
- scenario where registrar B pulls all RRSIGs created by registar A and
- publishes those in conjunction with its own signatures, but that
- would not allow any changes in the zone content. Since a
- redelegation took place the NS RRset has -- per definition-- changed
- so such rollover scenario will not work. Besides if zone transfers
- are not allowed by A and NSEC3 is deployed in the A's zone then
- registrar B will not have certainty that all of A's RRSIGs are
- transfered.
-
- The only viable option for the registrant is to publish its zone
- unsigned and ask the registry to remove the DS pointing to registrar
- A for as long as the DNSKEY of registrar A, or any of the signatures
- produced by registrar A are likely to appear in caches, which as
- mentioned above could in theory be for tens of years. [OK: Some
- implementations limit the time data is cached. Although that is not
- a protocol requirement (and may even be considered a protocol
- violation) it seems that that practice may limit the impact of this
- problem, is that worth mentioning?]
-
- [OK: This is really the point that I'm trying to make, is the above
- text needed?] There is no operational methodology to work around
- this business issue and proper contractual relations ships between
- registrants and their registrars seem to be the only solution to cope
- with these problems.
-
-5. Security Considerations
-
- DNSSEC adds data integrity to the DNS. This document tries to assess
- the operational considerations to maintain a stable and secure DNSSEC
- service. Not taking into account the 'data propagation' properties
- in the DNS will cause validation failures and may make secured zones
- unavailable to security-aware resolvers.
-
-6. IANA considerations
-
- There are no IANA considerations with respect to this document
-
-7. Acknowledgments
-
- Most of the text of this document is copied from RFC4641 [16] people
- involved in that work were in random order: Rip Loomis, Olafur
- Gudmundsson, Wesley Griffin, Michael Richardson, Scott Rose, Rick van
- Rein, Tim McGinnis, Gilles Guette Olivier Courtay, Sam Weiler, Jelte
- Jansen, Niall O'Reilly, Holger Zuleger, Ed Lewis, Hilarie Orman,
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 30]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- Marcos Sanz, Peter Koch, Mike StJohns, Emmar Bretherick, Adrian
- Bedford, and Lindy Foster, G. Guette, and O. Courtay.
-
- For this version of the document we would like to acknowldge:
-
- o Paul Hoffman for his contribution on the choice of cryptographic
- paramenters and addressing some of the trust anchor issues.
-
- o Jelte Jansen provided the text in Section 4.2.4
-
-8. References
-
-8.1. Normative References
-
- [1] Mockapetris, P., "Domain names - concepts and facilities",
- STD 13, RFC 1034, November 1987.
-
- [2] Mockapetris, P., "Domain names - implementation and
- specification", STD 13, RFC 1035, November 1987.
-
- [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "DNS Security Introduction and Requirements", RFC 4033,
- March 2005.
-
- [4] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "Resource Records for the DNS Security Extensions", RFC 4034,
- March 2005.
-
- [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "Protocol Modifications for the DNS Security Extensions",
- RFC 4035, March 2005.
-
-8.2. Informative References
-
- [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
- Levels", BCP 14, RFC 2119, March 1997.
-
- [7] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995,
- August 1996.
-
- [8] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes
- (DNS NOTIFY)", RFC 1996, August 1996.
-
- [9] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)",
- RFC 2308, March 1998.
-
- [10] Eastlake, D., "DNS Security Operational Considerations",
- RFC 2541, March 1999.
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 31]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- [11] Wellington, B., "Secure Domain Name System (DNS) Dynamic
- Update", RFC 3007, November 2000.
-
- [12] Hollenbeck, S., "Generic Registry-Registrar Protocol
- Requirements", RFC 3375, September 2002.
-
- [13] Orman, H. and P. Hoffman, "Determining Strengths For Public
- Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766,
- April 2004.
-
- [14] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
- Requirements for Security", BCP 106, RFC 4086, June 2005.
-
- [15] Hollenbeck, S., "Domain Name System (DNS) Security Extensions
- Mapping for the Extensible Provisioning Protocol (EPP)",
- RFC 4310, December 2005.
-
- [16] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices",
- RFC 4641, September 2006.
-
- [17] Shirey, R., "Internet Security Glossary, Version 2", RFC 4949,
- August 2007.
-
- [18] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust
- Anchors", RFC 5011, September 2007.
-
- [19] Rose, S., "NIST DNSSEC workshop notes", , June 2001.
-
- [20] Barker, E. and J. Kelsey, "Recommendation for Random Number
- Generation Using Deterministic Random Bit Generators
- (Revised)", Nist Special Publication 800-90, March 2007.
-
- [21] Jansen, J., "Use of SHA-2 algorithms with RSA in DNSKEY and
- RRSIG Resource Records for DNSSEC",
- draft-ietf-dnsext-dnssec-rsasha256-05 (work in progress),
- July 2008.
-
- [22] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS)
- Resource Records (RRs)", RFC 4509, May 2006.
-
- [23] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and
- T. Wright, "Transport Layer Security (TLS) Extensions",
- RFC 4366, April 2006.
-
-Appendix A. Terminology
-
- In this document, there is some jargon used that is defined in other
- documents. In most cases, we have not copied the text from the
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 32]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- documents defining the terms but have given a more elaborate
- explanation of the meaning. Note that these explanations should not
- be seen as authoritative.
-
- Anchored key: A DNSKEY configured in resolvers around the globe.
- This key is hard to update, hence the term anchored.
-
- Bogus: Also see Section 5 of [3]. An RRSet in DNSSEC is marked
- "Bogus" when a signature of an RRSet does not validate against a
- DNSKEY.
-
- Key Signing Key or KSK: A Key Signing Key (KSK) is a key that is
- used exclusively for signing the apex key set. The fact that a
- key is a KSK is only relevant to the signing tool.
-
- Key size: The term 'key size' can be substituted by 'modulus size'
- throughout the document. It is mathematically more correct to use
- modulus size, but as this is a document directed at operators we
- feel more at ease with the term key size.
-
- Private and public keys: DNSSEC secures the DNS through the use of
- public key cryptography. Public key cryptography is based on the
- existence of two (mathematically related) keys, a public key and a
- private key. The public keys are published in the DNS by use of
- the DNSKEY Resource Record (DNSKEY RR). Private keys should
- remain private.
-
- Key rollover: A key rollover (also called key supercession in some
- environments) is the act of replacing one key pair with another at
- the end of a key effectivity period.
-
- Secure Entry Point (SEP) key: A KSK that has a parental DS record
- pointing to it or is configured as a trust anchor. Although not
- required by the protocol, we recommend that the SEP flag [5] is
- set on these keys.
-
- Self-signature: This only applies to signatures over DNSKEYs; a
- signature made with DNSKEY x, over DNSKEY x is called a self-
- signature. Note: without further information, self-signatures
- convey no trust. They are useful to check the authenticity of the
- DNSKEY, i.e., they can be used as a hash.
-
- Singing the zone file: The term used for the event where an
- administrator joyfully signs its zone file while producing melodic
- sound patterns.
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 33]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- Signer: The system that has access to the private key material and
- signs the Resource Record sets in a zone. A signer may be
- configured to sign only parts of the zone, e.g., only those RRSets
- for which existing signatures are about to expire.
-
- Zone Signing Key (ZSK): A key that is used for signing all data in a
- zone (except, perhaps, the DNSKEY RRSet). The fact that a key is
- a ZSK is only relevant to the signing tool.
-
- Zone administrator: The 'role' that is responsible for signing a
- zone and publishing it on the primary authoritative server.
-
-Appendix B. Zone Signing Key Rollover How-To
-
- Using the pre-published signature scheme and the most conservative
- method to assure oneself that data does not live in caches, here
- follows the "how-to".
-
- Step 0: The preparation: Create two keys and publish both in your
- key set. Mark one of the keys "active" and the other "published".
- Use the "active" key for signing your zone data. Store the
- private part of the "published" key, preferably off-line. The
- protocol does not provide for attributes to mark a key as active
- or published. This is something you have to do on your own,
- through the use of a notebook or key management tool.
-
- Step 1: Determine expiration: At the beginning of the rollover make
- a note of the highest expiration time of signatures in your zone
- file created with the current key marked as active. Wait until
- the expiration time marked in Step 1 has passed.
-
- Step 2: Then start using the key that was marked "published" to sign
- your data (i.e., mark it "active"). Stop using the key that was
- marked "active"; mark it "rolled".
-
- Step 3: It is safe to engage in a new rollover (Step 1) after at
- least one signature validity period.
-
-Appendix C. Typographic Conventions
-
- The following typographic conventions are used in this document:
-
- Key notation: A key is denoted by DNSKEYx, where x is a number or an
- identifier, x could be thought of as the key id.
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 34]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- RRSet notations: RRs are only denoted by the type. All other
- information -- owner, class, rdata, and TTL -- is left out. Thus:
- "example.com 3600 IN A 192.0.2.1" is reduced to "A". RRSets are a
- list of RRs. A example of this would be "A1, A2", specifying the
- RRSet containing two "A" records. This could again be abbreviated
- to just "A".
-
- Signature notation: Signatures are denoted as RRSIGx(RRSet), which
- means that RRSet is signed with DNSKEYx.
-
- Zone representation: Using the above notation we have simplified the
- representation of a signed zone by leaving out all unnecessary
- details such as the names and by representing all data by "SOAx"
-
- SOA representation: SOAs are represented as SOAx, where x is the
- serial number.
-
- Using this notation the following signed zone:
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 35]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- example.net. 86400 IN SOA ns.example.net. bert.example.net. (
- 2006022100 ; serial
- 86400 ; refresh ( 24 hours)
- 7200 ; retry ( 2 hours)
- 3600000 ; expire (1000 hours)
- 28800 ) ; minimum ( 8 hours)
- 86400 RRSIG SOA 5 2 86400 20130522213204 (
- 20130422213204 14 example.net.
- cmL62SI6iAX46xGNQAdQ... )
- 86400 NS a.example.net.
- 86400 NS b.example.net.
- 86400 RRSIG NS 5 2 86400 20130507213204 (
- 20130407213204 14 example.net.
- SO5epiJei19AjXoUpFnQ ... )
- 86400 DNSKEY 256 3 5 (
- EtRB9MP5/AvOuVO0I8XDxy0... ) ; id = 14
- 86400 DNSKEY 257 3 5 (
- gsPW/Yy19GzYIY+Gnr8HABU... ) ; id = 15
- 86400 RRSIG DNSKEY 5 2 86400 20130522213204 (
- 20130422213204 14 example.net.
- J4zCe8QX4tXVGjV4e1r9... )
- 86400 RRSIG DNSKEY 5 2 86400 20130522213204 (
- 20130422213204 15 example.net.
- keVDCOpsSeDReyV6O... )
- 86400 RRSIG NSEC 5 2 86400 20130507213204 (
- 20130407213204 14 example.net.
- obj3HEp1GjnmhRjX... )
- a.example.net. 86400 IN TXT "A label"
- 86400 RRSIG TXT 5 3 86400 20130507213204 (
- 20130407213204 14 example.net.
- IkDMlRdYLmXH7QJnuF3v... )
- 86400 NSEC b.example.com. TXT RRSIG NSEC
- 86400 RRSIG NSEC 5 3 86400 20130507213204 (
- 20130407213204 14 example.net.
- bZMjoZ3bHjnEz0nIsPMM... )
- ...
-
- is reduced to the following representation:
-
- SOA2006022100
- RRSIG14(SOA2006022100)
- DNSKEY14
- DNSKEY15
-
- RRSIG14(KEY)
- RRSIG15(KEY)
-
- The rest of the zone data has the same signature as the SOA record,
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 36]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- i.e., an RRSIG created with DNSKEY 14.
-
-Appendix D. Document Editing History
-
- [To be removed prior to publication as an RFC]
-
-D.1. draft-ietf-dnsop-rfc4641-00
-
- Version 0 was differs from RFC4641 in the following ways.
-
- o Status of this memo appropriate for I-D
-
- o TOC formatting differs.
-
- o Whitespaces, linebreaks, and pagebreaks may be slightly different
- because of xml2rfc generation.
-
- o References slightly reordered.
-
- o Applied the errata from
- http://www.rfc-editor.org/errata_search.php?rfc=4641
-
- o Inserted trivial "IANA considertations" section.
-
- In other words it should not contain substantive changes in content
- as intended by the workinggroup for the original RFC4641.
-
-D.2. version 0->1
-
- Cryptography details rewritten. (See http://www.nlnetlabs.nl/svn/
- rfc4641bis/trunk/open-issues/cryptography_flawed)
-
- o Reference to NIST 800-90 added
-
- o RSA/SHA256 is being recommended in addition to RSA/SHA1.
-
- o Complete rewrite of Section 3.5 removing the table and suggesting
- a keysize of 1024 for keys in use for less than 8 years, issued up
- to at least 2015.
-
- o Replaced the reference to Schneiers' applied cryptograpy with a
- reference to RFC4949.
-
- o Removed the KSK for high level zones consideration
-
- Applied some differentiation with respect of the use of a KSK for
- parent or trust-anchor relation http://www.nlnetlabs.nl/svn/
- rfc4641bis/trunk/open-issues/differentiation_trustanchor_parent
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 37]
-\f
-Internet-Draft DNSSEC Operational Practices, Version 2 March 2009
-
-
- http://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/
- rollover_assumptions
-
- Added Section 4.2.4 as suggested by Jelte Jansen in http://
- www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/Key_algorithm_roll
-
- Added Section 4.4.5 Issue identified by Antoin Verschuur http://
- www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/
- non-cooperative-registrars
-
- In Appendix A: ZSK does not nescessarily sign the DNSKEY RRset.
-
- $Id: draft-ietf-dnsop-rfc4641bis-01.txt 28 2009-03-06 14:03:57Z olaf $
-
-Authors' Addresses
-
- Olaf M. Kolkman
- NLnet Labs
- Kruislaan 419
- Amsterdam 1098 VA
- The Netherlands
-
- EMail: olaf@nlnetlabs.nl
- URI: http://www.nlnetlabs.nl
-
-
- Miek Gieben
-
-
- EMail: miek@miek.nl
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Expires September 8, 2009 [Page 38]
-\f
+++ /dev/null
-
-
-
-
-
-
-Network Working Group O. Kolkman
-Request for Comments: 4641 R. Gieben
-Obsoletes: 2541 NLnet Labs
-Category: Informational September 2006
-
-
- DNSSEC Operational Practices
-
-Status of This Memo
-
- This memo provides information for the Internet community. It does
- not specify an Internet standard of any kind. Distribution of this
- memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2006).
-
-Abstract
-
- This document describes a set of practices for operating the DNS with
- security extensions (DNSSEC). The target audience is zone
- administrators deploying DNSSEC.
-
- The document discusses operational aspects of using keys and
- signatures in the DNS. It discusses issues of key generation, key
- storage, signature generation, key rollover, and related policies.
-
- This document obsoletes RFC 2541, as it covers more operational
- ground and gives more up-to-date requirements with respect to key
- sizes and the new DNSSEC specification.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 1]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-Table of Contents
-
- 1. Introduction ....................................................3
- 1.1. The Use of the Term 'key' ..................................4
- 1.2. Time Definitions ...........................................4
- 2. Keeping the Chain of Trust Intact ...............................5
- 3. Keys Generation and Storage .....................................6
- 3.1. Zone and Key Signing Keys ..................................6
- 3.1.1. Motivations for the KSK and ZSK Separation ..........6
- 3.1.2. KSKs for High-Level Zones ...........................7
- 3.2. Key Generation .............................................8
- 3.3. Key Effectivity Period .....................................8
- 3.4. Key Algorithm ..............................................9
- 3.5. Key Sizes ..................................................9
- 3.6. Private Key Storage .......................................11
- 4. Signature Generation, Key Rollover, and Related Policies .......12
- 4.1. Time in DNSSEC ............................................12
- 4.1.1. Time Considerations ................................12
- 4.2. Key Rollovers .............................................14
- 4.2.1. Zone Signing Key Rollovers .........................14
- 4.2.1.1. Pre-Publish Key Rollover ..................15
- 4.2.1.2. Double Signature Zone Signing Key
- Rollover ..................................17
- 4.2.1.3. Pros and Cons of the Schemes ..............18
- 4.2.2. Key Signing Key Rollovers ..........................18
- 4.2.3. Difference Between ZSK and KSK Rollovers ...........20
- 4.2.4. Automated Key Rollovers ............................21
- 4.3. Planning for Emergency Key Rollover .......................21
- 4.3.1. KSK Compromise .....................................22
- 4.3.1.1. Keeping the Chain of Trust Intact .........22
- 4.3.1.2. Breaking the Chain of Trust ...............23
- 4.3.2. ZSK Compromise .....................................23
- 4.3.3. Compromises of Keys Anchored in Resolvers ..........24
- 4.4. Parental Policies .........................................24
- 4.4.1. Initial Key Exchanges and Parental Policies
- Considerations .....................................24
- 4.4.2. Storing Keys or Hashes? ............................25
- 4.4.3. Security Lameness ..................................25
- 4.4.4. DS Signature Validity Period .......................26
- 5. Security Considerations ........................................26
- 6. Acknowledgments ................................................26
- 7. References .....................................................27
- 7.1. Normative References ......................................27
- 7.2. Informative References ....................................28
- Appendix A. Terminology ...........................................30
- Appendix B. Zone Signing Key Rollover How-To ......................31
- Appendix C. Typographic Conventions ...............................32
-
-
-
-
-Kolkman & Gieben Informational [Page 2]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-1. Introduction
-
- This document describes how to run a DNS Security (DNSSEC)-enabled
- environment. It is intended for operators who have knowledge of the
- DNS (see RFC 1034 [1] and RFC 1035 [2]) and want to deploy DNSSEC.
- See RFC 4033 [4] for an introduction to DNSSEC, RFC 4034 [5] for the
- newly introduced Resource Records (RRs), and RFC 4035 [6] for the
- protocol changes.
-
- During workshops and early operational deployment tests, operators
- and system administrators have gained experience about operating the
- DNS with security extensions (DNSSEC). This document translates
- these experiences into a set of practices for zone administrators.
- At the time of writing, there exists very little experience with
- DNSSEC in production environments; this document should therefore
- explicitly not be seen as representing 'Best Current Practices'.
-
- The procedures herein are focused on the maintenance of signed zones
- (i.e., signing and publishing zones on authoritative servers). It is
- intended that maintenance of zones such as re-signing or key
- rollovers be transparent to any verifying clients on the Internet.
-
- The structure of this document is as follows. In Section 2, we
- discuss the importance of keeping the "chain of trust" intact.
- Aspects of key generation and storage of private keys are discussed
- in Section 3; the focus in this section is mainly on the private part
- of the key(s). Section 4 describes considerations concerning the
- public part of the keys. Since these public keys appear in the DNS
- one has to take into account all kinds of timing issues, which are
- discussed in Section 4.1. Section 4.2 and Section 4.3 deal with the
- rollover, or supercession, of keys. Finally, Section 4.4 discusses
- considerations on how parents deal with their children's public keys
- in order to maintain chains of trust.
-
- The typographic conventions used in this document are explained in
- Appendix C.
-
- Since this is a document with operational suggestions and there are
- no protocol specifications, the RFC 2119 [7] language does not apply.
-
- This document obsoletes RFC 2541 [12] to reflect the evolution of the
- underlying DNSSEC protocol since then. Changes in the choice of
- cryptographic algorithms, DNS record types and type names, and the
- parent-child key and signature exchange demanded a major rewrite and
- additional information and explanation.
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 3]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-1.1. The Use of the Term 'key'
-
- It is assumed that the reader is familiar with the concept of
- asymmetric keys on which DNSSEC is based (public key cryptography
- [17]). Therefore, this document will use the term 'key' rather
- loosely. Where it is written that 'a key is used to sign data' it is
- assumed that the reader understands that it is the private part of
- the key pair that is used for signing. It is also assumed that the
- reader understands that the public part of the key pair is published
- in the DNSKEY Resource Record and that it is the public part that is
- used in key exchanges.
-
-1.2. Time Definitions
-
- In this document, we will be using a number of time-related terms.
- The following definitions apply:
-
- o "Signature validity period" The period that a signature is valid.
- It starts at the time specified in the signature inception field
- of the RRSIG RR and ends at the time specified in the expiration
- field of the RRSIG RR.
-
- o "Signature publication period" Time after which a signature (made
- with a specific key) is replaced with a new signature (made with
- the same key). This replacement takes place by publishing the
- relevant RRSIG in the master zone file. After one stops
- publishing an RRSIG in a zone, it may take a while before the
- RRSIG has expired from caches and has actually been removed from
- the DNS.
-
- o "Key effectivity period" The period during which a key pair is
- expected to be effective. This period is defined as the time
- between the first inception time stamp and the last expiration
- date of any signature made with this key, regardless of any
- discontinuity in the use of the key. The key effectivity period
- can span multiple signature validity periods.
-
- o "Maximum/Minimum Zone Time to Live (TTL)" The maximum or minimum
- value of the TTLs from the complete set of RRs in a zone. Note
- that the minimum TTL is not the same as the MINIMUM field in the
- SOA RR. See [11] for more information.
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 4]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-2. Keeping the Chain of Trust Intact
-
- Maintaining a valid chain of trust is important because broken chains
- of trust will result in data being marked as Bogus (as defined in [4]
- Section 5), which may cause entire (sub)domains to become invisible
- to verifying clients. The administrators of secured zones have to
- realize that their zone is, to verifying clients, part of a chain of
- trust.
-
- As mentioned in the introduction, the procedures herein are intended
- to ensure that maintenance of zones, such as re-signing or key
- rollovers, will be transparent to the verifying clients on the
- Internet.
-
- Administrators of secured zones will have to keep in mind that data
- published on an authoritative primary server will not be immediately
- seen by verifying clients; it may take some time for the data to be
- transferred to other secondary authoritative nameservers and clients
- may be fetching data from caching non-authoritative servers. In this
- light, note that the time for a zone transfer from master to slave is
- negligible when using NOTIFY [9] and incremental transfer (IXFR) [8].
- It increases when full zone transfers (AXFR) are used in combination
- with NOTIFY. It increases even more if you rely on full zone
- transfers based on only the SOA timing parameters for refresh.
-
- For the verifying clients, it is important that data from secured
- zones can be used to build chains of trust regardless of whether the
- data came directly from an authoritative server, a caching
- nameserver, or some middle box. Only by carefully using the
- available timing parameters can a zone administrator ensure that the
- data necessary for verification can be obtained.
-
- The responsibility for maintaining the chain of trust is shared by
- administrators of secured zones in the chain of trust. This is most
- obvious in the case of a 'key compromise' when a trade-off between
- maintaining a valid chain of trust and replacing the compromised keys
- as soon as possible must be made. Then zone administrators will have
- to make a trade-off, between keeping the chain of trust intact --
- thereby allowing for attacks with the compromised key -- or
- deliberately breaking the chain of trust and making secured
- subdomains invisible to security-aware resolvers. Also see Section
- 4.3.
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 5]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-3. Keys Generation and Storage
-
- This section describes a number of considerations with respect to the
- security of keys. It deals with the generation, effectivity period,
- size, and storage of private keys.
-
-3.1. Zone and Key Signing Keys
-
- The DNSSEC validation protocol does not distinguish between different
- types of DNSKEYs. All DNSKEYs can be used during the validation. In
- practice, operators use Key Signing and Zone Signing Keys and use the
- so-called Secure Entry Point (SEP) [3] flag to distinguish between
- them during operations. The dynamics and considerations are
- discussed below.
-
- To make zone re-signing and key rollover procedures easier to
- implement, it is possible to use one or more keys as Key Signing Keys
- (KSKs). These keys will only sign the apex DNSKEY RRSet in a zone.
- Other keys can be used to sign all the RRSets in a zone and are
- referred to as Zone Signing Keys (ZSKs). In this document, we assume
- that KSKs are the subset of keys that are used for key exchanges with
- the parent and potentially for configuration as trusted anchors --
- the SEP keys. In this document, we assume a one-to-one mapping
- between KSK and SEP keys and we assume the SEP flag to be set on all
- KSKs.
-
-3.1.1. Motivations for the KSK and ZSK Separation
-
- Differentiating between the KSK and ZSK functions has several
- advantages:
-
- o No parent/child interaction is required when ZSKs are updated.
-
- o The KSK can be made stronger (i.e., using more bits in the key
- material). This has little operational impact since it is only
- used to sign a small fraction of the zone data. Also, the KSK is
- only used to verify the zone's key set, not for other RRSets in
- the zone.
-
- o As the KSK is only used to sign a key set, which is most probably
- updated less frequently than other data in the zone, it can be
- stored separately from and in a safer location than the ZSK.
-
- o A KSK can have a longer key effectivity period.
-
- For almost any method of key management and zone signing, the KSK is
- used less frequently than the ZSK. Once a key set is signed with the
- KSK, all the keys in the key set can be used as ZSKs. If a ZSK is
-
-
-
-Kolkman & Gieben Informational [Page 6]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- compromised, it can be simply dropped from the key set. The new key
- set is then re-signed with the KSK.
-
- Given the assumption that for KSKs the SEP flag is set, the KSK can
- be distinguished from a ZSK by examining the flag field in the DNSKEY
- RR. If the flag field is an odd number it is a KSK. If it is an
- even number it is a ZSK.
-
- The Zone Signing Key can be used to sign all the data in a zone on a
- regular basis. When a Zone Signing Key is to be rolled, no
- interaction with the parent is needed. This allows for signature
- validity periods on the order of days.
-
- The Key Signing Key is only to be used to sign the DNSKEY RRs in a
- zone. If a Key Signing Key is to be rolled over, there will be
- interactions with parties other than the zone administrator. These
- can include the registry of the parent zone or administrators of
- verifying resolvers that have the particular key configured as secure
- entry points. Hence, the key effectivity period of these keys can
- and should be made much longer. Although, given a long enough key,
- the key effectivity period can be on the order of years, we suggest
- planning for a key effectivity on the order of a few months so that a
- key rollover remains an operational routine.
-
-3.1.2. KSKs for High-Level Zones
-
- Higher-level zones are generally more sensitive than lower-level
- zones. Anyone controlling or breaking the security of a zone thereby
- obtains authority over all of its subdomains (except in the case of
- resolvers that have locally configured the public key of a subdomain,
- in which case this, and only this, subdomain wouldn't be affected by
- the compromise of the parent zone). Therefore, extra care should be
- taken with high-level zones, and strong keys should be used.
-
- The root zone is the most critical of all zones. Someone controlling
- or compromising the security of the root zone would control the
- entire DNS namespace of all resolvers using that root zone (except in
- the case of resolvers that have locally configured the public key of
- a subdomain). Therefore, the utmost care must be taken in the
- securing of the root zone. The strongest and most carefully handled
- keys should be used. The root zone private key should always be kept
- off-line.
-
- Many resolvers will start at a root server for their access to and
- authentication of DNS data. Securely updating the trust anchors in
- an enormous population of resolvers around the world will be
- extremely difficult.
-
-
-
-
-Kolkman & Gieben Informational [Page 7]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-3.2. Key Generation
-
- Careful generation of all keys is a sometimes overlooked but
- absolutely essential element in any cryptographically secure system.
- The strongest algorithms used with the longest keys are still of no
- use if an adversary can guess enough to lower the size of the likely
- key space so that it can be exhaustively searched. Technical
- suggestions for the generation of random keys will be found in RFC
- 4086 [14]. One should carefully assess if the random number
- generator used during key generation adheres to these suggestions.
-
- Keys with a long effectivity period are particularly sensitive as
- they will represent a more valuable target and be subject to attack
- for a longer time than short-period keys. It is strongly recommended
- that long-term key generation occur off-line in a manner isolated
- from the network via an air gap or, at a minimum, high-level secure
- hardware.
-
-3.3. Key Effectivity Period
-
- For various reasons, keys in DNSSEC need to be changed once in a
- while. The longer a key is in use, the greater the probability that
- it will have been compromised through carelessness, accident,
- espionage, or cryptanalysis. Furthermore, when key rollovers are too
- rare an event, they will not become part of the operational habit and
- there is risk that nobody on-site will remember the procedure for
- rollover when the need is there.
-
- From a purely operational perspective, a reasonable key effectivity
- period for Key Signing Keys is 13 months, with the intent to replace
- them after 12 months. An intended key effectivity period of a month
- is reasonable for Zone Signing Keys.
-
- For key sizes that match these effectivity periods, see Section 3.5.
-
- As argued in Section 3.1.2, securely updating trust anchors will be
- extremely difficult. On the other hand, the "operational habit"
- argument does also apply to trust anchor reconfiguration. If a short
- key effectivity period is used and the trust anchor configuration has
- to be revisited on a regular basis, the odds that the configuration
- tends to be forgotten is smaller. The trade-off is against a system
- that is so dynamic that administrators of the validating clients will
- not be able to follow the modifications.
-
- Key effectivity periods can be made very short, as in a few minutes.
- But when replacing keys one has to take the considerations from
- Section 4.1 and Section 4.2 into account.
-
-
-
-
-Kolkman & Gieben Informational [Page 8]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-3.4. Key Algorithm
-
- There are currently three different types of algorithms that can be
- used in DNSSEC: RSA, DSA, and elliptic curve cryptography. The
- latter is fairly new and has yet to be standardized for usage in
- DNSSEC.
-
- RSA has been developed in an open and transparent manner. As the
- patent on RSA expired in 2000, its use is now also free.
-
- DSA has been developed by the National Institute of Standards and
- Technology (NIST). The creation of signatures takes roughly the same
- time as with RSA, but is 10 to 40 times as slow for verification
- [17].
-
- We suggest the use of RSA/SHA-1 as the preferred algorithm for the
- key. The current known attacks on RSA can be defeated by making your
- key longer. As the MD5 hashing algorithm is showing cracks, we
- recommend the usage of SHA-1.
-
- At the time of publication, it is known that the SHA-1 hash has
- cryptanalysis issues. There is work in progress on addressing these
- issues. We recommend the use of public key algorithms based on
- hashes stronger than SHA-1 (e.g., SHA-256), as soon as these
- algorithms are available in protocol specifications (see [19] and
- [20]) and implementations.
-
-3.5. Key Sizes
-
- When choosing key sizes, zone administrators will need to take into
- account how long a key will be used, how much data will be signed
- during the key publication period (see Section 8.10 of [17]), and,
- optionally, how large the key size of the parent is. As the chain of
- trust really is "a chain", there is not much sense in making one of
- the keys in the chain several times larger then the others. As
- always, it's the weakest link that defines the strength of the entire
- chain. Also see Section 3.1.1 for a discussion of how keys serving
- different roles (ZSK vs. KSK) may need different key sizes.
-
- Generating a key of the correct size is a difficult problem; RFC 3766
- [13] tries to deal with that problem. The first part of the
- selection procedure in Section 1 of the RFC states:
-
- 1. Determine the attack resistance necessary to satisfy the
- security requirements of the application. Do this by
- estimating the minimum number of computer operations that the
- attacker will be forced to do in order to compromise the
-
-
-
-
-Kolkman & Gieben Informational [Page 9]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- security of the system and then take the logarithm base two of
- that number. Call that logarithm value "n".
-
- A 1996 report recommended 90 bits as a good all-around choice
- for system security. The 90 bit number should be increased by
- about 2/3 bit/year, or about 96 bits in 2005.
-
- [13] goes on to explain how this number "n" can be used to calculate
- the key sizes in public key cryptography. This culminated in the
- table given below (slightly modified for our purpose):
-
- +-------------+-----------+--------------+
- | System | | |
- | requirement | Symmetric | RSA or DSA |
- | for attack | key size | modulus size |
- | resistance | (bits) | (bits) |
- | (bits) | | |
- +-------------+-----------+--------------+
- | 70 | 70 | 947 |
- | 80 | 80 | 1228 |
- | 90 | 90 | 1553 |
- | 100 | 100 | 1926 |
- | 150 | 150 | 4575 |
- | 200 | 200 | 8719 |
- | 250 | 250 | 14596 |
- +-------------+-----------+--------------+
-
- The key sizes given are rather large. This is because these keys are
- resilient against a trillionaire attacker. Assuming this rich
- attacker will not attack your key and that the key is rolled over
- once a year, we come to the following recommendations about KSK
- sizes: 1024 bits for low-value domains, 1300 bits for medium-value
- domains, and 2048 bits for high-value domains.
-
- Whether a domain is of low, medium, or high value depends solely on
- the views of the zone owner. One could, for instance, view leaf
- nodes in the DNS as of low value, and top-level domains (TLDs) or the
- root zone of high value. The suggested key sizes should be safe for
- the next 5 years.
-
- As ZSKs can be rolled over more easily (and thus more often), the key
- sizes can be made smaller. But as said in the introduction of this
- paragraph, making the ZSKs' key sizes too small (in relation to the
- KSKs' sizes) doesn't make much sense. Try to limit the difference in
- size to about 100 bits.
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 10]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- Note that nobody can see into the future and that these key sizes are
- only provided here as a guide. Further information can be found in
- [16] and Section 7.5 of [17]. It should be noted though that [16] is
- already considered overly optimistic about what key sizes are
- considered safe.
-
- One final note concerning key sizes. Larger keys will increase the
- sizes of the RRSIG and DNSKEY records and will therefore increase the
- chance of DNS UDP packet overflow. Also, the time it takes to
- validate and create RRSIGs increases with larger keys, so don't
- needlessly double your key sizes.
-
-3.6. Private Key Storage
-
- It is recommended that, where possible, zone private keys and the
- zone file master copy that is to be signed be kept and used in off-
- line, non-network-connected, physically secure machines only.
- Periodically, an application can be run to add authentication to a
- zone by adding RRSIG and NSEC RRs. Then the augmented file can be
- transferred.
-
- When relying on dynamic update to manage a signed zone [10], be aware
- that at least one private key of the zone will have to reside on the
- master server. This key is only as secure as the amount of exposure
- the server receives to unknown clients and the security of the host.
- Although not mandatory, one could administer the DNS in the following
- way. The master that processes the dynamic updates is unavailable
- from generic hosts on the Internet, it is not listed in the NS RR
- set, although its name appears in the SOA RRs MNAME field. The
- nameservers in the NS RRSet are able to receive zone updates through
- NOTIFY, IXFR, AXFR, or an out-of-band distribution mechanism. This
- approach is known as the "hidden master" setup.
-
- The ideal situation is to have a one-way information flow to the
- network to avoid the possibility of tampering from the network.
- Keeping the zone master file on-line on the network and simply
- cycling it through an off-line signer does not do this. The on-line
- version could still be tampered with if the host it resides on is
- compromised. For maximum security, the master copy of the zone file
- should be off-net and should not be updated based on an unsecured
- network mediated communication.
-
- In general, keeping a zone file off-line will not be practical and
- the machines on which zone files are maintained will be connected to
- a network. Operators are advised to take security measures to shield
- unauthorized access to the master copy.
-
-
-
-
-
-Kolkman & Gieben Informational [Page 11]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- For dynamically updated secured zones [10], both the master copy and
- the private key that is used to update signatures on updated RRs will
- need to be on-line.
-
-4. Signature Generation, Key Rollover, and Related Policies
-
-4.1. Time in DNSSEC
-
- Without DNSSEC, all times in the DNS are relative. The SOA fields
- REFRESH, RETRY, and EXPIRATION are timers used to determine the time
- elapsed after a slave server synchronized with a master server. The
- Time to Live (TTL) value and the SOA RR minimum TTL parameter [11]
- are used to determine how long a forwarder should cache data after it
- has been fetched from an authoritative server. By using a signature
- validity period, DNSSEC introduces the notion of an absolute time in
- the DNS. Signatures in DNSSEC have an expiration date after which
- the signature is marked as invalid and the signed data is to be
- considered Bogus.
-
-4.1.1. Time Considerations
-
- Because of the expiration of signatures, one should consider the
- following:
-
- o We suggest the Maximum Zone TTL of your zone data to be a fraction
- of your signature validity period.
-
- If the TTL would be of similar order as the signature validity
- period, then all RRSets fetched during the validity period
- would be cached until the signature expiration time. Section
- 7.1 of [4] suggests that "the resolver may use the time
- remaining before expiration of the signature validity period of
- a signed RRSet as an upper bound for the TTL". As a result,
- query load on authoritative servers would peak at signature
- expiration time, as this is also the time at which records
- simultaneously expire from caches.
-
- To avoid query load peaks, we suggest the TTL on all the RRs in
- your zone to be at least a few times smaller than your
- signature validity period.
-
- o We suggest the signature publication period to end at least one
- Maximum Zone TTL duration before the end of the signature validity
- period.
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 12]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- Re-signing a zone shortly before the end of the signature
- validity period may cause simultaneous expiration of data from
- caches. This in turn may lead to peaks in the load on
- authoritative servers.
-
- o We suggest the Minimum Zone TTL to be long enough to both fetch
- and verify all the RRs in the trust chain. In workshop
- environments, it has been demonstrated [18] that a low TTL (under
- 5 to 10 minutes) caused disruptions because of the following two
- problems:
-
- 1. During validation, some data may expire before the
- validation is complete. The validator should be able to
- keep all data until it is completed. This applies to all
- RRs needed to complete the chain of trust: DSes, DNSKEYs,
- RRSIGs, and the final answers, i.e., the RRSet that is
- returned for the initial query.
-
- 2. Frequent verification causes load on recursive nameservers.
- Data at delegation points, DSes, DNSKEYs, and RRSIGs
- benefit from caching. The TTL on those should be
- relatively long.
-
- o Slave servers will need to be able to fetch newly signed zones
- well before the RRSIGs in the zone served by the slave server pass
- their signature expiration time.
-
- When a slave server is out of sync with its master and data in
- a zone is signed by expired signatures, it may be better for
- the slave server not to give out any answer.
-
- Normally, a slave server that is not able to contact a master
- server for an extended period will expire a zone. When that
- happens, the server will respond differently to queries for
- that zone. Some servers issue SERVFAIL, whereas others turn
- off the 'AA' bit in the answers. The time of expiration is set
- in the SOA record and is relative to the last successful
- refresh between the master and the slave servers. There exists
- no coupling between the signature expiration of RRSIGs in the
- zone and the expire parameter in the SOA.
-
- If the server serves a DNSSEC zone, then it may well happen
- that the signatures expire well before the SOA expiration timer
- counts down to zero. It is not possible to completely prevent
- this from happening by tweaking the SOA parameters. However,
- the effects can be minimized where the SOA expiration time is
- equal to or shorter than the signature validity period. The
- consequence of an authoritative server not being able to update
-
-
-
-Kolkman & Gieben Informational [Page 13]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- a zone, whilst that zone includes expired signatures, is that
- non-secure resolvers will continue to be able to resolve data
- served by the particular slave servers while security-aware
- resolvers will experience problems because of answers being
- marked as Bogus.
-
- We suggest the SOA expiration timer being approximately one
- third or one fourth of the signature validity period. It will
- allow problems with transfers from the master server to be
- noticed before the actual signature times out. We also suggest
- that operators of nameservers that supply secondary services
- develop 'watch dogs' to spot upcoming signature expirations in
- zones they slave, and take appropriate action.
-
- When determining the value for the expiration parameter one has
- to take the following into account: What are the chances that
- all my secondaries expire the zone? How quickly can I reach an
- administrator of secondary servers to load a valid zone? These
- questions are not DNSSEC specific but may influence the choice
- of your signature validity intervals.
-
-4.2. Key Rollovers
-
- A DNSSEC key cannot be used forever (see Section 3.3). So key
- rollovers -- or supercessions, as they are sometimes called -- are a
- fact of life when using DNSSEC. Zone administrators who are in the
- process of rolling their keys have to take into account that data
- published in previous versions of their zone still lives in caches.
- When deploying DNSSEC, this becomes an important consideration;
- ignoring data that may be in caches may lead to loss of service for
- clients.
-
- The most pressing example of this occurs when zone material signed
- with an old key is being validated by a resolver that does not have
- the old zone key cached. If the old key is no longer present in the
- current zone, this validation fails, marking the data "Bogus".
- Alternatively, an attempt could be made to validate data that is
- signed with a new key against an old key that lives in a local cache,
- also resulting in data being marked "Bogus".
-
-4.2.1. Zone Signing Key Rollovers
-
- For "Zone Signing Key rollovers", there are two ways to make sure
- that during the rollover data still cached can be verified with the
- new key sets or newly generated signatures can be verified with the
- keys still in caches. One schema, described in Section 4.2.1.2, uses
-
-
-
-
-
-Kolkman & Gieben Informational [Page 14]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- double signatures; the other uses key pre-publication (Section
- 4.2.1.1). The pros, cons, and recommendations are described in
- Section 4.2.1.3.
-
-4.2.1.1. Pre-Publish Key Rollover
-
- This section shows how to perform a ZSK rollover without the need to
- sign all the data in a zone twice -- the "pre-publish key rollover".
- This method has advantages in the case of a key compromise. If the
- old key is compromised, the new key has already been distributed in
- the DNS. The zone administrator is then able to quickly switch to
- the new key and remove the compromised key from the zone. Another
- major advantage is that the zone size does not double, as is the case
- with the double signature ZSK rollover. A small "how-to" for this
- kind of rollover can be found in Appendix B.
-
- Pre-publish key rollover involves four stages as follows:
-
- ----------------------------------------------------------------
- initial new DNSKEY new RRSIGs DNSKEY removal
- ----------------------------------------------------------------
- SOA0 SOA1 SOA2 SOA3
- RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) RRSIG11(SOA3)
-
- DNSKEY1 DNSKEY1 DNSKEY1 DNSKEY1
- DNSKEY10 DNSKEY10 DNSKEY10 DNSKEY11
- DNSKEY11 DNSKEY11
- RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) RRSIG1 (DNSKEY)
- RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY)
- ----------------------------------------------------------------
-
- Pre-Publish Key Rollover
-
- initial: Initial version of the zone: DNSKEY 1 is the Key Signing
- Key. DNSKEY 10 is used to sign all the data of the zone, the Zone
- Signing Key.
-
- new DNSKEY: DNSKEY 11 is introduced into the key set. Note that no
- signatures are generated with this key yet, but this does not
- secure against brute force attacks on the public key. The minimum
- duration of this pre-roll phase is the time it takes for the data
- to propagate to the authoritative servers plus TTL value of the
- key set.
-
- new RRSIGs: At the "new RRSIGs" stage (SOA serial 2), DNSKEY 11 is
- used to sign the data in the zone exclusively (i.e., all the
- signatures from DNSKEY 10 are removed from the zone). DNSKEY 10
- remains published in the key set. This way data that was loaded
-
-
-
-Kolkman & Gieben Informational [Page 15]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- into caches from version 1 of the zone can still be verified with
- key sets fetched from version 2 of the zone. The minimum time
- that the key set including DNSKEY 10 is to be published is the
- time that it takes for zone data from the previous version of the
- zone to expire from old caches, i.e., the time it takes for this
- zone to propagate to all authoritative servers plus the Maximum
- Zone TTL value of any of the data in the previous version of the
- zone.
-
- DNSKEY removal: DNSKEY 10 is removed from the zone. The key set, now
- only containing DNSKEY 1 and DNSKEY 11, is re-signed with the
- DNSKEY 1.
-
- The above scheme can be simplified by always publishing the "future"
- key immediately after the rollover. The scheme would look as follows
- (we show two rollovers); the future key is introduced in "new DNSKEY"
- as DNSKEY 12 and again a newer one, numbered 13, in "new DNSKEY
- (II)":
-
- ----------------------------------------------------------------
- initial new RRSIGs new DNSKEY
- ----------------------------------------------------------------
- SOA0 SOA1 SOA2
- RRSIG10(SOA0) RRSIG11(SOA1) RRSIG11(SOA2)
-
- DNSKEY1 DNSKEY1 DNSKEY1
- DNSKEY10 DNSKEY10 DNSKEY11
- DNSKEY11 DNSKEY11 DNSKEY12
- RRSIG1(DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY)
- RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY)
- ----------------------------------------------------------------
-
- ----------------------------------------------------------------
- new RRSIGs (II) new DNSKEY (II)
- ----------------------------------------------------------------
- SOA3 SOA4
- RRSIG12(SOA3) RRSIG12(SOA4)
-
- DNSKEY1 DNSKEY1
- DNSKEY11 DNSKEY12
- DNSKEY12 DNSKEY13
- RRSIG1(DNSKEY) RRSIG1(DNSKEY)
- RRSIG12(DNSKEY) RRSIG12(DNSKEY)
- ----------------------------------------------------------------
-
- Pre-Publish Key Rollover, Showing Two Rollovers
-
-
-
-
-
-Kolkman & Gieben Informational [Page 16]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- Note that the key introduced in the "new DNSKEY" phase is not used
- for production yet; the private key can thus be stored in a
- physically secure manner and does not need to be 'fetched' every time
- a zone needs to be signed.
-
-4.2.1.2. Double Signature Zone Signing Key Rollover
-
- This section shows how to perform a ZSK key rollover using the double
- zone data signature scheme, aptly named "double signature rollover".
-
- During the "new DNSKEY" stage the new version of the zone file will
- need to propagate to all authoritative servers and the data that
- exists in (distant) caches will need to expire, requiring at least
- the Maximum Zone TTL.
-
- Double signature ZSK rollover involves three stages as follows:
-
- ----------------------------------------------------------------
- initial new DNSKEY DNSKEY removal
- ----------------------------------------------------------------
- SOA0 SOA1 SOA2
- RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2)
- RRSIG11(SOA1)
-
- DNSKEY1 DNSKEY1 DNSKEY1
- DNSKEY10 DNSKEY10 DNSKEY11
- DNSKEY11
- RRSIG1(DNSKEY) RRSIG1(DNSKEY) RRSIG1(DNSKEY)
- RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY)
- RRSIG11(DNSKEY)
- ----------------------------------------------------------------
-
- Double Signature Zone Signing Key Rollover
-
- initial: Initial Version of the zone: DNSKEY 1 is the Key Signing
- Key. DNSKEY 10 is used to sign all the data of the zone, the Zone
- Signing Key.
-
- new DNSKEY: At the "New DNSKEY" stage (SOA serial 1) DNSKEY 11 is
- introduced into the key set and all the data in the zone is signed
- with DNSKEY 10 and DNSKEY 11. The rollover period will need to
- continue until all data from version 0 of the zone has expired
- from remote caches. This will take at least the Maximum Zone TTL
- of version 0 of the zone.
-
- DNSKEY removal: DNSKEY 10 is removed from the zone. All the
- signatures from DNSKEY 10 are removed from the zone. The key set,
- now only containing DNSKEY 11, is re-signed with DNSKEY 1.
-
-
-
-Kolkman & Gieben Informational [Page 17]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- At every instance, RRSIGs from the previous version of the zone can
- be verified with the DNSKEY RRSet from the current version and the
- other way around. The data from the current version can be verified
- with the data from the previous version of the zone. The duration of
- the "new DNSKEY" phase and the period between rollovers should be at
- least the Maximum Zone TTL.
-
- Making sure that the "new DNSKEY" phase lasts until the signature
- expiration time of the data in initial version of the zone is
- recommended. This way all caches are cleared of the old signatures.
- However, this duration could be considerably longer than the Maximum
- Zone TTL, making the rollover a lengthy procedure.
-
- Note that in this example we assumed that the zone was not modified
- during the rollover. New data can be introduced in the zone as long
- as it is signed with both keys.
-
-4.2.1.3. Pros and Cons of the Schemes
-
- Pre-publish key rollover: This rollover does not involve signing the
- zone data twice. Instead, before the actual rollover, the new key
- is published in the key set and thus is available for
- cryptanalysis attacks. A small disadvantage is that this process
- requires four steps. Also the pre-publish scheme involves more
- parental work when used for KSK rollovers as explained in Section
- 4.2.3.
-
- Double signature ZSK rollover: The drawback of this signing scheme is
- that during the rollover the number of signatures in your zone
- doubles; this may be prohibitive if you have very big zones. An
- advantage is that it only requires three steps.
-
-4.2.2. Key Signing Key Rollovers
-
- For the rollover of a Key Signing Key, the same considerations as for
- the rollover of a Zone Signing Key apply. However, we can use a
- double signature scheme to guarantee that old data (only the apex key
- set) in caches can be verified with a new key set and vice versa.
- Since only the key set is signed with a KSK, zone size considerations
- do not apply.
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 18]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- --------------------------------------------------------------------
- initial new DNSKEY DS change DNSKEY removal
- --------------------------------------------------------------------
- Parent:
- SOA0 --------> SOA1 -------->
- RRSIGpar(SOA0) --------> RRSIGpar(SOA1) -------->
- DS1 --------> DS2 -------->
- RRSIGpar(DS) --------> RRSIGpar(DS) -------->
-
-
- Child:
- SOA0 SOA1 --------> SOA2
- RRSIG10(SOA0) RRSIG10(SOA1) --------> RRSIG10(SOA2)
- -------->
- DNSKEY1 DNSKEY1 --------> DNSKEY2
- DNSKEY2 -------->
- DNSKEY10 DNSKEY10 --------> DNSKEY10
- RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) --------> RRSIG2 (DNSKEY)
- RRSIG2 (DNSKEY) -------->
- RRSIG10(DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY)
- --------------------------------------------------------------------
-
- Stages of Deployment for a Double Signature Key Signing Key Rollover
-
- initial: Initial version of the zone. The parental DS points to
- DNSKEY1. Before the rollover starts, the child will have to
- verify what the TTL is of the DS RR that points to DNSKEY1 -- it
- is needed during the rollover and we refer to the value as TTL_DS.
-
- new DNSKEY: During the "new DNSKEY" phase, the zone administrator
- generates a second KSK, DNSKEY2. The key is provided to the
- parent, and the child will have to wait until a new DS RR has been
- generated that points to DNSKEY2. After that DS RR has been
- published on all servers authoritative for the parent's zone, the
- zone administrator has to wait at least TTL_DS to make sure that
- the old DS RR has expired from caches.
-
- DS change: The parent replaces DS1 with DS2.
-
- DNSKEY removal: DNSKEY1 has been removed.
-
- The scenario above puts the responsibility for maintaining a valid
- chain of trust with the child. It also is based on the premise that
- the parent only has one DS RR (per algorithm) per zone. An
- alternative mechanism has been considered. Using an established
- trust relation, the interaction can be performed in-band, and the
- removal of the keys by the child can possibly be signaled by the
- parent. In this mechanism, there are periods where there are two DS
-
-
-
-Kolkman & Gieben Informational [Page 19]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- RRs at the parent. Since at the moment of writing the protocol for
- this interaction has not been developed, further discussion is out of
- scope for this document.
-
-4.2.3. Difference Between ZSK and KSK Rollovers
-
- Note that KSK rollovers and ZSK rollovers are different in the sense
- that a KSK rollover requires interaction with the parent (and
- possibly replacing of trust anchors) and the ensuing delay while
- waiting for it.
-
- A zone key rollover can be handled in two different ways: pre-publish
- (Section 4.2.1.1) and double signature (Section 4.2.1.2).
-
- As the KSK is used to validate the key set and because the KSK is not
- changed during a ZSK rollover, a cache is able to validate the new
- key set of the zone. The pre-publish method would also work for a
- KSK rollover. The records that are to be pre-published are the
- parental DS RRs. The pre-publish method has some drawbacks for KSKs.
- We first describe the rollover scheme and then indicate these
- drawbacks.
-
- --------------------------------------------------------------------
- initial new DS new DNSKEY DS/DNSKEY removal
- --------------------------------------------------------------------
- Parent:
- SOA0 SOA1 --------> SOA2
- RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2)
- DS1 DS1 --------> DS2
- DS2 -------->
- RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS)
-
-
- Child:
- SOA0 --------> SOA1 SOA1
- RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1)
- -------->
- DNSKEY1 --------> DNSKEY2 DNSKEY2
- -------->
- DNSKEY10 --------> DNSKEY10 DNSKEY10
- RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY)
- RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY)
- --------------------------------------------------------------------
-
- Stages of Deployment for a Pre-Publish Key Signing Key Rollover
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 20]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- When the child zone wants to roll, it notifies the parent during the
- "new DS" phase and submits the new key (or the corresponding DS) to
- the parent. The parent publishes DS1 and DS2, pointing to DNSKEY1
- and DNSKEY2, respectively. During the rollover ("new DNSKEY" phase),
- which can take place as soon as the new DS set propagated through the
- DNS, the child replaces DNSKEY1 with DNSKEY2. Immediately after that
- ("DS/DNSKEY removal" phase), it can notify the parent that the old DS
- record can be deleted.
-
- The drawbacks of this scheme are that during the "new DS" phase the
- parent cannot verify the match between the DS2 RR and DNSKEY2 using
- the DNS -- as DNSKEY2 is not yet published. Besides, we introduce a
- "security lame" key (see Section 4.4.3). Finally, the child-parent
- interaction consists of two steps. The "double signature" method
- only needs one interaction.
-
-4.2.4. Automated Key Rollovers
-
- As keys must be renewed periodically, there is some motivation to
- automate the rollover process. Consider the following:
-
- o ZSK rollovers are easy to automate as only the child zone is
- involved.
-
- o A KSK rollover needs interaction between parent and child. Data
- exchange is needed to provide the new keys to the parent;
- consequently, this data must be authenticated and integrity must
- be guaranteed in order to avoid attacks on the rollover.
-
-4.3. Planning for Emergency Key Rollover
-
- This section deals with preparation for a possible key compromise.
- Our advice is to have a documented procedure ready for when a key
- compromise is suspected or confirmed.
-
- When the private material of one of your keys is compromised it can
- be used for as long as a valid trust chain exists. A trust chain
- remains intact for
-
- o as long as a signature over the compromised key in the trust chain
- is valid,
-
- o as long as a parental DS RR (and signature) points to the
- compromised key,
-
- o as long as the key is anchored in a resolver and is used as a
- starting point for validation (this is generally the hardest to
- update).
-
-
-
-Kolkman & Gieben Informational [Page 21]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- While a trust chain to your compromised key exists, your namespace is
- vulnerable to abuse by anyone who has obtained illegitimate
- possession of the key. Zone operators have to make a trade-off if
- the abuse of the compromised key is worse than having data in caches
- that cannot be validated. If the zone operator chooses to break the
- trust chain to the compromised key, data in caches signed with this
- key cannot be validated. However, if the zone administrator chooses
- to take the path of a regular rollover, the malicious key holder can
- spoof data so that it appears to be valid.
-
-4.3.1. KSK Compromise
-
- A zone containing a DNSKEY RRSet with a compromised KSK is vulnerable
- as long as the compromised KSK is configured as trust anchor or a
- parental DS points to it.
-
- A compromised KSK can be used to sign the key set of an attacker's
- zone. That zone could be used to poison the DNS.
-
- Therefore, when the KSK has been compromised, the trust anchor or the
- parental DS should be replaced as soon as possible. It is local
- policy whether to break the trust chain during the emergency
- rollover. The trust chain would be broken when the compromised KSK
- is removed from the child's zone while the parent still has a DS
- pointing to the compromised KSK (the assumption is that there is only
- one DS at the parent. If there are multiple DSes this does not apply
- -- however the chain of trust of this particular key is broken).
-
- Note that an attacker's zone still uses the compromised KSK and the
- presence of a parental DS would cause the data in this zone to appear
- as valid. Removing the compromised key would cause the attacker's
- zone to appear as valid and the child's zone as Bogus. Therefore, we
- advise not to remove the KSK before the parent has a DS to a new KSK
- in place.
-
-4.3.1.1. Keeping the Chain of Trust Intact
-
- If we follow this advice, the timing of the replacement of the KSK is
- somewhat critical. The goal is to remove the compromised KSK as soon
- as the new DS RR is available at the parent. And also make sure that
- the signature made with a new KSK over the key set with the
- compromised KSK in it expires just after the new DS appears at the
- parent, thus removing the old cruft in one swoop.
-
- The procedure is as follows:
-
- 1. Introduce a new KSK into the key set, keep the compromised KSK in
- the key set.
-
-
-
-Kolkman & Gieben Informational [Page 22]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- 2. Sign the key set, with a short validity period. The validity
- period should expire shortly after the DS is expected to appear
- in the parent and the old DSes have expired from caches.
-
- 3. Upload the DS for this new key to the parent.
-
- 4. Follow the procedure of the regular KSK rollover: Wait for the DS
- to appear in the authoritative servers and then wait as long as
- the TTL of the old DS RRs. If necessary re-sign the DNSKEY RRSet
- and modify/extend the expiration time.
-
- 5. Remove the compromised DNSKEY RR from the zone and re-sign the
- key set using your "normal" validity interval.
-
- An additional danger of a key compromise is that the compromised key
- could be used to facilitate a legitimate DNSKEY/DS rollover and/or
- nameserver changes at the parent. When that happens, the domain may
- be in dispute. An authenticated out-of-band and secure notify
- mechanism to contact a parent is needed in this case.
-
- Note that this is only a problem when the DNSKEY and or DS records
- are used for authentication at the parent.
-
-4.3.1.2. Breaking the Chain of Trust
-
- There are two methods to break the chain of trust. The first method
- causes the child zone to appear 'Bogus' to validating resolvers. The
- other causes the child zone to appear 'insecure'. These are
- described below.
-
- In the method that causes the child zone to appear 'Bogus' to
- validating resolvers, the child zone replaces the current KSK with a
- new one and re-signs the key set. Next it sends the DS of the new
- key to the parent. Only after the parent has placed the new DS in
- the zone is the child's chain of trust repaired.
-
- An alternative method of breaking the chain of trust is by removing
- the DS RRs from the parent zone altogether. As a result, the child
- zone would become insecure.
-
-4.3.2. ZSK Compromise
-
- Primarily because there is no parental interaction required when a
- ZSK is compromised, the situation is less severe than with a KSK
- compromise. The zone must still be re-signed with a new ZSK as soon
- as possible. As this is a local operation and requires no
- communication between the parent and child, this can be achieved
- fairly quickly. However, one has to take into account that just as
-
-
-
-Kolkman & Gieben Informational [Page 23]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- with a normal rollover the immediate disappearance of the old
- compromised key may lead to verification problems. Also note that as
- long as the RRSIG over the compromised ZSK is not expired the zone
- may be still at risk.
-
-4.3.3. Compromises of Keys Anchored in Resolvers
-
- A key can also be pre-configured in resolvers. For instance, if
- DNSSEC is successfully deployed the root key may be pre-configured in
- most security aware resolvers.
-
- If trust-anchor keys are compromised, the resolvers using these keys
- should be notified of this fact. Zone administrators may consider
- setting up a mailing list to communicate the fact that a SEP key is
- about to be rolled over. This communication will of course need to
- be authenticated, e.g., by using digital signatures.
-
- End-users faced with the task of updating an anchored key should
- always validate the new key. New keys should be authenticated out-
- of-band, for example, through the use of an announcement website that
- is secured using secure sockets (TLS) [21].
-
-4.4. Parental Policies
-
-4.4.1. Initial Key Exchanges and Parental Policies Considerations
-
- The initial key exchange is always subject to the policies set by the
- parent. When designing a key exchange policy one should take into
- account that the authentication and authorization mechanisms used
- during a key exchange should be as strong as the authentication and
- authorization mechanisms used for the exchange of delegation
- information between parent and child. That is, there is no implicit
- need in DNSSEC to make the authentication process stronger than it
- was in DNS.
-
- Using the DNS itself as the source for the actual DNSKEY material,
- with an out-of-band check on the validity of the DNSKEY, has the
- benefit that it reduces the chances of user error. A DNSKEY query
- tool can make use of the SEP bit [3] to select the proper key from a
- DNSSEC key set, thereby reducing the chance that the wrong DNSKEY is
- sent. It can validate the self-signature over a key; thereby
- verifying the ownership of the private key material. Fetching the
- DNSKEY from the DNS ensures that the chain of trust remains intact
- once the parent publishes the DS RR indicating the child is secure.
-
- Note: the out-of-band verification is still needed when the key
- material is fetched via the DNS. The parent can never be sure
- whether or not the DNSKEY RRs have been spoofed.
-
-
-
-Kolkman & Gieben Informational [Page 24]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-4.4.2. Storing Keys or Hashes?
-
- When designing a registry system one should consider which of the
- DNSKEYs and/or the corresponding DSes to store. Since a child zone
- might wish to have a DS published using a message digest algorithm
- not yet understood by the registry, the registry can't count on being
- able to generate the DS record from a raw DNSKEY. Thus, we recommend
- that registry systems at least support storing DS records.
-
- It may also be useful to store DNSKEYs, since having them may help
- during troubleshooting and, as long as the child's chosen message
- digest is supported, the overhead of generating DS records from them
- is minimal. Having an out-of-band mechanism, such as a registry
- directory (e.g., Whois), to find out which keys are used to generate
- DS Resource Records for specific owners and/or zones may also help
- with troubleshooting.
-
- The storage considerations also relate to the design of the customer
- interface and the method by which data is transferred between
- registrant and registry; Will the child zone administrator be able to
- upload DS RRs with unknown hash algorithms or does the interface only
- allow DNSKEYs? In the registry-registrar model, one can use the
- DNSSEC extensions to the Extensible Provisioning Protocol (EPP) [15],
- which allows transfer of DS RRs and optionally DNSKEY RRs.
-
-4.4.3. Security Lameness
-
- Security lameness is defined as what happens when a parent has a DS
- RR pointing to a non-existing DNSKEY RR. When this happens, the
- child's zone may be marked "Bogus" by verifying DNS clients.
-
- As part of a comprehensive delegation check, the parent could, at key
- exchange time, verify that the child's key is actually configured in
- the DNS. However, if a parent does not understand the hashing
- algorithm used by child, the parental checks are limited to only
- comparing the key id.
-
- Child zones should be very careful in removing DNSKEY material,
- specifically SEP keys, for which a DS RR exists.
-
- Once a zone is "security lame", a fix (e.g., removing a DS RR) will
- take time to propagate through the DNS.
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 25]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-4.4.4. DS Signature Validity Period
-
- Since the DS can be replayed as long as it has a valid signature, a
- short signature validity period over the DS minimizes the time a
- child is vulnerable in the case of a compromise of the child's
- KSK(s). A signature validity period that is too short introduces the
- possibility that a zone is marked "Bogus" in case of a configuration
- error in the signer. There may not be enough time to fix the
- problems before signatures expire. Something as mundane as operator
- unavailability during weekends shows the need for DS signature
- validity periods longer than 2 days. We recommend an absolute
- minimum for a DS signature validity period of a few days.
-
- The maximum signature validity period of the DS record depends on how
- long child zones are willing to be vulnerable after a key compromise.
- On the other hand, shortening the DS signature validity interval
- increases the operational risk for the parent. Therefore, the parent
- may have policy to use a signature validity interval that is
- considerably longer than the child would hope for.
-
- A compromise between the operational constraints of the parent and
- minimizing damage for the child may result in a DS signature validity
- period somewhere between a week and months.
-
- In addition to the signature validity period, which sets a lower
- bound on the number of times the zone owner will need to sign the
- zone data and which sets an upper bound to the time a child is
- vulnerable after key compromise, there is the TTL value on the DS
- RRs. Shortening the TTL means that the authoritative servers will
- see more queries. But on the other hand, a short TTL lowers the
- persistence of DS RRSets in caches thereby increasing the speed with
- which updated DS RRSets propagate through the DNS.
-
-5. Security Considerations
-
- DNSSEC adds data integrity to the DNS. This document tries to assess
- the operational considerations to maintain a stable and secure DNSSEC
- service. Not taking into account the 'data propagation' properties
- in the DNS will cause validation failures and may make secured zones
- unavailable to security-aware resolvers.
-
-6. Acknowledgments
-
- Most of the ideas in this document were the result of collective
- efforts during workshops, discussions, and tryouts.
-
- At the risk of forgetting individuals who were the original
- contributors of the ideas, we would like to acknowledge people who
-
-
-
-Kolkman & Gieben Informational [Page 26]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- were actively involved in the compilation of this document. In
- random order: Rip Loomis, Olafur Gudmundsson, Wesley Griffin, Michael
- Richardson, Scott Rose, Rick van Rein, Tim McGinnis, Gilles Guette
- Olivier Courtay, Sam Weiler, Jelte Jansen, Niall O'Reilly, Holger
- Zuleger, Ed Lewis, Hilarie Orman, Marcos Sanz, and Peter Koch.
-
- Some material in this document has been copied from RFC 2541 [12].
-
- Mike StJohns designed the key exchange between parent and child
- mentioned in the last paragraph of Section 4.2.2
-
- Section 4.2.4 was supplied by G. Guette and O. Courtay.
-
- Emma Bretherick, Adrian Bedford, and Lindy Foster corrected many of
- the spelling and style issues.
-
- Kolkman and Gieben take the blame for introducing all miscakes (sic).
-
- While working on this document, Kolkman was employed by the RIPE NCC
- and Gieben was employed by NLnet Labs.
-
-7. References
-
-7.1. Normative References
-
- [1] Mockapetris, P., "Domain names - concepts and facilities", STD
- 13, RFC 1034, November 1987.
-
- [2] Mockapetris, P., "Domain names - implementation and
- specification", STD 13, RFC 1035, November 1987.
-
- [3] Kolkman, O., Schlyter, J., and E. Lewis, "Domain Name System
- KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP)
- Flag", RFC 3757, May 2004.
-
- [4] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "DNS Security Introduction and Requirements", RFC 4033, March
- 2005.
-
- [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "Resource Records for the DNS Security Extensions", RFC 4034,
- March 2005.
-
- [6] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
- "Protocol Modifications for the DNS Security Extensions", RFC
- 4035, March 2005.
-
-
-
-
-
-Kolkman & Gieben Informational [Page 27]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-7.2. Informative References
-
- [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement
- Levels", BCP 14, RFC 2119, March 1997.
-
- [8] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, August
- 1996.
-
- [9] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes
- (DNS NOTIFY)", RFC 1996, August 1996.
-
- [10] Wellington, B., "Secure Domain Name System (DNS) Dynamic
- Update", RFC 3007, November 2000.
-
- [11] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)",
- RFC 2308, March 1998.
-
- [12] Eastlake, D., "DNS Security Operational Considerations", RFC
- 2541, March 1999.
-
- [13] Orman, H. and P. Hoffman, "Determining Strengths For Public
- Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766,
- April 2004.
-
- [14] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
- Requirements for Security", BCP 106, RFC 4086, June 2005.
-
- [15] Hollenbeck, S., "Domain Name System (DNS) Security Extensions
- Mapping for the Extensible Provisioning Protocol (EPP)", RFC
- 4310, December 2005.
-
- [16] Lenstra, A. and E. Verheul, "Selecting Cryptographic Key
- Sizes", The Journal of Cryptology 14 (255-293), 2001.
-
- [17] Schneier, B., "Applied Cryptography: Protocols, Algorithms, and
- Source Code in C", ISBN (hardcover) 0-471-12845-7, ISBN
- (paperback) 0-471-59756-2, Published by John Wiley & Sons Inc.,
- 1996.
-
- [18] Rose, S., "NIST DNSSEC workshop notes", June 2001.
-
- [19] Jansen, J., "Use of RSA/SHA-256 DNSKEY and RRSIG Resource
- Records in DNSSEC", Work in Progress, January 2006.
-
- [20] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS)
- Resource Records (RRs)", RFC 4509, May 2006.
-
-
-
-
-
-Kolkman & Gieben Informational [Page 28]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- [21] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and
- T. Wright, "Transport Layer Security (TLS) Extensions", RFC
- 4366, April 2006.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 29]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-Appendix A. Terminology
-
- In this document, there is some jargon used that is defined in other
- documents. In most cases, we have not copied the text from the
- documents defining the terms but have given a more elaborate
- explanation of the meaning. Note that these explanations should not
- be seen as authoritative.
-
- Anchored key: A DNSKEY configured in resolvers around the globe.
- This key is hard to update, hence the term anchored.
-
- Bogus: Also see Section 5 of [4]. An RRSet in DNSSEC is marked
- "Bogus" when a signature of an RRSet does not validate against a
- DNSKEY.
-
- Key Signing Key or KSK: A Key Signing Key (KSK) is a key that is used
- exclusively for signing the apex key set. The fact that a key is
- a KSK is only relevant to the signing tool.
-
- Key size: The term 'key size' can be substituted by 'modulus size'
- throughout the document. It is mathematically more correct to use
- modulus size, but as this is a document directed at operators we
- feel more at ease with the term key size.
-
- Private and public keys: DNSSEC secures the DNS through the use of
- public key cryptography. Public key cryptography is based on the
- existence of two (mathematically related) keys, a public key and a
- private key. The public keys are published in the DNS by use of
- the DNSKEY Resource Record (DNSKEY RR). Private keys should
- remain private.
-
- Key rollover: A key rollover (also called key supercession in some
- environments) is the act of replacing one key pair with another at
- the end of a key effectivity period.
-
- Secure Entry Point (SEP) key: A KSK that has a parental DS record
- pointing to it or is configured as a trust anchor. Although not
- required by the protocol, we recommend that the SEP flag [3] is
- set on these keys.
-
- Self-signature: This only applies to signatures over DNSKEYs; a
- signature made with DNSKEY x, over DNSKEY x is called a self-
- signature. Note: without further information, self-signatures
- convey no trust. They are useful to check the authenticity of the
- DNSKEY, i.e., they can be used as a hash.
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 30]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- Singing the zone file: The term used for the event where an
- administrator joyfully signs its zone file while producing melodic
- sound patterns.
-
- Signer: The system that has access to the private key material and
- signs the Resource Record sets in a zone. A signer may be
- configured to sign only parts of the zone, e.g., only those RRSets
- for which existing signatures are about to expire.
-
- Zone Signing Key (ZSK): A key that is used for signing all data in a
- zone. The fact that a key is a ZSK is only relevant to the
- signing tool.
-
- Zone administrator: The 'role' that is responsible for signing a zone
- and publishing it on the primary authoritative server.
-
-Appendix B. Zone Signing Key Rollover How-To
-
- Using the pre-published signature scheme and the most conservative
- method to assure oneself that data does not live in caches, here
- follows the "how-to".
-
- Step 0: The preparation: Create two keys and publish both in your key
- set. Mark one of the keys "active" and the other "published".
- Use the "active" key for signing your zone data. Store the
- private part of the "published" key, preferably off-line. The
- protocol does not provide for attributes to mark a key as active
- or published. This is something you have to do on your own,
- through the use of a notebook or key management tool.
-
- Step 1: Determine expiration: At the beginning of the rollover make a
- note of the highest expiration time of signatures in your zone
- file created with the current key marked as active. Wait until
- the expiration time marked in Step 1 has passed.
-
- Step 2: Then start using the key that was marked "published" to sign
- your data (i.e., mark it "active"). Stop using the key that was
- marked "active"; mark it "rolled".
-
- Step 3: It is safe to engage in a new rollover (Step 1) after at
- least one signature validity period.
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 31]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-Appendix C. Typographic Conventions
-
- The following typographic conventions are used in this document:
-
- Key notation: A key is denoted by DNSKEYx, where x is a number or an
- identifier, x could be thought of as the key id.
-
- RRSet notations: RRs are only denoted by the type. All other
- information -- owner, class, rdata, and TTL--is left out. Thus:
- "example.com 3600 IN A 192.0.2.1" is reduced to "A". RRSets are a
- list of RRs. A example of this would be "A1, A2", specifying the
- RRSet containing two "A" records. This could again be abbreviated to
- just "A".
-
- Signature notation: Signatures are denoted as RRSIGx(RRSet), which
- means that RRSet is signed with DNSKEYx.
-
- Zone representation: Using the above notation we have simplified the
- representation of a signed zone by leaving out all unnecessary
- details such as the names and by representing all data by "SOAx"
-
- SOA representation: SOAs are represented as SOAx, where x is the
- serial number.
-
- Using this notation the following signed zone:
-
- example.net. 86400 IN SOA ns.example.net. bert.example.net. (
- 2006022100 ; serial
- 86400 ; refresh ( 24 hours)
- 7200 ; retry ( 2 hours)
- 3600000 ; expire (1000 hours)
- 28800 ) ; minimum ( 8 hours)
- 86400 RRSIG SOA 5 2 86400 20130522213204 (
- 20130422213204 14 example.net.
- cmL62SI6iAX46xGNQAdQ... )
- 86400 NS a.iana-servers.net.
- 86400 NS b.iana-servers.net.
- 86400 RRSIG NS 5 2 86400 20130507213204 (
- 20130407213204 14 example.net.
- SO5epiJei19AjXoUpFnQ ... )
- 86400 DNSKEY 256 3 5 (
- EtRB9MP5/AvOuVO0I8XDxy0... ) ; id = 14
- 86400 DNSKEY 257 3 5 (
- gsPW/Yy19GzYIY+Gnr8HABU... ) ; id = 15
- 86400 RRSIG DNSKEY 5 2 86400 20130522213204 (
- 20130422213204 14 example.net.
- J4zCe8QX4tXVGjV4e1r9... )
-
-
-
-
-Kolkman & Gieben Informational [Page 32]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
- 86400 RRSIG DNSKEY 5 2 86400 20130522213204 (
- 20130422213204 15 example.net.
- keVDCOpsSeDReyV6O... )
- 86400 RRSIG NSEC 5 2 86400 20130507213204 (
- 20130407213204 14 example.net.
- obj3HEp1GjnmhRjX... )
- a.example.net. 86400 IN TXT "A label"
- 86400 RRSIG TXT 5 3 86400 20130507213204 (
- 20130407213204 14 example.net.
- IkDMlRdYLmXH7QJnuF3v... )
- 86400 NSEC b.example.com. TXT RRSIG NSEC
- 86400 RRSIG NSEC 5 3 86400 20130507213204 (
- 20130407213204 14 example.net.
- bZMjoZ3bHjnEz0nIsPMM... )
- ...
-
- is reduced to the following representation:
-
- SOA2006022100
- RRSIG14(SOA2006022100)
- DNSKEY14
- DNSKEY15
-
- RRSIG14(KEY)
- RRSIG15(KEY)
-
- The rest of the zone data has the same signature as the SOA record,
- i.e., an RRSIG created with DNSKEY 14.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 33]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-Authors' Addresses
-
- Olaf M. Kolkman
- NLnet Labs
- Kruislaan 419
- Amsterdam 1098 VA
- The Netherlands
-
- EMail: olaf@nlnetlabs.nl
- URI: http://www.nlnetlabs.nl
-
-
- R. (Miek) Gieben
-
- EMail: miek@miek.nl
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 34]
-\f
-RFC 4641 DNSSEC Operational Practices September 2006
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2006).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at
- ietf-ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is provided by the IETF
- Administrative Support Activity (IASA).
-
-
-
-
-
-
-
-Kolkman & Gieben Informational [Page 35]
-\f
+++ /dev/null
-
-
-
-
-
-
-Network Working Group M. StJohns
-Request for Comments: 5011 Independent
-Category: Standards Track September 2007
-
-
- Automated Updates of DNS Security (DNSSEC) Trust Anchors
-
-Status of This Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Abstract
-
- This document describes a means for automated, authenticated, and
- authorized updating of DNSSEC "trust anchors". The method provides
- protection against N-1 key compromises of N keys in the trust point
- key set. Based on the trust established by the presence of a current
- anchor, other anchors may be added at the same place in the
- hierarchy, and, ultimately, supplant the existing anchor(s).
-
- This mechanism will require changes to resolver management behavior
- (but not resolver resolution behavior), and the addition of a single
- flag bit to the DNSKEY record.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-StJohns Standards Track [Page 1]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
-Table of Contents
-
- 1. Introduction ....................................................2
- 1.1. Compliance Nomenclature ....................................3
- 2. Theory of Operation .............................................3
- 2.1. Revocation .................................................4
- 2.2. Add Hold-Down ..............................................4
- 2.3. Active Refresh .............................................5
- 2.4. Resolver Parameters ........................................6
- 2.4.1. Add Hold-Down Time ..................................6
- 2.4.2. Remove Hold-Down Time ...............................6
- 2.4.3. Minimum Trust Anchors per Trust Point ...............6
- 3. Changes to DNSKEY RDATA Wire Format .............................6
- 4. State Table .....................................................6
- 4.1. Events .....................................................7
- 4.2. States .....................................................7
- 5. Trust Point Deletion ............................................8
- 6. Scenarios - Informative .........................................9
- 6.1. Adding a Trust Anchor ......................................9
- 6.2. Deleting a Trust Anchor ....................................9
- 6.3. Key Roll-Over .............................................10
- 6.4. Active Key Compromised ....................................10
- 6.5. Stand-by Key Compromised ..................................10
- 6.6. Trust Point Deletion ......................................10
- 7. IANA Considerations ............................................11
- 8. Security Considerations ........................................11
- 8.1. Key Ownership vs. Acceptance Policy .......................11
- 8.2. Multiple Key Compromise ...................................12
- 8.3. Dynamic Updates ...........................................12
- 9. Normative References ...........................................12
- 10. Informative References ........................................12
-
-1. Introduction
-
- As part of the reality of fielding DNSSEC (Domain Name System
- Security Extensions) [RFC4033] [RFC4034] [RFC4035], the community has
- come to the realization that there will not be one signed name space,
- but rather islands of signed name spaces each originating from
- specific points (i.e., 'trust points') in the DNS tree. Each of
- those islands will be identified by the trust point name, and
- validated by at least one associated public key. For the purpose of
- this document, we'll call the association of that name and a
- particular key a 'trust anchor'. A particular trust point can have
- more than one key designated as a trust anchor.
-
- For a DNSSEC-aware resolver to validate information in a DNSSEC
- protected branch of the hierarchy, it must have knowledge of a trust
- anchor applicable to that branch. It may also have more than one
-
-
-
-StJohns Standards Track [Page 2]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
- trust anchor for any given trust point. Under current rules, a chain
- of trust for DNSSEC-protected data that chains its way back to ANY
- known trust anchor is considered 'secure'.
-
- Because of the probable balkanization of the DNSSEC tree due to
- signing voids at key locations, a resolver may need to know literally
- thousands of trust anchors to perform its duties (e.g., consider an
- unsigned ".COM"). Requiring the owner of the resolver to manually
- manage these many relationships is problematic. It's even more
- problematic when considering the eventual requirement for key
- replacement/update for a given trust anchor. The mechanism described
- herein won't help with the initial configuration of the trust anchors
- in the resolvers, but should make trust point key
- replacement/rollover more viable.
-
- As mentioned above, this document describes a mechanism whereby a
- resolver can update the trust anchors for a given trust point, mainly
- without human intervention at the resolver. There are some corner
- cases discussed (e.g., multiple key compromise) that may require
- manual intervention, but they should be few and far between. This
- document DOES NOT discuss the general problem of the initial
- configuration of trust anchors for the resolver.
-
-1.1. Compliance Nomenclature
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in BCP 14, [RFC2119].
-
-2. Theory of Operation
-
- The general concept of this mechanism is that existing trust anchors
- can be used to authenticate new trust anchors at the same point in
- the DNS hierarchy. When a zone operator adds a new SEP key (i.e., a
- DNSKEY with the Secure Entry Point bit set) (see [RFC4034], Section
- 2.1.1) to a trust point DNSKEY RRSet, and when that RRSet is
- validated by an existing trust anchor, then the resolver can add the
- new key to its set of valid trust anchors for that trust point.
-
- There are some issues with this approach that need to be mitigated.
- For example, a compromise of one of the existing keys could allow an
- attacker to add their own 'valid' data. This implies a need for a
- method to revoke an existing key regardless of whether or not that
- key is compromised. As another example, assuming a single key
- compromise, we need to prevent an attacker from adding a new key and
- revoking all the other old keys.
-
-
-
-
-
-StJohns Standards Track [Page 3]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
-2.1. Revocation
-
- Assume two trust anchor keys A and B. Assume that B has been
- compromised. Without a specific revocation bit, B could invalidate A
- simply by sending out a signed trust point key set that didn't
- contain A. To fix this, we add a mechanism that requires knowledge
- of the private key of a DNSKEY to revoke that DNSKEY.
-
- A key is considered revoked when the resolver sees the key in a
- self-signed RRSet and the key has the REVOKE bit (see Section 7
- below) set to '1'. Once the resolver sees the REVOKE bit, it MUST
- NOT use this key as a trust anchor or for any other purpose except to
- validate the RRSIG it signed over the DNSKEY RRSet specifically for
- the purpose of validating the revocation. Unlike the 'Add' operation
- below, revocation is immediate and permanent upon receipt of a valid
- revocation at the resolver.
-
- A self-signed RRSet is a DNSKEY RRSet that contains the specific
- DNSKEY and for which there is a corresponding validated RRSIG record.
- It's not a special DNSKEY RRSet, just a way of describing the
- validation requirements for that RRSet.
-
- N.B.: A DNSKEY with the REVOKE bit set has a different fingerprint
- than one without the bit set. This affects the matching of a DNSKEY
- to DS records in the parent [RFC3755], or the fingerprint stored at a
- resolver used to configure a trust point.
-
- In the given example, the attacker could revoke B because it has
- knowledge of B's private key, but could not revoke A.
-
-2.2. Add Hold-Down
-
- Assume two trust point keys A and B. Assume that B has been
- compromised. An attacker could generate and add a new trust anchor
- key C (by adding C to the DNSKEY RRSet and signing it with B), and
- then invalidate the compromised key. This would result in both the
- attacker and owner being able to sign data in the zone and have it
- accepted as valid by resolvers.
-
- To mitigate but not completely solve this problem, we add a hold-down
- time to the addition of the trust anchor. When the resolver sees a
- new SEP key in a validated trust point DNSKEY RRSet, the resolver
- starts an acceptance timer, and remembers all the keys that validated
- the RRSet. If the resolver ever sees the DNSKEY RRSet without the
- new key but validly signed, it stops the acceptance process for that
- key and resets the acceptance timer. If all of the keys that were
-
-
-
-
-
-StJohns Standards Track [Page 4]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
- originally used to validate this key are revoked prior to the timer
- expiring, the resolver stops the acceptance process and resets the
- timer.
-
- Once the timer expires, the new key will be added as a trust anchor
- the next time the validated RRSet with the new key is seen at the
- resolver. The resolver MUST NOT treat the new key as a trust anchor
- until the hold-down time expires AND it has retrieved and validated a
- DNSKEY RRSet after the hold-down time that contains the new key.
-
- N.B.: Once the resolver has accepted a key as a trust anchor, the key
- MUST be considered a valid trust anchor by that resolver until
- explicitly revoked as described above.
-
- In the given example, the zone owner can recover from a compromise by
- revoking B and adding a new key D and signing the DNSKEY RRSet with
- both A and B.
-
- The reason this does not completely solve the problem has to do with
- the distributed nature of DNS. The resolver only knows what it sees.
- A determined attacker who holds one compromised key could keep a
- single resolver from realizing that the key had been compromised by
- intercepting 'real' data from the originating zone and substituting
- their own (e.g., using the example, signed only by B). This is no
- worse than the current situation assuming a compromised key.
-
-2.3. Active Refresh
-
- A resolver that has been configured for an automatic update of keys
- from a particular trust point MUST query that trust point (e.g., do a
- lookup for the DNSKEY RRSet and related RRSIG records) no less often
- than the lesser of 15 days, half the original TTL for the DNSKEY
- RRSet, or half the RRSIG expiration interval and no more often than
- once per hour. The expiration interval is the amount of time from
- when the RRSIG was last retrieved until the expiration time in the
- RRSIG. That is, queryInterval = MAX(1 hr, MIN (15 days, 1/2*OrigTTL,
- 1/2*RRSigExpirationInterval))
-
- If the query fails, the resolver MUST repeat the query until
- satisfied no more often than once an hour and no less often than the
- lesser of 1 day, 10% of the original TTL, or 10% of the original
- expiration interval. That is, retryTime = MAX (1 hour, MIN (1 day,
- .1 * origTTL, .1 * expireInterval)).
-
-
-
-
-
-
-
-
-StJohns Standards Track [Page 5]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
-2.4. Resolver Parameters
-
-2.4.1. Add Hold-Down Time
-
- The add hold-down time is 30 days or the expiration time of the
- original TTL of the first trust point DNSKEY RRSet that contained the
- new key, whichever is greater. This ensures that at least two
- validated DNSKEY RRSets that contain the new key MUST be seen by the
- resolver prior to the key's acceptance.
-
-2.4.2. Remove Hold-Down Time
-
- The remove hold-down time is 30 days. This parameter is solely a key
- management database bookeeping parameter. Failure to remove
- information about the state of defunct keys from the database will
- not adversely impact the security of this protocol, but may end up
- with a database cluttered with obsolete key information.
-
-2.4.3. Minimum Trust Anchors per Trust Point
-
- A compliant resolver MUST be able to manage at least five SEP keys
- per trust point.
-
-3. Changes to DNSKEY RDATA Wire Format
-
- Bit 8 of the DNSKEY Flags field is designated as the 'REVOKE' flag.
- If this bit is set to '1', AND the resolver sees an RRSIG(DNSKEY)
- signed by the associated key, then the resolver MUST consider this
- key permanently invalid for all purposes except for validating the
- revocation.
-
-4. State Table
-
- The most important thing to understand is the resolver's view of any
- key at a trust point. The following state table describes this view
- at various points in the key's lifetime. The table is a normative
- part of this specification. The initial state of the key is 'Start'.
- The resolver's view of the state of the key changes as various events
- occur.
-
- This is the state of a trust-point key as seen from the resolver.
- The column on the left indicates the current state. The header at
- the top shows the next state. The intersection of the two shows the
- event that will cause the state to transition from the current state
- to the next.
-
-
-
-
-
-
-StJohns Standards Track [Page 6]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
- NEXT STATE
- --------------------------------------------------
- FROM |Start |AddPend |Valid |Missing|Revoked|Removed|
- ----------------------------------------------------------
- Start | |NewKey | | | | |
- ----------------------------------------------------------
- AddPend |KeyRem | |AddTime| | | |
- ----------------------------------------------------------
- Valid | | | |KeyRem |Revbit | |
- ----------------------------------------------------------
- Missing | | |KeyPres| |Revbit | |
- ----------------------------------------------------------
- Revoked | | | | | |RemTime|
- ----------------------------------------------------------
- Removed | | | | | | |
- ----------------------------------------------------------
-
- State Table
-
-4.1. Events
-
- NewKey The resolver sees a valid DNSKEY RRSet with a new SEP key.
- That key will become a new trust anchor for the named trust
- point after it's been present in the RRSet for at least 'add
- time'.
-
- KeyPres The key has returned to the valid DNSKEY RRSet.
-
- KeyRem The resolver sees a valid DNSKEY RRSet that does not contain
- this key.
-
- AddTime The key has been in every valid DNSKEY RRSet seen for at
- least the 'add time'.
-
- RemTime A revoked key has been missing from the trust-point DNSKEY
- RRSet for sufficient time to be removed from the trust set.
-
- RevBit The key has appeared in the trust anchor DNSKEY RRSet with
- its "REVOKED" bit set, and there is an RRSig over the DNSKEY
- RRSet signed by this key.
-
-4.2. States
-
- Start The key doesn't yet exist as a trust anchor at the resolver.
- It may or may not exist at the zone server, but either
- hasn't yet been seen at the resolver or was seen but was
- absent from the last DNSKEY RRSet (e.g., KeyRem event).
-
-
-
-
-StJohns Standards Track [Page 7]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
- AddPend The key has been seen at the resolver, has its 'SEP' bit
- set, and has been included in a validated DNSKEY RRSet.
- There is a hold-down time for the key before it can be used
- as a trust anchor.
-
- Valid The key has been seen at the resolver and has been included
- in all validated DNSKEY RRSets from the time it was first
- seen through the hold-down time. It is now valid for
- verifying RRSets that arrive after the hold-down time.
- Clarification: The DNSKEY RRSet does not need to be
- continuously present at the resolver (e.g., its TTL might
- expire). If the RRSet is seen and is validated (i.e.,
- verifies against an existing trust anchor), this key MUST be
- in the RRSet, otherwise a 'KeyRem' event is triggered.
-
- Missing This is an abnormal state. The key remains a valid trust-
- point key, but was not seen at the resolver in the last
- validated DNSKEY RRSet. This is an abnormal state because
- the zone operator should be using the REVOKE bit prior to
- removal.
-
- Revoked This is the state a key moves to once the resolver sees an
- RRSIG(DNSKEY) signed by this key where that DNSKEY RRSet
- contains this key with its REVOKE bit set to '1'. Once in
- this state, this key MUST permanently be considered invalid
- as a trust anchor.
-
- Removed After a fairly long hold-down time, information about this
- key may be purged from the resolver. A key in the removed
- state MUST NOT be considered a valid trust anchor. (Note:
- this state is more or less equivalent to the "Start" state,
- except that it's bad practice to re-introduce previously
- used keys -- think of this as the holding state for all the
- old keys for which the resolver no longer needs to track
- state.)
-
-5. Trust Point Deletion
-
- A trust point that has all of its trust anchors revoked is considered
- deleted and is treated as if the trust point was never configured.
- If there are no superior configured trust points, data at and below
- the deleted trust point are considered insecure by the resolver. If
- there ARE superior configured trust points, data at and below the
- deleted trust point are evaluated with respect to the superior trust
- point(s).
-
- Alternately, a trust point that is subordinate to another configured
- trust point MAY be deleted by a resolver after 180 days, where such a
-
-
-
-StJohns Standards Track [Page 8]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
- subordinate trust point validly chains to a superior trust point.
- The decision to delete the subordinate trust anchor is a local
- configuration decision. Once the subordinate trust point is deleted,
- validation of the subordinate zone is dependent on validating the
- chain of trust to the superior trust point.
-
-6. Scenarios - Informative
-
- The suggested model for operation is to have one active key and one
- stand-by key at each trust point. The active key will be used to
- sign the DNSKEY RRSet. The stand-by key will not normally sign this
- RRSet, but the resolver will accept it as a trust anchor if/when it
- sees the signature on the trust point DNSKEY RRSet.
-
- Since the stand-by key is not in active signing use, the associated
- private key may (and should) be provided with additional protections
- not normally available to a key that must be used frequently (e.g.,
- locked in a safe, split among many parties, etc). Notionally, the
- stand-by key should be less subject to compromise than an active key,
- but that will be dependent on operational concerns not addressed
- here.
-
-6.1. Adding a Trust Anchor
-
- Assume an existing trust anchor key 'A'.
-
- 1. Generate a new key pair.
-
- 2. Create a DNSKEY record from the key pair and set the SEP and Zone
- Key bits.
-
- 3. Add the DNSKEY to the RRSet.
-
- 4. Sign the DNSKEY RRSet ONLY with the existing trust anchor key -
- 'A'.
-
- 5. Wait for various resolvers' timers to go off and for them to
- retrieve the new DNSKEY RRSet and signatures.
-
- 6. The new trust anchor will be populated at the resolvers on the
- schedule described by the state table and update algorithm -- see
- Sections 2 and 4 above.
-
-6.2. Deleting a Trust Anchor
-
- Assume existing trust anchors 'A' and 'B' and that you want to revoke
- and delete 'A'.
-
-
-
-
-StJohns Standards Track [Page 9]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
- 1. Set the revocation bit on key 'A'.
-
- 2. Sign the DNSKEY RRSet with both 'A' and 'B'. 'A' is now revoked.
- The operator should include the revoked 'A' in the RRSet for at
- least the remove hold-down time, but then may remove it from the
- DNSKEY RRSet.
-
-6.3. Key Roll-Over
-
- Assume existing keys A and B. 'A' is actively in use (i.e. has been
- signing the DNSKEY RRSet). 'B' was the stand-by key. (i.e. has been
- in the DNSKEY RRSet and is a valid trust anchor, but wasn't being
- used to sign the RRSet).
-
- 1. Generate a new key pair 'C'.
- 2. Add 'C' to the DNSKEY RRSet.
- 3. Set the revocation bit on key 'A'.
- 4. Sign the RRSet with 'A' and 'B'.
-
- 'A' is now revoked, 'B' is now the active key, and 'C' will be the
- stand-by key once the hold-down expires. The operator should include
- the revoked 'A' in the RRSet for at least the remove hold-down time,
- but may then remove it from the DNSKEY RRSet.
-
-6.4. Active Key Compromised
-
- This is the same as the mechanism for Key Roll-Over (Section 6.3)
- above, assuming 'A' is the active key.
-
-6.5. Stand-by Key Compromised
-
- Using the same assumptions and naming conventions as Key Roll-Over
- (Section 6.3) above:
-
- 1. Generate a new key pair 'C'.
- 2. Add 'C' to the DNSKEY RRSet.
- 3. Set the revocation bit on key 'B'.
- 4. Sign the RRSet with 'A' and 'B'.
-
- 'B' is now revoked, 'A' remains the active key, and 'C' will be the
- stand-by key once the hold-down expires. 'B' should continue to be
- included in the RRSet for the remove hold-down time.
-
-6.6. Trust Point Deletion
-
- To delete a trust point that is subordinate to another configured
- trust point (e.g., example.com to .com) requires some juggling of the
- data. The specific process is:
-
-
-
-StJohns Standards Track [Page 10]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
- 1. Generate a new DNSKEY and DS record and provide the DS record to
- the parent along with DS records for the old keys.
-
- 2. Once the parent has published the DSs, add the new DNSKEY to the
- RRSet and revoke ALL of the old keys at the same time, while
- signing the DNSKEY RRSet with all of the old and new keys.
-
- 3. After 30 days, stop publishing the old, revoked keys and remove
- any corresponding DS records in the parent.
-
- Revoking the old trust-point keys at the same time as adding new keys
- that chain to a superior trust prevents the resolver from adding the
- new keys as trust anchors. Adding DS records for the old keys avoids
- a race condition where either the subordinate zone becomes unsecure
- (because the trust point was deleted) or becomes bogus (because it
- didn't chain to the superior zone).
-
-7. IANA Considerations
-
- The IANA has assigned a bit in the DNSKEY flags field (see Section 7
- of [RFC4034]) for the REVOKE bit (8).
-
-8. Security Considerations
-
- In addition to the following sections, see also Theory of Operation
- above (Section 2) and especially Section 2.2 for related discussions.
-
- Security considerations for trust anchor rollover not specific to
- this protocol are discussed in [RFC4986].
-
-8.1. Key Ownership vs. Acceptance Policy
-
- The reader should note that, while the zone owner is responsible for
- creating and distributing keys, it's wholly the decision of the
- resolver owner as to whether to accept such keys for the
- authentication of the zone information. This implies the decision to
- update trust-anchor keys based on trusting a current trust-anchor key
- is also the resolver owner's decision.
-
- The resolver owner (and resolver implementers) MAY choose to permit
- or prevent key status updates based on this mechanism for specific
- trust points. If they choose to prevent the automated updates, they
- will need to establish a mechanism for manual or other out-of-band
- updates, which are outside the scope of this document.
-
-
-
-
-
-
-
-StJohns Standards Track [Page 11]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
-8.2. Multiple Key Compromise
-
- This scheme permits recovery as long as at least one valid trust-
- anchor key remains uncompromised, e.g., if there are three keys, you
- can recover if two of them are compromised. The zone owner should
- determine their own level of comfort with respect to the number of
- active, valid trust anchors in a zone and should be prepared to
- implement recovery procedures once they detect a compromise. A
- manual or other out-of-band update of all resolvers will be required
- if all trust-anchor keys at a trust point are compromised.
-
-8.3. Dynamic Updates
-
- Allowing a resolver to update its trust anchor set based on in-band
- key information is potentially less secure than a manual process.
- However, given the nature of the DNS, the number of resolvers that
- would require update if a trust anchor key were compromised, and the
- lack of a standard management framework for DNS, this approach is no
- worse than the existing situation.
-
-9. Normative References
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC3755] Weiler, S., "Legacy Resolver Compatibility for Delegation
- Signer (DS)", RFC 3755, May 2004.
-
- [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
- Rose, "DNS Security Introduction and Requirements", RFC
- 4033, March 2005.
-
- [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
- Rose, "Resource Records for the DNS Security Extensions",
- RFC 4034, March 2005.
-
- [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
- Rose, "Protocol Modifications for the DNS Security
- Extensions", RFC 4035, March 2005.
-
-10. Informative References
-
- [RFC4986] Eland, H., Mundy, R., Crocker, S., and S. Krishnaswamy,
- "Requirements Related to DNS Security (DNSSEC) Trust
- Anchor Rollover", RFC 4986, August 2007.
-
-
-
-
-
-
-StJohns Standards Track [Page 12]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
-Author's Address
-
- Michael StJohns
- Independent
-
- EMail: mstjohns@comcast.net
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-StJohns Standards Track [Page 13]
-\f
-RFC 5011 Trust Anchor Update September 2007
-
-
-Full Copyright Statement
-
- Copyright (C) The IETF Trust (2007).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at
- ietf-ipr@ietf.org.
-
-
-
-
-
-
-
-
-
-
-
-
-StJohns Standards Track [Page 14]
-\f
+++ /dev/null
-/*****************************************************************
-**
-** @(#) domaincmp.c -- compare two domain names
-**
-** Copyright (c) Aug 2005, Karle Boss, Holger Zuleger (kaho).
-** isparentdomain() (c) Mar 2010 by Holger Zuleger
-** All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Karle Boss or Holger Zuleger (kaho) nor the
-** names of its contributors may be used to endorse or promote products
-** derived from this software without specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <assert.h>
-# include <ctype.h>
-#define extern
-# include "domaincmp.h"
-#undef extern
-
-
-#define goto_labelstart(str, p) while ( (p) > (str) && *((p)-1) != '.' ) \
- (p)--
-
-/*****************************************************************
-** int domaincmp (a, b)
-** compare a and b as fqdns.
-** return <0 | 0 | >0 as in strcmp
-** A subdomain is less than the corresponding parent domain,
-** thus domaincmp ("z.example.net", "example.net") return < 0 !!
-*****************************************************************/
-int domaincmp (const char *a, const char *b)
-{
- return domaincmp_dir (a, b, 1);
-}
-
-/*****************************************************************
-** int domaincmp_dir (a, b, subdomain_above)
-** compare a and b as fqdns.
-** return <0 | 0 | >0 as in strcmp
-** A subdomain is less than the corresponding parent domain,
-** thus domaincmp ("z.example.net", "example.net") return < 0 !!
-*****************************************************************/
-int domaincmp_dir (const char *a, const char *b, int subdomain_above)
-{
- register const char *pa;
- register const char *pb;
- int dir;
-
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
- if ( subdomain_above )
- dir = 1;
- else
- dir = -1;
-
- if ( *a == '.' ) /* skip a leading dot */
- a++;
- if ( *b == '.' ) /* same at the other string */
- b++;
-
- /* let pa and pb point to the last non dot char */
- pa = a + strlen (a);
- do
- pa--;
- while ( pa > a && *pa == '.' );
-
- pb = b + strlen (b);
- do
- pb--;
- while ( pb > b && *pb == '.' );
-
- /* cmp both domains starting at the end */
- while ( *pa == *pb && pa > a && pb > b )
- pa--, pb--;
-
- if ( *pa != *pb ) /* both domains are different ? */
- {
- if ( *pa == '.' )
- pa++; /* set to beginning of next label */
- else
- goto_labelstart (a, pa); /* find begin of current label */
- if ( *pb == '.' )
- pb++; /* set to beginning of next label */
- else
- goto_labelstart (b, pb); /* find begin of current label */
- }
- else /* maybe one of them has a subdomain */
- {
- if ( pa > a )
- if ( pa[-1] == '.' )
- return -1 * dir;
- else
- goto_labelstart (a, pa);
- else if ( pb > b )
- if ( pb[-1] == '.' )
- return 1 * dir;
- else
- goto_labelstart (b, pb);
- else
- return 0; /* both are at the beginning, so they are equal */
- }
-
- /* both domains are definitly unequal */
- while ( *pa == *pb ) /* so we have to look at the point where they differ */
- pa++, pb++;
-
- return *pa - *pb;
-}
-
-/*****************************************************************
-**
-** int issubdomain ("child", "parent")
-**
-** "child" and "parent" are standardized domain names in such
-** a way that even both domain names are ending with a dot,
-** or none of them.
-**
-** returns 1 if "child" is a subdomain of "parent"
-** returns 0 if "child" is not a subdomain of "parent"
-**
-*****************************************************************/
-int issubdomain (const char *child, const char *parent)
-{
- const char *p;
- const char *cdot;
- int ccnt;
- int pcnt;
-
- if ( !child || !parent || *child == '\0' || *parent == '\0' )
- return 0;
-
- cdot = NULL;
- pcnt = 0;
- for ( p = parent; *p; p++ )
- if ( *p == '.' )
- pcnt++;
-
- ccnt = 0;
- for ( p = child; *p; p++ )
- if ( *p == '.' )
- {
- if ( ccnt == 0 )
- cdot = p;
- ccnt++;
- }
- if ( ccnt == 0 ) /* child is not a fqdn or is not deep enough ? */
- return 0;
- if ( pcnt == 0 ) /* parent is not a fqdn ? */
- return 0;
-
- if ( pcnt >= ccnt ) /* parent has more levels than child ? */
- return 0;
-
- /* is child a (one level) subdomain of parent ? */
- if ( strcmp (cdot+1, parent) == 0 ) /* the domains are equal ? */
- return 1;
-
- return 0;
-}
-
-/*****************************************************************
-**
-** int isparentdomain ("child", "parent", level)
-**
-** "child" and "parent" are standardized domain names in such
-** a way that even both domain names are ending with a dot,
-** or none of them.
-**
-** returns 1 if "child" is a subdomain of "parent"
-** returns 0 if "child" is not a subdomain of "parent"
-** returns -1 if "child" and "parent" are the same domain
-**
-*****************************************************************/
-int isparentdomain (const char *child, const char *parent, int level)
-{
- const char *p;
- const char *cdot;
- const char *pdot;
- int ccnt;
- int pcnt;
-
- if ( !child || !parent || *child == '\0' || *parent == '\0' )
- return 0;
-
- pdot = cdot = NULL;
- pcnt = 0;
- for ( p = parent; *p; p++ )
- if ( *p == '.' )
- {
- if ( pcnt == 0 )
- pdot = p;
- pcnt++;
- }
-
- ccnt = 0;
- for ( p = child; *p; p++ )
- if ( *p == '.' )
- {
- if ( ccnt == 0 )
- cdot = p;
- ccnt++;
- }
- if ( ccnt == 0 || ccnt < level ) /* child is not a fqdn or is not deep enough ? */
- return 0;
- if ( pcnt == 0 ) /* parent is not a fqdn ? */
- return 0;
-
- if ( pcnt > ccnt ) /* parent has more levels than child ? */
- return 0;
-
- if ( pcnt == ccnt ) /* both are at the same level ? */
- {
- /* let's check the domain part */
- if ( strcmp (cdot, pdot) == 0 ) /* the domains are equal ? */
- return -1;
- return 0;
- }
-
- if ( pcnt > ccnt ) /* parent has more levels than child ? */
- return 0;
-
- /* is child a (one level) subdomain of parent ? */
- if ( strcmp (cdot+1, parent) == 0 ) /* the domains are equal ? */
- return 1;
-
- return 0;
-}
-
-#ifdef DOMAINCMP_TEST
-static struct {
- char *a;
- char *b;
- int res;
-} ex[] = {
- { ".", ".", 0 },
- { "test", "", 1 },
- { "", "test2", -1 },
- { "", "", 0 },
- { "de", "de", 0 },
- { ".de", "de", 0 },
- { "de.", "de.", 0 },
- { ".de", ".de", 0 },
- { ".de.", ".de.", 0 },
- { ".de", "zde", -1 },
- { ".de", "ade", 1 },
- { "zde", ".de", 1 },
- { "ade", ".de", -1 },
- { "a.de", ".de", -1 },
- { ".de", "a.de", 1 },
- { "a.de", "b.de", -1 },
- { "a.de.", "b.de", -1 },
- { "a.de", "b.de.", -1 },
- { "a.de", "a.de.", 0 },
- { "aa.de", "b.de", -1 },
- { "ba.de", "b.de", 1 },
- { "a.de", "a.dk", -1 },
- { "anna.example.de", "anna.example.de", 0 },
- { "anna.example.de", "annamirl.example.de", -1 },
- { "anna.example.de", "ann.example.de", 1 },
- { "example.de.", "xy.example.de.", 1 },
- { "example.de.", "ab.example.de.", 1 },
- { "example.de", "ab.example.de", 1 },
- { "xy.example.de.", "example.de.", -1 },
- { "ab.example.de.", "example.de.", -1 },
- { "ab.example.de", "example.de", -1 },
- { "ab.mast.de", "axt.de", 1 },
- { "ab.mast.de", "obt.de", -1 },
- { "abc.example.de.", "xy.example.de.", -1 },
- { NULL, NULL, 0 }
-};
-
-const char *progname;
-main (int argc, char *argv[])
-{
-
- int expect;
- int res;
- int c;
- int i;
-
- progname = *argv;
-
- for ( i = 0; ex[i].a; i++ )
- {
- expect = ex[i].res;
- if ( expect < 0 )
- c = '<';
- else if ( expect > 0 )
- c = '>';
- else
- c = '=';
- printf ("%-20s %-20s ", ex[i].a, ex[i].b);
- printf ("%3d ", issubdomain (ex[i].a, ex[i].b));
- printf ("\t==> 0 %c ", c);
- fflush (stdout);
- res = domaincmp (ex[i].a, ex[i].b);
- printf ("%3d ", res);
- if ( res < 0 && expect < 0 || res > 0 && expect > 0 || res == 0 && expect == 0 )
- puts ("ok");
- else
- puts ("not ok");
- }
-}
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) domaincmp.h -- compare two domain names
-**
-** Copyright (c) Aug 2005, Karle Boss (kaho). All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef DOMAINCMP_H
-# define DOMAINCMP_H
-extern int domaincmp (const char *a, const char *b);
-extern int domaincmp_dir (const char *a, const char *b, int subdomain_above);
-extern int isparentdomain (const char *child, const char *parent, int level);
-extern int issubdomain (const char *child, const char *parent);
-#endif
+++ /dev/null
-
-{
- find . -name "dnskey.db"
- find . -name "dsset-*"
- find . -name "keyset-*"
- find . -name "K*"
-} | xargs rm
-
-
-for file in `find . -name "zone.db.signed"`
-do
- cp /dev/null $file
-done
+++ /dev/null
-#################################################################
-#
-# @(#) dist.sh -- distribute and reload command for dnssec-signer
-#
-# (c) Jul 2008 Holger Zuleger hznet.de
-#
-# Feb 2010 action "distkeys" added
-#
-# This shell script will be run by dnssec-signer as a distribution
-# and reload command if:
-#
-# a) the dnssec.conf file parameter Distribute_Cmd: points
-# to this file
-# and
-# b) the user running the dnssec-signer command is not
-# root (uid==0)
-# and
-# c) the owner of this shell script is the same as the
-# running user and the access rights don't allow writing
-# for anyone except the owner
-# or
-# d) the group of this shell script is the same as the
-# running user and the access rights don't allow writing
-# for anyone except the group
-#
-#################################################################
-
-# set path to rndc and scp
-PATH="/bin:/usr/bin:/usr/local/sbin"
-
-# remote server and directory
-server=localhost # fqdn of remote name server
-dir=/var/named # zone directory on remote name server
-
-progname=$0
-usage()
-{
- echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2
- test $# -gt 0 && echo $* 1>&2
- exit 1
-}
-
-if test $# -lt 3
-then
- usage
-fi
-action="$1"
-domain="$2"
-zonefile="$3"
-view=""
-test $# -gt 3 && view="$4"
-
-case $action in
-distkeys)
- if test -n "$view"
- then
- echo "scp K$zone+* $server:$dir/$view/$zone/"
- : scp K$zone+* $server:$dir/$view/$zone/
- else
- echo "scp K$zone+* $server:$dir/$zone/"
- : scp K$zone+* $server:$dir/$zone/
- fi
- ;;
-distribute)
- if test -n "$view"
- then
- echo "scp $zonefile $server:$dir/$view/$domain/"
- : scp $zonefile $server:$dir/$view/$domain/
- else
- echo "scp $zonefile $server:$dir/$domain/"
- : scp $zonefile $server:$dir/$domain/
- fi
- ;;
-reload)
- echo "rndc $action $domain $view"
- : rndc $action $domain $view
- ;;
-*)
- usage "illegal action $action"
- ;;
-esac
-
+++ /dev/null
-#
-# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de
-#
-
-# dnssec-zkt options
-Zonedir: "."
-Recursive: True
-PrintTime: False
-PrintAge: True
-LeftJustify: False
-
-# zone specific values
-ResignInterval: 2d # (172800 seconds)
-Sigvalidity: 6d # (518400 seconds)
-Max_TTL: 8h # (28800 seconds)
-Propagation: 5m # (300 seconds)
-KEY_TTL: 1h # (3600 seconds)
-Serialformat: incremental
-
-# signing key parameters
-Key_Algo: RSASHA512
-KSK_lifetime: 60d # (5184000 seconds)
-KSK_bits: 1300
-KSK_randfile: "/dev/urandom"
-ZSK_lifetime: 2w # (1209600 seconds)
-ZSK_bits: 1024
-ZSK_randfile: "/dev/urandom"
-SaltBits: 24
-
-# dnssec-signer options
-LogFile: "zkt.log"
-LogLevel: DEBUG
-LogDomainDir: "."
-SyslogFacility: USER
-SyslogLevel: NOTICE
-VerboseLog: 2
-Keyfile: "dnskey.db"
-Zonefile: "zone.db"
-KeySetDir: "../keysets"
-DLV_Domain: ""
-Sig_Pseudorand: True
-Sig_GenerateDS: True
-Sig_DnsKeyKSK: False
-Sig_Parameter: "-n 1"
-Distribute_Cmd: "./dist.sh"
+++ /dev/null
-Key_Algo: NSEC3RSASHA1 # (Algorithm ID 7)
-KSK_lifetime: 60d # (5184000 seconds)
-KSK_bits: 1024
+++ /dev/null
-2010-02-21 19:43:15.018: debug: Check RFC5011 status
-2010-02-21 19:43:15.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:43:15.018: debug: Check KSK status
-2010-02-21 19:43:15.018: debug: No active KSK found: generate new one
-2010-02-21 19:43:15.330: info: "dyn.example.net.": generated new KSK 52935
-2010-02-21 19:43:15.330: debug: Check ZSK status
-2010-02-21 19:43:15.330: debug: No active ZSK found: generate new one
-2010-02-21 19:43:15.368: info: "dyn.example.net.": generated new ZSK 30323
-2010-02-21 19:43:15.368: debug: Re-signing necessary: Modfied zone key set
-2010-02-21 19:43:15.368: notice: "dyn.example.net.": re-signing triggered: Modfied zone key set
-2010-02-21 19:43:15.368: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-02-21 19:43:15.368: debug: Signing zone "dyn.example.net."
-2010-02-21 19:43:15.368: notice: "dyn.example.net.": freeze dynamic zone
-2010-02-21 19:43:15.368: debug: freeze dynamic zone "dyn.example.net."
-2010-02-21 19:43:15.368: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-02-21 19:43:15.374: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-02-21 19:43:15.374: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-02-21 19:43:15.382: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: Zone contains NSEC records. Use -u to update to NSEC3."
-2010-02-21 19:43:15.382: error: "dyn.example.net.": signing failed!
-2010-02-21 19:43:15.382: notice: "dyn.example.net.": thaw dynamic zone
-2010-02-21 19:43:15.382: debug: thaw dynamic zone "dyn.example.net."
-2010-02-21 19:43:15.382: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-02-21 19:45:36.415: debug: Check RFC5011 status
-2010-02-21 19:45:36.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:45:36.416: debug: Check KSK status
-2010-02-21 19:45:36.416: debug: Check ZSK status
-2010-02-21 19:45:36.416: debug: Re-signing not necessary!
-2010-02-21 19:45:36.416: debug: Check if there is a parent file to copy
-2010-02-21 19:45:41.448: debug: Check RFC5011 status
-2010-02-21 19:45:41.448: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:45:41.448: debug: Check KSK status
-2010-02-21 19:45:41.448: debug: Check ZSK status
-2010-02-21 19:45:41.448: debug: Re-signing necessary: Option -f
-2010-02-21 19:45:41.448: notice: "dyn.example.net.": re-signing triggered: Option -f
-2010-02-21 19:45:41.448: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-02-21 19:45:41.448: debug: Signing zone "dyn.example.net."
-2010-02-21 19:45:41.448: notice: "dyn.example.net.": freeze dynamic zone
-2010-02-21 19:45:41.448: debug: freeze dynamic zone "dyn.example.net."
-2010-02-21 19:45:41.448: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-02-21 19:45:41.457: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-02-21 19:45:41.458: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-02-21 19:45:41.473: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
-2010-02-21 19:45:41.473: error: "dyn.example.net.": signing failed!
-2010-02-21 19:45:41.473: notice: "dyn.example.net.": thaw dynamic zone
-2010-02-21 19:45:41.473: debug: thaw dynamic zone "dyn.example.net."
-2010-02-21 19:45:41.473: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-02-21 19:47:06.899: debug: Check RFC5011 status
-2010-02-21 19:47:06.899: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:47:06.899: debug: Check KSK status
-2010-02-21 19:47:06.899: debug: Check ZSK status
-2010-02-21 19:47:06.899: debug: Re-signing necessary: Option -f
-2010-02-21 19:47:06.899: notice: "dyn.example.net.": re-signing triggered: Option -f
-2010-02-21 19:47:06.899: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-02-21 19:47:06.900: debug: Signing zone "dyn.example.net."
-2010-02-21 19:47:06.900: notice: "dyn.example.net.": freeze dynamic zone
-2010-02-21 19:47:06.900: debug: freeze dynamic zone "dyn.example.net."
-2010-02-21 19:47:06.900: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-02-21 19:47:06.910: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-02-21 19:47:06.910: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-02-21 19:47:06.926: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
-2010-02-21 19:47:06.926: error: "dyn.example.net.": signing failed!
-2010-02-21 19:47:06.926: notice: "dyn.example.net.": thaw dynamic zone
-2010-02-21 19:47:06.926: debug: thaw dynamic zone "dyn.example.net."
-2010-02-21 19:47:06.926: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-02-21 19:58:40.972: debug: Check RFC5011 status
-2010-02-21 19:58:40.972: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:58:40.972: debug: Check KSK status
-2010-02-21 19:58:40.972: debug: Check ZSK status
-2010-02-21 19:58:40.973: debug: Re-signing necessary: Option -f
-2010-02-21 19:58:40.973: notice: "dyn.example.net.": re-signing triggered: Option -f
-2010-02-21 19:58:40.973: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-02-21 19:58:40.973: debug: Signing zone "dyn.example.net."
-2010-02-21 19:58:40.973: notice: "dyn.example.net.": freeze dynamic zone
-2010-02-21 19:58:40.973: debug: freeze dynamic zone "dyn.example.net."
-2010-02-21 19:58:40.973: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-02-21 19:58:40.982: debug: Dynamic Zone signing: zone file manually edited: Use it as new input file
-2010-02-21 19:58:40.982: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-02-21 19:58:40.983: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-02-21 19:58:40.999: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
-2010-02-21 19:58:40.999: error: "dyn.example.net.": signing failed!
-2010-02-21 19:58:40.999: notice: "dyn.example.net.": thaw dynamic zone
-2010-02-21 19:58:40.999: debug: thaw dynamic zone "dyn.example.net."
-2010-02-21 19:58:40.999: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-02-21 20:00:48.833: debug: Check RFC5011 status
-2010-02-21 20:00:48.833: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 20:00:48.833: debug: Check KSK status
-2010-02-21 20:00:48.833: debug: Check ZSK status
-2010-02-21 20:00:48.833: debug: Re-signing necessary: Option -f
-2010-02-21 20:00:48.833: notice: "dyn.example.net.": re-signing triggered: Option -f
-2010-02-21 20:00:48.833: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-02-21 20:00:48.834: debug: Signing zone "dyn.example.net."
-2010-02-21 20:00:48.834: notice: "dyn.example.net.": freeze dynamic zone
-2010-02-21 20:00:48.834: debug: freeze dynamic zone "dyn.example.net."
-2010-02-21 20:00:48.834: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-02-21 20:00:48.844: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-02-21 20:00:48.844: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-02-21 20:00:48.878: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
-2010-02-21 20:00:48.878: notice: "dyn.example.net.": thaw dynamic zone
-2010-02-21 20:00:48.878: debug: thaw dynamic zone "dyn.example.net."
-2010-02-21 20:00:48.878: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-02-21 20:00:48.884: debug: Signing completed after 0s.
-2010-02-21 20:01:11.175: debug: Check RFC5011 status
-2010-02-21 20:01:11.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 20:01:11.175: debug: Check KSK status
-2010-02-21 20:01:11.175: debug: Check ZSK status
-2010-02-21 20:01:11.176: debug: Re-signing necessary: Option -f
-2010-02-21 20:01:11.176: notice: "dyn.example.net.": re-signing triggered: Option -f
-2010-02-21 20:01:11.176: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-02-21 20:01:11.176: debug: Signing zone "dyn.example.net."
-2010-02-21 20:01:11.176: notice: "dyn.example.net.": freeze dynamic zone
-2010-02-21 20:01:11.176: debug: freeze dynamic zone "dyn.example.net."
-2010-02-21 20:01:11.176: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-02-21 20:01:11.181: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-02-21 20:01:11.181: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-02-21 20:01:11.202: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
-2010-02-21 20:01:11.202: notice: "dyn.example.net.": thaw dynamic zone
-2010-02-21 20:01:11.203: debug: thaw dynamic zone "dyn.example.net."
-2010-02-21 20:01:11.203: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-02-21 20:01:11.208: debug: Signing completed after 0s.
-2010-02-21 20:01:17.175: debug: Check RFC5011 status
-2010-02-21 20:01:17.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 20:01:17.175: debug: Check KSK status
-2010-02-21 20:01:17.175: debug: Check ZSK status
-2010-02-21 20:01:17.176: debug: Re-signing not necessary!
-2010-02-21 20:01:17.176: debug: Check if there is a parent file to copy
-2010-02-25 23:42:29.326: debug: Check RFC5011 status
-2010-02-25 23:42:29.326: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-25 23:42:29.326: debug: Check KSK status
-2010-02-25 23:42:29.326: debug: Check ZSK status
-2010-02-25 23:42:29.326: debug: Re-signing necessary: re-signing interval (2d) reached
-2010-02-25 23:42:29.326: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
-2010-02-25 23:42:29.326: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-02-25 23:42:29.327: debug: Signing zone "dyn.example.net."
-2010-02-25 23:42:29.327: notice: "dyn.example.net.": freeze dynamic zone
-2010-02-25 23:42:29.327: debug: freeze dynamic zone "dyn.example.net."
-2010-02-25 23:42:29.327: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-02-25 23:42:29.388: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-02-25 23:42:29.425: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-02-25 23:42:29.471: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
-2010-02-25 23:42:29.471: notice: "dyn.example.net.": thaw dynamic zone
-2010-02-25 23:42:29.471: debug: thaw dynamic zone "dyn.example.net."
-2010-02-25 23:42:29.471: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-02-25 23:42:29.486: debug: Signing completed after 0s.
-2010-03-02 10:59:46.770: debug: Check RFC5011 status
-2010-03-02 10:59:46.770: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-02 10:59:46.770: debug: Check KSK status
-2010-03-02 10:59:46.770: debug: Check ZSK status
-2010-03-02 10:59:46.770: debug: Re-signing necessary: re-signing interval (2d) reached
-2010-03-02 10:59:46.770: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
-2010-03-02 10:59:46.770: debug: Writing key file "./dyn.example.net/dnskey.db"
-2010-03-02 10:59:46.770: debug: Signing zone "dyn.example.net."
-2010-03-02 10:59:46.770: notice: "dyn.example.net.": freeze dynamic zone
-2010-03-02 10:59:46.770: debug: freeze dynamic zone "dyn.example.net."
-2010-03-02 10:59:46.770: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
-2010-03-02 10:59:46.852: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
-2010-03-02 10:59:46.875: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
-2010-03-02 10:59:46.950: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
-2010-03-02 10:59:46.950: notice: "dyn.example.net.": thaw dynamic zone
-2010-03-02 10:59:46.950: debug: thaw dynamic zone "dyn.example.net."
-2010-03-02 10:59:46.950: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
-2010-03-02 10:59:46.964: debug: Signing completed after 0s.
+++ /dev/null
-; File written on Thu Feb 25 23:42:29 2010
-; dnssec_signzone version 9.7.0
-dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 18 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 7 3 7200 20100303214229 (
- 20100225214229 30323 dyn.example.net.
- Ih9WgRBKZVDT3zJR9eFcB0VKU0o2G7h13XHZ
- W6j2Jr1H4Db5IC1xiHXq+hI9UMkVQA3fu1Ub
- +tjqAJE+y3hUFg== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 7 3 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- uvTn2MCWjTfS/piH3kKEmF1gPoeN8jIdcFFJ
- 5t3b8RIwjorD81gWIRmzkGDE59hoL4mMvEnO
- 32sAi8qkYhvBOA== )
- 3600 DNSKEY 256 3 7 (
- AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R
- is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa
- G3vTNW3Wl4bl4ITFZrk=
- ) ; key id = 30323
- 3600 DNSKEY 257 3 7 (
- AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO
- oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/
- bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE
- nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG
- f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3
- ) ; key id = 52935
- 3600 RRSIG DNSKEY 7 3 3600 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- je5kBhDdp9b9fjH/lJ1o9WDBL2YxZ+6UNuF9
- zNbeeDlfBHe7XlTGw9MHyvZh46wx2OUmLoGM
- DFhPfIwUwtttUA== )
- 3600 RRSIG DNSKEY 7 3 3600 20100227180048 (
- 20100221180048 52935 dyn.example.net.
- MuyIUCa3XlttWuSnaQegQnRgTrTsx0Mj4EGI
- fwtZs2H3L079Y/brqMvtlIGxtlr9meLg43oo
- jX1w48ilerzf1PwYhUVpFefZTgmClK0h2ej4
- Ho9Qh4/6snesVj06kWsQDkhuVs58zHmhRtEy
- P4YlqP/R1CAk166RhwSmGuSx1O8= )
- 0 NSEC3PARAM 1 0 10 76931F
- 0 RRSIG NSEC3PARAM 7 3 0 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- LGD8bq/sX9yvDUpmyaRczfTshrR6T9HmQ5/a
- MwMSY+5LDAD/YdwtpVF7uNwdMa6ydJFQW37u
- Rma0TxEqKPGPyQ== )
-localhost.dyn.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- SHLL1lIJZaEGKphkFm3NShS6H33mBnwwACkH
- eF3JE5vWwTuT7hffdJlwcahYQfcr3egPv64d
- iyCNYNjdvlJpsg== )
-ns1.dyn.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- 6PF5dGgOJdolEyxrHqyA66BFLrUORQLZvVBw
- 9fX9uGWWKiu6yRR3i4LwIkQ+VelTpCbTsLh4
- gm+rcSMFNeOtxA== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- dk1DfG0y9qjCi3VD4e9B1NGKWEig7q8hFdaR
- 3hElCIzGlflvgHRiE7iTJxDMB+kTA0by4BMZ
- yssUuXP2FMlB2g== )
-ns2.dyn.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- Ei5VGwE7CNBQ7ZOHpyKZXtuC8I7lusZ4d+gx
- MwpLROH+6OSu26x2ScPdwg1qpZ5Mui01ss6O
- IcJL36PRqAM26A== )
-x.dyn.example.net. 7200 IN A 1.2.3.4
- 7200 RRSIG A 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- ieiExNeDjeucDjtMVj0F9kwIsL0ngZfAmEU/
- /UlYe8/8pg2NzFulOviI09ekgOOnMfcnb4n4
- /pRIkFddCEOt0g== )
-y.dyn.example.net. 7200 IN A 1.2.3.5
- 7200 RRSIG A 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- NfDUCrArDXCTPrTpiesQYCoZ039YE/KwlN25
- EZ9vOVt6dE2R9KkAWezkdY9zDmJMGTN1XYI/
- vgd56J8B5Y/uQQ== )
-z.dyn.example.net. 7200 IN A 1.2.3.6
- 7200 RRSIG A 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- VH3BsA8JLlqmL0xkXgXlPXT0xfRcdFy7vPYh
- 27exw16LDbQF15KjkHvUJ+Bkei/SmRa20Dll
- Yy536Dj+ar5ABQ== )
-A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- 9BhZcQdLwRPU/Dz38uMis/nCcddyhKEm0Zb+
- Mhh3V3OsGI202cebTaxbwVEbQQOeowpUmf8l
- AmK/cNX7+IS2rw== )
-AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- lVyEaxejO5qFlyyBp8gYyQnG+DkIm8vofj+B
- SuTxalc2l+TYen1RnSTeeXfMqc9YpGu4SCaG
- Fyznu1K88oUhMg== )
-FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- 577WZnTQemStx+ciON9rEGXAGnU7C0KLjrFL
- VyhocnBnNtxJS8eRMSWvb9XuYCMNhYKOurtt
- Ar4qh4VW1+unmA== )
-I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- +PKntiPlw2om9e0KJX/L2VxSCbxL95eIV2f+
- 5YBMq3npDguHaUiBwan8Vsm+aNsdr1NDDLY/
- HdJzEfVmSNGs7Q== )
-IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- smsg35snQ9PpeG2r8ZGxBl44pwSReh/1rIil
- u/n8aa5nKbBpkqtbcc7q1OpUgb1Q7+Tl/wes
- kB6bohsRdrwEJA== )
-S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- XalRIESpdeVK1aNbwu9ym2Spk981Y127rKua
- xsoals0Zn2tTjF9wpOYVGVOto3FcWBbyKD1g
- 69BTRlv634UIOw== )
-T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM
- 7200 RRSIG NSEC3 7 4 7200 20100227180048 (
- 20100221180048 30323 dyn.example.net.
- D3xq+CkK/a8YSbh9o8WwWnenjDQ3weVdtZ0x
- i6bOv3iRITOfCRjYgbeIYtjMFb1rZwgCPD40
- JQgGu5mx1TjnGA== )
+++ /dev/null
-; File written on Tue Mar 2 10:59:46 2010
-; dnssec_signzone version 9.7.0
-dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 19 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 7 3 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- eNZruaQkUB/jteZtRkZ957BX65zjXIGaKlkf
- Bq0XW8OgyHYCvJiB7waJYyiWKeQskp0Z90JF
- 34WMUztuTvWUTA== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 7 3 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- obQoowLwuBixnopoSvUsXvwveB7Pqmeblt2S
- 5SXo7ztPNcM1hTdWfIEwRDpQ2DhOfGYi0Ov0
- xEmMlPheVZkW6g== )
- 3600 DNSKEY 256 3 7 (
- AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8R
- is63E/oRRGQEH5U/ZS3Axz3aOhPFKzAAhjfa
- G3vTNW3Wl4bl4ITFZrk=
- ) ; key id = 30323
- 3600 DNSKEY 257 3 7 (
- AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmO
- oBYx8s1uLzmS/3APsh1eWCeoBgAjRry1tpM/
- bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjE
- nG4HCT58TuAVxjiefN+vb1pvyFlAL58YOkuG
- f9tG/NJMNc+XrULAU1ey2dT9Fh+SCVO3
- ) ; key id = 52935
- 3600 RRSIG DNSKEY 7 3 3600 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- 4xQy+G1g8IHVp3NTxHtUIaz/G+h6+ce4SRum
- bftLFS9rXV13wSa761J1YoDYx8lj98IDBuED
- 94980qJWjgNfdw== )
- 3600 RRSIG DNSKEY 7 3 3600 20100308085946 (
- 20100302085946 52935 dyn.example.net.
- VmL0mzUoBzSX+5gB/9MsHUFWBbHrVoyMUjnw
- mR7FyrZMfNgz4rf6J2bZ8a8zYGvSXEBrangQ
- kkPlxuvNxzn2s+Ji+crfUNa2ZFzRKA8BBczU
- 0WLETC5QKonjiAzofCcP15OPN4H18y9WMfE/
- wU0oPhcd8d31Ckf2jPaSdTS8NMk= )
- 0 NSEC3PARAM 1 0 10 76931F
- 0 RRSIG NSEC3PARAM 7 3 0 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- GSTGjHni3oZ1Nod57kXFkxcOiKXTzjfJ0PDy
- hjDfzYS1QKtKA6LzkaBzyl5HK+Yy3DOcep7G
- dj7VJG8bsa9S/A== )
-localhost.dyn.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- N5t+OxMeH2rozoIM1ZtXUpnpSep3Qd1J/KUE
- LjkisP6KvmwVhkbdcv44KbgS5aR16RJOlFdW
- +ilc8QpZ4bvqlQ== )
-ns1.dyn.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- 2DoRBkfIQEBmEeo2Z02SA329ebgp2lFQ2Ykl
- Qe5S+J6ZMjVdZyjW8XqBCiqEg6fNbQyUFn3X
- pSVvabUPjJpHWA== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- XD+JHAergnT3NDQqEUGv52GNdcF1U1SitccE
- y5iL4Dk0qVu+uEA4TVupnMhwOK+wl8759Yw/
- SF6h6CzzKx0Eiw== )
-ns2.dyn.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- S+CpXVolhedS2bFTNdoNAPd+T2Bi/5iKVcKJ
- 9S27k/tpifBNVjAQPktM9iya60upXxuOkHqt
- /uuF4iTlh9Yukw== )
-x.dyn.example.net. 7200 IN A 1.2.3.4
- 7200 RRSIG A 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- Fb+8g0K+/6ZkXctNOprGKyJC1Y5pFizibI3o
- k2E6aDN8hUJ5FK/1fkRl5IQ7HDpAUZviWaQp
- j9tfr9r9xW0bMw== )
-y.dyn.example.net. 7200 IN A 1.2.3.5
- 7200 RRSIG A 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- S1l/dM/Ez91B4Py7mI/GESjgqccGIwi9clyc
- Vj3S40uF4dGaAgxoCDS0pMvyS0k7ir0g1qbK
- /csopbL0wHSaVg== )
-z.dyn.example.net. 7200 IN A 1.2.3.6
- 7200 RRSIG A 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- SgorWJQS6SiDvv6KRmWQEcUaaCkMCHZDcSMx
- JiOT84ygkUBCzwTykQskoNtbUSIfAASU3lE7
- e31RZotcxlkirQ== )
-A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F AJHVGTICN6K0VDA53GCHFMT219SRRQLM A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- hp879kZpD/Qe+d4FoanRewI4CXMuTOMcao5G
- S7quT3mr+Mgi1nrSSz+/IBhlzCipziFjY42a
- TNt8FoYo9Z8irw== )
-AJHVGTICN6K0VDA53GCHFMT219SRRQLM.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7 A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- 1MC5bqNXkVG4gaFKJQJBG7v4ZKOht6EJEkUZ
- nAwTF2Nw5mWFFMBbOwVMtbJFA+ewHrebB6cK
- FitvPi3yLDW8aA== )
-FQ7RBG86KRMACA1NAAKP2KQRQALBA0C7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F I7A7A184GGMI35K1E3IR650LKO7NOB5R A AAAA RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- 7Y+yhH11EojLDu43C8dCuD6D0F4RZYUt9J0+
- KUfRVUMhftYsMl6G2qgkfsgJE+FG1Nj/nI+b
- pO7VSJGfV5Za4A== )
-I7A7A184GGMI35K1E3IR650LKO7NOB5R.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F IMQ912BREQP1POLAH3RMONG3UED541AS A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- K0ggT6yH7z1YshOb08se84cRWvWWeQFdMTDG
- XhA/2UEamfE1NHetPuYzJZQdrVPeX3tgjCjS
- Jmb3YuSE1XD3zQ== )
-IMQ912BREQP1POLAH3RMONG3UED541AS.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7 A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- mQoG3VBXfi7u2+zlmJttsGaStP3WvDPDQ99T
- l2ha4zmpZPd1JUKHMXYTLTlUuWAq7BcS9MUn
- hfhXcmSEr96K1Q== )
-S3USV4M1HLVJ8F88EDSG8N9PVQRQ20N7.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F T320G5LC07QE1BLR074KORIJTG9DPTI9 A RRSIG
- 7200 RRSIG NSEC3 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- 0/TWe9HMZiA+yW0oLHkYKeIXrrXU/1ec8XDy
- cbZM1IGPjHlMEjKKorZgx983FuiyKFLa97+3
- bB3abnKo7e2yRQ== )
-T320G5LC07QE1BLR074KORIJTG9DPTI9.dyn.example.net. 7200 IN NSEC3 1 0 10 76931F A54T6DKFVU4QCAFFNJ0KEU0FH0I4OJSN NS SOA RRSIG DNSKEY NSEC3PARAM
- 7200 RRSIG NSEC3 7 4 7200 20100308085946 (
- 20100302085946 30323 dyn.example.net.
- BXRjHUGEmoz1cMAXSCmfFVe6+qCYVyivjeAT
- 7hPcfB8iS2ck8Sq/CjOAKBu0BeSBim+9Oduu
- kKNL3thgyMPcug== )
+++ /dev/null
-;-----------------------------------------------------------------
-;
-; @(#) dyn.example.net/zone.org
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-@ IN SOA ns1.example.net. hostmaster.example.net. (
- 1 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
- IN NS ns1.example.net.
- IN NS ns2.example.net.
-
-ns1 IN A 1.0.0.5
- IN AAAA 2001:db8::53
-ns2 IN A 1.2.0.6
-
-localhost IN A 127.0.0.1
-
-x IN A 1.2.3.4
-y IN A 1.2.3.5
-z IN A 1.2.3.6
-
-$INCLUDE dnskey.db
-
+++ /dev/null
-;
-; !!! Don't edit this file by hand.
-; !!! It will be generated by zkt-signer.
-;
-; Last generation time Nov 17 2014 19:14:01
-;
-
-; *** List of Key Signing Keys ***
-; example.net. tag=44671 algo=RSASHA256 generated Nov 14 2014 18:09:16
-example.net. 3600 IN DNSKEY 257 3 8 (
- AwEAAQ5RiqQEKys2xlo5nK3n9tnWeGg/tHSTbaFw6AN1QPLlaEVLNXDa
- YKcpefu6ewNamaInrjBrkkbqRnwKTuLCwJ9aA/hyFzocCOPh+he9dEQH
- bRTKDdTkjD3PqkOK97a+s1grWIdkRcceT3MXEsAwyjlasXPRKt/4v1sq
- S7592eyo6wTcbeaoPYo6KMQLfcA9AHso9LBaRpqv7GlSjl5IV51mcU8=
- ) ; key id = 44671
-
-; *** List of Zone Signing Keys ***
-; example.net. tag=7929 algo=RSASHA256 generated Nov 14 2014 18:09:16
-example.net. 3600 IN DNSKEY 256 3 8 (
- AwEAAaFO1yW7cx3/4SBRganmyOEs2eIeAE25CgXYrtLALzFdgi+gRfl+
- QEOzMZBk/LmgKFcgp4GfgtuzKA08VGNmLUEGI+UBSP+DUezQfK/lxPCX
- uRMh0BJgAjnlo+jGaI2fpfKXBp+5uLiY3pbkdm6LiaJb/s4v0DJjglGW
- iiPMIxyR
- ) ; key id = 7929
-
-; example.net. tag=2253 algo=RSASHA256 generated Nov 14 2014 18:09:16
-example.net. 3600 IN DNSKEY 256 3 8 (
- AwEAAZF8FdZfjdp4pyHk53/qvnzROy2lhF0cJ0XbRaIgeIYHYMIUmMLr
- sazBQ7/3ZdFoQjgEWz2BbKyfroJmE+VrCc1dBJ50PJUm3vcBbUwMgy4y
- Xq3PtmwKzlr3YGMUgE31cByog0QRnW6myNdEfDLf74yxRiPgIwk1rEmI
- YFUI4x69
- ) ; key id = 2253
-
+++ /dev/null
-Key_Algo: RSASHA256 # (Algorithm ID 8)
-NSEC3: OPTOUT
-ZSKpermanent: true
-DependFiles: "zone.localhost, zone.hosts"
-MaximumTTL: 2h # (7200 seconds)
+++ /dev/null
-2010-02-06 00:26:54.533: debug: Check RFC5011 status
-2010-02-06 00:26:54.533: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-06 00:26:54.533: debug: Check KSK status
-2010-02-06 00:26:54.533: debug: Check ZSK status
-2010-02-06 00:26:54.533: debug: Re-signing not necessary!
-2010-02-06 00:26:54.533: debug: Check if there is a parent file to copy
-2010-02-06 00:29:31.291: debug: Check RFC5011 status
-2010-02-06 00:29:31.291: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-06 00:29:31.291: debug: Check KSK status
-2010-02-06 00:29:31.292: debug: Check ZSK status
-2010-02-06 00:29:31.292: debug: Re-signing not necessary!
-2010-02-06 00:29:31.292: debug: Check if there is a parent file to copy
-2010-02-06 00:40:35.043: debug: Check RFC5011 status
-2010-02-06 00:40:35.043: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-06 00:40:35.043: debug: Check KSK status
-2010-02-06 00:40:35.043: debug: Check ZSK status
-2010-02-06 00:40:35.043: debug: Re-signing not necessary!
-2010-02-06 00:40:35.043: debug: Check if there is a parent file to copy
-2010-02-06 00:52:55.403: debug: Check RFC5011 status
-2010-02-06 00:52:55.403: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-06 00:52:55.403: debug: Check KSK status
-2010-02-06 00:52:55.403: debug: Check ZSK status
-2010-02-06 00:52:55.403: debug: Re-signing not necessary!
-2010-02-06 00:52:55.403: debug: Check if there is a parent file to copy
-2010-02-07 13:53:48.304: debug: Check RFC5011 status
-2010-02-07 13:53:48.304: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-07 13:53:48.304: debug: Check KSK status
-2010-02-07 13:53:48.304: debug: Check ZSK status
-2010-02-07 13:53:48.304: debug: Re-signing not necessary!
-2010-02-07 13:53:48.304: debug: Check if there is a parent file to copy
-2010-02-07 13:54:03.466: debug: Check RFC5011 status
-2010-02-07 13:54:03.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-07 13:54:03.466: debug: Check KSK status
-2010-02-07 13:54:03.466: debug: Check ZSK status
-2010-02-07 13:54:03.466: debug: Re-signing not necessary!
-2010-02-07 13:54:03.466: debug: Check if there is a parent file to copy
-2010-02-07 13:54:08.019: debug: Check RFC5011 status
-2010-02-07 13:54:08.019: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-07 13:54:08.020: debug: Check KSK status
-2010-02-07 13:54:08.020: debug: Check ZSK status
-2010-02-07 13:54:08.020: debug: Re-signing necessary: Option -f
-2010-02-07 13:54:08.020: notice: "example.net.": re-signing triggered: Option -f
-2010-02-07 13:54:08.020: debug: Writing key file "./example.net/dnskey.db"
-2010-02-07 13:54:08.020: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-02-07 13:54:08.020: debug: Signing zone "example.net."
-2010-02-07 13:54:08.021: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-02-07 13:54:08.125: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-02-07 13:54:08.125: debug: Signing completed after 0s.
-2010-02-07 13:54:08.125: notice: "example.net.": distribution triggered
-2010-02-07 13:54:08.125: debug: Distribute zone "example.net."
-2010-02-07 13:54:08.125: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed "
-2010-02-07 13:54:08.129: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./"
-2010-02-07 13:54:08.129: notice: "example.net.": reload triggered
-2010-02-07 13:54:08.129: debug: Reload zone "example.net."
-2010-02-07 13:54:08.129: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed "
-2010-02-07 13:54:08.139: debug: ./dist.sh reload return: "rndc reload example.net. "
-2010-02-07 14:06:27.670: debug: Check RFC5011 status
-2010-02-07 14:06:27.670: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-07 14:06:27.670: debug: Check KSK status
-2010-02-07 14:06:27.670: debug: Check ZSK status
-2010-02-07 14:06:27.670: debug: Re-signing not necessary!
-2010-02-07 14:06:27.671: debug: Check if there is a parent file to copy
-2010-02-07 14:06:33.753: debug: Check RFC5011 status
-2010-02-07 14:06:33.753: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-07 14:06:33.753: debug: Check KSK status
-2010-02-07 14:06:33.753: debug: Check ZSK status
-2010-02-07 14:06:33.753: debug: Re-signing necessary: Option -f
-2010-02-07 14:06:33.753: notice: "example.net.": re-signing triggered: Option -f
-2010-02-07 14:06:33.753: debug: Writing key file "./example.net/dnskey.db"
-2010-02-07 14:06:33.754: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-02-07 14:06:33.754: debug: Signing zone "example.net."
-2010-02-07 14:06:33.754: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-02-07 14:06:33.790: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-02-07 14:06:33.790: debug: Signing completed after 0s.
-2010-02-07 14:06:33.790: notice: "example.net.": distribution triggered
-2010-02-07 14:06:33.790: debug: Distribute zone "example.net."
-2010-02-07 14:06:33.790: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed "
-2010-02-07 14:06:33.794: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./"
-2010-02-07 14:06:33.794: notice: "example.net.": reload triggered
-2010-02-07 14:06:33.794: debug: Reload zone "example.net."
-2010-02-07 14:06:33.794: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed "
-2010-02-07 14:06:33.797: debug: ./dist.sh reload return: "rndc reload example.net. "
-2010-02-21 12:50:43.587: debug: Check RFC5011 status
-2010-02-21 12:50:43.587: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 12:50:43.587: debug: Check KSK status
-2010-02-21 12:50:43.587: debug: Check ZSK status
-2010-02-21 12:50:43.587: debug: Lifetime(1209600 +/-150 sec) of active key 33002 exceeded (2394625 sec)
-2010-02-21 12:50:43.587: debug: ->depreciate it
-2010-02-21 12:50:43.587: debug: ->activate published key 29240
-2010-02-21 12:50:43.587: notice: "example.net.": lifetime of zone signing key 33002 exceeded: ZSK rollover done
-2010-02-21 12:50:43.587: debug: New key for publishing needed
-2010-02-21 12:50:43.658: debug: ->creating new key 5525
-2010-02-21 12:50:43.658: info: "example.net.": new key 5525 generated for publishing
-2010-02-21 12:50:43.658: debug: Re-signing necessary: Modfied zone key set
-2010-02-21 12:50:43.658: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-02-21 12:50:43.658: debug: Writing key file "./example.net/dnskey.db"
-2010-02-21 12:50:43.665: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-02-21 12:50:43.665: debug: Signing zone "example.net."
-2010-02-21 12:50:43.665: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-02-21 12:50:43.733: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-02-21 12:50:43.733: debug: Signing completed after 0s.
-2010-02-21 12:50:51.205: debug: Check RFC5011 status
-2010-02-21 12:50:51.205: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 12:50:51.205: debug: Check KSK status
-2010-02-21 12:50:51.205: debug: Check ZSK status
-2010-02-21 12:50:51.205: debug: Re-signing not necessary!
-2010-02-21 12:50:51.205: debug: Check if there is a parent file to copy
-2010-02-21 12:51:23.497: debug: Check RFC5011 status
-2010-02-21 12:51:23.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 12:51:23.497: debug: Check KSK status
-2010-02-21 12:51:23.497: debug: Check ZSK status
-2010-02-21 12:51:23.497: debug: Re-signing not necessary!
-2010-02-21 12:51:23.497: debug: Check if there is a parent file to copy
-2010-02-21 19:16:18.594: debug: Check RFC5011 status
-2010-02-21 19:16:18.594: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:16:18.594: debug: Check KSK status
-2010-02-21 19:16:18.594: debug: Check ZSK status
-2010-02-21 19:16:18.594: debug: Re-signing not necessary!
-2010-02-21 19:16:18.594: debug: Check if there is a parent file to copy
-2010-02-21 19:32:11.378: debug: Check RFC5011 status
-2010-02-21 19:32:11.378: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:32:11.378: debug: Check KSK status
-2010-02-21 19:32:11.378: debug: Check ZSK status
-2010-02-21 19:32:11.378: debug: Re-signing not necessary!
-2010-02-21 19:32:11.378: debug: Check if there is a parent file to copy
-2010-02-21 19:32:15.982: debug: Check RFC5011 status
-2010-02-21 19:32:15.982: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:32:15.982: debug: Check KSK status
-2010-02-21 19:32:15.982: debug: Check ZSK status
-2010-02-21 19:32:15.982: debug: Re-signing necessary: Option -f
-2010-02-21 19:32:15.982: notice: "example.net.": re-signing triggered: Option -f
-2010-02-21 19:32:15.982: debug: Writing key file "./example.net/dnskey.db"
-2010-02-21 19:32:15.982: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-02-21 19:32:15.982: debug: Signing zone "example.net."
-2010-02-21 19:32:15.982: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-02-21 19:32:16.019: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-02-21 19:32:16.019: debug: Signing completed after 1s.
-2010-02-21 19:32:32.232: debug: Check RFC5011 status
-2010-02-21 19:32:32.232: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-21 19:32:32.233: debug: Check KSK status
-2010-02-21 19:32:32.233: debug: Check ZSK status
-2010-02-21 19:32:32.233: debug: Re-signing necessary: Option -f
-2010-02-21 19:32:32.233: notice: "example.net.": re-signing triggered: Option -f
-2010-02-21 19:32:32.233: debug: Writing key file "./example.net/dnskey.db"
-2010-02-21 19:32:32.233: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-02-21 19:32:32.233: debug: Signing zone "example.net."
-2010-02-21 19:32:32.233: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-02-21 19:32:32.273: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-02-21 19:32:32.273: debug: Signing completed after 0s.
-2010-02-25 00:12:27.060: debug: Check RFC5011 status
-2010-02-25 00:12:27.060: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-25 00:12:27.060: debug: Check KSK status
-2010-02-25 00:12:27.060: debug: Check ZSK status
-2010-02-25 00:12:27.060: debug: Lifetime(29100 sec) of depreciated key 33002 exceeded (300104 sec)
-2010-02-25 00:12:27.060: info: "example.net.": old ZSK 33002 removed
-2010-02-25 00:12:27.081: debug: ->remove it
-2010-02-25 00:12:27.082: debug: Re-signing necessary: Modfied zone key set
-2010-02-25 00:12:27.082: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-02-25 00:12:27.082: debug: Writing key file "./example.net/dnskey.db"
-2010-02-25 00:12:27.086: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-02-25 00:12:27.086: debug: Signing zone "example.net."
-2010-02-25 00:12:27.086: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-02-25 00:12:27.173: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-02-25 00:12:27.174: debug: Signing completed after 0s.
-2010-02-25 23:42:21.013: debug: Check RFC5011 status
-2010-02-25 23:42:21.013: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-02-25 23:42:21.013: debug: Check KSK status
-2010-02-25 23:42:21.013: debug: Check ZSK status
-2010-02-25 23:42:21.013: debug: Re-signing not necessary!
-2010-02-25 23:42:21.013: debug: Check if there is a parent file to copy
-2010-03-02 10:59:12.416: debug: Check RFC5011 status
-2010-03-02 10:59:12.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-02 10:59:12.416: debug: Check KSK status
-2010-03-02 10:59:12.416: debug: Check ZSK status
-2010-03-02 10:59:12.416: debug: Re-signing necessary: re-signing interval (2d) reached
-2010-03-02 10:59:12.416: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2010-03-02 10:59:12.416: debug: Writing key file "./example.net/dnskey.db"
-2010-03-02 10:59:12.449: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-03-02 10:59:12.449: debug: Signing zone "example.net."
-2010-03-02 10:59:12.450: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-03-02 10:59:12.530: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-03-02 10:59:12.530: debug: Signing completed after 0s.
-2010-03-03 23:22:00.415: debug: Check RFC5011 status
-2010-03-03 23:22:00.415: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-03 23:22:00.415: debug: Check KSK status
-2010-03-03 23:22:00.415: debug: Check ZSK status
-2010-03-03 23:22:00.416: debug: Re-signing not necessary!
-2010-03-03 23:22:00.416: debug: Check if there is a parent file to copy
-2010-03-08 23:11:50.170: debug: Check RFC5011 status
-2010-03-08 23:11:50.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-08 23:11:50.170: debug: Check KSK status
-2010-03-08 23:11:50.170: debug: Check ZSK status
-2010-03-08 23:11:50.171: debug: Lifetime(1209600 +/-150 sec) of active key 29240 exceeded (1333267 sec)
-2010-03-08 23:11:50.171: debug: ->depreciate it
-2010-03-08 23:11:50.171: debug: ->activate published key 5525
-2010-03-08 23:11:50.171: notice: "example.net.": lifetime of zone signing key 29240 exceeded: ZSK rollover done
-2010-03-08 23:11:50.171: debug: New key for publishing needed
-2010-03-08 23:11:50.228: debug: ->creating new key 21482
-2010-03-08 23:11:50.228: info: "example.net.": new key 21482 generated for publishing
-2010-03-08 23:11:50.228: debug: Re-signing necessary: Modfied zone key set
-2010-03-08 23:11:50.228: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-03-08 23:11:50.228: debug: Writing key file "././example.net/dnskey.db"
-2010-03-08 23:11:50.235: debug: Incrementing serial number in file "././example.net/zone.db"
-2010-03-08 23:11:50.235: debug: Signing zone "example.net."
-2010-03-08 23:11:50.235: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-03-08 23:11:50.294: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-03-08 23:11:50.294: debug: Signing completed after 0s.
-2010-03-08 23:12:56.212: debug: Check RFC5011 status
-2010-03-08 23:12:56.212: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-08 23:12:56.212: debug: Check KSK status
-2010-03-08 23:12:56.212: debug: Check ZSK status
-2010-03-08 23:12:56.212: debug: Re-signing necessary: Modfied zone key set
-2010-03-08 23:12:56.212: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-03-08 23:12:56.212: debug: Writing key file "././example.net/dnskey.db"
-2010-03-08 23:12:56.213: debug: Incrementing serial number in file "././example.net/zone.db"
-2010-03-08 23:12:56.213: debug: Signing zone "example.net."
-2010-03-08 23:12:56.213: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-03-08 23:12:56.278: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-03-08 23:12:56.279: debug: Signing completed after 0s.
-2010-03-08 23:13:36.984: debug: Check RFC5011 status
-2010-03-08 23:13:36.984: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-08 23:13:36.984: debug: Check KSK status
-2010-03-08 23:13:36.984: debug: Check ZSK status
-2010-03-08 23:13:36.985: debug: Re-signing not necessary!
-2010-03-08 23:13:36.985: debug: Check if there is a parent file to copy
-2010-03-08 23:18:52.287: debug: Check RFC5011 status
-2010-03-08 23:18:52.287: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-08 23:18:52.287: debug: Check KSK status
-2010-03-08 23:18:52.287: debug: Check ZSK status
-2010-03-08 23:18:52.287: debug: Re-signing not necessary!
-2010-03-08 23:18:52.287: debug: Check if there is a parent file to copy
-2010-03-11 23:46:35.831: debug: Check RFC5011 status
-2010-03-11 23:46:35.831: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-11 23:46:35.831: debug: Check KSK status
-2010-03-11 23:46:35.831: debug: Check ZSK status
-2010-03-11 23:46:35.831: debug: Lifetime(29100 sec) of depreciated key 29240 exceeded (261285 sec)
-2010-03-11 23:46:35.831: info: "example.net.": old ZSK 29240 removed
-2010-03-11 23:46:35.832: debug: ->remove it
-2010-03-11 23:46:35.832: debug: Re-signing necessary: Modfied zone key set
-2010-03-11 23:46:35.832: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-03-11 23:46:35.832: debug: Writing key file "./example.net/dnskey.db"
-2010-03-11 23:46:35.841: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-03-11 23:46:35.841: debug: Signing zone "example.net."
-2010-03-11 23:46:35.841: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-03-11 23:46:35.929: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-03-11 23:46:35.929: debug: Signing completed after 0s.
-2010-03-11 23:52:33.132: debug: Check RFC5011 status
-2010-03-11 23:52:33.132: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-11 23:52:33.133: debug: Check KSK status
-2010-03-11 23:52:33.133: debug: No active KSK found: generate new one
-2010-03-11 23:52:33.374: info: "example.net.": generated new KSK 8406
-2010-03-11 23:52:33.374: debug: Check ZSK status
-2010-03-11 23:52:33.374: debug: No active ZSK found: generate new one
-2010-03-11 23:52:33.400: info: "example.net.": generated new ZSK 36257
-2010-03-11 23:52:33.400: debug: Re-signing necessary: Modfied zone key set
-2010-03-11 23:52:33.400: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-03-11 23:52:33.400: debug: Writing key file "./example.net/dnskey.db"
-2010-03-11 23:52:33.400: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-03-11 23:52:33.400: debug: Signing zone "example.net."
-2010-03-11 23:52:33.400: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 69AE05 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-03-11 23:52:33.408: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
-2010-03-11 23:52:33.408: error: "example.net.": signing failed!
-2010-03-11 23:53:27.856: debug: Check RFC5011 status
-2010-03-11 23:53:27.856: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-03-11 23:53:27.856: debug: Check KSK status
-2010-03-11 23:53:27.856: debug: Check ZSK status
-2010-03-11 23:53:27.856: debug: Re-signing necessary: Modified keys
-2010-03-11 23:53:27.856: notice: "example.net.": re-signing triggered: Modified keys
-2010-03-11 23:53:27.856: debug: Writing key file "./example.net/dnskey.db"
-2010-03-11 23:53:27.856: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-03-11 23:53:27.856: debug: Signing zone "example.net."
-2010-03-11 23:53:27.856: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 67AA7F -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-03-11 23:53:27.920: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-03-11 23:53:27.920: debug: Signing completed after 0s.
-2010-07-05 08:15:24.179: debug: Check RFC5011 status
-2010-07-05 08:15:24.179: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-07-05 08:15:24.179: debug: Check KSK status
-2010-07-05 08:15:24.179: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m44s
-2010-07-05 08:15:24.179: debug: Check ZSK status
-2010-07-05 08:15:24.179: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081384 sec)
-2010-07-05 08:15:24.179: debug: ->waiting for published key
-2010-07-05 08:15:24.179: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m44s: ZSK rollover deferred: waiting for published key
-2010-07-05 08:15:24.179: debug: New key for publishing needed
-2010-07-05 08:15:24.278: debug: ->creating new key 48476
-2010-07-05 08:15:24.278: info: "example.net.": new key 48476 generated for publishing
-2010-07-05 08:15:24.278: debug: Re-signing necessary: Modfied zone key set
-2010-07-05 08:15:24.278: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-07-05 08:15:24.278: debug: Writing key file "./example.net/dnskey.db"
-2010-07-05 08:15:24.278: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-07-05 08:15:24.278: debug: Signing zone "example.net."
-2010-07-05 08:15:24.278: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5816F0 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-07-05 08:15:24.315: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-07-05 08:15:24.315: debug: Signing completed after 0s.
-2010-07-05 08:15:28.174: debug: Check RFC5011 status
-2010-07-05 08:15:28.174: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-07-05 08:15:28.174: debug: Check KSK status
-2010-07-05 08:15:28.174: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m48s
-2010-07-05 08:15:28.174: debug: Check ZSK status
-2010-07-05 08:15:28.174: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081388 sec)
-2010-07-05 08:15:28.174: debug: ->waiting for published key
-2010-07-05 08:15:28.174: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m48s: ZSK rollover deferred: waiting for published key
-2010-07-05 08:15:28.174: debug: Re-signing not necessary!
-2010-07-05 08:15:28.174: debug: Check if there is a parent file to copy
-2010-07-05 08:15:58.502: debug: Check RFC5011 status
-2010-07-05 08:15:58.502: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-07-05 08:15:58.503: debug: Check KSK status
-2010-07-05 08:15:58.503: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m18s
-2010-07-05 08:15:58.503: debug: Check ZSK status
-2010-07-05 08:15:58.503: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081418 sec)
-2010-07-05 08:15:58.503: debug: ->waiting for published key
-2010-07-05 08:15:58.503: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m18s: ZSK rollover deferred: waiting for published key
-2010-07-05 08:15:58.503: debug: Re-signing not necessary!
-2010-07-05 08:15:58.503: debug: Check if there is a parent file to copy
-2010-07-05 08:16:04.937: debug: Check RFC5011 status
-2010-07-05 08:16:04.937: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-07-05 08:16:04.937: debug: Check KSK status
-2010-07-05 08:16:04.937: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m24s
-2010-07-05 08:16:04.937: debug: Check ZSK status
-2010-07-05 08:16:04.937: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081424 sec)
-2010-07-05 08:16:04.937: debug: ->waiting for published key
-2010-07-05 08:16:04.937: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m24s: ZSK rollover deferred: waiting for published key
-2010-07-05 08:16:04.937: debug: Re-signing necessary: Option -f
-2010-07-05 08:16:04.937: notice: "example.net.": re-signing triggered: Option -f
-2010-07-05 08:16:04.937: debug: Writing key file "./example.net/dnskey.db"
-2010-07-05 08:16:04.937: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-07-05 08:16:04.937: debug: Signing zone "example.net."
-2010-07-05 08:16:04.937: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 C58544 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-07-05 08:16:04.993: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-07-05 08:16:04.993: debug: Signing completed after 0s.
-2010-07-05 08:16:33.604: debug: Check RFC5011 status
-2010-07-05 08:16:33.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-07-05 08:16:33.604: debug: Check KSK status
-2010-07-05 08:16:33.604: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m53s
-2010-07-05 08:16:33.604: debug: Check ZSK status
-2010-07-05 08:16:33.604: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081453 sec)
-2010-07-05 08:16:33.604: debug: ->waiting for published key
-2010-07-05 08:16:33.604: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m53s: ZSK rollover deferred: waiting for published key
-2010-07-05 08:16:33.604: debug: Re-signing necessary: Option -f
-2010-07-05 08:16:33.604: notice: "example.net.": re-signing triggered: Option -f
-2010-07-05 08:16:33.604: debug: Writing key file "./example.net/dnskey.db"
-2010-07-05 08:16:33.605: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-07-05 08:16:33.605: debug: Signing zone "example.net."
-2010-07-05 08:16:33.605: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 FCB8E2 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-07-05 08:16:33.648: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-07-05 08:16:33.648: debug: Signing completed after 0s.
-2010-07-30 01:30:55.411: debug: Check RFC5011 status
-2010-07-30 01:30:55.411: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-07-30 01:30:55.411: debug: Check KSK status
-2010-07-30 01:30:55.411: debug: Check ZSK status
-2010-07-30 01:30:55.411: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (2130473 sec)
-2010-07-30 01:30:55.411: debug: ->depreciate it
-2010-07-30 01:30:55.411: debug: ->activate published key 48476
-2010-07-30 01:30:55.411: notice: "example.net.": lifetime of zone signing key 36257 exceeded: ZSK rollover done
-2010-07-30 01:30:55.411: debug: New key for publishing needed
-2010-07-30 01:30:55.493: debug: ->creating new key 1775
-2010-07-30 01:30:55.493: info: "example.net.": new key 1775 generated for publishing
-2010-07-30 01:30:55.493: debug: Re-signing necessary: Modfied zone key set
-2010-07-30 01:30:55.493: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-07-30 01:30:55.493: debug: Writing key file "./example.net/dnskey.db"
-2010-07-30 01:30:55.493: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-07-30 01:30:55.493: debug: Signing zone "example.net."
-2010-07-30 01:30:55.494: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 3723BA -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-07-30 01:30:55.563: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-07-30 01:30:55.563: debug: Signing completed after 0s.
-2010-08-26 22:52:09.539: debug: Check RFC5011 status
-2010-08-26 22:52:09.539: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 22:52:09.539: debug: Check KSK status
-2010-08-26 22:52:09.539: debug: Check ZSK status
-2010-08-26 22:52:09.539: debug: Lifetime(29100 sec) of depreciated key 36257 exceeded (2409674 sec)
-2010-08-26 22:52:09.539: info: "example.net.": old ZSK 36257 removed
-2010-08-26 22:52:09.572: debug: ->remove it
-2010-08-26 22:52:09.572: debug: Lifetime(1209600 +/-150 sec) of active key 48476 exceeded (2409674 sec)
-2010-08-26 22:52:09.572: debug: ->depreciate it
-2010-08-26 22:52:09.572: debug: ->activate published key 1775
-2010-08-26 22:52:09.572: notice: "example.net.": lifetime of zone signing key 48476 exceeded: ZSK rollover done
-2010-08-26 22:52:09.572: debug: New key for publishing needed
-2010-08-26 22:52:09.640: debug: ->creating new key 26477
-2010-08-26 22:52:09.640: info: "example.net.": new key 26477 generated for publishing
-2010-08-26 22:52:09.640: debug: Re-signing necessary: Modfied zone key set
-2010-08-26 22:52:09.640: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-08-26 22:52:09.640: debug: Writing key file "./example.net/dnskey.db"
-2010-08-26 22:52:09.641: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-08-26 22:52:09.641: debug: Signing zone "example.net."
-2010-08-26 22:52:09.641: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 2F41F9 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-08-26 22:52:09.704: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-08-26 22:52:09.704: debug: Signing completed after 0s.
-2010-08-26 22:56:02.938: debug: Check RFC5011 status
-2010-08-26 22:56:02.938: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 22:56:02.938: debug: Check KSK status
-2010-08-26 22:56:02.938: debug: Check ZSK status
-2010-08-26 22:56:02.938: debug: Re-signing not necessary!
-2010-08-26 22:56:02.938: debug: Check if there is a parent file to copy
-2010-08-26 23:06:00.593: debug: Check RFC5011 status
-2010-08-26 23:06:00.593: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:06:00.593: debug: Check KSK status
-2010-08-26 23:06:00.593: debug: Check ZSK status
-2010-08-26 23:06:00.593: debug: New key for publishing needed
-2010-08-26 23:06:00.631: debug: ->creating new key 18026
-2010-08-26 23:06:00.631: info: "example.net.": new key 18026 generated for publishing
-2010-08-26 23:06:00.631: debug: Re-signing necessary: Modfied zone key set
-2010-08-26 23:06:00.631: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-08-26 23:06:00.631: debug: Writing key file "./example.net/dnskey.db"
-2010-08-26 23:06:00.631: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-08-26 23:06:00.631: debug: Signing zone "example.net."
-2010-08-26 23:06:00.631: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5EA89E -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-08-26 23:06:00.672: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-08-26 23:06:00.672: debug: Signing completed after 0s.
-2010-08-26 23:11:33.808: debug: Check RFC5011 status
-2010-08-26 23:11:33.808: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:11:33.809: debug: Check KSK status
-2010-08-26 23:11:33.809: debug: Check ZSK status
-2010-08-26 23:11:33.809: debug: Re-signing not necessary!
-2010-08-26 23:11:33.809: debug: Check if there is a parent file to copy
-2010-08-26 23:12:51.012: debug: Check RFC5011 status
-2010-08-26 23:12:51.012: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:12:51.012: debug: Check KSK status
-2010-08-26 23:12:51.012: debug: Check ZSK status
-2010-08-26 23:12:51.012: debug: Re-signing not necessary!
-2010-08-26 23:12:51.012: debug: Check if there is a parent file to copy
-2010-08-26 23:23:47.886: debug: Check RFC5011 status
-2010-08-26 23:23:47.886: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:23:47.886: debug: Check KSK status
-2010-08-26 23:23:47.886: debug: Check ZSK status
-2010-08-26 23:23:47.886: debug: Re-signing not necessary!
-2010-08-26 23:23:47.886: debug: Check if there is a parent file to copy
-2010-08-26 23:50:15.724: debug: Check RFC5011 status
-2010-08-26 23:50:15.724: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:50:15.724: debug: Check KSK status
-2010-08-26 23:50:15.724: debug: Check ZSK status
-2010-08-26 23:50:15.725: debug: Re-signing not necessary!
-2010-08-26 23:50:15.725: debug: Check if there is a parent file to copy
-2010-08-26 23:50:55.124: debug: Check RFC5011 status
-2010-08-26 23:50:55.124: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:50:55.124: debug: Check KSK status
-2010-08-26 23:50:55.124: debug: Check ZSK status
-2010-08-26 23:50:55.124: debug: Re-signing not necessary!
-2010-08-26 23:50:55.124: debug: Check if there is a parent file to copy
-2010-08-26 23:51:46.719: debug: Check RFC5011 status
-2010-08-26 23:51:46.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:51:46.719: debug: Check KSK status
-2010-08-26 23:51:46.719: debug: Check ZSK status
-2010-08-26 23:51:46.719: debug: Re-signing not necessary!
-2010-08-26 23:51:46.719: debug: Check if there is a parent file to copy
-2010-08-26 23:54:22.824: debug: Check RFC5011 status
-2010-08-26 23:54:22.824: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:54:22.824: debug: Check KSK status
-2010-08-26 23:54:22.824: debug: Check ZSK status
-2010-08-26 23:54:22.824: debug: Re-signing not necessary!
-2010-08-26 23:54:22.825: debug: Check if there is a parent file to copy
-2010-08-26 23:55:00.018: debug: Check RFC5011 status
-2010-08-26 23:55:00.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:55:00.018: debug: Check KSK status
-2010-08-26 23:55:00.018: debug: Check ZSK status
-2010-08-26 23:55:00.018: debug: New key for pre-publishing needed
-2010-08-26 23:55:00.110: debug: ->creating new key 18293
-2010-08-26 23:55:00.110: info: "example.net.": new key 18293 generated for pre-publishing
-2010-08-26 23:55:00.110: debug: Re-signing necessary: Modfied zone key set
-2010-08-26 23:55:00.110: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-08-26 23:55:00.110: debug: Writing key file "./example.net/dnskey.db"
-2010-08-26 23:55:00.110: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-08-26 23:55:00.110: debug: Signing zone "example.net."
-2010-08-26 23:55:00.111: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 EBE919 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-08-26 23:55:00.168: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-08-26 23:55:00.169: debug: Signing completed after 0s.
-2010-08-26 23:56:17.466: debug: Check RFC5011 status
-2010-08-26 23:56:17.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:56:17.466: debug: Check KSK status
-2010-08-26 23:56:17.466: debug: Check ZSK status
-2010-08-26 23:56:17.466: debug: Re-signing necessary: Modfied zone key set
-2010-08-26 23:56:17.466: notice: "example.net.": re-signing triggered: Modfied zone key set
-2010-08-26 23:56:17.466: debug: Writing key file "./example.net/dnskey.db"
-2010-08-26 23:56:17.467: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-08-26 23:56:17.467: debug: Signing zone "example.net."
-2010-08-26 23:56:17.467: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 A876E5 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-08-26 23:56:17.531: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-08-26 23:56:17.531: debug: Signing completed after 0s.
-2010-08-26 23:57:00.178: debug: Check RFC5011 status
-2010-08-26 23:57:00.178: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-08-26 23:57:00.178: debug: Check KSK status
-2010-08-26 23:57:00.178: debug: Check ZSK status
-2010-08-26 23:57:00.178: debug: Re-signing not necessary!
-2010-08-26 23:57:00.178: debug: Check if there is a parent file to copy
-2010-10-21 14:01:35.546: debug: Check RFC5011 status
-2010-10-21 14:01:35.546: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:01:35.546: debug: Check KSK status
-2010-10-21 14:01:35.546: debug: Check ZSK status
-2010-10-21 14:01:35.546: debug: Re-signing necessary: re-signing interval (2d) reached
-2010-10-21 14:01:35.546: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2010-10-21 14:01:35.546: debug: Writing key file "./example.net/dnskey.db"
-2010-10-21 14:01:35.607: debug: Incrementing serial number in file "./example.net/zone.db"
-2010-10-21 14:01:35.607: debug: Signing zone "example.net."
-2010-10-21 14:01:35.607: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 9FC981 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2010-10-21 14:01:35.761: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-10-21 14:01:35.761: debug: Signing completed after 0s.
-2010-10-21 14:02:09.209: debug: Check RFC5011 status
-2010-10-21 14:02:09.209: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:02:09.209: debug: Check KSK status
-2010-10-21 14:02:09.209: debug: Check ZSK status
-2010-10-21 14:02:09.209: debug: Re-signing not necessary!
-2010-10-21 14:02:09.209: debug: Check if there is a parent file to copy
-2010-10-21 14:05:36.170: debug: Check RFC5011 status
-2010-10-21 14:05:36.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:05:36.170: debug: Check KSK status
-2010-10-21 14:05:36.170: debug: Check ZSK status
-2010-10-21 14:05:36.170: debug: Re-signing not necessary!
-2010-10-21 14:05:36.170: debug: Check if there is a parent file to copy
-2010-10-21 14:30:43.892: debug: Check RFC5011 status
-2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:30:43.892: debug: Check KSK status
-2010-10-21 14:30:43.892: debug: Check ZSK status
-2010-10-21 14:30:43.892: debug: Re-signing not necessary!
-2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy
-2014-11-14 18:04:37.729: debug: Check RFC5011 status
-2014-11-14 18:04:37.729: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:04:37.729: debug: Check KSK status
-2014-11-14 18:04:37.729: debug: Check ZSK status
-2014-11-14 18:04:37.729: debug: Re-signing necessary: Modified keys
-2014-11-14 18:04:37.729: notice: "example.net.": re-signing triggered: Modified keys
-2014-11-14 18:04:37.729: debug: Writing key file "./example.net/dnskey.db"
-2014-11-14 18:04:37.730: debug: Incrementing serial number in file "./example.net/zone.db"
-2014-11-14 18:04:37.730: debug: Signing zone "example.net."
-2014-11-14 18:04:37.730: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 97195D -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-14 18:04:37.827: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-14 18:04:37.827: debug: Signing completed after 0s.
-2014-11-14 18:09:16.427: debug: Check RFC5011 status
-2014-11-14 18:09:16.427: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:09:16.427: debug: Check KSK status
-2014-11-14 18:09:16.428: debug: No active KSK found: generate new one
-2014-11-14 18:09:16.495: info: "example.net.": generated new KSK 44671
-2014-11-14 18:09:16.495: debug: Check ZSK status
-2014-11-14 18:09:16.495: debug: No active ZSK found: generate new one
-2014-11-14 18:09:16.515: info: "example.net.": generated new ZSK 7929
-2014-11-14 18:09:16.515: debug: New key for pre-publishing needed
-2014-11-14 18:09:16.546: debug: ->creating new key 2253
-2014-11-14 18:09:16.546: info: "example.net.": new key 2253 generated for pre-publishing
-2014-11-14 18:09:16.546: debug: Re-signing necessary: Modified zone key set
-2014-11-14 18:09:16.546: notice: "example.net.": re-signing triggered: Modified zone key set
-2014-11-14 18:09:16.547: debug: Writing key file "./example.net/dnskey.db"
-2014-11-14 18:09:16.547: debug: Incrementing serial number in file "./example.net/zone.db"
-2014-11-14 18:09:16.547: debug: Signing zone "example.net."
-2014-11-14 18:09:16.547: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 B26BB7 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-14 18:09:16.646: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-14 18:09:16.646: debug: Signing completed after 0s.
-2014-11-14 18:11:40.877: debug: Check RFC5011 status
-2014-11-14 18:11:40.877: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:11:40.877: debug: Check KSK status
-2014-11-14 18:11:40.877: debug: Check ZSK status
-2014-11-14 18:11:40.877: debug: Re-signing not necessary!
-2014-11-14 18:11:40.877: debug: Check if there is a parent file to copy
-2014-11-14 18:11:46.599: debug: Check RFC5011 status
-2014-11-14 18:11:46.599: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:11:46.599: debug: Check KSK status
-2014-11-14 18:11:46.599: debug: Check ZSK status
-2014-11-14 18:11:46.599: debug: Re-signing not necessary!
-2014-11-14 18:11:46.599: debug: Check if there is a parent file to copy
-2014-11-14 18:15:54.380: debug: Check RFC5011 status
-2014-11-14 18:15:54.380: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:15:54.380: debug: Check KSK status
-2014-11-14 18:15:54.380: debug: Check ZSK status
-2014-11-14 18:15:54.380: debug: Re-signing not necessary!
-2014-11-14 18:15:54.380: debug: Check if there is a parent file to copy
-2014-11-14 18:31:09.365: debug: Check RFC5011 status
-2014-11-14 18:31:09.365: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:31:09.365: debug: Check KSK status
-2014-11-14 18:31:09.365: debug: Check ZSK status
-2014-11-14 18:31:09.365: debug: Re-signing necessary: Modified keys
-2014-11-14 18:31:09.365: notice: "example.net.": re-signing triggered: Modified keys
-2014-11-14 18:31:09.365: debug: Writing key file "././example.net/dnskey.db"
-2014-11-14 18:31:09.366: debug: Incrementing serial number in file "././example.net/zone.db"
-2014-11-14 18:31:09.366: debug: Signing zone "example.net."
-2014-11-14 18:31:09.366: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 8B4599 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-14 18:31:09.488: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-14 18:31:09.488: debug: Signing completed after 0s.
-2014-11-14 18:31:27.335: debug: Check RFC5011 status
-2014-11-14 18:31:27.335: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:31:27.335: debug: Check KSK status
-2014-11-14 18:31:27.335: debug: Check ZSK status
-2014-11-14 18:31:27.335: debug: Re-signing not necessary!
-2014-11-14 18:31:27.335: debug: Check if there is a parent file to copy
-2014-11-14 18:38:16.356: debug: Check RFC5011 status
-2014-11-14 18:38:16.356: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:38:16.356: debug: Check KSK status
-2014-11-14 18:38:16.356: debug: Check ZSK status
-2014-11-14 18:38:16.356: debug: Re-signing necessary: Modified keys
-2014-11-14 18:38:16.356: notice: "example.net.": re-signing triggered: Modified keys
-2014-11-14 18:38:16.356: debug: Writing key file "././example.net/dnskey.db"
-2014-11-14 18:38:16.356: debug: Incrementing serial number in file "././example.net/zone.db"
-2014-11-14 18:38:16.356: debug: Signing zone "example.net."
-2014-11-14 18:38:16.356: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 BEBFB0 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-14 18:38:16.484: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-14 18:38:16.484: debug: Signing completed after 0s.
-2014-11-15 18:16:50.572: debug: Check RFC5011 status
-2014-11-15 18:16:50.572: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:16:50.572: debug: Check KSK status
-2014-11-15 18:16:50.572: debug: Check ZSK status
-2014-11-15 18:16:50.573: debug: Re-signing necessary: Modified keys
-2014-11-15 18:16:50.573: notice: "example.net.": re-signing triggered: Modified keys
-2014-11-15 18:16:50.573: debug: Writing key file "././example.net/dnskey.db"
-2014-11-15 18:16:50.573: debug: Incrementing serial number in file "././example.net/zone.db"
-2014-11-15 18:16:50.573: debug: Signing zone "example.net."
-2014-11-15 18:16:50.573: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 DC5680 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-15 18:16:50.715: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-15 18:16:50.715: debug: Signing completed after 0s.
-2014-11-15 18:16:54.202: debug: Check RFC5011 status
-2014-11-15 18:16:54.202: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:16:54.202: debug: Check KSK status
-2014-11-15 18:16:54.203: debug: Check ZSK status
-2014-11-15 18:16:54.203: debug: Re-signing not necessary!
-2014-11-15 18:16:54.203: debug: Check if there is a parent file to copy
-2014-11-15 18:17:06.919: debug: Check RFC5011 status
-2014-11-15 18:17:06.919: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:17:06.919: debug: Check KSK status
-2014-11-15 18:17:06.919: debug: Check ZSK status
-2014-11-15 18:17:06.919: debug: Re-signing necessary: Modified keys
-2014-11-15 18:17:06.919: notice: "example.net.": re-signing triggered: Modified keys
-2014-11-15 18:17:06.919: debug: Writing key file "././example.net/dnskey.db"
-2014-11-15 18:17:06.919: debug: Incrementing serial number in file "././example.net/zone.db"
-2014-11-15 18:17:06.919: debug: Signing zone "example.net."
-2014-11-15 18:17:06.919: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 D82F90 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-15 18:17:07.040: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-15 18:17:07.040: debug: Signing completed after 1s.
-2014-11-15 18:17:17.242: debug: Check RFC5011 status
-2014-11-15 18:17:17.242: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:17:17.242: debug: Check KSK status
-2014-11-15 18:17:17.243: debug: Check ZSK status
-2014-11-15 18:17:17.243: debug: Re-signing necessary: Zone file edited
-2014-11-15 18:17:17.243: notice: "example.net.": re-signing triggered: Zone file edited
-2014-11-15 18:17:17.243: debug: Writing key file "././example.net/dnskey.db"
-2014-11-15 18:17:17.243: debug: Incrementing serial number in file "././example.net/zone.db"
-2014-11-15 18:17:17.243: debug: Signing zone "example.net."
-2014-11-15 18:17:17.243: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 603310 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-15 18:17:17.365: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-15 18:17:17.365: debug: Signing completed after 0s.
-2014-11-17 19:12:44.250: debug: Check RFC5011 status
-2014-11-17 19:12:44.250: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:12:44.250: debug: Check KSK status
-2014-11-17 19:12:44.250: debug: Check ZSK status
-2014-11-17 19:12:44.250: debug: Re-signing necessary: re-signing interval (2d) reached
-2014-11-17 19:12:44.250: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2014-11-17 19:12:44.250: debug: Writing key file "./example.net/dnskey.db"
-2014-11-17 19:12:44.251: debug: Incrementing serial number in file "./example.net/zone.db"
-2014-11-17 19:12:44.251: debug: Signing zone "example.net."
-2014-11-17 19:12:44.251: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 9F5882 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-17 19:12:44.392: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-17 19:12:44.392: debug: Signing completed after 0s.
-2014-11-17 19:12:49.692: debug: Check RFC5011 status
-2014-11-17 19:12:49.692: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:12:49.692: debug: Check KSK status
-2014-11-17 19:12:49.692: debug: Check ZSK status
-2014-11-17 19:12:49.692: debug: Re-signing not necessary!
-2014-11-17 19:12:49.692: debug: Check if there is a parent file to copy
-2014-11-17 19:13:02.603: debug: Check RFC5011 status
-2014-11-17 19:13:02.603: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:13:02.603: debug: Check KSK status
-2014-11-17 19:13:02.603: debug: Check ZSK status
-2014-11-17 19:13:02.603: debug: Re-signing not necessary!
-2014-11-17 19:13:02.603: debug: Check if there is a parent file to copy
-2014-11-17 19:13:50.410: debug: Check RFC5011 status
-2014-11-17 19:13:50.410: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:13:50.410: debug: Check KSK status
-2014-11-17 19:13:50.410: debug: Check ZSK status
-2014-11-17 19:13:50.410: debug: Re-signing necessary: Modified keys
-2014-11-17 19:13:50.410: notice: "example.net.": re-signing triggered: Modified keys
-2014-11-17 19:13:50.410: debug: Writing key file "./example.net/dnskey.db"
-2014-11-17 19:13:50.410: debug: Incrementing serial number in file "./example.net/zone.db"
-2014-11-17 19:13:50.410: debug: Signing zone "example.net."
-2014-11-17 19:13:50.411: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 053453 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-17 19:13:50.525: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-17 19:13:50.525: debug: Signing completed after 0s.
-2014-11-17 19:13:54.302: debug: Check RFC5011 status
-2014-11-17 19:13:54.302: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:13:54.302: debug: Check KSK status
-2014-11-17 19:13:54.302: debug: Check ZSK status
-2014-11-17 19:13:54.302: debug: Re-signing not necessary!
-2014-11-17 19:13:54.302: debug: Check if there is a parent file to copy
-2014-11-17 19:14:01.846: debug: Check RFC5011 status
-2014-11-17 19:14:01.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:14:01.846: debug: Check KSK status
-2014-11-17 19:14:01.846: debug: Check ZSK status
-2014-11-17 19:14:01.846: debug: Re-signing necessary: Zone file edited
-2014-11-17 19:14:01.846: notice: "example.net.": re-signing triggered: Zone file edited
-2014-11-17 19:14:01.846: debug: Writing key file "./example.net/dnskey.db"
-2014-11-17 19:14:01.846: debug: Incrementing serial number in file "./example.net/zone.db"
-2014-11-17 19:14:01.846: debug: Signing zone "example.net."
-2014-11-17 19:14:01.847: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 7CF530 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
-2014-11-17 19:14:01.969: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-17 19:14:01.969: debug: Signing completed after 0s.
+++ /dev/null
-;-----------------------------------------------------------------
-;
-; @(#) example.net/zone.db
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-; Ensure that the serial number below is left
-; justified in a field of at least 10 chars!!
-; 0123456789;
-; It's also possible to use the date format e.g. 2005040101
-@ IN SOA ns1.example.net. hostmaster.example.net. (
- 396 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
- IN NS ns1.example.net.
- IN NS ns2.example.net.
-
-ns1 IN A 1.0.0.5
- IN AAAA 2001:db8::53
-ns2 IN A 1.2.0.6
-
-; Delegation to secure zone; The DS resource record will
-; be added by dnssec-signzone automatically if the
-; keyset-sub.example.net file is present (run dnssec-signzone
-; with option -g or use the dnssec-signer tool) ;-)
-sub IN NS ns1.example.net.
-
-; this file will contain all the zone keys
-$INCLUDE dnskey.db
-
-$INCLUDE zone.localhost
-$INCLUDE zone.hosts
-
-
+++ /dev/null
-; File written on Mon Nov 17 19:14:01 2014
-; dnssec_signzone version 9.10.1b1
-example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 396 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 8 2 7200 (
- 20141123171401 20141117171401 7929 example.net.
- nSDd2lzZOipVaXTc2gvg4MICjFPg1+57qFwF
- n3dofSvjNE9lbmKBsWY9KbawRmcvieFj9Lw/
- +xmGlzQya1THGUHom7JoH2u0nO6vWMD+i7HT
- 0xHOg2+FjIqNvG0VFwSg//ASdSzZ6zzyY+iU
- oZcT6fSAQCXLo52AAbsNwM7E0UM= )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 8 2 7200 (
- 20141123171401 20141117171401 7929 example.net.
- eSQSoaLKL/JxYimCdpoPouWtbQVvodzNMolg
- e1fG8U7GLgP2MMNUk/E/OlGYYft53dbQN8XD
- 2PdXi9fqH6n4jaOR+eHClAq4xUN3He9gq8GU
- tRc0Yj5D4VLKs7gBjPSVKkEDeVJFMCxXhIvO
- c4r2k7TPw3oi2WQdw4+jPoYu0SQ= )
- 3600 DNSKEY 256 3 8 (
- AwEAAZF8FdZfjdp4pyHk53/qvnzROy2lhF0c
- J0XbRaIgeIYHYMIUmMLrsazBQ7/3ZdFoQjgE
- Wz2BbKyfroJmE+VrCc1dBJ50PJUm3vcBbUwM
- gy4yXq3PtmwKzlr3YGMUgE31cByog0QRnW6m
- yNdEfDLf74yxRiPgIwk1rEmIYFUI4x69
- ) ; ZSK; alg = RSASHA256; key id = 2253
- 3600 DNSKEY 256 3 8 (
- AwEAAaFO1yW7cx3/4SBRganmyOEs2eIeAE25
- CgXYrtLALzFdgi+gRfl+QEOzMZBk/LmgKFcg
- p4GfgtuzKA08VGNmLUEGI+UBSP+DUezQfK/l
- xPCXuRMh0BJgAjnlo+jGaI2fpfKXBp+5uLiY
- 3pbkdm6LiaJb/s4v0DJjglGWiiPMIxyR
- ) ; ZSK; alg = RSASHA256; key id = 7929
- 3600 DNSKEY 257 3 8 (
- AwEAAQ5RiqQEKys2xlo5nK3n9tnWeGg/tHST
- baFw6AN1QPLlaEVLNXDaYKcpefu6ewNamaIn
- rjBrkkbqRnwKTuLCwJ9aA/hyFzocCOPh+he9
- dEQHbRTKDdTkjD3PqkOK97a+s1grWIdkRcce
- T3MXEsAwyjlasXPRKt/4v1sqS7592eyo6wTc
- beaoPYo6KMQLfcA9AHso9LBaRpqv7GlSjl5I
- V51mcU8=
- ) ; KSK; alg = RSASHA256; key id = 44671
- 3600 RRSIG DNSKEY 8 2 3600 (
- 20141123171401 20141117171401 7929 example.net.
- FA+VaaIn6SThjdlGRxlmYtqsXe3c7QAO0UAg
- LIGjdfs0yO8cSz07jzT1UsZancDhyprCdinl
- u9eOl0Lf9sPPKZFJUFYofKZmXCvtI7z8t1o7
- h74BwQlUeRAwG8vgK8flo09UMZ/wuT39ArAr
- ZCtXC/6DqiWZmmbAZ7igLIo36kA= )
- 3600 RRSIG DNSKEY 8 2 3600 (
- 20141123171401 20141117171401 44671 example.net.
- BacfHSvqUyB6q7Ynkf9tTFjA+kYhmHLV7acO
- Ua/I+tAs1ELtCLLJLv+1d449ovmSTm0RYRwO
- cGlpggtL8qGa5wl/BA5sobzxIkREKj0c1cud
- taViyZ4PaDO86Q4ZmZChQafbIxbLYqsL/v8z
- 517NzZ2xtZetnv5NtKzKvrVblVPaV0IyJHLK
- KvdHsU0eCqPSHfPYbMg3uusZhL618tARxQn3
- 8g== )
- 0 NSEC3PARAM 1 0 10 7CF530
- 0 RRSIG NSEC3PARAM 8 2 0 (
- 20141123171401 20141117171401 7929 example.net.
- MdriHagoMqEW0VoINMPaATPCsYZYiKVHUN56
- Bl8kCNFlNaVD8Pn32z+Ewh1I/m5OxCUry10J
- BPEFZmXlKDiJ36/bzAFDUPBBsvjCPIGHedZT
- oyPwZ6JVoDrBEmQWHaoq5YTsVcNy0E4zC/Md
- 4FKPNZnCiExDX0h8MGxMAVTZG5I= )
-a.example.net. 7200 IN A 1.2.3.1
- 7200 RRSIG A 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- C7WKU0ffs8VpzaYt2CqdnUgQMjfwXAHIzmbR
- Q3EOqzg66u2Jz1jdO+CwPRizTb2u+vh7/uDL
- bDPn0YEDHDgmfTYu03aWf5Lpo50QlKQrCFIE
- stdhE2IH1wyej/vqlthXA0ZH7xr4EHwGFPRv
- GfYOIBiXs8K1drY1tp7qxFX9Mro= )
-b.example.net. 7200 IN MX 10 a.example.net.
- 7200 RRSIG MX 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- BRSj7EugAKkgnFCoChaM764Vh25FOjQIhB91
- dRfm9/vrcJ+48DXPo3ag/SpNzV4d37UokEl6
- YXvpb4HiwFsPB0Dvvvct6yicR2UjGCNatKGx
- 4IAmLmbT2sViBGnXBlD349FFl32oeeXEIu2J
- B9q6NtrP65FFXINY+oFoxi+aYMI= )
-d.example.net. 7200 IN A 1.2.3.3
- 7200 RRSIG A 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- ek0mcsVZAxWO6xsjw6eObrkEYfGIUDglNH5T
- VgpNIrR7lb2XywLfdyz4PuCb/0ZEN7niY6VW
- rza4v+3dJGoqOKxu4QDY4iRrWChy/F3St0ZA
- vDiLWWmxnhpTo9l+M34kuCrbx0NahwUfejBw
- Chp1sLTWJM6OF+qsTKotRdfbLeM= )
- 7200 AAAA 2001:db8::3
- 7200 RRSIG AAAA 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- h34UzUI64yyIsI1MbqeSMuRqHL9jCAikW7i+
- MWYtXptQ0XB2416yB+w7fcC8ctl9v2H1244V
- XeJOJV85HHwKfEOP1G9kCvS5b9iEoDFfVDUt
- PwLMFhKe94XQ+aUA81RYoAJnzdj84Bi3YZ3g
- U1Yv4tv/oW0dd/W4Pvo/UVadybA= )
-localhost.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- OQMFtldAekpNnf4cUqlw8rmSrjPQjjPlVb3i
- ktCiez0s+s9PG18lbMsfYFZvEm+deDit8fR9
- lDKdUWwvxSkjeeCeABsg0kd1FLEuFKOv1HGP
- ql1dAA0/X+XTQ7FSfAuZmsmKTUYOgZjgmeBY
- EOkXYfa/IMDPauDWJbtbRsfuEzA= )
-ns1.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- Tv5nLzFdIM6tU8BYb+twJ+2d+5b+VyuED977
- 6wcDI2sb79Y9RwySP4UE+x4Zbm6P+lgqTI2y
- ITCWvVDyTqOcUUbWGX62KDVD+4nK0EK59jro
- VghtBWH3RLB0vSb59xNKPgOpgP4tTbWLyN5J
- OaVHNxmOu24ygvDRYMEQYHgRKtE= )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- OkW0vncVMFb0Fw6yxcpQ38AzPc2yxoekLDCi
- 1VmSMfBzCQRekqUIE3TtqBpJtaUP4JMANIXb
- xvmbL1wl/IT4BqSg8faDg4DBsYeCr70ucUUj
- NDKbeYtKdNkYIZGX8U27wflFOAISR4TEguZe
- TqxoBuoWmyo4+Yrk4skFFa30Qsk= )
-ns2.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- Mt6BRM5elYbfPQOQgfiJ8PAkJbwdfhUedXug
- M7eTDcxjXTtxraMxheWIuEcgZ7UtQuX1/gUy
- Fl98gixX05g80F9YdyB/dnzMK0k2hHMWxr4j
- DD1e5rAsnCfT+PnZGVEkhPWCRM6Uw8qOdXOx
- PktCHwWV1XnfxLAi0YZXJoJGlYs= )
-sub.example.net. 7200 IN NS ns1.example.net.
- 7200 DS 33936 7 1 (
- 8E06D0C044A15C396F43E1743EDC0C0772F1
- 19A7 )
- 7200 DS 33936 7 2 (
- 496F56E015F74A955A1B277255DE56C564DC
- C5AF559DAAA40C4DE01933E073E7 )
- 7200 DS 60396 10 1 (
- 00A6EDBD5687D69DB7636749A057ABB43A13
- 576E )
- 7200 DS 60396 10 2 (
- FE01A3C47B2D3F19CAB32451986B36C2ADEF
- 2C4247B7B24DEB77EDB90EE1CB4C )
- 7200 RRSIG DS 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- S+ognL1Unax/NnfRIcnq53uHltBCquHMKgkS
- JMnQYGJcXZzUlUpKkXCXR9kZfZFfWjNV72FA
- lqgV9+AXi9bIO1HmLWXQ0AFkS1g6wkBvcrGT
- 95IbQRlL1hOySNmnILA/RyOKaHEM3Vxjl0CM
- lOSEX34CAAsj/0srNJWWhaNgUFI= )
-CP5JT7EV1K7R3VBGJ54G2FALVGI94Q9A.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- GH4PQAVJQD10HL7KI3S4CTURR9E3V4B4
- NS SOA RRSIG DNSKEY NSEC3PARAM )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- KvHTjmmjBwYgJvTQUTpOmtA+1nEfefVMgYV5
- I2OMDZ5/dhgrktETUchyHiqS6J9nQeS7HiqC
- 2/fftgueMyofDAbhjQ0yf9hpWdNpquI1vKID
- UZKZUIWTtcH9vbEST80qxlKJdwUHwlZwnTHf
- +ZUj3mVn+Vrb7g6yQt1jBmihcao= )
-GH4PQAVJQD10HL7KI3S4CTURR9E3V4B4.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- KIMJV7K0CDS0O96IHHOF7H6PIJ40T4J2
- A RRSIG )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- LaIQC6orUjlak00kA9dySq0qphgvcKllGGf2
- 5BrENDnYVN0RPCwzMfXPxzHDIG7o4GGRvFpx
- dpxChETPSoPObVJpwmgUHILPrrcAkwYIcH0T
- KETpGHgmixCDwZE9kUHzy6FGZcWQDezQT7CD
- +EsC6GWCswWnyetA9R7ZY5N7OPY= )
-KIMJV7K0CDS0O96IHHOF7H6PIJ40T4J2.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- MG6NM7AJN6AMBK227QBFBHPD726L69B2
- NS DS RRSIG )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- PAlwSBhhkusXgnZOG9IpG9u5lVSfIWGaRxFk
- nhaBMW8AL/sjZFl7yMIP4Vsqnv1QW1EB+wa6
- zC7AzG80FvQcU4anxuUlPSkWyxQ8T8cVZHu3
- 9HMGs++pvNdta+iBeV8F4zjVw73TWFQ4yX1u
- 04AKmsNnNhCnTQmxEGO7LJ9ras0= )
-MG6NM7AJN6AMBK227QBFBHPD726L69B2.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- QTFSVH9JGRG31JP59190G8AD6SKQELK7
- A AAAA RRSIG )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- eG4jlpmAJg/OT56On/WfZYmYuthPjc5u4rYr
- eSXnpjjreFfQuGhj0or2yedAOgIYXktJ2Dtc
- TWIl4ppySs7mwzn2QQAMRjh5PovVasdxGVAG
- pPd5Q/SlPuQ6/szIn66y+wobGT948oaPbXRm
- ptmofvmb6T5NqSFGM7LWXmElHfk= )
-QTFSVH9JGRG31JP59190G8AD6SKQELK7.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- R0VERQHHM272SRP6M3CJFOE3FGK2A5DC
- MX RRSIG )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- UgYYu5vLwPg8DJ3C8ye5qZ5SlBWS8cri/0W3
- uhsmZNpmgN7DoM37tymSAE9ilsNOCUOMfP2n
- vOP1KBnhPwHhcgKhh6UqtTchr/qPThG51XJA
- uKxsrY/hY5mIE5Fk7n84DV4OpFGdFdmgtraq
- Vj7Y/RFukf2W4y5zzsh3f1RfJBo= )
-R0VERQHHM272SRP6M3CJFOE3FGK2A5DC.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- SPNT3RTA99QNKF4OPN46CKHN6T498NFU
- A RRSIG )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- gkqYtdVKHOIthI2QMIURdiWsTRGrmBPxRDpC
- orUkxgnwYvu124S9T7xnu6ImhoaDCcn1XH0L
- ekhOOCT+7phOAKu60Q4wOYIs7je9H6baJUzL
- OJFlcaheGSGAkW+X+vJqkABJ/cNy39O8BcE1
- 3+GtsHBfmvCaFBDbXPX8TynH5qY= )
-SPNT3RTA99QNKF4OPN46CKHN6T498NFU.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- UUS79RPELAT8G2MR1SKQJURUST94FD4H
- A AAAA RRSIG )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- JyfcdxODrVWXS4PNNMZ7URyYRlEFjVBssCB4
- 8eZ/wqIdMnEgY8VVlnsutZHett3wbrG1NChH
- xtdYENYV8U4KcjrVnmHNFjkAnXsQe2ZqLXVX
- /LWgY19BqoioSnKeL6ZEwTCZmWmCv/8bF9Ju
- rrtpRrLAzRo5aeDnoMxSwteKiko= )
-UUS79RPELAT8G2MR1SKQJURUST94FD4H.example.net. 7200 IN NSEC3 1 1 10 7CF530 (
- CP5JT7EV1K7R3VBGJ54G2FALVGI94Q9A
- A RRSIG )
- 7200 RRSIG NSEC3 8 3 7200 (
- 20141123171401 20141117171401 7929 example.net.
- HxoUXP1Dt9c0Ass7uGGOpTKKG3vIXY3cHS56
- 4TTi8AOl9bV9Hf6awiYUw4qBby8+M6sXeRmP
- zYTNCfwIaBx9QhSJnaRXcUqC7T3Rnjk/ST/W
- flKzVLqV83K6h8aYQCKaV4FCatNrQimbt+8G
- NwUd565/EsJ77HRJCOYLWuBG28o= )
+++ /dev/null
-a IN A 1.2.3.1
-b IN MX 10 a
-;c IN A 1.2.3.2
-d IN A 1.2.3.3
- IN AAAA 2001:0db8::3
+++ /dev/null
-
-localhost IN A 127.0.0.1
+++ /dev/null
-sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 1 9660E85E9542C823D4E9860D778350AA5D8904E9
-sub.example.net.dlv.trusted-keys.de. IN DLV 42834 7 2 1337FB51C697B7CD20C8D6BBC498310588C78B3595FB53F35C871DBF EC86DAAE
-sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0
-sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE
+++ /dev/null
-example.net. IN DS 44671 8 1 C29F02EF0E0C4AB5AFDDB5220DC35149CBB9067E
-example.net. IN DS 44671 8 2 2CA230B1D3BB0DC700B75152B403BE83E4CC3410AFEC38EAF00177BC 9692ADFA
+++ /dev/null
-sub.example.net. IN DS 33936 7 1 8E06D0C044A15C396F43E1743EDC0C0772F119A7
-sub.example.net. IN DS 33936 7 2 496F56E015F74A955A1B277255DE56C564DCC5AF559DAAA40C4DE019 33E073E7
-sub.example.net. IN DS 60396 10 1 00A6EDBD5687D69DB7636749A057ABB43A13576E
-sub.example.net. IN DS 60396 10 2 FE01A3C47B2D3F19CAB32451986B36C2ADEF2C4247B7B24DEB77EDB9 0EE1CB4C
+++ /dev/null
-$ORIGIN .
-example.net 7200 IN DNSKEY 257 3 8 (
- AwEAAQ5RiqQEKys2xlo5nK3n9tnWeGg/tHST
- baFw6AN1QPLlaEVLNXDaYKcpefu6ewNamaIn
- rjBrkkbqRnwKTuLCwJ9aA/hyFzocCOPh+he9
- dEQHbRTKDdTkjD3PqkOK97a+s1grWIdkRcce
- T3MXEsAwyjlasXPRKt/4v1sqS7592eyo6wTc
- beaoPYo6KMQLfcA9AHso9LBaRpqv7GlSjl5I
- V51mcU8=
- ) ; KSK; alg = RSASHA256; key id = 44671
+++ /dev/null
-$ORIGIN .
-sub.example.net 7200 IN DNSKEY 257 3 7 (
- AwEAAcN3xHB1ZkrRCdxMWoogYdMx9NXO5pu2
- U41Terw/v9/tBQQ8ZCwq3KyBMTlwow1n1+ri
- NDi3jhJInw+obqUgvxEYU1+xkbAUXU26KqGD
- 7fe+PEk+UlVQ0LHY65yFHTWNc4/3DnEei++V
- uiJ1o7V7sSkQGDJC6L4U+e7vbHi3cBmx
- ) ; KSK; alg = NSEC3RSASHA1; key id = 33936
- 7200 IN DNSKEY 257 3 10 (
- AwEAAeTP9f5eCzD71+u4oa7XIjEz/IAD4OQB
- D+DgiflOGKrBRnU8uHVqIdqwPhaDqWdutMoZ
- abBDlABe/NB7y55ea7s8RCQzQ2dLFGEL3/+G
- cebakcATH8e6Fp5+QLCSpyRJhfSZZF6qDJ/p
- i2RCS2/VfwCwr+N7VRelFCzri6v+EEeV
- ) ; KSK; alg = RSASHA512; key id = 60396
+++ /dev/null
-/*****************************************************************
-**
-** #(@) named.conf (c) 6. May 2004 (hoz)
-**
-*****************************************************************/
-
-/*****************************************************************
-** logging options
-*****************************************************************/
-logging {
- channel "named-log" {
- file "/var/log/named" versions 3 size 2m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel "resolver-log" {
- file "/var/log/named";
- print-time yes;
- print-category yes;
- print-severity yes;
- severity debug 1;
- };
- channel "dnssec-log" {
-# file "/var/log/named-dnssec" ;
- file "/var/log/named" ;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity debug 3;
- };
- category "dnssec" { "dnssec-log"; };
- category "default" { "named-log"; };
- category "resolver" { "resolver-log"; };
- category "client" { "resolver-log"; };
- category "queries" { "resolver-log"; };
-};
-
-/*****************************************************************
-** name server options
-*****************************************************************/
-options {
- directory ".";
-
- dump-file "/var/log/named_dump.db";
- statistics-file "/var/log/named.stats";
-
- listen-on-v6 { any; };
-
- query-source address * port 53;
- transfer-source * port 53;
- notify-source * port 53;
-
- recursion yes;
- dnssec-enable yes;
- edns-udp-size 4096;
-
-# dnssec-lookaside "." trust-anchor "trusted-keys.de.";
-
- querylog yes;
-
-};
-
-/*****************************************************************
-** include shared secrets...
-*****************************************************************/
-/** for control sessions ... **/
-controls {
- inet 127.0.0.1
- allow { localhost; };
- inet ::1
- allow { localhost; };
-};
-
-/*****************************************************************
-** ... and trusted_keys
-*****************************************************************/
-# include "trusted-keys.conf" ;
-
-/*****************************************************************
-** root server hints and required 127 stuff
-*****************************************************************/
-zone "." in {
- type hint;
- file "root.hint";
-};
-
-zone "localhost" in {
- type master;
- file "localhost.zone";
-};
-
-zone "0.0.127.in-addr.ARPA" in {
- type master;
- file "127.0.0.zone";
-};
-
-#include "zone.conf";
-
-zone "example.NET." in {
- type master;
- file "example.net/zone.db.signed";
- zone-statistics yes;
-};
-
-zone "sub.example.NET." in {
- type master;
- file "sub.example.net/zone.db.signed";
- zone-statistics no;
-};
+++ /dev/null
-sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0
-sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE
+++ /dev/null
-;
-; !!! Don't edit this file by hand.
-; !!! It will be generated by zkt-signer.
-;
-; Last generation time Nov 17 2014 19:12:44
-;
-
-; *** List of Key Signing Keys ***
-; sub.example.net. tag=60396 algo=RSASHA512 generated Nov 14 2014 18:09:16
-sub.example.net. 3600 IN DNSKEY 257 3 10 (
- AwEAAeTP9f5eCzD71+u4oa7XIjEz/IAD4OQBD+DgiflOGKrBRnU8uHVq
- IdqwPhaDqWdutMoZabBDlABe/NB7y55ea7s8RCQzQ2dLFGEL3/+Gceba
- kcATH8e6Fp5+QLCSpyRJhfSZZF6qDJ/pi2RCS2/VfwCwr+N7VRelFCzr
- i6v+EEeV
- ) ; key id = 60396
-
-; sub.example.net. tag=33936 algo=NSEC3RSASHA1 generated Nov 14 2014 18:11:13
-sub.example.net. 3600 IN DNSKEY 257 3 7 (
- AwEAAcN3xHB1ZkrRCdxMWoogYdMx9NXO5pu2U41Terw/v9/tBQQ8ZCwq
- 3KyBMTlwow1n1+riNDi3jhJInw+obqUgvxEYU1+xkbAUXU26KqGD7fe+
- PEk+UlVQ0LHY65yFHTWNc4/3DnEei++VuiJ1o7V7sSkQGDJC6L4U+e7v
- bHi3cBmx
- ) ; key id = 33936
-
-; *** List of Zone Signing Keys ***
-; sub.example.net. tag=21503 algo=RSASHA512 generated Nov 14 2014 18:09:16
-sub.example.net. 3600 IN DNSKEY 256 3 10 (
- AwEAAahmSxE4IXfSeRORsgUxextvSLXIqa790jXejxDQoSmv+Tb7mHsK
- sB65qxMjXYwIWmh4lbx66g/yVL9NaIMw6o01jdH3zYi0p3grqvGB8Z+s
- 4PodN5v1xmSEEqXjYXsjHucg+hQgMkrvls3uwl//gz9t5iQx7/FQ56dD
- zpPyxti5
- ) ; key id = 21503
-
-; sub.example.net. tag=6419 algo=NSEC3RSASHA1 generated Nov 14 2014 18:11:13
-sub.example.net. 3600 IN DNSKEY 256 3 7 (
- AwEAAbv1lSpyfRbHCrGs667jxg8+IYrU8GqZ8NPy1CGj3yxtFH1xCvd7
- E9gYjtcPaqse+FsCrChUi/2RQGIPaB0PbyM=
- ) ; key id = 6419
-
-; sub.example.net. tag=53867 algo=RSASHA512 generated Nov 17 2014 19:12:44
-sub.example.net. 3600 IN DNSKEY 256 3 10 (
- AwEAAeweX3J5rUFFMZMN06/70lion/SSy6i6HVAveLAgXMQVJBRngAQp
- 2TVxfh0Dxjjywu1NkEokr5FUB9kqL36SwwMTzoZ3yuJjylw+GS8dw/Z9
- PFEw0aNMP3qXnL5wHVuzatBnpGo9jAzy6PtRkJal/WiNPl8tdlIaxhi5
- X0EnQ2cf
- ) ; key id = 53867
-
+++ /dev/null
-ResignInterval: 1d # (86400 seconds)
-SigValidity: 2d # (172800 seconds)
-MaximumTTL: 90s # (90 seconds)
-KSKlifetime: 1w # (604800 seconds)
-KSKbits: 1024
-ZSKlifetime: 3d # (259200 seconds)
-NSEC3: On # (On|Off|OptOut)
+++ /dev/null
-1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE
\ No newline at end of file
+++ /dev/null
-1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE1
\ No newline at end of file
+++ /dev/null
-2010-10-21 14:01:35.486: debug: Check RFC5011 status
-2010-10-21 14:01:35.486: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:01:35.486: debug: Check KSK status
-2010-10-21 14:01:35.486: debug: Check ZSK status
-2010-10-21 14:01:35.486: debug: No active ZSK found: generate new one
-2010-10-21 14:01:35.495: error: sub.example.net.": can't generate new ZSK
-2010-10-21 14:01:35.495: debug: Re-signing necessary: Modfied zone key set
-2010-10-21 14:01:35.496: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
-2010-10-21 14:01:35.496: debug: Writing key file "./sub.example.net/dnskey.db"
-2010-10-21 14:01:35.496: debug: Incrementing serial number in file "./sub.example.net/zone.db"
-2010-10-21 14:01:35.496: debug: Signing zone "sub.example.net."
-2010-10-21 14:01:35.496: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9FC981 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2010-10-21 14:01:35.546: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed."
-2010-10-21 14:01:35.546: error: "sub.example.net.": signing failed!
-2010-10-21 14:02:09.146: debug: Check RFC5011 status
-2010-10-21 14:02:09.146: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:02:09.146: debug: Check KSK status
-2010-10-21 14:02:09.146: debug: Check ZSK status
-2010-10-21 14:02:09.146: debug: No active ZSK found: generate new one
-2010-10-21 14:02:09.156: error: sub.example.net.": can't generate new ZSK
-2010-10-21 14:02:09.156: debug: Re-signing necessary: Modified keys
-2010-10-21 14:02:09.156: notice: "sub.example.net.": re-signing triggered: Modified keys
-2010-10-21 14:02:09.156: debug: Writing key file "./sub.example.net/dnskey.db"
-2010-10-21 14:02:09.157: debug: Incrementing serial number in file "./sub.example.net/zone.db"
-2010-10-21 14:02:09.157: debug: Signing zone "sub.example.net."
-2010-10-21 14:02:09.157: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 BD326D -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2010-10-21 14:02:09.208: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed."
-2010-10-21 14:02:09.208: error: "sub.example.net.": signing failed!
-2010-10-21 14:05:35.988: debug: Check RFC5011 status
-2010-10-21 14:05:35.988: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:05:35.988: debug: Check KSK status
-2010-10-21 14:05:35.988: debug: Check ZSK status
-2010-10-21 14:05:35.988: debug: No active ZSK found: generate new one
-2010-10-21 14:05:36.091: info: "sub.example.net.": generated new ZSK 7987
-2010-10-21 14:05:36.091: debug: Re-signing necessary: Modfied zone key set
-2010-10-21 14:05:36.091: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
-2010-10-21 14:05:36.091: debug: Writing key file "./sub.example.net/dnskey.db"
-2010-10-21 14:05:36.091: debug: Incrementing serial number in file "./sub.example.net/zone.db"
-2010-10-21 14:05:36.091: debug: Signing zone "sub.example.net."
-2010-10-21 14:05:36.091: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 75DE06 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2010-10-21 14:05:36.170: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2010-10-21 14:05:36.170: debug: Signing completed after 0s.
-2010-10-21 14:30:43.892: debug: Check RFC5011 status
-2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2010-10-21 14:30:43.892: debug: Check KSK status
-2010-10-21 14:30:43.892: debug: Check ZSK status
-2010-10-21 14:30:43.892: debug: Re-signing not necessary!
-2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy
-2014-11-14 18:04:37.686: debug: Check RFC5011 status
-2014-11-14 18:04:37.686: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:04:37.686: debug: Check KSK status
-2014-11-14 18:04:37.686: warning: "sub.example.net.": lifetime of key signing key 33176 exceeded since 4d8h26m2s
-2014-11-14 18:04:37.686: debug: Check ZSK status
-2014-11-14 18:04:37.686: debug: Lifetime(259200 +/-150 sec) of active key 7987 exceeded (980762 sec)
-2014-11-14 18:04:37.686: debug: ->waiting for published key
-2014-11-14 18:04:37.686: notice: "sub.example.net.": lifetime of zone signing key 7987 exceeded since 1w1d8h26m2s: ZSK rollover deferred: waiting for published key
-2014-11-14 18:04:37.686: debug: New ZSK for publishing needed
-2014-11-14 18:04:37.721: debug: ->creating new key 39632
-2014-11-14 18:04:37.721: info: "sub.example.net.": new zone signing key 39632 generated for publishing
-2014-11-14 18:04:37.721: debug: Re-signing necessary: Modified zone key set
-2014-11-14 18:04:37.721: notice: "sub.example.net.": re-signing triggered: Modified zone key set
-2014-11-14 18:04:37.721: debug: Writing key file "./sub.example.net/dnskey.db"
-2014-11-14 18:04:37.721: debug: Incrementing serial number in file "./sub.example.net/zone.db"
-2014-11-14 18:04:37.721: debug: Signing zone "sub.example.net."
-2014-11-14 18:04:37.722: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 97195D -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2014-11-14 18:04:37.729: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC-only DNSKEY"
-2014-11-14 18:04:37.729: error: "sub.example.net.": signing failed!
-2014-11-14 18:09:16.251: debug: Check RFC5011 status
-2014-11-14 18:09:16.251: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:09:16.251: debug: Check KSK status
-2014-11-14 18:09:16.251: debug: No active KSK found: generate new one
-2014-11-14 18:09:16.288: info: "sub.example.net.": generated new KSK 60396
-2014-11-14 18:09:16.288: debug: Check ZSK status
-2014-11-14 18:09:16.288: debug: No active ZSK found: generate new one
-2014-11-14 18:09:16.329: info: "sub.example.net.": generated new ZSK 21503
-2014-11-14 18:09:16.329: debug: Re-signing necessary: Modified zone key set
-2014-11-14 18:09:16.329: notice: "sub.example.net.": re-signing triggered: Modified zone key set
-2014-11-14 18:09:16.329: debug: Writing key file "./sub.example.net/dnskey.db"
-2014-11-14 18:09:16.330: debug: Incrementing serial number in file "./sub.example.net/zone.db"
-2014-11-14 18:09:16.330: debug: Signing zone "sub.example.net."
-2014-11-14 18:09:16.330: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 B26BB7 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2014-11-14 18:09:16.427: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-14 18:09:16.427: debug: Signing completed after 0s.
-2014-11-14 18:11:40.699: debug: Check RFC5011 status
-2014-11-14 18:11:40.699: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:11:40.699: debug: Check KSK status
-2014-11-14 18:11:40.699: debug: Check ZSK status
-2014-11-14 18:11:40.699: debug: Re-signing necessary: Modified keys
-2014-11-14 18:11:40.699: notice: "sub.example.net.": re-signing triggered: Modified keys
-2014-11-14 18:11:40.699: debug: Writing key file "././sub.example.net/dnskey.db"
-2014-11-14 18:11:40.699: debug: Incrementing serial number in file "././sub.example.net/zone.db"
-2014-11-14 18:11:40.699: debug: Signing zone "sub.example.net."
-2014-11-14 18:11:40.699: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 E8CBA9 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2014-11-14 18:11:40.876: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-14 18:11:40.876: debug: Signing completed after 0s.
-2014-11-14 18:11:46.599: debug: Check RFC5011 status
-2014-11-14 18:11:46.599: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:11:46.599: debug: Check KSK status
-2014-11-14 18:11:46.599: debug: Check ZSK status
-2014-11-14 18:11:46.599: debug: Re-signing not necessary!
-2014-11-14 18:11:46.599: debug: Check if there is a parent file to copy
-2014-11-14 18:15:54.379: debug: Check RFC5011 status
-2014-11-14 18:15:54.379: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:15:54.379: debug: Check KSK status
-2014-11-14 18:15:54.379: debug: Check ZSK status
-2014-11-14 18:15:54.379: debug: Re-signing not necessary!
-2014-11-14 18:15:54.379: debug: Check if there is a parent file to copy
-2014-11-14 18:31:09.365: debug: Check RFC5011 status
-2014-11-14 18:31:09.365: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:31:09.365: debug: Check KSK status
-2014-11-14 18:31:09.365: debug: Check ZSK status
-2014-11-14 18:31:09.365: debug: Re-signing not necessary!
-2014-11-14 18:31:09.365: debug: Check if there is a parent file to copy
-2014-11-14 18:31:27.335: debug: Check RFC5011 status
-2014-11-14 18:31:27.335: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:31:27.335: debug: Check KSK status
-2014-11-14 18:31:27.335: debug: Check ZSK status
-2014-11-14 18:31:27.335: debug: Re-signing not necessary!
-2014-11-14 18:31:27.335: debug: Check if there is a parent file to copy
-2014-11-14 18:38:16.355: debug: Check RFC5011 status
-2014-11-14 18:38:16.355: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-14 18:38:16.355: debug: Check KSK status
-2014-11-14 18:38:16.355: debug: Check ZSK status
-2014-11-14 18:38:16.355: debug: Re-signing not necessary!
-2014-11-14 18:38:16.356: debug: Check if there is a parent file to copy
-2014-11-15 18:16:50.447: debug: Check RFC5011 status
-2014-11-15 18:16:50.447: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:16:50.447: debug: Check KSK status
-2014-11-15 18:16:50.447: debug: Check ZSK status
-2014-11-15 18:16:50.447: debug: Re-signing necessary: re-signing interval (1d) reached
-2014-11-15 18:16:50.447: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
-2014-11-15 18:16:50.447: debug: Writing key file "././sub.example.net/dnskey.db"
-2014-11-15 18:16:50.447: debug: Incrementing serial number in file "././sub.example.net/zone.db"
-2014-11-15 18:16:50.447: debug: Signing zone "sub.example.net."
-2014-11-15 18:16:50.448: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 DC5680 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2014-11-15 18:16:50.572: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-15 18:16:50.572: debug: Signing completed after 0s.
-2014-11-15 18:16:54.202: debug: Check RFC5011 status
-2014-11-15 18:16:54.202: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:16:54.202: debug: Check KSK status
-2014-11-15 18:16:54.202: debug: Check ZSK status
-2014-11-15 18:16:54.202: debug: Re-signing not necessary!
-2014-11-15 18:16:54.202: debug: Check if there is a parent file to copy
-2014-11-15 18:17:06.918: debug: Check RFC5011 status
-2014-11-15 18:17:06.918: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:17:06.918: debug: Check KSK status
-2014-11-15 18:17:06.918: debug: Check ZSK status
-2014-11-15 18:17:06.918: debug: Re-signing not necessary!
-2014-11-15 18:17:06.918: debug: Check if there is a parent file to copy
-2014-11-15 18:17:17.242: debug: Check RFC5011 status
-2014-11-15 18:17:17.242: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-15 18:17:17.242: debug: Check KSK status
-2014-11-15 18:17:17.242: debug: Check ZSK status
-2014-11-15 18:17:17.242: debug: Re-signing not necessary!
-2014-11-15 18:17:17.242: debug: Check if there is a parent file to copy
-2014-11-17 19:12:44.029: debug: Check RFC5011 status
-2014-11-17 19:12:44.029: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:12:44.029: debug: Check KSK status
-2014-11-17 19:12:44.029: debug: Check ZSK status
-2014-11-17 19:12:44.029: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263008 sec)
-2014-11-17 19:12:44.029: debug: ->waiting for published key
-2014-11-17 19:12:44.029: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m28s: ZSK rollover deferred: waiting for published key
-2014-11-17 19:12:44.029: debug: New ZSK for publishing needed
-2014-11-17 19:12:44.110: debug: ->creating new key 53867
-2014-11-17 19:12:44.110: info: "sub.example.net.": new zone signing key 53867 generated for publishing
-2014-11-17 19:12:44.110: debug: Re-signing necessary: Modified zone key set
-2014-11-17 19:12:44.110: notice: "sub.example.net.": re-signing triggered: Modified zone key set
-2014-11-17 19:12:44.110: debug: Writing key file "./sub.example.net/dnskey.db"
-2014-11-17 19:12:44.111: debug: Incrementing serial number in file "./sub.example.net/zone.db"
-2014-11-17 19:12:44.111: debug: Signing zone "sub.example.net."
-2014-11-17 19:12:44.111: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9F5882 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
-2014-11-17 19:12:44.250: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2014-11-17 19:12:44.250: debug: Signing completed after 0s.
-2014-11-17 19:12:49.691: debug: Check RFC5011 status
-2014-11-17 19:12:49.691: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:12:49.691: debug: Check KSK status
-2014-11-17 19:12:49.691: debug: Check ZSK status
-2014-11-17 19:12:49.691: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263013 sec)
-2014-11-17 19:12:49.691: debug: ->waiting for published key
-2014-11-17 19:12:49.691: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m33s: ZSK rollover deferred: waiting for published key
-2014-11-17 19:12:49.692: debug: Re-signing not necessary!
-2014-11-17 19:12:49.692: debug: Check if there is a parent file to copy
-2014-11-17 19:13:02.603: debug: Check RFC5011 status
-2014-11-17 19:13:02.603: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:13:02.603: debug: Check KSK status
-2014-11-17 19:13:02.603: debug: Check ZSK status
-2014-11-17 19:13:02.603: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263026 sec)
-2014-11-17 19:13:02.603: debug: ->waiting for published key
-2014-11-17 19:13:02.603: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m46s: ZSK rollover deferred: waiting for published key
-2014-11-17 19:13:02.603: debug: Re-signing not necessary!
-2014-11-17 19:13:02.603: debug: Check if there is a parent file to copy
-2014-11-17 19:13:50.409: debug: Check RFC5011 status
-2014-11-17 19:13:50.409: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:13:50.409: debug: Check KSK status
-2014-11-17 19:13:50.409: debug: Check ZSK status
-2014-11-17 19:13:50.409: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263074 sec)
-2014-11-17 19:13:50.409: debug: ->waiting for published key
-2014-11-17 19:13:50.409: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m34s: ZSK rollover deferred: waiting for published key
-2014-11-17 19:13:50.409: debug: Re-signing not necessary!
-2014-11-17 19:13:50.409: debug: Check if there is a parent file to copy
-2014-11-17 19:13:54.302: debug: Check RFC5011 status
-2014-11-17 19:13:54.302: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:13:54.302: debug: Check KSK status
-2014-11-17 19:13:54.302: debug: Check ZSK status
-2014-11-17 19:13:54.302: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263078 sec)
-2014-11-17 19:13:54.302: debug: ->waiting for published key
-2014-11-17 19:13:54.302: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m38s: ZSK rollover deferred: waiting for published key
-2014-11-17 19:13:54.302: debug: Re-signing not necessary!
-2014-11-17 19:13:54.302: debug: Check if there is a parent file to copy
-2014-11-17 19:14:01.845: debug: Check RFC5011 status
-2014-11-17 19:14:01.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2014-11-17 19:14:01.846: debug: Check KSK status
-2014-11-17 19:14:01.846: debug: Check ZSK status
-2014-11-17 19:14:01.846: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263085 sec)
-2014-11-17 19:14:01.846: debug: ->waiting for published key
-2014-11-17 19:14:01.846: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m45s: ZSK rollover deferred: waiting for published key
-2014-11-17 19:14:01.846: debug: Re-signing not necessary!
-2014-11-17 19:14:01.846: debug: Check if there is a parent file to copy
+++ /dev/null
-;-----------------------------------------------------------------
-;
-; @(#) sub.example.net/zone.db
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-@ IN SOA ns1.example.net. hostmaster.example.net. (
- 13 ; Serial
- 86400 ; Refresh (RIPE recommendation if NOTIFY is used)
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
-
- IN NS ns1.example.net.
-
-$INCLUDE dnskey.db
-
-localhost IN A 127.0.0.1
-
-a IN A 1.2.3.4
-b IN A 1.2.3.5
-c IN A 1.2.3.6
+++ /dev/null
-; File written on Mon Nov 17 19:12:44 2014
-; dnssec_signzone version 9.10.1b1
-sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 13 ; serial
- 86400 ; refresh (1 day)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 7 3 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- PttXCUlP7dbMYWpsFuMsy+/VN7HZp0TOWgmr
- wvQHmb9Ju/y/ez3qHLjaqPun3osNEsjoDMB1
- lB40pJzb0ghHyA== )
- 7200 RRSIG SOA 10 3 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- Gmcf5fw7E3qZH+qMzAM/AbUPk5bSE5NeOcBq
- iRu6ArSiTZOQOVzh/vtcqZxaRYhGRmcP09Y1
- r0bfxPRwxonM/68How2/KaYXDtK1c/X7Xtiu
- hqh5E7Cd9952qEU1QzKPTq5q9b7tvW/vHbf0
- wNK6WgfXiupZUtTt5DdA1AVXnuk= )
- 7200 NS ns1.example.net.
- 7200 RRSIG NS 7 3 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- dX8h35oAdqhsHi/XrkvzSb+CjrUKCmIIcFhQ
- W3LBXeG1A2u0qvaWBTjCZlL+P82+drBEpHe9
- mWAlkZX2QUIXBg== )
- 7200 RRSIG NS 10 3 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- OjicLog1suU6mLdK3AhYv3HXFmE30z/DcWWS
- tSj2Gl8jCwVsIs6ckUi1OWTNxyelHXpv+yLd
- eDFp8j080Txe/vxoLSb/p1Cny+y8JIepAeHU
- u74MFmRqEchHoYD2r3Pz2eoW49vqHKEHnuS0
- 2N7vrkQpUbhPE3FK+BzfUz8oHnM= )
- 3600 DNSKEY 256 3 7 (
- AwEAAbv1lSpyfRbHCrGs667jxg8+IYrU8GqZ
- 8NPy1CGj3yxtFH1xCvd7E9gYjtcPaqse+FsC
- rChUi/2RQGIPaB0PbyM=
- ) ; ZSK; alg = NSEC3RSASHA1; key id = 6419
- 3600 DNSKEY 256 3 10 (
- AwEAAahmSxE4IXfSeRORsgUxextvSLXIqa79
- 0jXejxDQoSmv+Tb7mHsKsB65qxMjXYwIWmh4
- lbx66g/yVL9NaIMw6o01jdH3zYi0p3grqvGB
- 8Z+s4PodN5v1xmSEEqXjYXsjHucg+hQgMkrv
- ls3uwl//gz9t5iQx7/FQ56dDzpPyxti5
- ) ; ZSK; alg = RSASHA512; key id = 21503
- 3600 DNSKEY 256 3 10 (
- AwEAAeweX3J5rUFFMZMN06/70lion/SSy6i6
- HVAveLAgXMQVJBRngAQp2TVxfh0Dxjjywu1N
- kEokr5FUB9kqL36SwwMTzoZ3yuJjylw+GS8d
- w/Z9PFEw0aNMP3qXnL5wHVuzatBnpGo9jAzy
- 6PtRkJal/WiNPl8tdlIaxhi5X0EnQ2cf
- ) ; ZSK; alg = RSASHA512; key id = 53867
- 3600 DNSKEY 257 3 7 (
- AwEAAcN3xHB1ZkrRCdxMWoogYdMx9NXO5pu2
- U41Terw/v9/tBQQ8ZCwq3KyBMTlwow1n1+ri
- NDi3jhJInw+obqUgvxEYU1+xkbAUXU26KqGD
- 7fe+PEk+UlVQ0LHY65yFHTWNc4/3DnEei++V
- uiJ1o7V7sSkQGDJC6L4U+e7vbHi3cBmx
- ) ; KSK; alg = NSEC3RSASHA1; key id = 33936
- 3600 DNSKEY 257 3 10 (
- AwEAAeTP9f5eCzD71+u4oa7XIjEz/IAD4OQB
- D+DgiflOGKrBRnU8uHVqIdqwPhaDqWdutMoZ
- abBDlABe/NB7y55ea7s8RCQzQ2dLFGEL3/+G
- cebakcATH8e6Fp5+QLCSpyRJhfSZZF6qDJ/p
- i2RCS2/VfwCwr+N7VRelFCzri6v+EEeV
- ) ; KSK; alg = RSASHA512; key id = 60396
- 3600 RRSIG DNSKEY 7 3 3600 (
- 20141119171244 20141117171244 6419 sub.example.net.
- KZIpG5rY8FipKmTaz1mT1rU7Wf/alUa0REGs
- eIBU2Cj3niDZCN3q72uwls28s+ZLBiHRupiz
- VB27b+2EwnyXUw== )
- 3600 RRSIG DNSKEY 7 3 3600 (
- 20141119171244 20141117171244 33936 sub.example.net.
- cGyrJmadXCZXA+8q5Kn9AExvv5okZQuUvjuR
- iJn3NGjVfaCkQdAmpzG1JCRLka0SIoNUfR3L
- M6AUlnebGeLTTroQpUhc+9xzGh+j6ZG34Oy4
- z5eGneO9zKCxHo7RS5QKtBMX/B4jGBA1ZXrH
- 8cznGrJP5lXmG0/Slqx5VkZpGZs= )
- 3600 RRSIG DNSKEY 10 3 3600 (
- 20141119171244 20141117171244 21503 sub.example.net.
- WSKwZuoi/R5FbUAXbPi2Qzb1X9NmQlvgl/NS
- BtNZPj0F6IkokKgAt+uTCb0yUFY5LAK5Au+Q
- UhO8KRpU6tvgpXl3EDjoS2w4cB3x+lv5TNyb
- pGVfUZoPcHUrkb+TbcuQfGwJwZff6nd7HmrA
- rctHg958+q2bZZw1pqY+cJLUAyE= )
- 3600 RRSIG DNSKEY 10 3 3600 (
- 20141119171244 20141117171244 60396 sub.example.net.
- rxtIgcBHPI3tvqEVA2P788Nh0amVHy0v/T57
- fcwTbTLEnKDyd+uj1uYYiWkOvXu/1ooVzQu8
- 7KqXjKIxL0qheqladlUMQtBfh9Obz1pcQ6Jn
- xE53Xkq+g4FNy06Fr6OXBjKCPgMWvF0AhGAy
- 1vZVLWcAjm27D3LwXD3dK52rmw8= )
- 0 NSEC3PARAM 1 0 10 9F5882
- 0 RRSIG NSEC3PARAM 7 3 0 (
- 20141119171244 20141117171244 6419 sub.example.net.
- PKdn/FXU0FoVS+cspg+YPlHamyZ6HHFsspZM
- LDF7HxxDSp0dh1tRczCLZbqGqcCXHnNZcpC0
- u7U07psBmVflrg== )
- 0 RRSIG NSEC3PARAM 10 3 0 (
- 20141119171244 20141117171244 21503 sub.example.net.
- OMwvPQ2mJh07YkZqG93wdx0lxpJ7lVvWBpvZ
- dCOxD/hkUJ2GiOnleheXyBymNBb6NeipjhP4
- v2GzL0V6zxMMiP95jgFiH0QA0VZulfZBYgLt
- Q4/OzAVmsoF6rWDON64AjeW4K9739dEzIUVZ
- LZIFQXisPdhvrn4NgJrdnpRuwk0= )
-a.sub.example.net. 7200 IN A 1.2.3.4
- 7200 RRSIG A 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- TSpw1C3Cm6GHT+Si/FnQy3+jVhl3OzSNSjYg
- 4wpfrs36/ZhOfeIf1Gy/G1yQfwD6WVZ3+wEw
- pZMXXWcz7HQIHg== )
- 7200 RRSIG A 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- J+lF2TQCLSTmwI9RT7RsWiavgorqcRGJ/ad3
- 7EwonF2CtZ29I8eVSTzUgtgNOHPOXlfK7UC5
- 6whoZE+peok5rTQu2GXHrmYdpEA4yTVXV+Mt
- VVizFAlRVojCIuNAd8V033XKj5xp0DVJVD8M
- s4n+IQ1C/re3qxj05mRWTGWDZAs= )
-b.sub.example.net. 7200 IN A 1.2.3.5
- 7200 RRSIG A 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- d2SGbYnahENadQt9lMpXNhwjvTKLvzmVO2WA
- H4I6CrX4OB9q1CiyivNUWznvUej7391j+oF+
- 91tNmiea7NXkbg== )
- 7200 RRSIG A 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- UNYfWh3nPXc3/cLJkVxYxgD73gV9NaqbNHTp
- AtYOnyOHxQ/p4IPF+RlOzaFK0nHAdmGnW/cN
- A8VZwWloyZBDhx2DjwrBTkDpFI/nqi1VdI53
- A72aLjuFoHo/sUWkC0DNyYrOOWfv7ief3n7g
- o9zYZ6AYMzHU15/MOLFo026M72s= )
-c.sub.example.net. 7200 IN A 1.2.3.6
- 7200 RRSIG A 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- IgLll78E6Eh6wQFG8DjR9r5f1+tOfd7w54Z8
- ZJn6NMXKpI9htEz4wc2uhYitTfQMkjhHs713
- l9hDzj/N7ZUq4w== )
- 7200 RRSIG A 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- AJMY0J1QS68a43GKWOxBycEF4vmqYU4xG7mx
- oLVs3W5zP4oWLc9L2KalGVSpc3tfgQEYMpaf
- YMC/6lOV/jYVgu3tJHjXTXyXuakO1HmbUmz4
- dsYwxqi2gCpUTrmqcRlh8aEvOXvLmsCS4Z4W
- h9xDAguwKZO+FuH98GdjvYIBxZQ= )
-localhost.sub.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- NqMM+MGnzC3pw27cKVFE5P2gFv1rkHYj1sAU
- XFk2qAlV6TodM4pJD+Tc1QfQxs5FzJiNGY5M
- ko7d1aGFx3f/0A== )
- 7200 RRSIG A 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- iGO6C0oU4frEi+JgR5I09jE0vRB7SKZUmeE9
- HVAQeYwvUxUZ/CxANrdRddLTRS56WEXZh8/0
- SftcbcRzBgcR9B6nJBNm4C2r8ERCU0PBLuz5
- qtCMjYE+522ix1rhjKeyRIAmljv5J8TvDVGB
- H/wMfmFRH/RkLcN/NeGcoWdyh/I= )
-48I3NCI84TCLKJ9NNME64BPAJFNDGLQA.sub.example.net. 7200 IN NSEC3 1 0 10 9F5882 (
- 4BAC6PP7TNBHPHB5NF8CPM9TCFCGBR6R
- A RRSIG )
- 7200 RRSIG NSEC3 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- cUUKJ2t2Jwj37BnhN3OiPmP+Vx8svGXQ+A8u
- wupiN+hkyZq30MvAIOOfw9iwrlb7ViDoywJD
- QXqlAzmnko1BPQ== )
- 7200 RRSIG NSEC3 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- mPc1t/mshOCMCAlnm3ADUiPdQz0FQQNW9e9C
- D+uKsibGyiTY0lTfmWy9h8DuLQZ+NAPcmk48
- IXyopP3GiqBRNuVLU18B4plmP4+BqSK43iMa
- E9wPKzdYkWKrYQtpExrJOGcdKgEKYokrNLX3
- AjeweKQlF0XsfXK+zR/Sw9ZfibY= )
-4BAC6PP7TNBHPHB5NF8CPM9TCFCGBR6R.sub.example.net. 7200 IN NSEC3 1 0 10 9F5882 (
- 4LG74TG924990NI8BHBJU9FAV4TUMCLT
- A RRSIG )
- 7200 RRSIG NSEC3 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- ZGKw78T9mj+71tdtaJPqzhJojkmSREbnNDPM
- Ze/XTdHV0AgE0tFpIY3k7deUJGGUzow9cz8e
- ro396x1UGvd4WA== )
- 7200 RRSIG NSEC3 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- hFjoFcD//EmH8J+dYCV3Fcupmxdao0BNjWWp
- odVSTCRtJJCZhmkrz3ZM4nbqD8sSZII20M7H
- D7aFzm2H5YPpbgUpvLfLA40gk/9tP2ybbRET
- ii76RzSSIO69VgadjBNyBjmnuoRm65reKLA6
- HRz5J+AIkapoAAXLPjN6CzW1C8s= )
-4LG74TG924990NI8BHBJU9FAV4TUMCLT.sub.example.net. 7200 IN NSEC3 1 0 10 9F5882 (
- 6DNQUL36M576R5AMAB52O7QOVASKN098
- A RRSIG )
- 7200 RRSIG NSEC3 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- qjS10ICZ+si7lO1hi0XcfUts8azgDIhG52PI
- CG3/GRi2Gf/M7+3/y+SGbDVPIbt7iGv46rgY
- aQA0von+Q/LrFQ== )
- 7200 RRSIG NSEC3 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- M/bEtsoBAWrH+e4u4pxvnVUiE2AusGn/IwOy
- y8k6raRQUFymw8280X1Qu/fI85EHbmdS87Y8
- QHwx364jmImIB/9ikGnb32Yq10yTUgli4j9I
- SkjKnTXZQrGeDm91lOT66HkOqqx6alsE+uJC
- 0zTOrU5hImZKr71K6rnePPQ7paQ= )
-6DNQUL36M576R5AMAB52O7QOVASKN098.sub.example.net. 7200 IN NSEC3 1 0 10 9F5882 (
- 94U6S8HHE6P1CI9JFL15CTOTRRJM8NC0
- A RRSIG )
- 7200 RRSIG NSEC3 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- IbPLI7qRuG0jfJd2Fe7ce9YG2PignyaijdFG
- iHsYYHvk4Gd/3TCpH69umTZ9Pt8IG615uHRI
- 0AdOEM+nCl70RA== )
- 7200 RRSIG NSEC3 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- e56NrfBDTS/h70xgFK4e3G6MXnosP/14Xbw5
- IDV9gLd3FsIMMi9aMKh8XJjI228nlb7mw3KB
- zNv/z6Vf/ABGy11hmKI7MbColDQOuM+ehkvy
- UpQfPcuros7wfREWcnUOQqggrbazJsyLbwJB
- GsZJiiy9iase+rd4l7a7ov7F0Vk= )
-94U6S8HHE6P1CI9JFL15CTOTRRJM8NC0.sub.example.net. 7200 IN NSEC3 1 0 10 9F5882 (
- 48I3NCI84TCLKJ9NNME64BPAJFNDGLQA
- NS SOA RRSIG DNSKEY NSEC3PARAM )
- 7200 RRSIG NSEC3 7 4 7200 (
- 20141119171244 20141117171244 6419 sub.example.net.
- t/LkG2Osw1ennr5tkbT/Top9iiU5oOajG83q
- QvnBwE7UVYBQPuvYNEBmzEPPjYJmh95Ysb77
- Q4tvNGTeYmhE2A== )
- 7200 RRSIG NSEC3 10 4 7200 (
- 20141119171244 20141117171244 21503 sub.example.net.
- H3daA7IcfSXZPTsbszyf7Os/PMdsx58nNgXq
- rlaIJA79Mttlrkyp7YK3W9+b41OaoDo4QTza
- 7pwP4ZfMJmYRVmaYSc3/tukKuRmM0POE+ZFD
- yE0Y+qx+9J8uXQ3VeIF+F4JRgMKPp7uGvI+d
- 1ut1c8O+8PN6JZ3AaLKlRzd2KkA= )
+++ /dev/null
-../zkt-ls.sh
\ No newline at end of file
+++ /dev/null
-../zkt-signer.sh
\ No newline at end of file
+++ /dev/null
-
-zone "example.NET." in {
- type master;
- file "example.net/zone.db.signed";
-};
-
-zone "sub.example.NET." in {
- type master;
- file "sub.example.net/zone.db.signed";
-};
+++ /dev/null
-sub.example.de.dlv.trusted-keys.net. IN DLV 8544 5 1 676E635D2DE4DB57348E6EA4D47B5A187077B30E
-sub.example.de.dlv.trusted-keys.net. IN DLV 8544 5 2 15903EA9128343053FB37761B806705818527648201F8EA0B039716E EB199DF7
-sub.example.de.dlv.trusted-keys.net. IN DLV 27861 5 1 A70BD190C8BA61C1D867B2A0788FB1011EB39689
-sub.example.de.dlv.trusted-keys.net. IN DLV 27861 5 2 B7BCDAC3AADF8B46F57B9A999BDF6DDA00AAE87C2504704B639407CF 0C9C2149
-sub.example.de.dlv.trusted-keys.net. IN DLV 32679 5 1 B2B115076F5BC2F2864D8ED1D63279193E5E7999
-sub.example.de.dlv.trusted-keys.net. IN DLV 32679 5 2 71B3896274A524028F131983D780C12CB38EA40E435815E9CC301749 26BFD367
-sub.example.de.dlv.trusted-keys.net. IN DLV 38331 5 1 8F7E90EE2686DAE4D31CEE40142AD6A25670B0A0
-sub.example.de.dlv.trusted-keys.net. IN DLV 38331 5 2 7B791220D03926DC6D3531CD155EF1E2AB202CE5955DF61079BEDD48 67400707
-sub.example.de.dlv.trusted-keys.net. IN DLV 42639 5 1 4BF75E73D98DDD2EA51761C78180E5501CD6C160
-sub.example.de.dlv.trusted-keys.net. IN DLV 42639 5 2 23C39209F8D53D76AD86283B4553AEA5419E47494B40FAE1707B18D5 EBD47B07
-sub.example.de.dlv.trusted-keys.net. IN DLV 51846 5 1 F0B3607F13FFE0C5AEF2ED24978FC8D42B391361
-sub.example.de.dlv.trusted-keys.net. IN DLV 51846 5 2 B067543FEAC9F203E9508672D802DEFD9F8AFF6CDBCC298B25C2CCED EDC813D8
+++ /dev/null
-##
-## dnssec-zkt v0.4 (c) Jan 2005 hoz <at> hznet <dot> de ##
-##
-
-resigninterval 12h
-sigvalidity 1d
-max_ttl 90s
-
-ksk_lifetime 7d
-key_algo RSASHA1
-ksk_bits 1024
-
-zsk_lifetime 3d
-zsk_bits 512
-
-dlv_domain "dlv.trusted-keys.net"
+++ /dev/null
-; KSK rollover phase2 (this is the new key)
-sub.example.de. 14400 IN DNSKEY 257 3 5 (
- BQEAAAAB2CMCmaITzL7L6UmI0Y+u16LiyINgkYc3dxYunDYWK0FEXGa5
- L7ss8jepJnBM6KD/rekwqb5wgso/5VnSprhUUnQqec6ESuJ/9/ThI6i7
- zD6AnwdtXagTOaTRqWhUEcjgMIG4oJK/Pb5mZAlXvzPqmRkyeStRw0cU
- AEWQvdtuDcc=
- ) ; key id = 51846
+++ /dev/null
-;-----------------------------------------------------------------
-;
-; @(#) sub.example.de/zone.db
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-@ IN SOA ns1.example.de. hostmaster.example.de. (
- 2011012503; Serial (up to 10 digits)
- 86400 ; Refresh (RIPE recommendation if NOTIFY is used)
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
-
- IN NS ns1.example.de.
-
-$INCLUDE dnskey.db
-
-localhost IN A 127.0.0.1
-
-a IN A 1.2.3.4
-b IN A 1.2.3.5
-c IN A 1.2.3.6
+++ /dev/null
-;-----------------------------------------------------------------
-;
-; @(#) example.de/zone.db
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-; Ensure that the serial number below is left
-; justified in a field of at least 10 chars!!
-; 0123456789;
-; It's also possible to use the date format e.g. 2005040101
-@ IN SOA ns1.example.de. hostmaster.example.de. (
- 315 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
-
- IN NS ns1.example.de.
- IN NS ns2.example.de.
-
-ns1 IN A 1.0.0.5
- IN AAAA 2001:db8::53
-ns2 IN A 1.2.0.6
-
-localhost IN A 127.0.0.1
-
-; Delegation to secure zone; The DS resource record will
-; be added by dnssec-signzone automatically if the
-; keyset-sub.example.de file is present (run dnssec-signzone
-; with option -g or use the dnssec-signer tool) ;-)
-sub IN NS ns1.example.de.
-
-; this file will contain all the zone keys
-$INCLUDE dnskey.db
-
+++ /dev/null
-; Be sure that the serial number below is left
-; justified in a field of at least 10 chars!!
-; 0123456789;
-; It's also possible to use the date form e.g. 2005040101
-@ IN SOA ns1.example.de. hostmaster.example.de. (
- 267 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
+++ /dev/null
-#
-# @(#) dnssec.conf T1.0rc1 (c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de
-#
-
-# dnssec-zkt options
-Zonedir: "."
-Recursive: True
-PrintTime: False
-PrintAge: True
-LeftJustify: False
-
-# zone specific values
-ResignInterval: 1w # (604800 seconds)
-Sigvalidity: 10d # (864000 seconds)
-Max_TTL: 6h # (21600 seconds)
-Propagation: 5m # (300 seconds)
-KEY_TTL: 1h # (3600 seconds)
-Serialformat: incremental
-
-# signing key parameters
-Key_Algo: RSASHA1 # (Algorithm ID 5)
-KSK_lifetime: 30d
-KSK_bits: 1300
-KSK_randfile: "/dev/urandom"
-ZSK_lifetime: 10d
-ZSK_bits: 512
-ZSK_randfile: "/dev/urandom"
-SaltBits: 24
-
-# dnssec-signer options
-LogFile: "log"
-LogLevel: INFO
-LogDomainDir: "log"
-SyslogFacility: USER
-SyslogLevel: NOTICE
-VerboseLog: 0
-Keyfile: "dnskey.db"
-Zonefile: "zone.db"
-KeySetDir: ".."
-DLV_Domain: ""
-Sig_Pseudorand: True
-Sig_GenerateDS: True
-Sig_DnsKeyKSK: True
-Sig_Parameter: ""
+++ /dev/null
-/*****************************************************************
-**
-** #(@) named.conf (c) 6. May 2004 (hoz)
-**
-*****************************************************************/
-
-/*****************************************************************
-** logging options
-*****************************************************************/
-logging {
- channel "named-log" {
- file "/var/log/named" versions 3 size 2m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel "resolver-log" {
- file "/var/log/named";
- print-time yes;
- print-category yes;
- print-severity yes;
- severity debug 1;
- };
- channel "dnssec-log" {
-# file "/var/log/named-dnssec" ;
- file "/var/log/named" ;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity debug 3;
- };
- category "dnssec" { "dnssec-log"; };
- category "default" { "named-log"; };
- category "resolver" { "resolver-log"; };
- category "client" { "resolver-log"; };
- category "queries" { "resolver-log"; };
-};
-
-/*****************************************************************
-** name server options
-*****************************************************************/
-options {
- directory ".";
-
- dump-file "/var/log/named_dump.db";
- statistics-file "/var/log/named.stats";
-
- listen-on-v6 { any; };
-
- query-source address * port 53;
- transfer-source * port 53;
- notify-source * port 53;
-
- recursion yes;
- dnssec-enable yes;
- edns-udp-size 4096;
-
-# dnssec-lookaside "." trust-anchor "trusted-keys.de.";
-
- querylog yes;
-
-};
-
-/*****************************************************************
-** include shared secrets...
-*****************************************************************/
-/** for control sessions ... **/
-# include "rndc.key";
-controls {
- inet 127.0.0.1
- allow { localhost; }
- keys { "rndc-key"; };
- inet ::1
- allow { localhost; }
- keys { "rndc-key"; };
-};
-
-/*****************************************************************
-** ... and trusted_keys
-*****************************************************************/
-# include "trusted-keys.conf" ;
-
-/*****************************************************************
-** root server hints and required 127 stuff
-*****************************************************************/
-zone "." in {
- type hint;
- file "root.hint";
-};
-
-zone "localhost" in {
- type master;
- file "localhost.zone";
-};
-
-zone "0.0.127.in-addr.arpa" in {
- type master;
- file "127.0.0.zone";
-};
-
-include "zone.conf";
+++ /dev/null
-../zkt-ls.sh
\ No newline at end of file
+++ /dev/null
-../zkt-signer.sh
\ No newline at end of file
+++ /dev/null
-
-zone "example.de." in {
- type master;
- file "de/example.de/zone.db.signed";
-};
-
-zone "sub.example.de." in {
- type master;
- file "de/example.de/sub.example.de/zone.db.signed";
-};
+++ /dev/null
-#
-# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
-#
-
-# dnssec-zkt options
-Zonedir: "extern"
-Recursive: True
-PrintTime: False
-PrintAge: True
-LeftJustify: False
-
-# zone specific values
-ResignInterval: 1w # (604800 seconds)
-Sigvalidity: 10d # (864000 seconds)
-Max_TTL: 8h # (28800 seconds)
-Propagation: 5m # (300 seconds)
-KEY_TTL: 1h # (3600 seconds)
-Serialformat: unixtime
-
-# signing key parameters
-KSK_lifetime: 1y # (31536000 seconds)
-KSK_algo: RSASHA1 # (Algorithm ID 5)
-KSK_bits: 1300
-KSK_randfile: "/dev/urandom"
-ZSK_lifetime: 30d # (2592000 seconds)
-ZSK_algo: RSASHA1 # (Algorithm ID 5)
-ZSK_bits: 512
-ZSK_randfile: "/dev/urandom"
-
-# dnssec-signer options
-LogFile: "zkt-ext.log"
-LogLevel: "debug"
-SyslogFacility: "none"
-SyslogLevel: "notice"
-VerboseLog: 2
-Keyfile: "dnskey.db"
-Zonefile: "zone.db"
-DLV_Domain: ""
-Sig_Pseudorand: True
+++ /dev/null
-#
-# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
-#
-
-# dnssec-zkt options
-Zonedir: "intern"
-Recursive: True
-PrintTime: False
-PrintAge: True
-LeftJustify: False
-
-# zone specific values
-ResignInterval: 5h # (18000 seconds)
-Sigvalidity: 1d # (86400 seconds)
-Max_TTL: 30m # (1800 seconds)
-Propagation: 1m # (60 seconds)
-KEY_TTL: 30m # (1800 seconds)
-Serialformat: unixtime
-
-# signing key parameters
-KSK_lifetime: 1y # (31536000 seconds)
-KSK_algo: RSASHA1 # (Algorithm ID 5)
-KSK_bits: 1300
-KSK_randfile: "/dev/urandom"
-ZSK_lifetime: 30d # (2592000 seconds)
-ZSK_algo: RSASHA1 # (Algorithm ID 5)
-ZSK_bits: 512
-ZSK_randfile: "/dev/urandom"
-
-# dnssec-signer options
-LogFile: "zkt-int.log"
-LogLevel: "debug"
-SyslogFacility: "none"
-SyslogLevel: "notice"
-VerboseLog: 2
-Keyfile: "dnskey.db"
-Zonefile: "zone.db"
-DLV_Domain: ""
-Sig_Pseudorand: True
+++ /dev/null
-#!/bin/sh
-#
-# Shell script to start the dnssec-signer
-# command out of the view directory
-#
-
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@"
+++ /dev/null
-#!/bin/sh
-#
-# Shell script to start the dnssec-signer
-# command out of the view directory
-#
-
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@"
+++ /dev/null
-#!/bin/sh
-#
-# Shell script to start the dnssec-zkt command
-# out of the view directory
-#
-
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@"
+++ /dev/null
-#!/bin/sh
-#
-# Shell script to start the dnssec-zkt command
-# out of the view directory
-#
-
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@"
+++ /dev/null
-;-----------------------------------------------------------------
-;
-; @(#) extern/example.net/zone.db
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-@ IN SOA ns1.example.net. hostmaster.example.net. (
- 0 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
- IN NS ns1.example.net.
- IN NS ns2.example.net.
-
-ns1 IN A 1.0.0.5
- IN AAAA 2001:db8::53
-ns2 IN A 1.2.0.6
-
-localhost IN A 127.0.0.1
-
-; Delegation to secure zone; The DS resource record will
-; be added by dnssec-signzone automatically if the
-; keyset-sub.example.net file is present (run dnssec-signzone
-; with option -g or use the dnssec-signer tool) ;-)
-sub IN NS ns1.example.net.
-
-; this file will have all the zone keys
-$INCLUDE dnskey.db
-
+++ /dev/null
-2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v
-2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net."
-2008-06-12 17:59:04.196: debug: Check RFC5011 status
-2008-06-12 17:59:04.196: debug: ->ksk5011status returns 0
-2008-06-12 17:59:04.196: debug: Check ksk status
-2008-06-12 17:59:04.196: debug: Re-signing not necessary!
-2008-06-12 17:59:04.196: notice: end of run: 0 errors occured
-2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v
-2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net."
-2008-06-12 17:59:17.436: debug: Check RFC5011 status
-2008-06-12 17:59:17.436: debug: ->ksk5011status returns 0
-2008-06-12 17:59:17.436: debug: Check ksk status
-2008-06-12 17:59:17.436: debug: Re-signing not necessary!
-2008-06-12 17:59:17.436: notice: end of run: 0 errors occured
-2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v
-2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net."
-2008-06-12 18:00:07.819: debug: Check RFC5011 status
-2008-06-12 18:00:07.819: debug: ->ksk5011status returns 0
-2008-06-12 18:00:07.819: debug: Check ksk status
-2008-06-12 18:00:07.819: debug: Re-signing not necessary!
-2008-06-12 18:00:07.819: notice: end of run: 0 errors occured
-2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v
-2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net."
-2008-06-12 18:00:39.020: debug: Check RFC5011 status
-2008-06-12 18:00:39.020: debug: ->ksk5011status returns 0
-2008-06-12 18:00:39.020: debug: Check ksk status
-2008-06-12 18:00:39.020: debug: Re-signing not necessary!
-2008-06-12 18:00:39.020: notice: end of run: 0 errors occured
-2008-10-03 01:00:45.544: notice: ------------------------------------------------------------
-2008-10-03 01:00:45.544: notice: running ../../dnssec-signer -V extern -v -v
-2008-10-03 01:00:45.545: debug: parsing zone "example.net" in dir "extern/example.net"
-2008-10-03 01:00:45.545: debug: Check RFC5011 status
-2008-10-03 01:00:45.545: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-10-03 01:00:45.545: debug: Check KSK status
-2008-10-03 01:00:45.545: debug: Check ZSK status
-2008-10-03 01:00:45.545: debug: Lifetime(2592000 +/-150 sec) of active key 35744 exceeded (5018328 sec)
-2008-10-03 01:00:45.546: debug: ->depreciate it
-2008-10-03 01:00:45.546: debug: ->activate published key 10367
-2008-10-03 01:00:45.546: notice: "example.net": lifetime of zone signing key 35744 exceeded: ZSK rollover done
-2008-10-03 01:00:45.546: debug: New key for publishing needed
-2008-10-03 01:00:45.614: debug: ->creating new key 14714
-2008-10-03 01:00:45.614: info: "example.net": new key 14714 generated for publishing
-2008-10-03 01:00:45.614: debug: Re-signing necessary: New zone key
-2008-10-03 01:00:45.614: notice: "example.net": re-signing triggered: New zone key
-2008-10-03 01:00:45.614: debug: Writing key file "extern/example.net/dnskey.db"
-2008-10-03 01:00:45.614: debug: Signing zone "example.net"
-2008-10-03 01:00:45.614: debug: Run cmd "cd extern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +864000 -N unixtime zone.db K*.private"
-2008-10-03 01:00:46.114: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-10-03 01:00:46.114: debug: Signing completed after 1s.
-2008-10-03 01:00:46.114: debug:
-2008-10-03 01:00:46.114: notice: end of run: 0 errors occured
+++ /dev/null
-;-----------------------------------------------------------------
-;
-; @(#) intern/example.net/zone.db
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-@ IN SOA ns1.example.net. hostmaster.example.net. (
- 0 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
- IN NS ns1.example.net.
- IN NS ns2.example.net.
-
-ns1 IN A 192.168.1.53
- IN AAAA fd12:063c:cdbb::53
-ns2 IN A 10.1.2.3
-
-localhost IN A 127.0.0.1
-
-; Delegation to secure zone; The DS resource record will
-; be added by dnssec-signzone automatically if the
-; keyset-sub.example.net file is present (run dnssec-signzone
-; with option -g or use the dnssec-signer tool) ;-)
-sub IN NS ns1.example.net.
-
-; this file will have all the zone keys
-$INCLUDE dnskey.db
-
+++ /dev/null
-2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v
-2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:02:13.594: debug: Check RFC5011 status
-2008-06-12 18:02:13.595: debug: ->ksk5011status returns 0
-2008-06-12 18:02:13.595: debug: Check ksk status
-2008-06-12 18:02:13.595: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec)
-2008-06-12 18:02:13.595: debug: ->waiting for pre-publish key
-2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:02:13.595: debug: Re-signing necessary: Modified keys
-2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys
-2008-06-12 18:02:13.595: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:02:13.596: debug: Signing zone "example.net."
-2008-06-12 18:02:13.596: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:02:13.705: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:02:13.705: debug: Signing completed after 0s.
-2008-06-12 18:02:13.705: debug:
-2008-06-12 18:02:13.705: notice: end of run: 0 errors occured
-2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v
-2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:03:13.209: debug: Check RFC5011 status
-2008-06-12 18:03:13.209: debug: ->ksk5011status returns 0
-2008-06-12 18:03:13.209: debug: Check ksk status
-2008-06-12 18:03:13.209: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec)
-2008-06-12 18:03:13.209: debug: ->waiting for pre-publish key
-2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:03:13.209: debug: Re-signing not necessary!
-2008-06-12 18:03:13.209: notice: end of run: 0 errors occured
-2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v
-2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:03:19.288: debug: Check RFC5011 status
-2008-06-12 18:03:19.289: debug: ->ksk5011status returns 0
-2008-06-12 18:03:19.289: debug: Check ksk status
-2008-06-12 18:03:19.289: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec)
-2008-06-12 18:03:19.289: debug: ->waiting for pre-publish key
-2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:03:19.289: debug: Re-signing not necessary!
-2008-06-12 18:03:19.289: notice: end of run: 0 errors occured
-2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v
-2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:03:23.618: debug: Check RFC5011 status
-2008-06-12 18:03:23.618: debug: ->ksk5011status returns 0
-2008-06-12 18:03:23.618: debug: Check ksk status
-2008-06-12 18:03:23.618: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec)
-2008-06-12 18:03:23.618: debug: ->waiting for pre-publish key
-2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:03:23.618: debug: Re-signing necessary: Option -f
-2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 18:03:23.618: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:03:23.619: debug: Signing zone "example.net."
-2008-06-12 18:03:23.619: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:03:23.719: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:03:23.719: debug: Signing completed after 0s.
-2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered
-2008-06-12 18:03:23.772: debug:
-2008-06-12 18:03:23.772: notice: end of run: 0 errors occured
-2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v
-2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:05:39.533: debug: Check RFC5011 status
-2008-06-12 18:05:39.533: debug: ->ksk5011status returns 0
-2008-06-12 18:05:39.533: debug: Check ksk status
-2008-06-12 18:05:39.533: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec)
-2008-06-12 18:05:39.533: debug: ->waiting for pre-publish key
-2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:05:39.533: debug: Re-signing necessary: Option -f
-2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 18:05:39.533: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:05:39.534: debug: Signing zone "example.net."
-2008-06-12 18:05:39.534: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:05:39.629: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:05:39.630: debug: Signing completed after 0s.
-2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered
-2008-06-12 18:05:39.640: debug:
-2008-06-12 18:05:39.640: notice: end of run: 0 errors occured
-2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v
-2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:07:47.754: debug: Check RFC5011 status
-2008-06-12 18:07:47.754: debug: ->ksk5011status returns 0
-2008-06-12 18:07:47.754: debug: Check ksk status
-2008-06-12 18:07:47.754: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec)
-2008-06-12 18:07:47.754: debug: ->waiting for pre-publish key
-2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:07:47.754: debug: Re-signing necessary: Option -f
-2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 18:07:47.754: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:07:47.754: debug: Signing zone "example.net."
-2008-06-12 18:07:47.754: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:07:47.856: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:07:47.856: debug: Signing completed after 0s.
-2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered
-2008-06-12 18:07:47.866: debug:
-2008-06-12 18:07:47.867: notice: end of run: 0 errors occured
-2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v
-2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:10:57.978: debug: Check RFC5011 status
-2008-06-12 18:10:57.978: debug: ->ksk5011status returns 0
-2008-06-12 18:10:57.978: debug: Check ksk status
-2008-06-12 18:10:57.978: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec)
-2008-06-12 18:10:57.978: debug: ->waiting for pre-publish key
-2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:10:57.978: debug: Re-signing necessary: Option -f
-2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 18:10:57.978: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:10:57.979: debug: Signing zone "example.net."
-2008-06-12 18:10:57.979: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:10:58.081: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:10:58.081: debug: Signing completed after 1s.
-2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered
-2008-06-12 18:10:58.093: debug:
-2008-06-12 18:10:58.093: notice: end of run: 0 errors occured
-2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v
-2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:13:29.512: debug: Check RFC5011 status
-2008-06-12 18:13:29.512: debug: ->ksk5011status returns 0
-2008-06-12 18:13:29.512: debug: Check ksk status
-2008-06-12 18:13:29.512: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec)
-2008-06-12 18:13:29.512: debug: ->waiting for pre-publish key
-2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:13:29.512: debug: Re-signing necessary: Option -f
-2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 18:13:29.512: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:13:29.513: debug: Signing zone "example.net."
-2008-06-12 18:13:29.513: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:13:29.612: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:13:29.612: debug: Signing completed after 0s.
-2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered
-2008-06-12 18:13:29.612: debug: Reload zone "example.net." in view "intern"
-2008-06-12 18:13:29.612: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
-2008-06-12 18:13:29.623: debug:
-2008-06-12 18:13:29.623: notice: end of run: 0 errors occured
-2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v
-2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:13:38.709: debug: Check RFC5011 status
-2008-06-12 18:13:38.709: debug: ->ksk5011status returns 0
-2008-06-12 18:13:38.709: debug: Check ksk status
-2008-06-12 18:13:38.709: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec)
-2008-06-12 18:13:38.709: debug: ->waiting for pre-publish key
-2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:13:38.709: debug: Re-signing necessary: Option -f
-2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 18:13:38.709: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:13:38.710: debug: Signing zone "example.net."
-2008-06-12 18:13:38.710: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:13:39.163: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:13:39.163: debug: Signing completed after 1s.
-2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered
-2008-06-12 18:13:39.163: debug: Reload zone "example.net." in view "intern"
-2008-06-12 18:13:39.163: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
-2008-06-12 18:13:39.174: debug:
-2008-06-12 18:13:39.174: notice: end of run: 0 errors occured
-2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v
-2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net."
-2008-06-12 18:13:43.164: debug: Check RFC5011 status
-2008-06-12 18:13:43.164: debug: ->ksk5011status returns 0
-2008-06-12 18:13:43.164: debug: Check ksk status
-2008-06-12 18:13:43.164: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec)
-2008-06-12 18:13:43.164: debug: ->waiting for pre-publish key
-2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-12 18:13:43.164: debug: Re-signing necessary: Option -f
-2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 18:13:43.164: debug: Writing key file "intern/example.net./dnskey.db"
-2008-06-12 18:13:43.164: debug: Signing zone "example.net."
-2008-06-12 18:13:43.164: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
-2008-06-12 18:13:43.262: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 18:13:43.262: debug: Signing completed after 0s.
-2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered
-2008-06-12 18:13:43.262: debug: Reload zone "example.net." in view "intern"
-2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
-2008-06-12 18:13:43.273: debug:
-2008-06-12 18:13:43.273: notice: end of run: 0 errors occured
-2008-10-03 01:00:38.404: notice: ------------------------------------------------------------
-2008-10-03 01:00:38.404: notice: running ../../dnssec-signer -V intern
-2008-10-03 01:00:38.405: debug: parsing zone "example.net" in dir "intern/example.net"
-2008-10-03 01:00:38.405: debug: Check RFC5011 status
-2008-10-03 01:00:38.405: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-10-03 01:00:38.405: debug: Check KSK status
-2008-10-03 01:00:38.405: debug: Check ZSK status
-2008-10-03 01:00:38.405: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (5018321 sec)
-2008-10-03 01:00:38.405: debug: ->depreciate it
-2008-10-03 01:00:38.405: debug: ->activate published key 23375
-2008-10-03 01:00:38.405: notice: "example.net": lifetime of zone signing key 5972 exceeded: ZSK rollover done
-2008-10-03 01:00:38.405: debug: New key for publishing needed
-2008-10-03 01:00:38.491: debug: ->creating new key 55745
-2008-10-03 01:00:38.492: info: "example.net": new key 55745 generated for publishing
-2008-10-03 01:00:38.492: debug: Re-signing necessary: New zone key
-2008-10-03 01:00:38.492: notice: "example.net": re-signing triggered: New zone key
-2008-10-03 01:00:38.492: debug: Writing key file "intern/example.net/dnskey.db"
-2008-10-03 01:00:38.492: debug: Signing zone "example.net"
-2008-10-03 01:00:38.492: debug: Run cmd "cd intern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +86400 -N unixtime zone.db K*.private"
-2008-10-03 01:00:38.796: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-10-03 01:00:38.796: debug: Signing completed after 0s.
-2008-10-03 01:00:38.796: debug:
-2008-10-03 01:00:38.796: notice: end of run: 0 errors occured
+++ /dev/null
-/*****************************************************************
-**
-** #(@) named.conf (c) 6. May 2004 (hoz)
-*****************************************************************/
-
-/*****************************************************************
-** logging options
-*****************************************************************/
-logging {
- channel "named-log" {
- file "named.log";
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- category "dnssec" { "named-log"; };
- category "edns-disabled" { "named-log"; };
- category "default" { "named-log"; };
-};
-
-/*****************************************************************
-** name server options
-*****************************************************************/
-options {
- directory ".";
-
- pid-file "named.pid";
- listen-on-v6 port 1053 { any; };
- listen-on port 1053 { any; };
-
- empty-zones-enable no;
-
- port 1053;
- query-source address * port 1053;
- query-source-v6 address * port 1053;
- transfer-source * port 53;
- transfer-source-v6 * port 53;
- use-alt-transfer-source no;
- notify-source * port 53;
- notify-source-v6 * port 53;
-
- recursion yes;
- dnssec-enable yes;
- dnssec-validation yes; /* required by BIND 9.4.0 */
- dnssec-accept-expired false; /* added since BIND 9.5.0 */
- edns-udp-size 1460; /* (M4) */
- max-udp-size 1460; /* (M5) */
-
- # allow-query { localhost; }; /* default in 9.4.0 */
- # allow-query-cache { localhost; }; /* default in 9.4.0 */
-
- dnssec-must-be-secure "." no;
-
- querylog yes;
-
- stats-server 127.0.0.1 port 8881; /* added since BIND 9.5.0 */
-};
-
-/*****************************************************************
-** view intern
-*****************************************************************/
-view "intern" {
- match-clients { 127.0.0.1; ::1; };
- recursion yes;
- zone "." in {
- type hint;
- file "root.hint";
- };
-
- zone "0.0.127.in-addr.arpa" in {
- type master;
- file "127.0.0.zone";
- };
-
- zone "example.net" in {
- type master;
- file "intern/example.net/zone.db.signed";
- };
-};
-
-/*****************************************************************
-** view extern
-*****************************************************************/
-view "extern" {
- match-clients { any; };
- recursion no;
- zone "." in {
- type hint;
- file "root.hint";
- };
-
- zone "example.net" in {
- type master;
- file "extern/example.net/zone.db.signed";
- };
-};
+++ /dev/null
-20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
-20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error)
-20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
-20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error)
-20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
-20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error)
-20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found
-20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed)
-20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed)
-20-Nov-2007 17:40:12.393 general: notice: running
-20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789)
-20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217)
-20-Nov-2007 19:07:04.016 general: info: shutting down
-20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053
-20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053
-20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053
-20-Nov-2007 19:07:04.020 general: notice: exiting
+++ /dev/null
-; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net
-;; global options: printcmd
-;; Got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355
-;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
-;; WARNING: recursion requested but not available
-
-;; QUESTION SECTION:
-;. IN NS
-
-;; ANSWER SECTION:
-. 518400 IN NS H.ROOT-SERVERS.NET.
-. 518400 IN NS I.ROOT-SERVERS.NET.
-. 518400 IN NS J.ROOT-SERVERS.NET.
-. 518400 IN NS K.ROOT-SERVERS.NET.
-. 518400 IN NS L.ROOT-SERVERS.NET.
-. 518400 IN NS M.ROOT-SERVERS.NET.
-. 518400 IN NS A.ROOT-SERVERS.NET.
-. 518400 IN NS B.ROOT-SERVERS.NET.
-. 518400 IN NS C.ROOT-SERVERS.NET.
-. 518400 IN NS D.ROOT-SERVERS.NET.
-. 518400 IN NS E.ROOT-SERVERS.NET.
-. 518400 IN NS F.ROOT-SERVERS.NET.
-. 518400 IN NS G.ROOT-SERVERS.NET.
-
-;; ADDITIONAL SECTION:
-A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
-B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
-C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
-D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
-E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
-F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
-G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
-H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
-I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
-J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
-K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
-L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
-M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
-
-;; Query time: 114 msec
-;; SERVER: 198.41.0.4#53(198.41.0.4)
-;; WHEN: Mon Nov 5 07:28:00 2007
-;; MSG SIZE rcvd: 436
-
+++ /dev/null
-
-
-ZKT_CONFFILE=dnssec.conf
-export ZKT_CONFFILE
-
-if true
-then
- echo "All internal keys:"
- ./dnssec-zkt-intern
- echo
-
- echo "All external keys:"
- ./dnssec-zkt-extern
- echo
-fi
-
-echo "Sign both views"
-./dnssec-signer-intern -v -v -f -r
-echo
-./dnssec-signer-extern -v -v
+++ /dev/null
-#!/bin/sh
-#
-# Shell script to start the zkt-ls command
-# out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
- echo Please start this skript out of the flat or hierarchical sub directory
- exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-ls "$@"
+++ /dev/null
-#!/bin/sh
-#
-# Shell script to start the zkt-signer
-# command out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
- echo Please start this skript out of the flat or hierarchical sub directory
- exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-signer "$@"
+++ /dev/null
-/*****************************************************************
-**
-** @(#) log.c -- The ZKT error logging module
-**
-** Copyright (c) June 2008, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <ctype.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include <sys/time.h>
-# include <time.h>
-# include <assert.h>
-# include <errno.h>
-# include <syslog.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-# include "misc.h"
-# include "debug.h"
-#define extern
-# include "log.h"
-#undef extern
-
-/*****************************************************************
-** module internal vars & declarations
-*****************************************************************/
-static FILE *lg_fp;
-static FILE *lg_fpsave;
-static int lg_minfilelevel;
-static int lg_syslogging;
-static int lg_minsyslevel;
-static long lg_errcnt;
-static const char *lg_progname;
-
-typedef struct {
- lg_lvl_t level;
- const char *str;
- int syslog_level;
-} lg_symtbl_t;
-
-static lg_symtbl_t symtbl[] = {
- { LG_NONE, "none", -1 },
- { LG_DEBUG, "debug", LOG_DEBUG },
- { LG_INFO, "info", LOG_INFO },
- { LG_NOTICE, "notice", LOG_NOTICE },
- { LG_WARNING, "warning", LOG_WARNING },
- { LG_ERROR, "error", LOG_ERR },
- { LG_FATAL, "fatal", LOG_CRIT },
-
- { LG_NONE, "user", LOG_USER },
- { LG_NONE, "daemon", LOG_DAEMON },
- { LG_NONE, "local0", LOG_LOCAL0 },
- { LG_NONE, "local1", LOG_LOCAL1 },
- { LG_NONE, "local2", LOG_LOCAL2 },
- { LG_NONE, "local3", LOG_LOCAL3 },
- { LG_NONE, "local4", LOG_LOCAL4 },
- { LG_NONE, "local5", LOG_LOCAL5 },
- { LG_NONE, "local6", LOG_LOCAL6 },
- { LG_NONE, "local7", LOG_LOCAL7 },
- { LG_NONE, NULL, -1 }
-};
-
-# define MAXFNAME (1023)
-/*****************************************************************
-** function definitions (for function declarations see log.h)
-*****************************************************************/
-
-/*****************************************************************
-** lg_fileopen (path, name) -- open the log file
-** Name is a (absolute or relative) file or directory name.
-** If path is given and name is a relative path name then path
-** is prepended to name.
-** returns the open file pointer or NULL on error
-*****************************************************************/
-static FILE *lg_fileopen (const char *path, const char *name)
-{
- int len;
- FILE *fp;
- struct tm *t;
- time_t sec;
- char fname[MAXFNAME+1];
-
- if ( name == NULL || *name == '\0' )
- return NULL;
- else if ( *name == '/' || path == NULL )
- snprintf (fname, MAXFNAME, "%s", name);
- else
- snprintf (fname, MAXFNAME, "%s/%s", path, name);
-
-# ifdef LOG_TEST
- fprintf (stderr, "\t ==> \"%s\"", fname);
-# endif
- if ( is_directory (fname) )
- {
- len = strlen (fname);
-
- time (&sec);
- t = gmtime (&sec);
- snprintf (fname+len, MAXFNAME-len, LOG_FNAMETMPL,
- t->tm_year + 1900, t->tm_mon+1, t->tm_mday,
- t->tm_hour, t->tm_min, t->tm_sec);
-# ifdef LOG_TEST
- fprintf (stderr, " isdir \"%s\"", fname);
-# endif
- }
-
-# ifdef LOG_TEST
- fprintf (stderr, "\n");
-# endif
-
- if ( (fp = fopen (fname, "a")) == NULL )
- return NULL;
-
- return fp;
-}
-
-/*****************************************************************
-** lg_str2lvl (level_name)
-*****************************************************************/
-lg_lvl_t lg_str2lvl (const char *name)
-{
- lg_symtbl_t *p;
-
- if ( !name )
- return LG_NONE;
-
- for ( p = symtbl; p->str; p++ )
- if ( strcasecmp (name, p->str) == 0 )
- return p->level;
-
- return LG_NONE;
-}
-
-/*****************************************************************
-** lg_lvl2syslog (level)
-*****************************************************************/
-lg_lvl_t lg_lvl2syslog (lg_lvl_t level)
-{
- lg_symtbl_t *p;
-
- for ( p = symtbl; p->str; p++ )
- if ( level == p->level )
- return p->syslog_level;
-
- assert ( p->str != NULL ); /* we assume not to reach this! */
-
- return LOG_DEBUG; /* if not found, return DEBUG as default */
-}
-
-/*****************************************************************
-** lg_str2syslog (facility_name)
-*****************************************************************/
-int lg_str2syslog (const char *facility)
-{
- lg_symtbl_t *p;
-
- dbg_val1 ("lg_str2syslog (%s)\n", facility);
- if ( !facility )
- return LG_NONE;
-
- for ( p = symtbl; p->str; p++ )
- if ( strcasecmp (facility, p->str) == 0 )
- return p->syslog_level;
-
- return LG_NONE;
-}
-
-/*****************************************************************
-** lg_lvl2str (level)
-*****************************************************************/
-const char *lg_lvl2str (lg_lvl_t level)
-{
- lg_symtbl_t *p;
-
- if ( level < LG_DEBUG )
- return "none";
-
- for ( p = symtbl; p->str; p++ )
- if ( level == p->level )
- return p->str;
- return "fatal";
-}
-
-/*****************************************************************
-** lg_geterrcnt () -- returns the current value of the internal
-** error counter
-*****************************************************************/
-long lg_geterrcnt ()
-{
- return lg_errcnt;
-}
-
-/*****************************************************************
-** lg_seterrcnt () -- sets the internal error counter
-** returns the current value
-*****************************************************************/
-long lg_seterrcnt (long value)
-{
- return lg_errcnt = value;
-}
-
-/*****************************************************************
-** lg_reseterrcnt () -- resets the internal error counter to 0
-** returns the current value
-*****************************************************************/
-long lg_reseterrcnt ()
-{
- return lg_seterrcnt (0L);
-}
-
-
-/*****************************************************************
-** lg_open (prog, facility, syslevel, path, file, filelevel)
-** -- open the log channel
-** return values:
-** 0 on success
-** -1 on file open error
-*****************************************************************/
-int lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel)
-{
- int sysfacility;
-
- dbg_val6 ("lg_open (%s, %s, %s, %s, %s, %s)\n", progname, facility, syslevel, path, file, filelevel);
-
- lg_minsyslevel = lg_str2lvl (syslevel);
- lg_minfilelevel = lg_str2lvl (filelevel);
-
- sysfacility = lg_str2syslog (facility);
- if ( sysfacility >= 0 )
- {
- lg_syslogging = 1;
- dbg_val2 ("lg_open: openlog (%s, LOG_NDELAY, %d)\n", progname, lg_str2syslog (facility));
- openlog (progname, LOG_NDELAY, lg_str2syslog (facility));
- }
- if ( file && * file )
- {
- if ( (lg_fp = lg_fileopen (path, file)) == NULL )
- return -1;
- lg_progname = progname;
- }
-
- return 0;
-}
-
-/*****************************************************************
-** lg_close () -- close the open filepointer for error logging
-** return 0 if no error log file is currently open,
-** otherwise the return code of fclose is returned.
-*****************************************************************/
-int lg_close ()
-{
- int ret = 0;
-
- if ( lg_syslogging )
- {
- closelog ();
- lg_syslogging = 0;
- }
- if ( lg_fp )
- {
- ret = fclose (lg_fp);
- lg_fp = NULL;
- }
-
- return ret;
-}
-
-/*****************************************************************
-** lg_zone_start (domain)
-** -- reopen the log channel
-** return values:
-** 0 on success
-** -1 on file open error
-*****************************************************************/
-int lg_zone_start (const char *dir, const char *domain)
-{
- char fname[255+1];
-
- dbg_val2 ("lg_zone_start (%s, %s)\n", dir, domain);
-
- snprintf (fname, sizeof (fname), LOG_DOMAINTMPL, domain);
- if ( lg_fp )
- lg_fpsave = lg_fp;
- lg_fp = lg_fileopen (dir, fname);
-
- return lg_fp != NULL;
-}
-
-/*****************************************************************
-** lg_zone_end (domain)
-** -- close the (reopened) log channel
-** return values:
-** 0 on success
-** -1 on file open error
-*****************************************************************/
-int lg_zone_end ()
-{
- if ( lg_fp && lg_fpsave )
- {
- lg_close ();
- lg_fp = lg_fpsave;
- lg_fpsave = NULL;
- return 1;
- }
-
- return 0;
-}
-
-/*****************************************************************
-**
-** lg_args (level, argc, argv[])
-** log all command line arguments (up to a length of 511 chars)
-** with priority level
-**
-*****************************************************************/
-void lg_args (lg_lvl_t level, int argc, char * const argv[])
-{
- char cmdline[511+1];
- int len;
- int i;
-
- len = 0;
- for ( i = 0; i < argc && len < sizeof (cmdline); i++ )
- len += snprintf (cmdline+len, sizeof (cmdline) - len, " %s", argv[i]);
-
-#if 1
- lg_mesg (level, "------------------------------------------------------------");
-#else
- lg_mesg (level, "");
-#endif
- lg_mesg (level, "running%s ", cmdline);
-}
-
-/*****************************************************************
-**
-** lg_mesg (level, fmt, ...)
-**
-** Write a given message to the error log file and counts
-** all messages written with an level greater than LOG_ERR.
-**
-** All messages will be on one line in the logfile, so it's
-** not necessary to add an '\n' to the message.
-**
-** To call this function before an elog_open() is called is
-** useless!
-**
-*****************************************************************/
-void lg_mesg (int priority, char *fmt, ...)
-{
- va_list ap;
- struct timeval tv;
- struct tm *t;
- char format[256];
-
- assert (fmt != NULL);
- assert (priority >= LG_DEBUG && priority <= LG_FATAL);
-
- format[0] ='\0';
-
- dbg_val3 ("syslog = %d prio = %d >= sysmin = %d\n", lg_syslogging, priority, lg_minsyslevel);
- if ( lg_syslogging && priority >= lg_minsyslevel )
- {
-#if defined (LOG_WITH_LEVEL) && LOG_WITH_LEVEL
- snprintf (format, sizeof (format), "%s: %s", lg_lvl2str(priority), fmt);
- fmt = format;
-#endif
- va_start(ap, fmt);
- vsyslog (lg_lvl2syslog (priority), fmt, ap);
- va_end(ap);
- }
-
- dbg_val3 ("filelg = %d prio = %d >= filmin = %d\n", lg_fp!=NULL, priority, lg_minfilelevel);
- if ( lg_fp && priority >= lg_minfilelevel )
- {
-#if defined (LOG_WITH_TIMESTAMP) && LOG_WITH_TIMESTAMP
- gettimeofday (&tv, NULL);
- t = localtime ((time_t *) &tv.tv_sec);
- fprintf (lg_fp, "%04d-%02d-%02d ",
- t->tm_year+1900, t->tm_mon+1, t->tm_mday);
- fprintf (lg_fp, "%02d:%02d:%02d.%03ld: ",
- t->tm_hour, t->tm_min, t->tm_sec, tv.tv_usec / 1000);
-#endif
-#if defined (LOG_WITH_PROGNAME) && LOG_WITH_PROGNAME
- if ( lg_progname )
- fprintf (lg_fp, "%s: ", lg_progname);
-#endif
-#if defined (LOG_WITH_LEVEL) && LOG_WITH_LEVEL
- if ( fmt != format ) /* level is not in fmt string */
- fprintf (lg_fp, "%s: ", lg_lvl2str(priority));
-#endif
- va_start(ap, fmt);
- vfprintf (lg_fp, fmt, ap);
- va_end(ap);
- fprintf (lg_fp, "\n");
- }
-
- if ( priority >= LG_ERROR )
- lg_errcnt++;
-}
-
-
-#ifdef LOG_TEST
-const char *progname;
-int main (int argc, char *argv[])
-{
- const char *levelstr;
- const char *newlevelstr;
- int level;
- int err;
-
- progname = *argv;
-
- if ( --argc )
- levelstr = *++argv;
- else
- levelstr = "fatal";
-
- level = lg_str2lvl (levelstr);
- newlevelstr = lg_lvl2str (level+1);
- dbg_val4 ("base level = %s(%d) newlevel = %s(%d)\n", levelstr, level, newlevelstr, level+1);
- if ( (err = lg_open (progname,
-#if 1
- "user",
-#else
- "none",
-#endif
- levelstr, ".",
-#if 1
- "test.log",
-#else
- NULL,
-#endif
- newlevelstr)) )
- fprintf (stderr, "\topen error %d\n", err);
- else
- {
- lg_mesg (LG_DEBUG, "debug message");
- lg_mesg (LG_INFO, "INFO message");
- lg_mesg (LG_NOTICE, "Notice message");
- lg_mesg (LG_WARNING, "Warning message");
- lg_mesg (LG_ERROR, "Error message");
- lg_mesg (LG_FATAL, "Fatal message ");
- }
-
- if ( (err = lg_close ()) < 0 )
- fprintf (stderr, "\tclose error %d\n", err);
-
- return 0;
-}
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) log.h (c) June 2008 Holger Zuleger hznet.de
-**
-** Copyright (c) June 2008, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef LOG_H
-# define LOG_H
-# include <sys/types.h>
-# include <stdarg.h>
-# include <stdio.h>
-# include <time.h>
-# include <syslog.h>
-
-#ifndef LOG_FNAMETMPL
-# define LOG_FNAMETMPL "/zkt-%04d-%02d-%02dT%02d%02d%02dZ+log"
-#endif
-
-#ifndef LOG_DOMAINTMPL
-# define LOG_DOMAINTMPL "zktlog-%s"
-#endif
-
-
-typedef enum {
- LG_NONE = 0,
- LG_DEBUG,
- LG_INFO,
- LG_NOTICE,
- LG_WARNING,
- LG_ERROR,
- LG_FATAL
-} lg_lvl_t;
-
-extern lg_lvl_t lg_str2lvl (const char *name);
-extern int lg_str2syslog (const char *facility);
-extern const char *lg_lvl2str (lg_lvl_t level);
-extern lg_lvl_t lg_lvl2syslog (lg_lvl_t level);
-extern long lg_geterrcnt (void);
-extern long lg_seterrcnt (long value);
-extern long lg_reseterrcnt (void);
-extern int lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel);
-extern int lg_close (void);
-extern int lg_zone_start (const char *dir, const char *domain);
-extern int lg_zone_end (void);
-extern void lg_args (lg_lvl_t level, int argc, char * const argv[]);
-extern void lg_mesg (int level, char *fmt, ...);
-#endif
+++ /dev/null
-.TH dnssec-zkt 8 "August 1, 2009" "ZKT 0.99b" ""
-\" turn off hyphenation
-.\" if n .nh
-.nh
-.SH NAME
-dnssec-zkt \(em Secure DNS zone key tool
-
-.SH SYNOPSYS
-.na
-.B dnssec-zkt
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-adefhkLrptz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B dnssec-zkt
-.BR \-C <label>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-krpz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B dnssec-zkt
-.BR \-\-create= <label>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-krpz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B dnssec-zkt
-.BR \- { P | A | D | R } <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B dnssec-zkt
-.BR \-\-published= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B dnssec-zkt
-.BR \-\-active= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B dnssec-zkt
-.BR \-\-depreciate= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B dnssec-zkt
-.BR \-\-rename= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B dnssec-zkt
-.BR \-\-destroy= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B dnssec-zkt
-.B \-T
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-hr ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B dnssec-zkt
-.B \-\-list-trustedkeys
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-hr ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B dnssec-zkt
-.B \-K
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-hkzr ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B dnssec-zkt
-.B \-\-list-dnskeys
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-hkzr ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B dnssec-zkt
-.B \-Z
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.B dnssec-zkt
-.B \-\-zone-config
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-
-.B dnssec-zkt
-.B \-9 | \-\-ksk-rollover
-.br
-.B dnssec-zkt
-.B \-1 | \-\-ksk-roll-phase1
-.I "do.ma.in."
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.B dnssec-zkt
-.B \-2 | \-\-ksk-roll-phase2
-.I "do.ma.in."
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.B dnssec-zkt
-.B \-3 | \-\-ksk-roll-phase3
-.I do.ma.in.
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.B dnssec-zkt
-.B \-0 | \-\-ksk-roll-stat
-.I do.ma.in.
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.ad
-
-.SH DESCRIPTION
-The
-.I dnssec-zkt
-command is a wrapper around
-.I dnssec-keygen(8)
-to assist in dnssec zone key management.
-.PP
-In the common usage the command prints out information about
-all dnssec (zone) keys found in the given (or predefined default) directory.
-It is also possible to specify keyfiles (K*.key) as arguments.
-With option
-.B \-r
-subdirectories will be searched recursively, and all dnssec keys found
-will be listed sorted by domain name, key type and generation time.
-In that mode the use of the
-.B \-p
-option may be helpful to find the location of the keyfile in the directory tree.
-.PP
-Other forms of the command print out keys in a format suitable for
-a trusted-key section or as a DNSKEY resource record.
-.PP
-The command is also useful in dns key management.
-It offers monitoring of key lifetime and modification of key status.
-
-.SH GENERAL OPTIONS
-.TP
-.BI \-V " view" ", \-\-view=" view
-Try to read the default configuration out of a file named
-.I dnssec-<view>.conf .
-Instead of specifying the \-V or --view option every time,
-it is also possible to create a hard or softlink to the
-executable file to give it an additional name like
-.I dnssec-zkt-<view> .
-.TP
-.BI \-c " file" ", \-\-config=" file
-Read default values from the specified config file.
-Otherwise the default config file is read or build in defaults
-will be used.
-.TP
-.BI \-O " optstr" ", \-\-config-option=" optstr
-Set any config file option via the commandline.
-Several config file options could be specified at the argument string
-but have to be delimited by semicolon (or newline).
-.TP
-.BI \-l " list"
-Print out information solely about domains given in the comma or space separated
-list.
-Take care of, that every domain name has a trailing dot.
-.TP
-.BR \-d ", " \-\-directory
-Skip directory arguments.
-This will be useful in combination with wildcard arguments
-to prevent dnsssec-zkt to list all keys found in subdirectories.
-For example "dnssec-zkt -d *" will print out a list of all keys only found in
-the current directory.
-Maybe it is easier to use "dnssec-zkt ." instead (without -r set).
-The option works similar to the \-d option of
-.IR ls(1) .
-.TP
-.BR \-L ", " \-\-left-justify
-Print out the domain name left justified.
-.TP
-.BR \-k ", " \-\-ksk
-Select and print key signing keys only (default depends on command mode).
-.TP
-.BR \-z ", " \-\-zsk
-Select and print zone signing keys only (default depends on command mode).
-.TP
-.BR \-r ", " \-\-recursive
-Recursive mode (default is off).
-.br
-Also settable in the dnssec.conf file (Parameter: Recursive).
-.TP
-.BR \-p ", " \-\-path
-Print pathname in listing mode.
-In -C mode, don't create the new key in the same directory as (already existing)
-keys with the same label.
-.TP
-.BR \-a ", " \-\-age
-Print age of key in weeks, days, hours, minutes and seconds (default is off).
-.br
-Also settable in the dnssec.conf file (Parameter: PrintAge).
-.TP
-.BR \-f ", " \-\-lifetime
-Print the key lifetime.
-.TP
-.BR \-F ", " \-\-setlifetime
-Set the key lifetime of all the selected keys.
-Use option -k, -z, -l or the file and dir argument for key selection.
-.TP
-.BR \-e ", " \-\-exptime
-Print the key expiration time.
-.TP
-.BR \-t ", " \-\-time
-Print the key generation time (default is on).
-.br
-Also settable in the dnssec.conf file (Parameter: PrintTime).
-.TP
-.B \-h
-No header or trusted-key section header and trailer in -T mode
-.PP
-
-.SH COMMAND OPTIONS
-.TP
-.BR \-H ", " \-\-help
-Print out the online help.
-.TP
-.BR \-T ", " \-\-list-trustedkeys
-List all key signing keys as a
-.I named.conf
-trusted-key section.
-Use
-.B \-h
-to supress the section header/trailer.
-.TP
-.BR \-K ", " \-\-list-dnskeys
-List the public part of all the keys in DNSKEY resource record format.
-Use
-.B \-h
-to suppress comment lines.
-.TP
-.BI \-C " zone" ", \-\-create=" zone
-Create a new zone signing key for the given zone.
-Add option
-.B \-k
-to create a key signing key.
-The key algorithm and key length will be examined from built-in default values
-or from the parameter settings in the
-.I dnssec.conf
-file.
-.br
-The keyfile will be created in the current directory if
-the
-.B \-p
-option is specified.
-.TP
-.BI \-R " keyid" ", \-\-revoke=" keyid
-Revoke the key signing key with the given keyid.
-A revoked key has bit 8 in the flags filed set (see RFC5011).
-The keyid is the numeric keytag with an optionally added zone name separated by a colon.
-.TP
-.BI \-\-rename=" keyid
-Rename the key files of the key with the given keyid
-(Look at key file names starting with an lower 'k').
-The keyid is the numeric keytag with an optionally added zone name separated by a colon.
-.TP
-.BI \-\-destroy= keyid
-Deletes the key with the given keyid.
-The keyid is the numeric keytag with an optionally added zone name separated by a colon.
-Beware that this deletes both private and public keyfiles, thus the key is
-unrecoverable lost.
-.TP
-.BI \-P|A|D " keyid," " \-\-published=" keyid, " \-\-active=" keyid, " \-\-depreciated=" keyid
-Change the status of the given dnssec key to
-published
-.RB ( \-P ),
-active
-.RB ( \-A )
-or depreciated
-.RB ( \-D ).
-The
-.I keyid
-is the numeric keytag with an optionally added zone name separated by a colon.
-Setting the status to "published" or "depreciate" will change the filename
-of the private key file to ".published" or ".depreciated" respectivly.
-This prevents the usage of the key as a signing key by the use of
-.IR dnssec-signzone(8) .
-The time of status change will be stored in the 'mtime' field of the corresponding
-".key" file.
-Key activation via option
-.B \-A
-will restore the original timestamp and file name (".private").
-.TP
-.BR \-Z ", " \-\-zone-config
-Write all config parameters to stdout.
-The output is suitable as a template for the
-.I dnssec.conf
-file, so the easiest way to create a
-.I dnssec.conf
-file is to redirect the standard output of the above command.
-Pay attention not to overwrite an existing file.
-.TP
-.BI \-\-ksk-roll-phase[123] " do.ma.in."
-Initiate a key signing key rollover of the specified domain.
-This feature is currently in experimental status and is mainly for the use
-in an hierachical environment.
-Use --ksk-rollover for a little more detailed description.
-
-
-.SH SAMPLE USAGE
-.TP
-.fam C
-.B "dnssec-zkt \-r .
-.fam T
-Print out a list of all zone keys found below the current directory.
-.TP
-.fam C
-.B "dnssec-zkt \-Z \-c """"
-.fam T
-Print out the compiled in default parameters.
-.TP
-.fam C
-.B "dnssec-zkt \-C example.net \-k \-r ./zonedir
-.fam T
-Create a new key signing key for the zone "example.net".
-Store the key in the same directory below "zonedir" where the other
-"example.net" keys live.
-.TP
-.fam C
-.B "dnssec-zkt \-T ./zonedir/example.net
-.fam T
-Print out a trusted-key section containing the key signing keys of "example.net".
-.TP
-.fam C
-.B "dnssec-zkt \-D 123245 \-r .
-.fam T
-Depreciate the key with tag "12345" below the current directory,
-.TP
-.fam C
-.B "dnssec-zkt --view intern
-.fam T
-Print out a list of all zone keys found below the directory where all
-the zones of view intern live.
-There should be a seperate dnssec config file
-.I dnssec-intern.conf
-with a directory option to take affect of this.
-.TP
-.fam C
-.B "dnssec-zkt-intern
-.fam T
-Same as above.
-The binary file
-.I dnssec-zkt
-has another link, named
-.I dnssec-zkt-intern
-made, and
-.I dnssec-zkt
-examines argv[0] to find a view whose zones it proceeds to process.
-
-.SH ENVIRONMENT VARIABLES
-.TP
-ZKT_CONFFILE
-Specifies the name of the default global configuration files.
-
-.SH FILES
-.TP
-.I /var/named/dnssec.conf
-Built-in default global configuration file.
-The name of the default global config file is settable via
-the environment variable ZKT_CONFFILE.
-.TP
-.I /var/named/dnssec-<view>.conf
-View specific global configuration file.
-.TP
-.I ./dnssec.conf
-Local configuration file (only used in
-.B \-C
-mode).
-
-.SH BUGS
-.PP
-Some of the general options will not be meaningful in all of the command modes.
-.br
-The option
-.B \-l
-and the ksk rollover options
-insist on domain names ending with a dot.
-.PP
-
-.SH AUTHORS
-Holger Zuleger, Mans Nilsson
-
-.SH COPYRIGHT
-Copyright (c) 2005 \- 2008 by Holger Zuleger.
-Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE.
-.\"--------------------------------------------------
-.SH SEE ALSO
-dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), dnssec-signer(8),
-.br
-RFC4641
-"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
-.br
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
-.br
-(http://www.nlnetlabs.nl/dnssec_howto/)
+++ /dev/null
-.TH zkt-conf 8 "February 22, 2010" "ZKT 1.0" ""
-\" turn off hyphenation
-.\" if n .nh
-.nh
-.SH NAME
-zkt-conf \(em Secure DNS zone key config tool
-
-.SH SYNOPSYS
-.na
-.B zkt-conf
-.RB [ \-V
-.IR "name" ]
-.RB [ \-w ]
-.B \-d
-.RB [ \-O
-.IR "optstr" ]
-.br
-.B zkt-conf
-.RB [ \-V
-.IR "name" ]
-.RB [ \-w ]
-.RB [ \-s ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-O
-.IR "optstr" ]
-.br
-.B zkt-conf
-.RB [ \-V
-.IR "name" ]
-.RB [ \-w ]
-.B \-l
-.RB [ \-a ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-O
-.IR "optstr" ]
-
-.B zkt-conf
-.RB [ \-c
-.IR "file" ]
-.RB [ \-w ]
-.I "zonefile"
-
-.br
-.ad
-.SH DESCRIPTION
-The
-.I zkt-conf
-command helps to create and show a config file for use by
-the Zone Key Tool commands, which are currently
-.I zkt-ls(8) ,
-.I zkt-keyman(8) ,
-and
-.IR zkt-signer(8) .
-.PP
-In general, the ZKT commands uses up to three consequitive sources for config
-parameter settings:
-.IP
-a)
-The build-in default parameters
-.IP
-b)
-The side wide config file or the file specified with option -c
-overloads the built-in vars.
-The file is
-.I /var/named/dnssec.conf
-or the one set by the environment variable ZKT_CONFFILE.
-.IP
-c)
-The local config file
-.I dnssec.conf
-in the current zone directory also overloads the parameter read so far.
-.PP
-Because of the overload feature, none of the config files has to have
-a complete parameter set.
-Typically the local config file will have only those parameters which are
-different from the global or built-in ones.
-.PP
-The default operation of
-.I zkt-conf(8)
-is to print the site wide config file (same as option
-.BR \-s ).
-Option
-.B \-d
-will print out the built-in defaults while
-.B \-l
-print those local parameters which are different to the global ones.
-In the last case
-.B \-a
-gives the fully
-.RB ( \-\-all )
-parameter list.
-.PP
-In all forms of the command, the parameters are changeable via option
-.B \-O
-.RB ( \-\-config-option ).
-.PP
-With option
-.B \-w
-.RB ( \-\-write )
-the confg parameters are written back to the config file.
-This is useful in case of an ZKT upgrade or if one or more parameters are changed
-by option
-.BR \-O .
-.PP
-Option
-.B \-t
-checks some of the parameter for reasonable values.
-.PP
-.PP
-Which config file is shown (or modified or checked) is determined by an option.
-.B \-d
-means the built-in defaults, option
-.B \-l
-is for the local config file and
-.B \-s
-specifies the site wide config file.
-Option
-.B \-s
-is the default.
-.PP
-In the last form of the command, the
-maximum TTL value of all the resource records of
-.I zonefile
-is calculated and print on stdout.
-Additional, the zonefile is checked if the key database
-.RI ( dnskey.db )
-is included in the zone file.
-If option
-.B \-w
-is set, than the INCLUDE directive will be added to the zone file if
-necessary, and the maximum ttl value is written to a local config file.
-
-.SH COMMAND OPTIONS
-.TP
-.BR \-h ", " \-\-help
-Print out the online help.
-.TP
-.BR \-d ", " \-\-built-in-defaults
-List all the built-in default parameter.
-.TP
-.BR \-s ", " \-\-sitecfg
-List all site wide config parameter (this is the default).
-.TP
-.BR \-l ", " \-\-localcfg
-List local config parameter which are different to the site wide config
-parameter.
-With otion
-.B \-a
-.RB ( \-\-all )
-all config parameters will be shown.
-
-.SH OPTIONS
-.TP
-.BI \-V " view" ", \-\-view=" view
-Try to read the default configuration out of a file named
-.I dnssec-<view>.conf .
-Instead of specifying the
-.B \-V
-or
-.B \-\-view
-option every time, it is also possible to create a hard or softlink to the
-executable file and name it like
-.I zkt-conf-<view> .
-.TP
-.BI \-c " file" ", \-\-config=" file
-Read all parameter from the specified config file.
-Otherwise the default config file is read or build in defaults
-will be used.
-.TP
-.BI \-O " optstr" ", \-\-config-option=" optstr
-Set any config file parameter via the commandline.
-Several config file options could be specified at the argument string
-but have to be delimited by semicolon (or newline).
-.TP
-.BR \-a ", " \-\-all
-In case of showing the local config file parameter
-.RB ( \-l )
-this prints all parameter, not just the ones different to the site wide
-or built-in defaults.
-
-.SH SAMPLE USAGE
-.TP
-.fam C
-.B "zkt-conf \-d
-.fam T
-Print the built-in default config pars.
-.TP
-.fam C
-.B "zkt-conf \-d \-w
-.fam T
-Write all the built-in defaults into the site wide config file.
-.TP
-.fam C
-.B "zkt-conf \-s \-O ""SerialFormat: Incremental; Zonedir: /var/named/zones"" \-w"
-.fam T
-Change two parameters in the site wide
-.I dnssec.conf
-file.
-.TP
-.fam C
-.B "zkt-conf \-w zone.db
-.fam T
-Add
-.B "$INCLUDE dnskey.db"
-to the zone file and set the maximum ttl paramter in the local config file
-to the maximum ttl fond in any RR of
-.IR zone.db .
-
-.SH ENVIRONMENT VARIABLES
-.TP
-ZKT_CONFFILE
-Specifies the name of the default global configuration files.
-
-.SH FILES
-.TP
-.I /var/named/dnssec.conf
-Default global configuration file.
-The name of the default global config file is settable via
-the environment variable ZKT_CONFFILE.
-.TP
-.I /var/named/dnssec-<view>.conf
-View specific global configuration file.
-.TP
-.I ./dnssec.conf
-Local configuration file (additionally used in
-.B \-l
-mode).
-
-.SH AUTHORS
-Holger Zuleger
-
-.SH COPYRIGHT
-Copyright (c) 2005 \- 2010 by Holger Zuleger.
-Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE.
-.\"--------------------------------------------------
-.SH SEE ALSO
-dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-signer(8), zkt-ls(8), zkt-keyman(8),
-.br
-RFC4641
-"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
-.br
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
-.br
-(http://www.nlnetlabs.nl/dnssec_howto/)
+++ /dev/null
-<!-- Creator : groff version 1.20.1 -->
-<!-- CreationDate: Wed Mar 31 18:15:57 2010 -->
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-"http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta name="generator" content="groff -Thtml, see www.gnu.org">
-<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
-<meta name="Content-Style" content="text/css">
-<style type="text/css">
- p { margin-top: 0; margin-bottom: 0; vertical-align: top }
- pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
- table { margin-top: 0; margin-bottom: 0; vertical-align: top }
- h1 { text-align: center }
-</style>
-<title>zkt-conf</title>
-
-</head>
-<body>
-
-<h1 align="center">zkt-conf</h1>
-
-<a href="#NAME">NAME</a><br>
-<a href="#SYNOPSYS">SYNOPSYS</a><br>
-<a href="#DESCRIPTION">DESCRIPTION</a><br>
-<a href="#COMMAND OPTIONS">COMMAND OPTIONS</a><br>
-<a href="#OPTIONS">OPTIONS</a><br>
-<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br>
-<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br>
-<a href="#FILES">FILES</a><br>
-<a href="#AUTHORS">AUTHORS</a><br>
-<a href="#COPYRIGHT">COPYRIGHT</a><br>
-<a href="#SEE ALSO">SEE ALSO</a><br>
-
-<hr>
-
-
-<h2>NAME
-<a name="NAME"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">zkt-conf
-— Secure DNS zone key config tool</p>
-
-<h2>SYNOPSYS
-<a name="SYNOPSYS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt-conf</b>
-[<b>−V</b> <i>name</i>] [<b>−w</b>]
-<b>−d</b> [<b>−O</b> <i>optstr</i>] <b><br>
-zkt-conf</b> [<b>−V</b> <i>name</i>] [<b>−w</b>]
-[<b>−s</b>] [<b>−c</b> <i>file</i>]
-[<b>−O</b> <i>optstr</i>] <b><br>
-zkt-conf</b> [<b>−V</b> <i>name</i>] [<b>−w</b>]
-<b>−l</b> [<b>−a</b>] [<b>−c</b>
-<i>file</i>] [<b>−O</b> <i>optstr</i>]</p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt-conf</b>
-[<b>−c</b> <i>file</i>] [<b>−w</b>]
-<i>zonefile</i></p>
-
-<h2>DESCRIPTION
-<a name="DESCRIPTION"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">The
-<i>zkt-conf</i> command helps to create and show a config
-file for use by the Zone Key Tool commands, which are
-currently <i>zkt-ls(8) , zkt-keyman(8) ,</i> and
-<i>zkt-signer(8)</i>.</p>
-
-<p style="margin-left:11%; margin-top: 1em">In general, the
-ZKT commands uses up to three consequitive sources for
-config parameter settings:</p>
-
-<p style="margin-left:22%; margin-top: 1em">a) The build-in
-default parameters</p>
-
-<p style="margin-left:22%; margin-top: 1em">b) The side
-wide config file or the file specified with option -c
-overloads the built-in vars. The file is
-<i>/var/named/dnssec.conf</i> or the one set by the
-environment variable ZKT_CONFFILE.</p>
-
-<p style="margin-left:22%; margin-top: 1em">c) The local
-config file <i>dnssec.conf</i> in the current zone directory
-also overloads the parameter read so far.</p>
-
-<p style="margin-left:11%; margin-top: 1em">Because of the
-overload feature, none of the config files has to have a
-complete parameter set. Typically the local config file will
-have only those parameters which are different from the
-global or built-in ones.</p>
-
-<p style="margin-left:11%; margin-top: 1em">The default
-operation of <i>zkt-conf(8)</i> is to print the site wide
-config file (same as option <b>−s</b>). Option
-<b>−d</b> will print out the built-in defaults while
-<b>−l</b> print those local parameters which are
-different to the global ones. In the last case
-<b>−a</b> gives the fully (<b>−−all</b>)
-parameter list.</p>
-
-<p style="margin-left:11%; margin-top: 1em">In all forms of
-the command, the parameters are changeable via option
-<b>−O</b> (<b>−−config-option</b>).</p>
-
-<p style="margin-left:11%; margin-top: 1em">With option
-<b>−w</b> (<b>−−write</b>) the confg
-parameters are written back to the config file. This is
-useful in case of an ZKT upgrade or if one or more
-parameters are changed by option <b>−O</b>.</p>
-
-<p style="margin-left:11%; margin-top: 1em">Option
-<b>−t</b> checks some of the parameter for reasonable
-values.</p>
-
-<p style="margin-left:11%; margin-top: 1em">Which config
-file is shown (or modified or checked) is determined by an
-option. <b>−d</b> means the built-in defaults, option
-<b>−l</b> is for the local config file and
-<b>−s</b> specifies the site wide config file. Option
-<b>−s</b> is the default.</p>
-
-<p style="margin-left:11%; margin-top: 1em">In the last
-form of the command, the maximum TTL value of all the
-resource records of <i>zonefile</i> is calculated and print
-on stdout. Additional, the zonefile is checked if the key
-database (<i>dnskey.db</i>) is included in the zone file. If
-option <b>−w</b> is set, than the INCLUDE directive
-will be added to the zone file if necessary, and the maximum
-ttl value is written to a local config file.</p>
-
-<h2>COMMAND OPTIONS
-<a name="COMMAND OPTIONS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>−h</b>,
-<b>−−help</b></p>
-
-<p style="margin-left:22%;">Print out the online help.</p>
-
-<p style="margin-left:11%;"><b>−d</b>,
-<b>−−built-in-defaults</b></p>
-
-<p style="margin-left:22%;">List all the built-in default
-parameter.</p>
-
-<p style="margin-left:11%;"><b>−s</b>,
-<b>−−sitecfg</b></p>
-
-<p style="margin-left:22%;">List all site wide config
-parameter (this is the default).</p>
-
-<p style="margin-left:11%;"><b>−l</b>,
-<b>−−localcfg</b></p>
-
-<p style="margin-left:22%;">List local config parameter
-which are different to the site wide config parameter. With
-otion <b>−a</b> (<b>−−all</b>) all config
-parameters will be shown.</p>
-
-<h2>OPTIONS
-<a name="OPTIONS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>−V</b>
-<i>view</i><b>, −−view=</b><i>view</i></p>
-
-<p style="margin-left:22%;">Try to read the default
-configuration out of a file named
-<i>dnssec-<view>.conf .</i> Instead of specifying the
-<b>−V</b> or <b>−−view</b> option every
-time, it is also possible to create a hard or softlink to
-the executable file and name it like
-<i>zkt-conf-<view> .</i></p>
-
-<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>,
-−−config=</b><i>file</i></p>
-
-<p style="margin-left:22%;">Read all parameter from the
-specified config file. Otherwise the default config file is
-read or build in defaults will be used.</p>
-
-<p style="margin-left:11%;"><b>−O</b>
-<i>optstr</i><b>,
-−−config-option=</b><i>optstr</i></p>
-
-<p style="margin-left:22%;">Set any config file parameter
-via the commandline. Several config file options could be
-specified at the argument string but have to be delimited by
-semicolon (or newline).</p>
-
-<p style="margin-left:11%;"><b>−a</b>,
-<b>−−all</b></p>
-
-<p style="margin-left:22%;">In case of showing the local
-config file parameter (<b>−l</b>) this prints all
-parameter, not just the ones different to the site wide or
-built-in defaults.</p>
-
-<h2>SAMPLE USAGE
-<a name="SAMPLE USAGE"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt-conf
-−d</b></p>
-
-<p style="margin-left:22%;">Print the built-in default
-config pars.</p>
-
-<p style="margin-left:11%;"><b>zkt-conf −d
-−w</b></p>
-
-<p style="margin-left:22%;">Write all the built-in defaults
-into the site wide config file.</p>
-
-<p style="margin-left:11%;"><b>zkt-conf −s −O
-"SerialFormat: Incremental; Zonedir:
-/var/named/zones" <br>
-−w</b></p>
-
-<p style="margin-left:22%;">Change two parameters in the
-site wide <i>dnssec.conf</i> file.</p>
-
-<p style="margin-left:11%;"><b>zkt-conf −w
-zone.db</b></p>
-
-<p style="margin-left:22%;">Add <b>$INCLUDE dnskey.db</b>
-to the zone file and set the maximum ttl paramter in the
-local config file to the maximum ttl fond in any RR of
-<i>zone.db</i>.</p>
-
-<h2>ENVIRONMENT VARIABLES
-<a name="ENVIRONMENT VARIABLES"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p>
-
-<p style="margin-left:22%;">Specifies the name of the
-default global configuration files.</p>
-
-<h2>FILES
-<a name="FILES"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p>
-
-<p style="margin-left:22%;">Default global configuration
-file. The name of the default global config file is settable
-via the environment variable ZKT_CONFFILE.</p>
-
-
-<p style="margin-left:11%;"><i>/var/named/dnssec-<view>.conf</i></p>
-
-<p style="margin-left:22%;">View specific global
-configuration file.</p>
-
-<p style="margin-left:11%;"><i>./dnssec.conf</i></p>
-
-<p style="margin-left:22%;">Local configuration file
-(additionally used in <b>−l</b> mode).</p>
-
-<h2>AUTHORS
-<a name="AUTHORS"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Holger
-Zuleger</p>
-
-<h2>COPYRIGHT
-<a name="COPYRIGHT"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Copyright (c)
-2005 − 2010 by Holger Zuleger. Licensed under the BSD
-Licences. There is NO warranty; not even for MERCHANTABILITY
-or FITNESS FOR A PARTICULAR PURPOSE.</p>
-
-<h2>SEE ALSO
-<a name="SEE ALSO"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8),
-dnssec-signzone(8), rndc(8), named.conf(5), zkt-signer(8),
-zkt-ls(8), zkt-keyman(8), <br>
-RFC4641 "DNSSEC Operational Practices" by Miek
-Gieben and Olaf Kolkman, <br>
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br>
- (http://www.nlnetlabs.nl/dnssec_howto/)</p>
-<hr>
-</body>
-</html>
+++ /dev/null
-.TH zkt-conf 8 "February 22, 2010" "ZKT 1.0" ""
-\" turn off hyphenation
-.\" if n .nh
-.nh
-.SH NAME
-zkt-conf \(em Secure DNS zone key config tool
-
-.SH SYNOPSYS
-.na
-.B zkt-conf
-.RB [ \-V|\-\-view
-.IR "name" ]
-.RB [ \-w|\-\-write ]
-.B \-d|\-\-default
-.RB [ \-O|\-\-option
-.IR "optstr" ]
-.br
-.B zkt-conf
-.RB [ \-V|\-\-view
-.IR "name" ]
-.RB [ \-w|\-\-write ]
-.RB [ \-s ]
-.RB [ \-c|\-\-config
-.IR "file" ]
-.RB [ \-O|\-\-option
-.IR "optstr" ]
-.br
-.B zkt-conf
-.RB [ \-V|\-\-view
-.IR "name" ]
-.RB [ \-w|\-\-write ]
-.B \-l|\-\-local
-.RB [ \-c|\-\-config
-.IR "file" ]
-.RB [ \-O|\-\-option
-.IR "optstr" ]
-
-.B zkt-conf
-.RB [ \-c
-.IR "file" ]
-.RB [ \-w|\-\-write ]
-.I "zonefile"
-
-.br
-.ad
-
-.SH DESCRIPTION
-The
-.I zkt-conf
-command helps to create and show a config file for use by
-the Zone Key Tool commands, which are currently
-.I dnssec-zkt(8)
-and
-.IR zkt-signer(8) .
-.PP
-In general, the ZKT commands uses three sources for the config parameters:
-.HP 3
-a)
-The build-in default parameters
-.HP 3
-b)
-The side wide config file or the file specified with option -c
-will overload the built-in vars.
-The site wide config file is the file
-.I /var/named/dnssec.conf
-or the one set by the environment variable ZKT_CONF.
-.HP 3
-c)
-The local config file
-.I dnssec.conf
-in the current zone directory will also overload the parameters read so far.
-.PP
-Because of this overloading feature, none of the config files has to have
-a complete parameter set.
-Typically the local config file will have only those parameters which are
-different from the global or built-in ones.
-.PP
-The default operation of
-.I zkt-conf(8)
-is to print the site wide config file (same as option
-.BR \-s ).
-Option
-.B \-d
-will print out the built-in defaults while
-.B \-l
-just print the local config parameters which are different to the global ones.
-In the last case
-.B \-a
-gives the complete
-.RB ( \-\-all )
-parameter list.
-.PP
-In all forms of the command, the parameters are changeable via option
-.B \-O
-.RB ( \-\-config-option ).
-.PP
-With option
-.B \-w
-.RB ( \-\-write )
-the parameters will be written back to the config file.
-This is useful in case of an ZKT upgrade or if one or more parameters are changed
-by option
-.BR \-O .
-.PP
-Option
-.B \-t
-checks some of the parameter for reasonable values.
-.PP
-If the option
-.B \-t
-is given, all config parameters are checked against reasonable values.
-.PP
-Which config file is shown (or modified or checked) is determined by option
-.B \-d
-which means the built-in defaults, option
-.B \-l
-which means the local config file or
-.B \-s
-which specifies the site wide config file.
-Option
-.B \-s
-is the default.
-
-.SH GENERAL OPTIONS
-.TP
-.BI \-V " view" ", \-\-view=" view
-Try to read the default configuration out of a file named
-.I dnssec-<view>.conf .
-Instead of specifying the \-V or \-\-view option every time,
-it is also possible to create a hard or softlink to the
-executable file to give it an additional name like
-.I zkt-conf-<view> .
-.TP
-.BI \-c " file" ", \-\-config=" file
-Read all parameter from the specified config file.
-Otherwise the default config file is read or build in defaults
-will be used.
-.TP
-.BI \-O " optstr" ", \-\-config-option=" optstr
-Set any config file parameter via the commandline.
-Several config file options could be specified at the argument string
-but have to be delimited by semicolon (or newline).
-.TP
-.BR \-a ", " \-\-all
-In case of showing the local config file parameter
-.RI ( \-l )
-print all parameter, not just the ones different o the site wide or built-in defaults.
-
-.SH COMMAND OPTIONS
-.TP
-.BR \-h ", " \-\-help
-Print out the online help.
-.TP
-.BR \-d ", " \-\-built-in-defaults
-List all the built-in default paremeter.
-.TP
-.BR \-s ", " \-\-sidecfg
-List all side wide config parameters (this is the default).
-.TP
-.BR \-l ", " \-\-localconf
-List all local config parameters which are different to the site-wide config
-parameters.
-With otion
-.B \-a
-.RB ( \-\-all )
-all config parameters will be shown.
-
-
-.SH SAMPLE USAGE
-.TP
-.fam C
-.B "zkt-conf \-d
-.fam T
-Print the built-in default config pars.
-.TP
-.fam C
-.B "zkt-conf \-d \-w
-.fam T
-Write all the built-in defaults into the site wide config file.
-.TP
-.fam C
-.B "zkt-conf \-s \-\--option "SerialFormat: unixtime; Zonedir: /var/named/zones" "\-w
-.fam T
-Change two parameters in the site wide dnssec.conf file.
-
-.SH ENVIRONMENT VARIABLES
-.TP
-ZKT_CONFFILE
-Specifies the name of the default global configuration files.
-
-.SH FILES
-.TP
-.I /var/named/dnssec.conf
-Default global configuration file.
-The name of the default global config file is settable via
-the environment variable ZKT_CONFFILE.
-.TP
-.I /var/named/dnssec-<view>.conf
-View specific global configuration file.
-.TP
-.I ./dnssec.conf
-Local configuration file (additionallx used in
-.B \-l
-mode).
-
-.SH BUGS
-.PP
-Some of the general options will not be meaningful in all of the command modes.
-.PP
-
-.SH AUTHORS
-Holger Zuleger
-
-.SH COPYRIGHT
-Copyright (c) 2010 by Holger Zuleger.
-Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE.
-.\"--------------------------------------------------
-.SH SEE ALSO
-dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-signer(8), dnssec-zkt(8),
-.br
-RFC4641
-"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
-.br
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
-.br
-(http://www.nlnetlabs.nl/dnssec_howto/)
+++ /dev/null
-.TH zkt\-keyman 8 "Apr 1, 2010" "ZKT 1.0" ""
-\" turn off hyphenation
-.\" if n .nh
-.nh
-.SH NAME
-zkt\-keyman \(em A DNSSEC key management tool
-
-.SH SYNOPSYS
-.na
-.B zkt\-keyman
-.BR \-C <label>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-krpz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-keyman
-.BR \-\-create= <label>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-krpz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B zkt\-keyman
-.BR \- { P | A | D | R } <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-keyman
-.BR \-\-published= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-keyman
-.BR \-\-active= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-keyman
-.BR \-\-depreciate= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-keyman
-.BR \-\-rename= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B zkt\-keyman
-.BR \-\-destroy= <keytag>
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-r ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B zkt\-keyman
-.B \-9 | \-\-ksk-rollover
-.br
-.B zkt\-keyman
-.B \-1 | \-\-ksk-roll-phase1
-.I "do.ma.in."
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.B zkt\-keyman
-.B \-2 | \-\-ksk-roll-phase2
-.I "do.ma.in."
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.B zkt\-keyman
-.B \-3 | \-\-ksk-roll-phase3
-.I do.ma.in.
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.B zkt\-keyman
-.B \-0 | \-\-ksk-roll-stat
-.I do.ma.in.
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.br
-.ad
-
-.SH DESCRIPTION
-The
-.I zkt\-keyman
-command is a wrapper around
-.I dnssec-keygen(8)
-to assist in dnssec zone key management.
-.PP
-The command is useful in dns key management.
-It is suitable for modification of key status.
-
-.SH GENERAL OPTIONS
-.TP
-.BI \-V " view" ", \-\-view=" view
-Try to read the default configuration out of a file named
-.I dnssec-<view>.conf .
-Instead of specifying the \-V or --view option every time,
-it is also possible to create a hard or softlink to the
-executable file to give it an additional name like
-.I zkt\-keyman\-<view> .
-.TP
-.BI \-c " file" ", \-\-config=" file
-Read default values from the specified config file.
-Otherwise the default config file is read or build in defaults
-will be used.
-.TP
-.BI \-O " optstr" ", \-\-config-option=" optstr
-Set any config file option via the commandline.
-Several config file options could be specified at the argument string
-but have to be delimited by semicolon (or newline).
-.TP
-.BR \-d ", " \-\-directory
-Skip directory arguments.
-This will be useful in combination with wildcard arguments
-to prevent dnsssec-zkt to list all keys found in subdirectories.
-For example "zkt\-keyman -d *" will print out a list of all keys only found in
-the current directory.
-Maybe it is easier to use "zkt\-keyman ." instead (without -r set).
-The option works similar to the \-d option of
-.IR ls(1) .
-.TP
-.BR \-k ", " \-\-ksk
-Select key signing keys only (default depends on command mode).
-.TP
-.BR \-z ", " \-\-zsk
-Select zone signing keys only (default depends on command mode).
-.TP
-.BR \-r ", " \-\-recursive
-Recursive mode (default is off).
-.br
-Also settable in the dnssec.conf file (Parameter: Recursive).
-.TP
-.BR \-F ", " \-\-setlifetime
-Set the key lifetime of all the selected keys.
-Use option -k, -z, -l or the file and dir argument for key selection.
-.PP
-
-.SH COMMAND OPTIONS
-.TP
-.BR \-h ", " \-\-help
-Print out the online help.
-.TP
-.BI \-C " zone" ", \-\-create=" zone
-Create a new zone signing key for the given zone.
-Add option
-.B \-k
-to create a key signing key.
-The key algorithm and key length will be examined from built-in default values
-or from the parameter settings in the
-.I dnssec.conf
-file.
-.br
-The keyfile will be created in the current directory if
-the
-.B \-p
-option is specified.
-.TP
-.BI \-R " keyid" ", \-\-revoke=" keyid
-Revoke the key signing key with the given keyid.
-A revoked key has bit 8 in the flags field set (see RFC5011).
-The keyid is the numeric keytag with an optionally added zone name separated by a colon.
-.TP
-.BI \-\-rename=" keyid
-Rename the key files of the key with the given keyid
-(Look at key file names starting with an lower 'k').
-The keyid is the numeric keytag with an optionally added zone name separated by a colon.
-.TP
-.BI \-\-destroy= keyid
-Deletes the key with the given keyid.
-The keyid is the numeric keytag with an optionally added zone name separated by a colon.
-Beware that this deletes both private and public keyfiles, thus the key is
-unrecoverable lost.
-.TP
-.BI \-P|A|D " keyid," " \-\-published=" keyid, " \-\-active=" keyid, " \-\-depreciated=" keyid
-Change the status of the given dnssec key to
-published
-.RB ( \-P ),
-active
-.RB ( \-A )
-or depreciated
-.RB ( \-D ).
-The
-.I keyid
-is the numeric keytag with an optionally added zone name separated by a colon.
-Setting the status to "published" or "depreciate" will change the filename
-of the private key file to ".published" or ".depreciated" respectivly.
-This prevents the usage of the key as a signing key by the use of
-.IR dnssec-signzone(8) .
-The time of status change will be stored in the 'mtime' field of the corresponding
-".key" file.
-Key activation via option
-.B \-A
-will restore the original timestamp and file name (".private").
-.TP
-.BI \-\-ksk-roll-phase[123] " do.ma.in."
-Initiate a key signing key rollover of the specified domain.
-This feature is currently in experimental status and is mainly for the use
-in an hierachical environment.
-Use --ksk-rollover for a little more detailed description.
-
-
-.SH SAMPLE USAGE
-.TP
-.fam C
-.B "zkt-keyman \-C example.net \-k \-r ./zonedir
-.fam T
-Create a new key signing key for the zone "example.net".
-Store the key in the same directory below "zonedir" where the other
-"example.net" keys life.
-.TP
-.fam C
-.B "zkt-keyman \-D 123245 \-r .
-.fam T
-Depreciate the key with tag "12345" below the current directory,
-.TP
-.fam C
-.B "zkt-keyman --view intern \-C example.net
-.fam T
-Create a new zone key for the internal zone example.net.
-.TP
-.fam C
-.B "zkt-keyman-intern
-.fam T
-Same as above.
-The binary file
-.I zkt\-keyman
-has another link, named
-.I zkt-keyman-intern
-made, and
-.I zkt\-keyman
-examines argv[0] to find a view whose zones it proceeds to process.
-
-.SH ENVIRONMENT VARIABLES
-.TP
-ZKT_CONFFILE
-Specifies the name of the default global configuration files.
-
-.SH FILES
-.TP
-.I /var/named/dnssec.conf
-Built-in default global configuration file.
-The name of the default global config file is settable via
-the environment variable ZKT_CONFFILE.
-.TP
-.I /var/named/dnssec-<view>.conf
-View specific global configuration file.
-.TP
-.I ./dnssec.conf
-Local configuration file (only used in
-.B \-C
-mode).
-
-.SH BUGS
-
-.SH AUTHORS
-Holger Zuleger
-
-.SH COPYRIGHT
-Copyright (c) 2005 \- 2008 by Holger Zuleger.
-Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE.
-.\"--------------------------------------------------
-.SH SEE ALSO
-dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8), zkt-ls(8), zkt-signer(8)
-.br
-RFC4641
-"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
-.br
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
-.br
-(http://www.nlnetlabs.nl/dnssec_howto/)
+++ /dev/null
-<!-- Creator : groff version 1.20.1 -->
-<!-- CreationDate: Sat Aug 28 01:15:12 2010 -->
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-"http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta name="generator" content="groff -Thtml, see www.gnu.org">
-<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
-<meta name="Content-Style" content="text/css">
-<style type="text/css">
- p { margin-top: 0; margin-bottom: 0; vertical-align: top }
- pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
- table { margin-top: 0; margin-bottom: 0; vertical-align: top }
- h1 { text-align: center }
-</style>
-<title>zkt−keyman</title>
-
-</head>
-<body>
-
-<h1 align="center">zkt−keyman</h1>
-
-<a href="#NAME">NAME</a><br>
-<a href="#SYNOPSYS">SYNOPSYS</a><br>
-<a href="#DESCRIPTION">DESCRIPTION</a><br>
-<a href="#GENERAL OPTIONS">GENERAL OPTIONS</a><br>
-<a href="#COMMAND OPTIONS">COMMAND OPTIONS</a><br>
-<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br>
-<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br>
-<a href="#FILES">FILES</a><br>
-<a href="#BUGS">BUGS</a><br>
-<a href="#AUTHORS">AUTHORS</a><br>
-<a href="#COPYRIGHT">COPYRIGHT</a><br>
-<a href="#SEE ALSO">SEE ALSO</a><br>
-
-<hr>
-
-
-<h2>NAME
-<a name="NAME"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em">zkt−keyman
-— A DNSSEC key management tool</p>
-
-<h2>SYNOPSYS
-<a name="SYNOPSYS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−keyman
-−C</b><label> [<b>−V|--view</b>
-<i>view</i>] [<b>−c</b> <i>file</i>]
-[<b>−krpz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−keyman −−create=</b><label>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−krpz</b>]
-[{<i>keyfile</i>|<i>dir</i>} <i>...</i>]</p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−keyman
-−</b>{<b>P</b>|<b>A</b>|<b>D</b>|<b>R</b>}<b><keytag></b>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−keyman −−published=</b><keytag>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−keyman −−active=</b><keytag>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−keyman −−depreciate=</b><keytag>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−keyman −−rename=</b><keytag>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>]</p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−keyman
-−−destroy=</b><keytag>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>]</p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−keyman
-−9 | −−ksk-rollover <br>
-zkt−keyman −1 |
-−−ksk-roll-phase1</b> <i>do.ma.in.</i>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] <b><br>
-zkt−keyman −2 |
-−−ksk-roll-phase2</b> <i>do.ma.in.</i>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] <b><br>
-zkt−keyman −3 |
-−−ksk-roll-phase3</b> <i>do.ma.in.</i>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] <b><br>
-zkt−keyman −0 | −−ksk-roll-stat</b>
-<i>do.ma.in.</i> [<b>−V|--view</b> <i>view</i>]
-[<b>−c</b> <i>file</i>]</p>
-
-<h2>DESCRIPTION
-<a name="DESCRIPTION"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">The
-<i>zkt−keyman</i> command is a wrapper around
-<i>dnssec-keygen(8)</i> to assist in dnssec zone key
-management.</p>
-
-<p style="margin-left:11%; margin-top: 1em">The command is
-useful in dns key management. It is suitable for
-modification of key status.</p>
-
-<h2>GENERAL OPTIONS
-<a name="GENERAL OPTIONS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>−V</b>
-<i>view</i><b>, −−view=</b><i>view</i></p>
-
-<p style="margin-left:22%;">Try to read the default
-configuration out of a file named
-<i>dnssec-<view>.conf .</i> Instead of specifying the
-−V or --view option every time, it is also possible to
-create a hard or softlink to the executable file to give it
-an additional name like
-<i>zkt−keyman−<view> .</i></p>
-
-<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>,
-−−config=</b><i>file</i></p>
-
-<p style="margin-left:22%;">Read default values from the
-specified config file. Otherwise the default config file is
-read or build in defaults will be used.</p>
-
-<p style="margin-left:11%;"><b>−O</b>
-<i>optstr</i><b>,
-−−config-option=</b><i>optstr</i></p>
-
-<p style="margin-left:22%;">Set any config file option via
-the commandline. Several config file options could be
-specified at the argument string but have to be delimited by
-semicolon (or newline).</p>
-
-<p style="margin-left:11%;"><b>−d</b>,
-<b>−−directory</b></p>
-
-<p style="margin-left:22%;">Skip directory arguments. This
-will be useful in combination with wildcard arguments to
-prevent dnsssec-zkt to list all keys found in
-subdirectories. For example "zkt−keyman -d
-*" will print out a list of all keys only found in the
-current directory. Maybe it is easier to use
-"zkt−keyman ." instead (without -r set). The
-option works similar to the −d option of
-<i>ls(1)</i>.</p>
-
-<p style="margin-left:11%;"><b>−k</b>,
-<b>−−ksk</b></p>
-
-<p style="margin-left:22%;">Select key signing keys only
-(default depends on command mode).</p>
-
-<p style="margin-left:11%;"><b>−z</b>,
-<b>−−zsk</b></p>
-
-<p style="margin-left:22%;">Select zone signing keys only
-(default depends on command mode).</p>
-
-<p style="margin-left:11%;"><b>−r</b>,
-<b>−−recursive</b></p>
-
-<p style="margin-left:22%;">Recursive mode (default is
-off). <br>
-Also settable in the dnssec.conf file (Parameter:
-Recursive).</p>
-
-<p style="margin-left:11%;"><b>−F</b>,
-<b>−−setlifetime</b></p>
-
-<p style="margin-left:22%;">Set the key lifetime of all the
-selected keys. Use option -k, -z, -l or the file and dir
-argument for key selection.</p>
-
-<h2>COMMAND OPTIONS
-<a name="COMMAND OPTIONS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>−h</b>,
-<b>−−help</b></p>
-
-<p style="margin-left:22%;">Print out the online help.</p>
-
-<p style="margin-left:11%;"><b>−C</b> <i>zone</i><b>,
-−−create=</b><i>zone</i></p>
-
-<p style="margin-left:22%;">Create a new zone signing key
-for the given zone. Add option <b>−k</b> to create a
-key signing key. The key algorithm and key length will be
-examined from built-in default values or from the parameter
-settings in the <i>dnssec.conf</i> file. <br>
-The keyfile will be created in the current directory if the
-<b>−p</b> option is specified.</p>
-
-<p style="margin-left:11%;"><b>−R</b>
-<i>keyid</i><b>, −−revoke=</b><i>keyid</i></p>
-
-<p style="margin-left:22%;">Revoke the key signing key with
-the given keyid. A revoked key has bit 8 in the flags field
-set (see RFC5011). The keyid is the numeric keytag with an
-optionally added zone name separated by a colon.</p>
-
-
-<p style="margin-left:11%;"><b>−−rename="</b><i>keyid</i></p>
-
-<p style="margin-left:22%;">Rename the key files of the key
-with the given keyid (Look at key file names starting with
-an lower ’k’). The keyid is the numeric keytag
-with an optionally added zone name separated by a colon.</p>
-
-
-<p style="margin-left:11%;"><b>−−destroy=</b><i>keyid</i></p>
-
-<p style="margin-left:22%;">Deletes the key with the given
-keyid. The keyid is the numeric keytag with an optionally
-added zone name separated by a colon. Beware that this
-deletes both private and public keyfiles, thus the key is
-unrecoverable lost.</p>
-
-<p style="margin-left:11%;"><b>−P|A|D</b>
-<i>keyid,</i> <b>−−published=</b><i>keyid,</i>
-<b>−−active=</b><i>keyid,</i>
-<b>−−depreciated=</b><i>keyid</i></p>
-
-<p style="margin-left:22%;">Change the status of the given
-dnssec key to published (<b>−P</b>), active
-(<b>−A</b>) or depreciated (<b>−D</b>). The
-<i>keyid</i> is the numeric keytag with an optionally added
-zone name separated by a colon. Setting the status to
-"published" or "depreciate" will change
-the filename of the private key file to
-".published" or ".depreciated"
-respectivly. This prevents the usage of the key as a signing
-key by the use of <i>dnssec-signzone(8)</i>. The time of
-status change will be stored in the ’mtime’
-field of the corresponding ".key" file. Key
-activation via option <b>−A</b> will restore the
-original timestamp and file name (".private").</p>
-
-
-<p style="margin-left:11%;"><b>−−ksk-roll-phase[123]</b>
-<i>do.ma.in.</i></p>
-
-<p style="margin-left:22%;">Initiate a key signing key
-rollover of the specified domain. This feature is currently
-in experimental status and is mainly for the use in an
-hierachical environment. Use --ksk-rollover for a little
-more detailed description.</p>
-
-<h2>SAMPLE USAGE
-<a name="SAMPLE USAGE"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt-keyman
-−C example.net −k −r ./zonedir</b></p>
-
-<p style="margin-left:22%;">Create a new key signing key
-for the zone "example.net". Store the key in the
-same directory below "zonedir" where the other
-"example.net" keys life.</p>
-
-<p style="margin-left:11%;"><b>zkt-keyman −D 123245
-−r .</b></p>
-
-<p style="margin-left:22%;">Depreciate the key with tag
-"12345" below the current directory,</p>
-
-<p style="margin-left:11%;"><b>zkt-keyman --view intern
-−C example.net</b></p>
-
-<p style="margin-left:22%;">Create a new zone key for the
-internal zone example.net.</p>
-
-<p style="margin-left:11%;"><b>zkt-keyman-intern</b></p>
-
-<p style="margin-left:22%;">Same as above. The binary file
-<i>zkt−keyman</i> has another link, named
-<i>zkt-keyman-intern</i> made, and <i>zkt−keyman</i>
-examines argv[0] to find a view whose zones it proceeds to
-process.</p>
-
-<h2>ENVIRONMENT VARIABLES
-<a name="ENVIRONMENT VARIABLES"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p>
-
-<p style="margin-left:22%;">Specifies the name of the
-default global configuration files.</p>
-
-<h2>FILES
-<a name="FILES"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p>
-
-<p style="margin-left:22%;">Built-in default global
-configuration file. The name of the default global config
-file is settable via the environment variable
-ZKT_CONFFILE.</p>
-
-
-<p style="margin-left:11%;"><i>/var/named/dnssec-<view>.conf</i></p>
-
-<p style="margin-left:22%;">View specific global
-configuration file.</p>
-
-<p style="margin-left:11%;"><i>./dnssec.conf</i></p>
-
-<p style="margin-left:22%;">Local configuration file (only
-used in <b>−C</b> mode).</p>
-
-<h2>BUGS
-<a name="BUGS"></a>
-</h2>
-
-
-<h2>AUTHORS
-<a name="AUTHORS"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Holger
-Zuleger</p>
-
-<h2>COPYRIGHT
-<a name="COPYRIGHT"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Copyright (c)
-2005 − 2008 by Holger Zuleger. Licensed under the BSD
-Licences. There is NO warranty; not even for MERCHANTABILITY
-or FITNESS FOR A PARTICULAR PURPOSE.</p>
-
-<h2>SEE ALSO
-<a name="SEE ALSO"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8),
-dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8),
-zkt-ls(8), zkt-signer(8) <br>
-RFC4641 "DNSSEC Operational Practices" by Miek
-Gieben and Olaf Kolkman, <br>
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br>
- (http://www.nlnetlabs.nl/dnssec_howto/)</p>
-<hr>
-</body>
-</html>
+++ /dev/null
-.TH zkt-ls 8 "February 25, 2010" "ZKT 1.0" ""
-\" turn off hyphenation
-.\" if n .nh
-.nh
-.SH NAME
-zkt\-ls \(em list dnskeys
-
-.SH SYNOPSYS
-.na
-.B zkt\-ls
-.B \-H
-
-.B zkt\-ls
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-adefhkLprtz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B zkt\-ls
-.B \-T
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-dhrz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-ls
-.B \-\-list-trustedkeys
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-dhrz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B zkt\-ls
-.B \-M
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-dhrz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-ls
-.B \-\-list-managedkeys
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-dhrz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.B zkt\-ls
-.B \-K
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-dhkrz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-.br
-.B zkt\-ls
-.B \-\-list-dnskeys
-.RB [ \-V|--view
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-l
-.IR "list" ]
-.RB [ \-dhkrz ]
-.RI [{ keyfile | dir }
-.RI "" ... ]
-
-.SH DESCRIPTION
-The
-.I zkt-ls
-command list all dnssec zone keys found in the given or predefined
-default directory.
-It is also possible to specify keyfiles (K*.key) as arguments.
-With option
-.B \-r
-subdirectories will be searched recursively and all dnssec keys found
-are listed, sorted by domain name, key type and generation time.
-In that mode the use of option
-.B \-p
-may be helpful to find the location of the keyfile in the directory tree.
-.PP
-Other forms of the command, print out keys in a format suitable for
-a trusted- or managed-key section
-.RB ( \-T or \-M )
-or as a DNSKEY
-.RB ( \-K )
-resource record.
-
-.SH GENERAL OPTIONS
-.TP
-.BI \-V " view" ", \-\-view=" view
-Try to read the default configuration out of a file named
-.I dnssec-<view>.conf .
-Instead of specifying the \-V or --view option every time,
-it is also possible to create a hard or softlink to the
-executable file to give it an additional name like
-.I zkt-ls-<view> .
-.TP
-.BI \-c " file" ", \-\-config=" file
-Read default values from the specified config file.
-Otherwise the default config file is read or build in defaults
-will be used.
-.TP
-.BI \-O " optstr" ", \-\-config-option=" optstr
-Set any config file option via the commandline.
-Several config file options could be specified at the argument string
-but have to be delimited by semicolon (or newline).
-.TP
-.BI \-l " list" ", \-\-label=" list
-Print out information solely about domains given in the comma or space separated
-list.
-Take care of, that every domain name has a trailing dot.
-.TP
-.BR \-d ", " \-\-directory
-Skip directory arguments.
-This will be useful in combination with wildcard arguments
-to prevent dnsssec-zkt to list all keys found in subdirectories.
-For example "zkt-ls -d *" will print out a list of all keys only found in
-the current directory.
-Maybe it is easier to use "zkt-ls ." instead (without -r set).
-The option works similar to the \-d option of
-.IR ls(1) .
-.TP
-.BR \-L ", " \-\-left-justify
-Print out the domain name left justified.
-.TP
-.BR \-k ", " \-\-ksk
-Select and print key signing keys only (default depends on command mode).
-.TP
-.BR \-z ", " \-\-zsk
-Select and print zone signing keys only (default depends on command mode).
-.TP
-.BR \-r ", " \-\-recursive
-Recursive mode (default is off).
-.br
-Also settable in the dnssec.conf file (Parameter: Recursive).
-.TP
-.BR \-p ", " \-\-path
-Print pathname in listing mode.
-In -C mode, don't create the new key in the same directory as (already existing)
-keys with the same label.
-.TP
-.BR \-a ", " \-\-age
-Print age of key in weeks, days, hours, minutes and seconds (default is off).
-.br
-Also settable in the dnssec.conf file (Parameter: PrintAge).
-.TP
-.BR \-f ", " \-\-lifetime
-Print the key lifetime.
-.TP
-.BR \-e ", " \-\-exptime
-Print the key expiration time.
-.TP
-.BR \-t ", " \-\-time
-Print the key generation time (default is on).
-.br
-Also settable in the dnssec.conf file (Parameter: PrintTime).
-.TP
-.B \-h
-No header or trusted-key resp. managed-key section header and trailer in \-T or \-M mode.
-
-.SH COMMAND OPTIONS
-.TP
-.BR \-H ", " \-\-help
-Print out the online help.
-.TP
-.BR \-T ", " \-\-list-trustedkeys
-List all key signing keys as a
-.I named.conf
-trusted-key section.
-Use
-.B \-h
-to supress the section header/trailer.
-.TP
-.BR \-K ", " \-\-list-dnskeys
-List the public part of all the keys in DNSKEY resource record format.
-Use
-.B \-h
-to suppress comment lines.
-
-.SH SAMPLE USAGE
-.TP
-.fam C
-.B "zkt\-ls \-r .
-.fam T
-Print out a list of all zone keys found below the current directory.
-.TP
-.fam C
-.B "zkt\-ls \-Z \-c """"
-.fam T
-Print out the compiled in default parameters.
-.TP
-.fam C
-.B "zkt\-ls \-T ./zonedir/example.net
-.fam T
-Print out a trusted-key section containing the key signing keys of "example.net".
-.TP
-.fam C
-.B "zkt\-ls --view intern
-.fam T
-Print out a list of all zone keys found below the directory where all
-the zones of view intern live.
-There should be a seperate dnssec config file
-.I dnssec-intern.conf
-with a directory option to take affect of this.
-.TP
-.fam C
-.B "zkt\-ls\-intern
-.fam T
-Same as above.
-The binary file
-.I zkt\-ls
-has another link, named
-.I zkt\-ls\-intern
-made, and
-.I zkt\-ls
-examines argv[0] to find a view whose zones it proceeds to process.
-
-.SH ENVIRONMENT VARIABLES
-.TP
-ZKT_CONFFILE
-Specifies the name of the default global configuration files.
-
-.SH FILES
-.TP
-.I /var/named/dnssec.conf
-Built-in default global configuration file.
-The name of the default global config file is settable via
-the environment variable ZKT_CONFFILE.
-.TP
-.I /var/named/dnssec-<view>.conf
-View specific global configuration file.
-.TP
-.I ./dnssec.conf
-Local configuration file (only used in
-.B \-C
-mode).
-
-.SH BUGS
-.PP
-Some of the general options will not be meaningful in all of the command modes.
-.br
-The option
-.B \-l
-and the ksk rollover options
-insist on domain names ending with a dot.
-
-.SH AUTHORS
-Holger Zuleger
-
-.SH COPYRIGHT
-Copyright (c) 2005 \- 2010 by Holger Zuleger.
-Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE.
-.\"--------------------------------------------------
-.SH SEE ALSO
-dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8), zkt-keyman(8), zkt-signer(8)
-.br
-RFC4641
-"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
-.br
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
-.br
-(http://www.nlnetlabs.nl/dnssec_howto/)
+++ /dev/null
-<!-- Creator : groff version 1.20.1 -->
-<!-- CreationDate: Tue Aug 3 17:20:51 2010 -->
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-"http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta name="generator" content="groff -Thtml, see www.gnu.org">
-<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
-<meta name="Content-Style" content="text/css">
-<style type="text/css">
- p { margin-top: 0; margin-bottom: 0; vertical-align: top }
- pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
- table { margin-top: 0; margin-bottom: 0; vertical-align: top }
- h1 { text-align: center }
-</style>
-<title>zkt-ls</title>
-
-</head>
-<body>
-
-<h1 align="center">zkt-ls</h1>
-
-<a href="#NAME">NAME</a><br>
-<a href="#SYNOPSYS">SYNOPSYS</a><br>
-<a href="#DESCRIPTION">DESCRIPTION</a><br>
-<a href="#GENERAL OPTIONS">GENERAL OPTIONS</a><br>
-<a href="#COMMAND OPTIONS">COMMAND OPTIONS</a><br>
-<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br>
-<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br>
-<a href="#FILES">FILES</a><br>
-<a href="#BUGS">BUGS</a><br>
-<a href="#AUTHORS">AUTHORS</a><br>
-<a href="#COPYRIGHT">COPYRIGHT</a><br>
-<a href="#SEE ALSO">SEE ALSO</a><br>
-
-<hr>
-
-
-<h2>NAME
-<a name="NAME"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">zkt−ls
-— list dnskeys</p>
-
-<h2>SYNOPSYS
-<a name="SYNOPSYS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls
-−H</b></p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls</b>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−l</b> <i>list</i>]
-[<b>−adefhkLprtz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>]</p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls
-−T</b> [<b>−V|--view</b> <i>view</i>]
-[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>]
-[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−ls −−list-trustedkeys</b>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−l</b> <i>list</i>]
-[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>]</p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls
-−M</b> [<b>−V|--view</b> <i>view</i>]
-[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>]
-[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−ls −−list-managedkeys</b>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−l</b> <i>list</i>]
-[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>]</p>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls
-−K</b> [<b>−V|--view</b> <i>view</i>]
-[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>]
-[<b>−dhkrz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>] <b><br>
-zkt−ls −−list-dnskeys</b>
-[<b>−V|--view</b> <i>view</i>] [<b>−c</b>
-<i>file</i>] [<b>−l</b> <i>list</i>]
-[<b>−dhkrz</b>] [{<i>keyfile</i>|<i>dir</i>}
-<i>...</i>]</p>
-
-<h2>DESCRIPTION
-<a name="DESCRIPTION"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">The
-<i>zkt-ls</i> command list all dnssec zone keys found in the
-given or predefined default directory. It is also possible
-to specify keyfiles (K*.key) as arguments. With option
-<b>−r</b> subdirectories will be searched recursively
-and all dnssec keys found are listed, sorted by domain name,
-key type and generation time. In that mode the use of option
-<b>−p</b> may be helpful to find the location of the
-keyfile in the directory tree.</p>
-
-<p style="margin-left:11%; margin-top: 1em">Other forms of
-the command, print out keys in a format suitable for a
-trusted- or managed-key section
-(<b>−T</b>or<b>−M</b>) or as a DNSKEY
-(<b>−K</b>) resource record.</p>
-
-<h2>GENERAL OPTIONS
-<a name="GENERAL OPTIONS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>−V</b>
-<i>view</i><b>, −−view=</b><i>view</i></p>
-
-<p style="margin-left:22%;">Try to read the default
-configuration out of a file named
-<i>dnssec-<view>.conf .</i> Instead of specifying the
-−V or --view option every time, it is also possible to
-create a hard or softlink to the executable file to give it
-an additional name like <i>zkt-ls-<view> .</i></p>
-
-<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>,
-−−config=</b><i>file</i></p>
-
-<p style="margin-left:22%;">Read default values from the
-specified config file. Otherwise the default config file is
-read or build in defaults will be used.</p>
-
-<p style="margin-left:11%;"><b>−O</b>
-<i>optstr</i><b>,
-−−config-option=</b><i>optstr</i></p>
-
-<p style="margin-left:22%;">Set any config file option via
-the commandline. Several config file options could be
-specified at the argument string but have to be delimited by
-semicolon (or newline).</p>
-
-<p style="margin-left:11%;"><b>−l</b> <i>list</i><b>,
-−−label=</b><i>list</i></p>
-
-<p style="margin-left:22%;">Print out information solely
-about domains given in the comma or space separated list.
-Take care of, that every domain name has a trailing dot.</p>
-
-<p style="margin-left:11%;"><b>−d</b>,
-<b>−−directory</b></p>
-
-<p style="margin-left:22%;">Skip directory arguments. This
-will be useful in combination with wildcard arguments to
-prevent dnsssec-zkt to list all keys found in
-subdirectories. For example "zkt-ls -d *" will
-print out a list of all keys only found in the current
-directory. Maybe it is easier to use "zkt-ls ."
-instead (without -r set). The option works similar to the
-−d option of <i>ls(1)</i>.</p>
-
-<p style="margin-left:11%;"><b>−L</b>,
-<b>−−left-justify</b></p>
-
-<p style="margin-left:22%;">Print out the domain name left
-justified.</p>
-
-<p style="margin-left:11%;"><b>−k</b>,
-<b>−−ksk</b></p>
-
-<p style="margin-left:22%;">Select and print key signing
-keys only (default depends on command mode).</p>
-
-<p style="margin-left:11%;"><b>−z</b>,
-<b>−−zsk</b></p>
-
-<p style="margin-left:22%;">Select and print zone signing
-keys only (default depends on command mode).</p>
-
-<p style="margin-left:11%;"><b>−r</b>,
-<b>−−recursive</b></p>
-
-<p style="margin-left:22%;">Recursive mode (default is
-off). <br>
-Also settable in the dnssec.conf file (Parameter:
-Recursive).</p>
-
-<p style="margin-left:11%;"><b>−p</b>,
-<b>−−path</b></p>
-
-<p style="margin-left:22%;">Print pathname in listing mode.
-In -C mode, don’t create the new key in the same
-directory as (already existing) keys with the same
-label.</p>
-
-<p style="margin-left:11%;"><b>−a</b>,
-<b>−−age</b></p>
-
-<p style="margin-left:22%;">Print age of key in weeks,
-days, hours, minutes and seconds (default is off). <br>
-Also settable in the dnssec.conf file (Parameter:
-PrintAge).</p>
-
-<p style="margin-left:11%;"><b>−f</b>,
-<b>−−lifetime</b></p>
-
-<p style="margin-left:22%;">Print the key lifetime.</p>
-
-<p style="margin-left:11%;"><b>−e</b>,
-<b>−−exptime</b></p>
-
-<p style="margin-left:22%;">Print the key expiration
-time.</p>
-
-<p style="margin-left:11%;"><b>−t</b>,
-<b>−−time</b></p>
-
-<p style="margin-left:22%;">Print the key generation time
-(default is on). <br>
-Also settable in the dnssec.conf file (Parameter:
-PrintTime).</p>
-
-<table width="100%" border="0" rules="none" frame="void"
- cellspacing="0" cellpadding="0">
-<tr valign="top" align="left">
-<td width="11%"></td>
-<td width="3%">
-
-
-<p><b>−h</b></p></td>
-<td width="8%"></td>
-<td width="78%">
-
-
-<p>No header or trusted-key resp. managed-key section
-header and trailer in −T or −M mode.</p></td></tr>
-</table>
-
-<h2>COMMAND OPTIONS
-<a name="COMMAND OPTIONS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>−H</b>,
-<b>−−help</b></p>
-
-<p style="margin-left:22%;">Print out the online help.</p>
-
-<p style="margin-left:11%;"><b>−T</b>,
-<b>−−list-trustedkeys</b></p>
-
-<p style="margin-left:22%;">List all key signing keys as a
-<i>named.conf</i> trusted-key section. Use <b>−h</b>
-to supress the section header/trailer.</p>
-
-<p style="margin-left:11%;"><b>−K</b>,
-<b>−−list-dnskeys</b></p>
-
-<p style="margin-left:22%;">List the public part of all the
-keys in DNSKEY resource record format. Use <b>−h</b>
-to suppress comment lines.</p>
-
-<h2>SAMPLE USAGE
-<a name="SAMPLE USAGE"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls
-−r .</b></p>
-
-<p style="margin-left:22%;">Print out a list of all zone
-keys found below the current directory.</p>
-
-<p style="margin-left:11%;"><b>zkt−ls −Z
-−c ""</b></p>
-
-<p style="margin-left:22%;">Print out the compiled in
-default parameters.</p>
-
-<p style="margin-left:11%;"><b>zkt−ls −T
-./zonedir/example.net</b></p>
-
-<p style="margin-left:22%;">Print out a trusted-key section
-containing the key signing keys of
-"example.net".</p>
-
-<p style="margin-left:11%;"><b>zkt−ls --view
-intern</b></p>
-
-<p style="margin-left:22%;">Print out a list of all zone
-keys found below the directory where all the zones of view
-intern live. There should be a seperate dnssec config file
-<i>dnssec-intern.conf</i> with a directory option to take
-affect of this.</p>
-
-
-<p style="margin-left:11%;"><b>zkt−ls−intern</b></p>
-
-<p style="margin-left:22%;">Same as above. The binary file
-<i>zkt−ls</i> has another link, named
-<i>zkt−ls−intern</i> made, and
-<i>zkt−ls</i> examines argv[0] to find a view whose
-zones it proceeds to process.</p>
-
-<h2>ENVIRONMENT VARIABLES
-<a name="ENVIRONMENT VARIABLES"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p>
-
-<p style="margin-left:22%;">Specifies the name of the
-default global configuration files.</p>
-
-<h2>FILES
-<a name="FILES"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p>
-
-<p style="margin-left:22%;">Built-in default global
-configuration file. The name of the default global config
-file is settable via the environment variable
-ZKT_CONFFILE.</p>
-
-
-<p style="margin-left:11%;"><i>/var/named/dnssec-<view>.conf</i></p>
-
-<p style="margin-left:22%;">View specific global
-configuration file.</p>
-
-<p style="margin-left:11%;"><i>./dnssec.conf</i></p>
-
-<p style="margin-left:22%;">Local configuration file (only
-used in <b>−C</b> mode).</p>
-
-<h2>BUGS
-<a name="BUGS"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Some of the
-general options will not be meaningful in all of the command
-modes. <br>
-The option <b>−l</b> and the ksk rollover options
-insist on domain names ending with a dot.</p>
-
-<h2>AUTHORS
-<a name="AUTHORS"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Holger
-Zuleger</p>
-
-<h2>COPYRIGHT
-<a name="COPYRIGHT"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Copyright (c)
-2005 − 2010 by Holger Zuleger. Licensed under the BSD
-Licences. There is NO warranty; not even for MERCHANTABILITY
-or FITNESS FOR A PARTICULAR PURPOSE.</p>
-
-<h2>SEE ALSO
-<a name="SEE ALSO"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8),
-dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8),
-zkt-keyman(8), zkt-signer(8) <br>
-RFC4641 "DNSSEC Operational Practices" by Miek
-Gieben and Olaf Kolkman, <br>
-DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br>
- (http://www.nlnetlabs.nl/dnssec_howto/)</p>
-<hr>
-</body>
-</html>
+++ /dev/null
-.TH zkt-signer 8 "Nov 27, 2010" "ZKT 1.1" ""
-\" turn off hyphenation
-.\" if n .nh
-.nh
-.SH NAME
-zkt-signer \(em Secure DNS zone signing tool
-
-.SH SYNOPSYS
-.na
-.B zkt-signer
-.RB [ \-L
-.IR "file" ]
-.RB [ \-V
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-O
-.IR "optstr" ]
-.RB [ \-fhnr ]
-.RB [ \-v
-.RB [ \-v ]]
-.B \-N
-.I "named.conf"
-.RI [ zone
-.RI "" ... ]
-.br
-.B zkt-signer
-.RB [ \-L
-.IR "file" ]
-.RB [ \-V
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-O
-.IR "optstr" ]
-.RB [ \-fhnr ]
-.RB [ \-v
-.RB [ \-v ]]
-.RB [ \-D
-.IR "directory" ]
-.RI [ zone
-.RI "" ... ]
-.br
-.B zkt-signer
-.RB [ \-L
-.IR "file" ]
-.RB [ \-V
-.IR "view" ]
-.RB [ \-c
-.IR "file" ]
-.RB [ \-O
-.IR "optstr" ]
-.RB [ \-fhnr ]
-.RB [ \-v
-.RB [ \-v ]]
-.B \-o
-.IR "origin"
-.RI [ zonefile ]
-
-.SH DESCRIPTION
-The
-.I zkt-signer
-command is a wrapper around
-.I dnssec-signzone(8)
-and
-.I dnssec-keygen(8)
-to sign a zone and manage the necessary zone keys.
-It is able to increment the serial number before signing the zone
-and can trigger
-.I named(8)
-to reload the signed zone file.
-The command controls several secure zones and, if started in regular
-intervals via
-.IR cron(8) ,
-can do all that stuff automatically.
-.PP
-In the most useful usage scenario the command will be called with option
-.B \-N
-to read the secure zones out of the given
-.I named.conf
-file.
-If you have a configuration file with views, you have to use option
--V viewname or --view viewname to specify the name of the view.
-Alternately you could link the executable file to a second name like
-.I zkt-signer-viewname
-and use that command to specify the name of the view.
-.br
-All master zone statements will be scanned for filenames
-ending with ".signed".
-These zones will be checked if the necessary zone- and key signing keys
-are existent and fresh enough to be used in the signing process.
-If one or more out-dated keys are found, new keying material will be generated via
-the
-.I dnssec-keygen(8)
-command and the old keys will be marked as depreciated.
-So the command do anything needed for a zone key rollover as defined by [2].
-.PP
-If the resigning interval is reached or any new key must be announced,
-the serial number of the zone will be incremented and the
-.I dnssec-signzone(8)
-command will be evoked to sign the zone.
-After that, if the option
-.B \-r
-is given, the
-.I rndc(8)
-command will be called to reload the zone on the
-nameserver.
-.PP
-In the second form of the command it is possible to specify a directory
-tree with the option
-.B \-D
-.IR dir .
-Every secure zone found in a subdirectory below
-.I dir
-will be signed.
-However, it is also possible to reduce the signing to those
-zones given as arguments.
-.br
-If
-.B \-D
-is ommitted (and neither
-.B \-N
-nor
-.BI \-o origin
-is specified) the default directory specified in the
-.I dnssec.conf
-file by the parameter
-.I zonedir
-will be used as top level directory.
-.ig
-In directory mode the pre-requisite is, that the directory name is
-exactly (including the trailing dot) the same as the zone name.
-..
-
-.SH OPTIONS
-.TP
-.BI \-L " file|dir" ", \-\-logfile=" file|dir
-Specify the name of a log file or a directory where
-logfiles are created with a name like
-.fam C
-.\"# define LOG_FNAMETMPL "/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log"
-.RI zkt- YYYY-MM-DD T hhmmss Z.log .
-.fam T
-.\" \&.
-If the argument is not an absolute path name and a zone directory
-is specified in the config file, this will be prepended to the given name.
-This option is also settable in the dnssec.conf file via the parameter
-.BI LogFile .
-.br
-The default is no file logging, but error logging to syslog with facility
-.BI USER
-at level
-.BI ERROR
-is enabled by default.
-These parameters are settable via the config file parameter
-.BI "SyslogFacility" ,
-.BI "SyslogLevel" ,
-.BI "LogFile"
-and
-.BI "Loglevel" .
-.br
-The additional parameter
-.BI VerboseLog
-specifies the verbosity (0|1|2) of messages that will be logged
-with level
-.BI DEBUG
-to file and syslog.
-
-.TP
-.BI \-V " view" ", \-\-view=" view
-Try to read the default configuration out of a file named
-.I dnssec-<view>.conf .
-Instead of specifying the \-V or --view option every time,
-it is also possible to create a hard- or softlink to the
-executable file with an additional name like
-.I zkt-signer-<view> .
-.TP
-.BI \-c " file" ", \-\-config=" file
-Read configuration values out of the specified file.
-Otherwise the default config file is read or build-in defaults
-will be used.
-.TP
-.BI \-O " optstr" ", \-\-config-option=" optstr
-Set any config file option via the commandline.
-Several config file options can be specified via the argument string
-but have to be delimited by semicolon (or newline).
-.TP
-.BR \-f ", " \-\-force
-Force a resigning of the zone, regardless if the resigning interval
-is reached or new keys must be announced.
-.TP
-.BR \-n ", " \-\-noexec
-Don't execute the
-.I dnssec-signzone(8)
-command.
-Currently this option is of very limited usage.
-.TP
-.BR \-r ", " \-\-reload
-Reload the zone via
-.I rndc(8)
-after successful signing.
-In a production environment it is recommended to use this option
-to be sure that a freshly signed zone will be immediately propagated.
-However, that's only feasable if named runs on the signing
-machine, which is not recommended.
-.ig
-Otherwise the signed zonefile must be copied to the production
-server before reloading the zone.
-If this is the case, the parameter
-.I propagation
-in the
-.I dnssec.conf
-file must be set to a reasonable value.
-..
-.TP
-.BR \-v ", " \-\-verbose
-Verbose mode (recommended).
-A second
-.B \-v
-will be a little more verbose.
-.TP
-.BR \-h ", " \-\-help
-Print out the online help.
-
-.SH SAMPLE USAGE
-.TP
-.fam C
-.B "zkt-signer \-N /var/named/named.conf \-r \-v \-v
-.fam T
-Sign all secure zones found in the named.conf file and, if necessary,
-trigger a reload of the zone.
-Print some explanatory remarks on stdout.
-.TP
-.fam C
-.B "zkt-signer \-D zonedir/example.net. \-f \-v \-v
-.fam T
-Force the signing of the zone found in the directory
-.I zonedir/example.net .
-Do not reload the zone.
-.TP
-.fam C
-.B "zkt-signer \-D zonedir \-f \-v \-v example.net.
-.fam T
-Same as above.
-.TP
-.fam C
-.B "zkt-signer \-f \-v \-v example.net.
-.fam T
-Same as above if the
-.I dnssec.conf
-file contains the path of the parent directory of the
-.I example.net
-zone.
-.TP
-.fam C
-.B "zkt-signer \-f \-v \-v \-o example.net. zone.db
-.fam T
-Same as above if we are in the directory containing the
-.I example.net
-files.
-.TP
-.fam C
-.B "zkt-signer \-\-config-option='ResignInterval 1d; Sigvalidity 28h; \e
-.B ZSKlifetime 2d;' \-v \-v \-o example.net. zone.db
-.fam T
-.br
-Sign the example.net zone but override some config file values with parameters
-given on the commandline.
-
-.SH Zone setup and initial preparation
-.TP
-Create a separate directory for every secure zone.
-.br
-This is useful because there are many additional files needed to
-secure a zone.
-Besides the zone file
-.RI ( zone.db ),
-there is a signed zone file
-.RI ( zone.db.signed),
-a minimum of four files containing the key material,
-a file called
-.I dnskey.db
-with the current used keys,
-and the
-.I dsset-
-and
-.IR keyset- files
-created by the
-.I dnssec-signzone(8)
-command.
-So in summary there is a minimum of nine files used per secure zone.
-For every additional key there are two extra files and
-every delegated subzone creates also two or three files.
-.TP
-Name the directory just like the zone.
-.br
-That's only needed if you want to use the zkt-signer command in
-directory mode
-.RB ( \-D ).
-Then the name of the zone will be parsed out of the directory name.
-.TP
-Change the name of the zone file to \fIzone.db\fP
-Otherwise you have to set the name via the
-.I dnssec.conf
-parameter
-.IR zonefile ,
-or you have to use the option
-.B \-o
-to name the zone and specify the zone file as argument.
-.TP
-Add the name of the signed zonefile to the \fInamed.conf\fP file
-The filename is the name of the zone file with the
-extension
-.IR .signed .
-Create an empty file with the name
-.IB zone.db .signed
-in the zone directory.
-.TP
-Include the keyfile in the zone.
-The name of the keyfile is settable by the
-.I dnssec.conf
-parameter
-.I keyfile .
-The default is
-.I dnskey.db .
-.br
-.if t \{\
-.nf
-.fam C
- ...
- IN NS ns1.example.net.
- IN NS ns2.example.net.
-$INCLUDE dnskey.db
- ...
-.fi
-.fam T
-You can also run
-.I zkt-conf(8)
-in the secure zone directory to do this.
-Try
-.br
-.if t \{\
-.nf
-.fam C
-$ zkt-conf -w zone.db
-.fi
-.fam T
-.\}
-.TP
-Control the format of the SOA-Record
-For automatic incrementation of the serial number, the SOA-Record
-must be formated, so that the serial number is on a single line and
-left justified in a field of at least 10 spaces!
-.if t \{\
-.fam C
-.\"fi 0
-.nf
-@ IN SOA ns1.example.net. hostmaster.example.net. (
- 60 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ); Minimum
-.fi
-.fam T
-.\}
-If you use BIND version 9.4 or later and
-use the unixtime format for the serial number (which is the default since ZKT-1.0)
-this is not necessary.
-See also the parameter Serialformat in
-.IR dnssec.conf .
-.TP
-Try to sign the zone
-If the current working directory is the directory of the zone
-.IR example.net ,
-use the command
-.fam C
-.nf
-.sp 0.5
- $ zkt-signer \-D .. \-v \-v example.net
- or
- $ zkt-signer \-o example.net.
-.sp 0.5
-.fi
-.fam T
-to create the initial keying material and a signed zone file.
-Then try to load the file on the name server.
-
-.SH ENVIRONMENT VARIABLES
-.TP
-ZKT_CONFFILE
-Specifies the name of the default global configuration file.
-
-.SH FILES
-.TP
-.I /var/named/dnssec.conf
-Built-in default global configuration file.
-The name of the default global config file is settable via
-the environment variable ZKT_CONFFILE.
-Use
-.I zkt-conf(8)
-with option
-.B \-w
-or
-.I dnssec-zkt(8)
-with option
-.B \-Z
-to create an initial config file.
-.TP
-.I /var/named/dnssec-<view>.conf
-View specific global configuration file.
-.TP
-.I ./dnssec.conf
-Local configuration file.
-The file contains typically only the diff to the global site wide config file.
-Use for example
-.fam C
-.nf
-.sp 0.5
- $ zkt-conf -w -l -O "key_ttl: 5d"
-.sp 0.5
-.fi
-.fam T
-to create a local config file with a different key ttl time.
-.TP
-.I dnskey.db
-The file contains the currently used key and zone signing keys.
-It will be created by
-.IR dnsssec-signer(8) .
-The name of the file is settable via the dnssec configuration
-file (parameter
-.IR keyfile ).
-.TP
-.I zone.db
-This is the zone file.
-The name of the file is settable via the dnssec configuration
-file (parameter
-.IR zonefile ).
-
-.SH BUGS
-.PP
-The named.conf parser is a bit rudimental and not
-very well tested.
-
-.SH AUTHORS
-The man page is written by
-Holger Zuleger and Mans Nilsson
-
-.SH COPYRIGHT
-Copyright (c) 2005 \- 2010 by Holger Zuleger.
-Licensed under the BSD Licence. There is NO warranty; not even for MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE.
-.\"--------------------------------------------------
-
-.SH SEE ALSO
-dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8), zkt-ls(8), zkt-keygen(8)
-.br
-RFC4033, RFC4034, RFC4035
-.br
-[1] DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
-.br
-(http://www.nlnetlabs.nl/dnssec_howto/)
-.br
-[2] RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman
-.br
-(http://www.ietf.org/rfc/rfc4641.txt)
+++ /dev/null
-<!-- Creator : groff version 1.20.1 -->
-<!-- CreationDate: Sat Nov 27 20:13:08 2010 -->
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-"http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta name="generator" content="groff -Thtml, see www.gnu.org">
-<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
-<meta name="Content-Style" content="text/css">
-<style type="text/css">
- p { margin-top: 0; margin-bottom: 0; vertical-align: top }
- pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
- table { margin-top: 0; margin-bottom: 0; vertical-align: top }
- h1 { text-align: center }
-</style>
-<title>zkt-signer</title>
-
-</head>
-<body>
-
-<h1 align="center">zkt-signer</h1>
-
-<a href="#NAME">NAME</a><br>
-<a href="#SYNOPSYS">SYNOPSYS</a><br>
-<a href="#DESCRIPTION">DESCRIPTION</a><br>
-<a href="#OPTIONS">OPTIONS</a><br>
-<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br>
-<a href="#Zone setup and initial preparation">Zone setup and initial preparation</a><br>
-
-<hr>
-
-
-<h2>NAME
-<a name="NAME"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">zkt-signer
-— Secure DNS zone signing tool</p>
-
-<h2>SYNOPSYS
-<a name="SYNOPSYS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt-signer</b>
-[<b>−L</b> <i>file</i>] [<b>−V</b> <i>view</i>]
-[<b>−c</b> <i>file</i>] [<b>−O</b>
-<i>optstr</i>] [<b>−fhnr</b>] [<b>−v</b>
-[<b>−v</b>]] <b>−N</b> <i>named.conf</i>
-[<i>zone ...</i>] <b><br>
-zkt-signer</b> [<b>−L</b> <i>file</i>]
-[<b>−V</b> <i>view</i>] [<b>−c</b> <i>file</i>]
-[<b>−O</b> <i>optstr</i>] [<b>−fhnr</b>]
-[<b>−v</b> [<b>−v</b>]] [<b>−D</b>
-<i>directory</i>] [<i>zone ...</i>] <b><br>
-zkt-signer</b> [<b>−L</b> <i>file</i>]
-[<b>−V</b> <i>view</i>] [<b>−c</b> <i>file</i>]
-[<b>−O</b> <i>optstr</i>] [<b>−fhnr</b>]
-[<b>−v</b> [<b>−v</b>]] <b>−o</b>
-<i>origin</i> [<i>zonefile</i>]</p>
-
-<h2>DESCRIPTION
-<a name="DESCRIPTION"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">The
-<i>zkt-signer</i> command is a wrapper around
-<i>dnssec-signzone(8)</i> and <i>dnssec-keygen(8)</i> to
-sign a zone and manage the necessary zone keys. It is able
-to increment the serial number before signing the zone and
-can trigger <i>named(8)</i> to reload the signed zone file.
-The command controls several secure zones and, if started in
-regular intervals via <i>cron(8)</i>, can do all that stuff
-automatically.</p>
-
-<p style="margin-left:11%; margin-top: 1em">In the most
-useful usage scenario the command will be called with option
-<b>−N</b> to read the secure zones out of the given
-<i>named.conf</i> file. If you have a configuration file
-with views, you have to use option -V viewname or --view
-viewname to specify the name of the view. Alternately you
-could link the executable file to a second name like
-<i>zkt-signer-viewname</i> and use that command to specify
-the name of the view. <br>
-All master zone statements will be scanned for filenames
-ending with ".signed". These zones will be checked
-if the necessary zone- and key signing keys are existent and
-fresh enough to be used in the signing process. If one or
-more out-dated keys are found, new keying material will be
-generated via the <i>dnssec-keygen(8)</i> command and the
-old keys will be marked as depreciated. So the command do
-anything needed for a zone key rollover as defined by
-[2].</p>
-
-<p style="margin-left:11%; margin-top: 1em">If the
-resigning interval is reached or any new key must be
-announced, the serial number of the zone will be incremented
-and the <i>dnssec-signzone(8)</i> command will be evoked to
-sign the zone. After that, if the option <b>−r</b> is
-given, the <i>rndc(8)</i> command will be called to reload
-the zone on the nameserver.</p>
-
-<p style="margin-left:11%; margin-top: 1em">In the second
-form of the command it is possible to specify a directory
-tree with the option <b>−D</b> <i>dir</i>. Every
-secure zone found in a subdirectory below <i>dir</i> will be
-signed. However, it is also possible to reduce the signing
-to those zones given as arguments. <br>
-If <b>−D</b> is ommitted (and neither <b>−N</b>
-nor <b>−o</b><i>origin</i> is specified) the default
-directory specified in the <i>dnssec.conf</i> file by the
-parameter <i>zonedir</i> will be used as top level
-directory.</p>
-
-<h2>OPTIONS
-<a name="OPTIONS"></a>
-</h2>
-
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>−L</b>
-<i>file|dir</i><b>,
-−−logfile=</b><i>file|dir</i></p>
-
-<p style="margin-left:22%;">Specify the name of a log file
-or a directory where logfiles are created with a name like
-zkt-<i>YYYY-MM-DD</i>T<i>hhmmss</i>Z.log<i>.</i> If the
-argument is not an absolute path name and a zone directory
-is specified in the config file, this will be prepended to
-the given name. This option is also settable in the
-dnssec.conf file via the parameter <b>LogFile</b><i>.</i>
-<br>
-The default is no file logging, but error logging to syslog
-with facility <b>USER</b> at level <b>ERROR</b> is enabled
-by default. These parameters are settable via the config
-file parameter <b>SyslogFacility</b><i>,</i>
-<b>SyslogLevel</b><i>,</i> <b>LogFile</b> and
-<b>Loglevel</b><i>.</i> <br>
-The additional parameter <b>VerboseLog</b> specifies the
-verbosity (0|1|2) of messages that will be logged with level
-<b>DEBUG</b> to file and syslog.</p>
-
-<p style="margin-left:11%;"><b>−V</b> <i>view</i><b>,
-−−view=</b><i>view</i></p>
-
-<p style="margin-left:22%;">Try to read the default
-configuration out of a file named
-<i>dnssec-<view>.conf .</i> Instead of specifying the
-−V or --view option every time, it is also possible to
-create a hard- or softlink to the executable file with an
-additional name like <i>zkt-signer-<view> .</i></p>
-
-<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>,
-−−config=</b><i>file</i></p>
-
-<p style="margin-left:22%;">Read configuration values out
-of the specified file. Otherwise the default config file is
-read or build-in defaults will be used.</p>
-
-<p style="margin-left:11%;"><b>−O</b>
-<i>optstr</i><b>,
-−−config-option=</b><i>optstr</i></p>
-
-<p style="margin-left:22%;">Set any config file option via
-the commandline. Several config file options can be
-specified via the argument string but have to be delimited
-by semicolon (or newline).</p>
-
-<p style="margin-left:11%;"><b>−f</b>,
-<b>−−force</b></p>
-
-<p style="margin-left:22%;">Force a resigning of the zone,
-regardless if the resigning interval is reached or new keys
-must be announced.</p>
-
-<p style="margin-left:11%;"><b>−n</b>,
-<b>−−noexec</b></p>
-
-<p style="margin-left:22%;">Don’t execute the
-<i>dnssec-signzone(8)</i> command. Currently this option is
-of very limited usage.</p>
-
-<p style="margin-left:11%;"><b>−r</b>,
-<b>−−reload</b></p>
-
-<p style="margin-left:22%;">Reload the zone via
-<i>rndc(8)</i> after successful signing. In a production
-environment it is recommended to use this option to be sure
-that a freshly signed zone will be immediately propagated.
-However, that’s only feasable if named runs on the
-signing machine, which is not recommended.</p>
-
-<p style="margin-left:11%;"><b>−v</b>,
-<b>−−verbose</b></p>
-
-<p style="margin-left:22%;">Verbose mode (recommended). A
-second <b>−v</b> will be a little more verbose.</p>
-
-<p style="margin-left:11%;"><b>−h</b>,
-<b>−−help</b></p>
-
-<p style="margin-left:22%;">Print out the online help.</p>
-
-<h2>SAMPLE USAGE
-<a name="SAMPLE USAGE"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em"><b>zkt-signer
-−N /var/named/named.conf −r −v
-−v</b></p>
-
-<p style="margin-left:22%;">Sign all secure zones found in
-the named.conf file and, if necessary, trigger a reload of
-the zone. Print some explanatory remarks on stdout.</p>
-
-<p style="margin-left:11%;"><b>zkt-signer −D
-zonedir/example.net. −f −v −v</b></p>
-
-<p style="margin-left:22%;">Force the signing of the zone
-found in the directory <i>zonedir/example.net .</i> Do not
-reload the zone.</p>
-
-<p style="margin-left:11%;"><b>zkt-signer −D zonedir
-−f −v −v example.net.</b></p>
-
-<p style="margin-left:22%;">Same as above.</p>
-
-<p style="margin-left:11%;"><b>zkt-signer −f −v
-−v example.net.</b></p>
-
-<p style="margin-left:22%;">Same as above if the
-<i>dnssec.conf</i> file contains the path of the parent
-directory of the <i>example.net</i> zone.</p>
-
-<p style="margin-left:11%;"><b>zkt-signer −f −v
-−v −o example.net. zone.db</b></p>
-
-<p style="margin-left:22%;">Same as above if we are in the
-directory containing the <i>example.net</i> files.</p>
-
-<p style="margin-left:11%;"><b>zkt-signer
-−−config-option=’ResignInterval 1d;
-Sigvalidity 28h; \</b></p>
-
-<p style="margin-left:22%;"><b>ZSKlifetime 2d;’
-−v −v −o example.net. zone.db</b> <br>
-Sign the example.net zone but override some config file
-values with parameters given on the commandline.</p>
-
-<h2>Zone setup and initial preparation
-<a name="Zone setup and initial preparation"></a>
-</h2>
-
-
-<p style="margin-left:11%; margin-top: 1em">Create a
-separate directory for every secure zone.</p>
-
-<p style="margin-left:22%;">This is useful because there
-are many additional files needed to secure a zone. Besides
-the zone file (<i>zone.db</i>), there is a signed zone file
-(<i>zone.db.signed),</i> a minimum of four files containing
-the key material, a file called <i>dnskey.db</i> with the
-current used keys, and the <i>dsset-</i> and
-<i>keyset-</i>files created by the <i>dnssec-signzone(8)</i>
-command. So in summary there is a minimum of nine files used
-per secure zone. For every additional key there are two
-extra files and every delegated subzone creates also two or
-three files.</p>
-
-<p style="margin-left:11%;">Name the directory just like
-the zone.</p>
-
-<p style="margin-left:22%;">That’s only needed if you
-want to use the zkt-signer command in directory mode
-(<b>−D</b>). Then the name of the zone will be parsed
-out of the directory name.</p>
-
-<p style="margin-left:11%;">Change the name of the zone
-file to <i>zone.db</i></p>
-
-<p style="margin-left:22%;">Otherwise you have to set the
-name via the <i>dnssec.conf</i> parameter <i>zonefile</i>,
-or you have to use the option <b>−o</b> to name the
-zone and specify the zone file as argument.</p>
-
-<p style="margin-left:11%;">Add the name of the signed
-zonefile to the <i>named.conf</i> file</p>
-
-<p style="margin-left:22%;">The filename is the name of the
-zone file with the extension <i>.signed</i>. Create an empty
-file with the name <i>zone.db</i><b>.signed</b> in the zone
-directory.</p>
-
-<p style="margin-left:11%;">Include the keyfile in the
-zone.</p>
-
-<p style="margin-left:22%;">The name of the keyfile is
-settable by the <i>dnssec.conf</i> parameter <i>keyfile
-.</i> The default is <i>dnskey.db .</i></p>
-<hr>
-</body>
-</html>
+++ /dev/null
-/*****************************************************************
-**
-** @(#) misc.c -- helper functions for the dnssec zone key tools
-**
-** Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <unistd.h> /* for link(), unlink() */
-# include <ctype.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include <time.h>
-# include <utime.h>
-# include <assert.h>
-# include <errno.h>
-# include <fcntl.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-# include "zconf.h"
-# include "log.h"
-# include "debug.h"
-#define extern
-# include "misc.h"
-#undef extern
-
-# define TAINTEDCHARS "`$@;&<>|"
-
-extern const char *progname;
-
-/*****************************************************************
-** getnameappendix (progname, basename)
-** return a pointer to the substring in progname subsequent
-** following "<basename>-".
-*****************************************************************/
-const char *getnameappendix (const char *progname, const char *basename)
-{
- const char *p;
- int baselen;
-
- assert (progname != NULL);
- assert (basename != NULL);
-
- if ( (p = strrchr (progname, '/')) != NULL )
- p++;
- else
- p = progname;
-
- baselen = strlen (basename);
- if ( strncmp (p, basename, baselen-1) == 0 && *(p+baselen) == '-' )
- {
- p += baselen + 1;
- if ( *p )
- return p;
- }
-
- return NULL;
-}
-
-/*****************************************************************
-** getdefconfname (view)
-** returns a pointer to a dynamic string containing the
-** default configuration file name
-*****************************************************************/
-const char *getdefconfname (const char *view)
-{
- char *p;
- char *file;
- char *buf;
- int size;
-
- if ( (file = getenv ("ZKT_CONFFILE")) == NULL )
- file = CONFIG_FILE;
- dbg_val2 ("getdefconfname (%s) file = %s\n", view ? view : "NULL", file);
-
- if ( view == NULL || *view == '\0' || (p = strrchr (file, '.')) == NULL )
- return strdup (file);
-
- size = strlen (file) + strlen (view) + 1 + 1;
- if ( (buf = malloc (size)) == NULL )
- return strdup (file);
-
- dbg_val1 ("0123456789o123456789o123456789\tsize=%d\n", size);
- dbg_val4 ("%.*s-%s%s\n", p - file, file, view, p);
-
- snprintf (buf, size, "%.*s-%s%s", (int)(p - file), file, view, p);
- return buf;
-}
-
-/*****************************************************************
-** domain_canonicdup (s)
-** returns NULL or a pointer to a dynamic string containing the
-** canonic (all lower case letters and ending with a '.')
-** domain name
-*****************************************************************/
-char *domain_canonicdup (const char *s)
-{
- char *new;
- char *p;
- int len;
- int add_dot;
-
- if ( s == NULL )
- return NULL;
-
- add_dot = 0;
- len = strlen (s);
- if ( len > 0 && s[len-1] != '.' )
- add_dot = len++;
-
- if ( (new = p = malloc (len + 1)) == NULL )
- return NULL;
-
- while ( *s )
- *p++ = tolower (*s++);
- if ( add_dot )
- *p++ = '.';
- *p = '\0';
-
- return new;
-}
-#if 0 /* replaced by domain_canonicdup */
-/*****************************************************************
-** str_tolowerdup (s)
-*****************************************************************/
-char *str_tolowerdup (const char *s)
-{
- char *new;
- char *p;
-
- if ( s == NULL || (new = p = malloc (strlen (s) + 1)) == NULL )
- return NULL;
-
- while ( *s )
- *p++ = tolower (*s++);
- *p = '\0';
-
- return new;
-}
-#endif
-
-/*****************************************************************
-** str_delspace (s)
-** Remove in string 's' all white space char
-*****************************************************************/
-char *str_delspace (char *s)
-{
- char *start;
- char *p;
-
- if ( !s ) /* no string present ? */
- return NULL;
-
- start = s;
- for ( p = s; *p; p++ )
- if ( !isspace (*p) )
- *s++ = *p; /* copy each nonspace */
-
- *s = '\0'; /* terminate string */
-
- return start;
-}
-
-/*****************************************************************
-** in_strarr (str, arr, cnt)
-** check if string array 'arr' contains the string 'str'
-** return 1 if true or 'arr' or 'str' is empty, otherwise 0
-*****************************************************************/
-int in_strarr (const char *str, char *const arr[], int cnt)
-{
- if ( arr == NULL || cnt <= 0 )
- return 1;
-
- if ( str == NULL || *str == '\0' )
- return 0;
-
- while ( --cnt >= 0 )
- if ( strcmp (str, arr[cnt]) == 0 )
- return 1;
-
- return 0;
-}
-
-/*****************************************************************
-** str_untaint (s)
-** Remove in string 's' all TAINTED chars
-*****************************************************************/
-char *str_untaint (char *str)
-{
- char *p;
-
- assert (str != NULL);
-
- for ( p = str; *p; p++ )
- if ( strchr (TAINTEDCHARS, *p) )
- *p = ' ';
- return str;
-}
-
-/*****************************************************************
-** str_chop (str, c)
-** delete all occurrences of char 'c' at the end of string 's'
-*****************************************************************/
-char *str_chop (char *str, char c)
-{
- int len;
-
- assert (str != NULL);
-
- len = strlen (str) - 1;
- while ( len >= 0 && str[len] == c )
- str[len--] = '\0';
-
- return str;
-}
-
-/*****************************************************************
-** parseurl (url, &proto, &host, &port, ¶ )
-** parses the given url (e.g. "proto://host.with.domain:port/para")
-** and set the pointer variables to the corresponding part of the string.
-*****************************************************************/
-void parseurl (char *url, char **proto, char **host, char **port, char **para)
-{
- char *start;
- char *p;
-
- assert ( url != NULL );
-
- /* parse protocol */
- if ( (p = strchr (url, ':')) == NULL ) /* no protocol string given ? */
- p = url;
- else /* looks like a protocol string */
- if ( p[1] == '/' && p[2] == '/' ) /* protocol string ? */
- {
- *p = '\0';
- p += 3;
- if ( proto )
- *proto = url;
- }
- else /* no protocol string found ! */
- p = url;
-
- /* parse host */
- if ( *p == '[' ) /* ipv6 address as hostname ? */
- {
- for ( start = ++p; *p && *p != ']'; p++ )
- ;
- if ( *p )
- *p++ = '\0';
- }
- else
- for ( start = p; *p && *p != ':' && *p != '/'; p++ )
- ;
- if ( host )
- *host = start;
-
- /* parse port */
- if ( *p == ':' )
- {
- *p++ = '\0';
- for ( start = p; *p && isdigit (*p); p++ )
- ;
- if ( *p )
- *p++ = '\0';
- if ( port )
- *port = start;
- }
-
- if ( *p == '/' )
- *p++ = '\0';
-
- if ( *p && para )
- *para = p;
-}
-
-/*****************************************************************
-** splitpath (path, pathsize, filename)
-** if filename is build of "path/file" then copy filename to path
-** and split of the filename part.
-** return pointer to filename part in path or NULL if path is too
-** small to hold "path+filename"
-*****************************************************************/
-const char *splitpath (char *path, size_t psize, const char *filename)
-{
- char *p;
-
- if ( !path )
- return NULL;
-
- *path = '\0';
- if ( !filename )
- return filename;
-
- if ( (p = strrchr (filename, '/')) ) /* file arg contains path ? */
- {
- if ( strlen (filename) + 1 > psize )
- return filename;
-
- strcpy (path, filename); /* copy whole filename to path */
- path[p-filename] = '\0'; /* split of the file part */
- filename = ++p;
- }
- return filename;
-}
-
-/*****************************************************************
-** pathname (path, size, dir, file, ext)
-** Concatenate 'dir', 'file' and 'ext' (if not null) to build
-** a pathname, and store the result in the character array
-** with length 'size' pointed to by 'path'.
-*****************************************************************/
-char *pathname (char *path, size_t size, const char *dir, const char *file, const char *ext)
-{
- int len;
-
- if ( path == NULL || file == NULL )
- return path;
-
- len = strlen (file) + 1;
- if ( dir )
- len += strlen (dir);
- if ( ext )
- len += strlen (ext);
- if ( len > size )
- return path;
-
- *path = '\0';
- if ( dir && *dir )
- {
- len = sprintf (path, "%s", dir);
- if ( path[len-1] != '/' )
- {
- path[len++] = '/';
- path[len] = '\0';
- }
- }
- strcat (path, file);
- if ( ext )
- strcat (path, ext);
- return path;
-}
-
-/*****************************************************************
-** is_directory (name)
-** Check if the given pathname 'name' exists and is a directory.
-** returns 0 | 1
-*****************************************************************/
-int is_directory (const char *name)
-{
- struct stat st;
-
- if ( !name || !*name )
- return 0;
-
- return ( stat (name, &st) == 0 && S_ISDIR (st.st_mode) );
-}
-
-/*****************************************************************
-** fileexist (name)
-** Check if a file with the given pathname 'name' exists.
-** returns 0 | 1
-*****************************************************************/
-int fileexist (const char *name)
-{
- struct stat st;
- return ( stat (name, &st) == 0 && S_ISREG (st.st_mode) );
-}
-
-/*****************************************************************
-** filesize (name)
-** return the size of the file with the given pathname 'name'.
-** returns -1 if the file not exist
-*****************************************************************/
-size_t filesize (const char *name)
-{
- struct stat st;
- if ( stat (name, &st) == -1 )
- return -1L;
- return ( st.st_size );
-}
-
-/*****************************************************************
-** is_keyfilename (name)
-** Check if the given name looks like a dnssec (public)
-** keyfile name. Returns 0 | 1
-*****************************************************************/
-int is_keyfilename (const char *name)
-{
- int len;
-
- if ( name == NULL || *name != 'K' )
- return 0;
-
- len = strlen (name);
- if ( len > 4 && strcmp (&name[len - 4], ".key") == 0 )
- return 1;
-
- return 0;
-}
-
-/*****************************************************************
-** is_dotfilename (name)
-** Check if the given pathname 'name' looks like "." or "..".
-** Returns 0 | 1
-*****************************************************************/
-int is_dotfilename (const char *name)
-{
- if ( name && (
- (name[0] == '.' && name[1] == '\0') ||
- (name[0] == '.' && name[1] == '.' && name[2] == '\0')) )
- return 1;
-
- return 0;
-}
-
-/*****************************************************************
-** touch (name, sec)
-** Set the modification time of the given pathname 'fname' to
-** 'sec'. Returns 0 on success.
-*****************************************************************/
-int touch (const char *fname, time_t sec)
-{
- struct utimbuf utb;
-
- utb.actime = utb.modtime = sec;
- return utime (fname, &utb);
-}
-
-/*****************************************************************
-** linkfile (fromfile, tofile)
-*****************************************************************/
-int linkfile (const char *fromfile, const char *tofile)
-{
- int ret;
-
- /* fprintf (stderr, "linkfile (%s, %s)\n", fromfile, tofile); */
- if ( (ret = link (fromfile, tofile)) == -1 && errno == EEXIST )
- if ( unlink (tofile) == 0 )
- ret = link (fromfile, tofile);
-
- return ret;
-}
-
-/*****************************************************************
-** copyfile (fromfile, tofile, dnskeyfile)
-** copy fromfile into tofile.
-** Add (optional) the content of dnskeyfile to tofile.
-*****************************************************************/
-int copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile)
-{
- FILE *infp;
- FILE *outfp;
- int c;
-
- /* fprintf (stderr, "copyfile (%s, %s)\n", fromfile, tofile); */
- if ( (infp = fopen (fromfile, "r")) == NULL )
- return -1;
- if ( (outfp = fopen (tofile, "w")) == NULL )
- {
- fclose (infp);
- return -2;
- }
- while ( (c = getc (infp)) != EOF )
- putc (c, outfp);
-
- fclose (infp);
- if ( dnskeyfile && *dnskeyfile && (infp = fopen (dnskeyfile, "r")) != NULL )
- {
- while ( (c = getc (infp)) != EOF )
- putc (c, outfp);
- fclose (infp);
- }
- fclose (outfp);
-
- return 0;
-}
-
-/*****************************************************************
-** copyzonefile (fromfile, tofile, dnskeyfile)
-** copy a already signed zonefile and replace all zone DNSKEY
-** resource records by one "$INCLUDE dnskey.db" line
-*****************************************************************/
-int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile)
-{
- FILE *infp;
- FILE *outfp;
- int len;
- int dnskeys;
- int multi_line_dnskey;
- int bufoverflow;
- char buf[1024];
- char *p;
-
- if ( fromfile == NULL )
- infp = stdin;
- else
- if ( (infp = fopen (fromfile, "r")) == NULL )
- return -1;
- if ( tofile == NULL )
- outfp = stdout;
- else
- if ( (outfp = fopen (tofile, "w")) == NULL )
- {
- if ( fromfile )
- fclose (infp);
- return -2;
- }
-
- multi_line_dnskey = 0;
- dnskeys = 0;
- bufoverflow = 0;
- while ( fgets (buf, sizeof buf, infp) != NULL )
- {
- p = buf;
- if ( !bufoverflow && !multi_line_dnskey && (*p == '@' || isspace (*p)) ) /* check if DNSKEY RR */
- {
- do
- p++;
- while ( isspace (*p) ) ;
-
- /* skip TTL */
- while ( isdigit (*p) )
- p++;
-
- while ( isspace (*p) )
- p++;
-
- /* skip Class */
- if ( strncasecmp (p, "IN", 2) == 0 )
- {
- p += 2;
- while ( isspace (*p) )
- p++;
- }
-
- if ( strncasecmp (p, "DNSKEY", 6) == 0 ) /* bingo! */
- {
- dnskeys++;
- p += 6;
- while ( *p )
- {
- if ( *p == '(' )
- multi_line_dnskey = 1;
- if ( *p == ')' )
- multi_line_dnskey = 0;
- p++;
- }
- if ( dnskeys == 1 )
- fprintf (outfp, "$INCLUDE %s\n", dnskeyfile);
- }
- else
- fputs (buf, outfp);
- }
- else
- {
- if ( bufoverflow )
- fprintf (stderr, "!! buffer overflow in copyzonefile() !!\n");
- if ( !multi_line_dnskey )
- fputs (buf, outfp);
- else
- {
- while ( *p && *p != ')' )
- p++;
- if ( *p == ')' )
- multi_line_dnskey = 0;
- }
- }
-
- len = strlen (buf);
- bufoverflow = buf[len-1] != '\n'; /* line too long ? */
- }
-
- if ( fromfile )
- fclose (infp);
- if ( tofile )
- fclose (outfp);
-
- return 0;
-}
-
-/*****************************************************************
-** cmpfile (file1, file2)
-** returns -1 on error, 1 if the files differ and 0 if they
-** are identical.
-*****************************************************************/
-int cmpfile (const char *file1, const char *file2)
-{
- FILE *fp1;
- FILE *fp2;
- int c1;
- int c2;
-
- /* fprintf (stderr, "cmpfile (%s, %s)\n", file1, file2); */
- if ( (fp1 = fopen (file1, "r")) == NULL )
- return -1;
- if ( (fp2 = fopen (file2, "r")) == NULL )
- {
- fclose (fp1);
- return -1;
- }
-
- do {
- c1 = getc (fp1);
- c2 = getc (fp2);
- } while ( c1 != EOF && c2 != EOF && c1 == c2 );
-
- fclose (fp1);
- fclose (fp2);
-
- if ( c1 == c2 )
- return 0;
- return 1;
-}
-
-/*****************************************************************
-** file_age (fname)
-*****************************************************************/
-int file_age (const char *fname)
-{
- time_t curr = time (NULL);
- time_t mtime = file_mtime (fname);
-
- return curr - mtime;
-}
-
-/*****************************************************************
-** file_mtime (fname)
-*****************************************************************/
-time_t file_mtime (const char *fname)
-{
- struct stat st;
-
- if ( stat (fname, &st) < 0 )
- return 0;
- return st.st_mtime;
-}
-
-/*****************************************************************
-** is_exec_ok (prog)
-** Check if we are running as root or if the file owner of
-** "prog" do not match the current user or the file permissions
-** allows file modification for others then the owner.
-** The same condition will be checked for the group ownership.
-** return 1 if the execution of the command "prog" will not
-** open a big security whole, 0 otherwise
-*****************************************************************/
-int is_exec_ok (const char *prog)
-{
- uid_t curr_uid;
- struct stat st;
-
- if ( stat (prog, &st) < 0 )
- return 0;
-
- curr_uid = getuid ();
- if ( curr_uid == 0 ) /* don't run the cmd if we are root */
- return 0;
-
- /* if the file owner and the current user matches and */
- /* the file mode is not writable except for the owner, we are save */
- if ( curr_uid == st.st_uid && (st.st_mode & (S_IWGRP | S_IWOTH)) == 0 )
- return 1;
-
- /* if the file group and the current group matches and */
- /* the file mode is not writable except for the group, we are also save */
- if ( getgid() != st.st_gid && (st.st_mode & (S_IWUSR | S_IWOTH)) == 0 )
- return 1;
-
- return 0;
-}
-
-/*****************************************************************
-** fatal (fmt, ...)
-*****************************************************************/
-void fatal (char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- if ( progname )
- fprintf (stderr, "%s: ", progname);
- vfprintf (stderr, fmt, ap);
- va_end(ap);
- exit (127);
-}
-
-/*****************************************************************
-** error (fmt, ...)
-*****************************************************************/
-void error (char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- vfprintf (stderr, fmt, ap);
- va_end(ap);
-}
-
-/*****************************************************************
-** logmesg (fmt, ...)
-*****************************************************************/
-void logmesg (char *fmt, ...)
-{
- va_list ap;
-
-#if defined (LOG_WITH_PROGNAME) && LOG_WITH_PROGNAME
- fprintf (stdout, "%s: ", progname);
-#endif
- va_start(ap, fmt);
- vfprintf (stdout, fmt, ap);
- va_end(ap);
-}
-
-/*****************************************************************
-** verbmesg (verblvl, conf, fmt, ...)
-*****************************************************************/
-void verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...)
-{
- char str[511+1];
- va_list ap;
-
- str[0] = '\0';
- va_start(ap, fmt);
- vsnprintf (str, sizeof (str), fmt, ap);
- va_end(ap);
-
- //fprintf (stderr, "verbmesg (%d stdout=%d filelog=%d str = :%s:\n", verblvl, conf->verbosity, conf->verboselog, str);
- if ( verblvl <= conf->verbosity ) /* check if we have to print this to stdout */
- logmesg (str);
-
- str_chop (str, '\n');
- if ( verblvl <= conf->verboselog ) /* check logging to syslog and/or file */
- lg_mesg (LG_DEBUG, str);
-}
-
-
-/*****************************************************************
-** logflush ()
-*****************************************************************/
-void logflush ()
-{
- fflush (stdout);
-}
-
-/*****************************************************************
-** timestr2time (timestr)
-** timestr should look like "20071211223901" for 12 dec 2007 22:39:01
-*****************************************************************/
-time_t timestr2time (const char *timestr)
-{
- struct tm t;
- time_t sec;
-
- // fprintf (stderr, "timestr = \"%s\"\n", timestr);
- if ( sscanf (timestr, "%4d%2d%2d%2d%2d%2d",
- &t.tm_year, &t.tm_mon, &t.tm_mday,
- &t.tm_hour, &t.tm_min, &t.tm_sec) != 6 )
- return 0L;
- t.tm_year -= 1900;
- t.tm_mon -= 1;
- t.tm_isdst = 0;
-
-#if defined(HAVE_TIMEGM) && HAVE_TIMEGM
- sec = timegm (&t);
-#else
- {
- char tzstr[31+1];
- char *tz;
-
- tz = getenv("TZ");
- snprintf (tzstr, sizeof (tzstr), "TZ=%s", "UTC");
- putenv (tzstr);
- tzset();
- sec = mktime(&t);
- if (tz)
- snprintf (tzstr, sizeof (tzstr), "TZ=%s", tz);
- else
- snprintf (tzstr, sizeof (tzstr), "TZ=%s", "");
- putenv (tzstr);
- tzset();
- }
-#endif
-
- return sec < 0L ? 0L : sec;
-}
-
-/*****************************************************************
-** time2str (sec, precison)
-** sec is seconds since 1.1.1970
-** precison is currently either 's' (for seconds) or 'm' (minutes)
-*****************************************************************/
-char *time2str (time_t sec, int precision)
-{
- struct tm *t;
- static char timestr[31+1]; /* 27+1 should be enough */
-#if defined(HAVE_STRFTIME) && HAVE_STRFTIME
- char tformat[127+1];
-
- timestr[0] = '\0';
- if ( sec <= 0L )
- return timestr;
- t = localtime (&sec);
- if ( precision == 's' )
- strcpy (tformat, "%b %d %Y %T");
- else
- strcpy (tformat, "%b %d %Y %R");
-# if PRINT_TIMEZONE
- strcat (tformat, " %z");
-# endif
- strftime (timestr, sizeof (timestr), tformat, t);
-
-#else /* no strftime available */
- static char *mstr[] = {
- "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
- };
-
- timestr[0] = '\0';
- if ( sec <= 0L )
- return timestr;
- t = localtime (&sec);
-# if PRINT_TIMEZONE
- {
- int h, s;
-
- s = abs (t->tm_gmtoff);
- h = t->tm_gmtoff / 3600;
- s = t->tm_gmtoff % 3600;
- if ( precision == 's' )
- snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d %c%02d%02d",
- mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900,
- t->tm_hour, t->tm_min, t->tm_sec,
- t->tm_gmtoff < 0 ? '-': '+',
- h, s);
- else
- snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d %c%02d%02d",
- mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900,
- t->tm_hour, t->tm_min,
- t->tm_gmtoff < 0 ? '-': '+',
- h, s);
- }
-# else
- if ( precision == 's' )
- snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d",
- mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900,
- t->tm_hour, t->tm_min, t->tm_sec);
- else
- snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d",
- mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900,
- t->tm_hour, t->tm_min);
-# endif
-#endif
-
- return timestr;
-}
-
-/*****************************************************************
-** time2isostr (sec, precison)
-** sec is seconds since 1.1.1970
-** precison is currently either 's' (for seconds) or 'm' (minutes)
-*****************************************************************/
-char *time2isostr (time_t sec, int precision)
-{
- struct tm *t;
- static char timestr[31+1]; /* 27+1 should be enough */
-
- timestr[0] = '\0';
- if ( sec <= 0L )
- return timestr;
-
- t = gmtime (&sec);
- if ( precision == 's' )
- snprintf (timestr, sizeof (timestr), "%4d%02d%02d%02d%02d%02d",
- t->tm_year + 1900, t->tm_mon+1, t->tm_mday,
- t->tm_hour, t->tm_min, t->tm_sec);
- else
- snprintf (timestr, sizeof (timestr), "%4d%02d%02d%02d%02d",
- t->tm_year + 1900, t->tm_mon+1, t->tm_mday,
- t->tm_hour, t->tm_min);
-
- return timestr;
-}
-
-/*****************************************************************
-** age2str (sec)
-** !!Attention: This function is not reentrant
-*****************************************************************/
-char *age2str (time_t sec)
-{
- static char str[20+1]; /* "2y51w6d23h50m55s" == 16+1 chars */
- int len;
- int strsize = sizeof (str);
-
- len = 0;
-# if PRINT_AGE_WITH_YEAR
- if ( sec / (YEARSEC) > 0 )
- {
- len += snprintf (str+len, strsize - len, "%1luy", sec / YEARSEC );
- sec %= (YEARSEC);
- }
- else
- len += snprintf (str+len, strsize - len, " ");
-# endif
- if ( sec / WEEKSEC > 0 )
- {
- len += snprintf (str+len, strsize - len, "%2luw", (ulong) sec / WEEKSEC );
- sec %= WEEKSEC;
- }
- else
- len += snprintf (str+len, strsize - len, " ");
- if ( sec / DAYSEC > 0 )
- {
- len += snprintf (str+len, strsize - len, "%2lud", sec / (ulong)DAYSEC);
- sec %= DAYSEC;
- }
- else
- len += snprintf (str+len, strsize - len, " ");
- if ( sec / HOURSEC > 0 )
- {
- len += snprintf (str+len, strsize - len, "%2luh", sec / (ulong)HOURSEC);
- sec %= HOURSEC;
- }
- else
- len += snprintf (str+len, strsize - len, " ");
- if ( sec / MINSEC > 0 )
- {
- len += snprintf (str+len, strsize - len, "%2lum", sec / (ulong)MINSEC);
- sec %= MINSEC;
- }
- else
- len += snprintf (str+len, strsize - len, " ");
- if ( sec > 0 )
- snprintf (str+len, strsize - len, "%2lus", (ulong) sec);
- else
- len += snprintf (str+len, strsize - len, " ");
-
- return str;
-}
-
-/*****************************************************************
-** start_timer ()
-*****************************************************************/
-time_t start_timer ()
-{
- return (time(NULL));
-}
-
-/*****************************************************************
-** stop_timer ()
-*****************************************************************/
-time_t stop_timer (time_t start)
-{
- time_t stop = time (NULL);
-
- return stop - start;
-}
-
-
-/****************************************************************
-**
-** int gensalt (saltstr, sizeofsaltstr, bits)
-**
-** generate a random hexstring of 'bits' salt and store it
-** in saltstr. return 1 on success, otherwise 0.
-**
-*****************************************************************/
-int gensalt (char *salt, size_t saltsize, int saltbits, unsigned int seed)
-{
- static char hexstr[] = "0123456789ABCDEF";
- int saltlen = 0; /* current length of salt in hex nibbles */
- int i;
- int hex;
-
- if ( seed == 0 )
- srandom (seed = (unsigned int)time (NULL));
-
- saltlen = saltbits / 4;
- if ( saltlen+1 > saltsize )
- return 0;
-
- for ( i = 0; i < saltlen; i++ )
- {
- hex = random () % 16;
- assert ( hex >= 0 && hex < 16 );
- salt[i] = hexstr[hex];
- }
- salt[i] = '\0';
-
- return 1;
-}
-
-
-#ifdef COPYZONE_TEST
-const char *progname;
-main (int argc, char *argv[])
-{
- progname = *argv;
-
- if ( copyzonefile (argv[1], NULL) < 0 )
- error ("can't copy zone file %s\n", argv[1]);
-}
-#endif
-
-#ifdef URL_TEST
-const char *progname;
-main (int argc, char *argv[])
-{
- char *proto;
- char *host;
- char *port;
- char *para;
- char url[1024];
-
- progname = *argv;
-
- proto = host = port = para = NULL;
-
- if ( --argc <= 0 )
- {
- fprintf (stderr, "usage: url_test <url>\n");
- fprintf (stderr, "e.g.: url_test http://www.hznet.de:80/zkt\n");
- exit (1);
- }
-
- strcpy (url, argv[1]);
- parseurl (url, &proto, &host, &port, ¶);
-
- if ( proto )
- printf ("proto: \"%s\"\n", proto);
- if ( host )
- printf ("host: \"%s\"\n", host);
- if ( port )
- printf ("port: \"%s\"\n", port);
- if ( para )
- printf ("para: \"%s\"\n", para);
-
-}
-#endif
-
+++ /dev/null
-/*****************************************************************
-**
-** @(#) misc.h (c) 2005 - 2007 Holger Zuleger hznet.de
-**
-** Copyright (c) 2005 - 2007, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef MISC_H
-# define MISC_H
-# include <sys/types.h>
-# include <stdarg.h>
-# include <stdio.h>
-# include "zconf.h"
-
-# define min(a, b) ((a) < (b) ? (a) : (b))
-# define max(a, b) ((a) > (b) ? (a) : (b))
-
-extern const char *getnameappendix (const char *progname, const char *basename);
-extern const char *getdefconfname (const char *view);
-extern int fileexist (const char *name);
-extern size_t filesize (const char *name);
-extern int file_age (const char *fname);
-extern int touch (const char *fname, time_t sec);
-extern int linkfile (const char *fromfile, const char *tofile);
-//extern int copyfile (const char *fromfile, const char *tofile);
-extern int copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile);
-extern int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile);
-extern int cmpfile (const char *file1, const char *file2);
-extern char *str_delspace (char *s);
-#if 1
-extern char *domain_canonicdup (const char *s);
-#else
-extern char *str_tolowerdup (const char *s);
-#endif
-extern int in_strarr (const char *str, char *const arr[], int cnt);
-extern const char *splitpath (char *path, size_t size, const char *filename);
-extern char *pathname (char *name, size_t size, const char *path, const char *file, const char *ext);
-extern char *time2str (time_t sec, int precision);
-extern char *time2isostr (time_t sec, int precision);
-extern time_t timestr2time (const char *timestr);
-extern int is_keyfilename (const char *name);
-extern int is_directory (const char *name);
-extern time_t file_mtime (const char *fname);
-extern int is_exec_ok (const char *prog);
-extern char *age2str (time_t sec);
-extern time_t stop_timer (time_t start);
-extern time_t start_timer (void);
-extern void error (char *fmt, ...);
-extern void fatal (char *fmt, ...);
-extern void logmesg (char *fmt, ...);
-extern void verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...);
-extern void logflush (void);
-extern int gensalt (char *salt, size_t saltsize, int saltbits, unsigned int seed);
-extern char *str_untaint (char *str);
-extern char *str_chop (char *str, char c);
-extern int is_dotfilename (const char *name);
-extern void parseurl (char *url, char **proto, char **host, char **port, char **para);
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) ncparse.c -- A very simple named.conf parser
-**
-** Copyright (c) Apr 2005 - Nov 2007, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <ctype.h>
-# include <assert.h>
-# include "debug.h"
-# include "misc.h"
-# include "log.h"
-#define extern
-# include "ncparse.h"
-#undef extern
-
-# define TOK_STRING 257
-# define TOK_DIR 258
-# define TOK_INCLUDE 259
-
-# define TOK_ZONE 260
-# define TOK_TYPE 261
-# define TOK_MASTER 262
-# define TOK_SLAVE 263
-# define TOK_STUB 264
-# define TOK_HINT 265
-# define TOK_FORWARD 266
-# define TOK_DELEGATION 267
-# define TOK_VIEW 268
-
-# define TOK_FILE 270
-
-# define TOK_UNKNOWN 511
-
-/* list of "named.conf" keywords we are interested in */
-static struct KeyWords {
- char *name;
- int tok;
-} kw[] = {
- { "STRING", TOK_STRING },
- { "include", TOK_INCLUDE },
- { "directory", TOK_DIR },
- { "file", TOK_FILE },
- { "zone", TOK_ZONE },
-#if 0 /* we don't need the type keyword; master, slave etc. is sufficient */
- { "type", TOK_TYPE },
-#endif
- { "master", TOK_MASTER },
- { "slave", TOK_SLAVE },
- { "stub", TOK_STUB },
- { "hint", TOK_HINT },
- { "forward", TOK_FORWARD },
- { "delegation-only", TOK_DELEGATION },
- { "view", TOK_VIEW },
- { NULL, TOK_UNKNOWN },
-};
-
-#ifdef DBG
-static const char *tok2str (int tok)
-{
- int i;
-
- i = 0;
- while ( kw[i].name && kw[i].tok != tok )
- i++;
-
- return kw[i].name;
-}
-#endif
-
-static int searchkw (const char *keyword)
-{
- int i;
-
- dbg_val ("ncparse: searchkw (%s)\n", keyword);
- i = 0;
- while ( kw[i].name && strcmp (kw[i].name, keyword) != 0 )
- i++;
-
- return kw[i].tok;
-}
-
-static int gettok (FILE *fp, char *val, size_t valsize)
-{
- int lastc;
- int c;
- char buf[255+1];
- char *p;
- char *bufend;
-
- *val = '\0';
- do {
- while ( (c = getc (fp)) != EOF && isspace (c) )
- ;
-
- if ( c == '#' ) /* single line comment ? */
- {
- while ( (c = getc (fp)) != EOF && c != '\n' )
- ;
- continue;
- }
-
- if ( c == EOF )
- return EOF;
-
- if ( c == '{' || c == '}' || c == ';' )
- continue;
-
- if ( c == '/' ) /* begin of C comment ? */
- {
- if ( (c = getc (fp)) == '*' ) /* yes! */
- {
- lastc = EOF; /* read until end of c comment */
- while ( (c = getc (fp)) != EOF && !(lastc == '*' && c == '/') )
- lastc = c;
- }
- else if ( c == '/' ) /* is it a C single line comment ? */
- {
- while ( (c = getc (fp)) != EOF && c != '\n' )
- ;
- }
- else /* no ! */
- ungetc (c, fp);
- continue;
- }
-
- if ( c == '\"' )
- {
- p = val;
- bufend = val + valsize - 1;
- while ( (c = getc (fp)) != EOF && p < bufend && c != '\"' )
- *p++ = c;
- *p = '\0';
- /* if string buffer is too small, eat up rest of string */
- while ( c != EOF && c != '\"' )
- c = getc (fp);
-
- return TOK_STRING;
- }
-
- p = buf;
- bufend = buf + sizeof (buf) - 1;
- do
- *p++ = tolower (c);
- while ( (c = getc (fp)) != EOF && p < bufend && (isalpha (c) || c == '-') );
- *p = '\0';
- ungetc (c, fp);
-
- if ( (c = searchkw (buf)) != TOK_UNKNOWN )
- return c;
- } while ( c != EOF );
-
- return EOF;
-}
-
-/*****************************************************************
-**
-** parse_namedconf (const char *filename, chroot_dir, dir, dirsize, int (*func) ())
-**
-** Very dumb named.conf parser.
-** - In a zone declaration the _first_ keyword MUST be "type"
-** - For every master zone "func (directory, zone, filename)" will be called
-**
-*****************************************************************/
-int parse_namedconf (const char *filename, const char *chroot_dir, char *dir, size_t dirsize, int (*func) ())
-{
- FILE *fp;
- int tok;
- char path[511+1];
-#if 1 /* this is potentialy too small for key data, but we don't need the keys... */
- char strval[255+1];
-#else
- char strval[4095+1];
-#endif
- char view[255+1];
- char zone[255+1];
- char zonefile[255+1];
-
- dbg_val ("parse_namedconf: parsing file \"%s\" \n", filename);
-
- assert (filename != NULL);
- assert (dir != NULL && dirsize != 0);
- assert (func != NULL);
-
- view[0] = '\0';
- if ( (fp = fopen (filename, "r")) == NULL )
- return 0;
-
- while ( (tok = gettok (fp, strval, sizeof strval)) != EOF )
- {
- if ( tok > 0 && tok < 256 )
- {
- error ("parse_namedconf: token found with value %-10d: %c\n", tok, tok);
- lg_mesg (LG_ERROR, "parse_namedconf: token found with value %-10d: %c", tok, tok);
- }
- else if ( tok == TOK_DIR )
- {
- if ( gettok (fp, strval, sizeof (strval)) == TOK_STRING )
- {
- dbg_val2 ("parse_namedconf: directory found \"%s\" (dir is %s)\n",
- strval, dir);
- if ( *strval != '/' && *dir )
- snprintf (path, sizeof (path), "%s/%s", dir, strval);
- else
- snprintf (path, sizeof (path), "%s", strval);
-
- /* prepend chroot directory (do it only once) */
- if ( chroot_dir && *chroot_dir )
- {
- snprintf (dir, dirsize, "%s%s%s", chroot_dir, *path == '/' ? "": "/", path);
- chroot_dir = NULL;
- }
- else
- snprintf (dir, dirsize, "%s", path);
- dbg_val ("parse_namedconf: new dir \"%s\" \n", dir);
- }
- }
- else if ( tok == TOK_INCLUDE )
- {
- if ( gettok (fp, strval, sizeof (strval)) == TOK_STRING )
- {
- if ( *strval != '/' && *dir )
- snprintf (path, sizeof (path), "%s/%s", dir, strval);
- else
- snprintf (path, sizeof (path), "%s", strval);
- if ( !parse_namedconf (path, chroot_dir, dir, dirsize, func) )
- return 0;
- }
- else
- {
- error ("parse_namedconf: need a filename after \"include\"!\n");
- lg_mesg (LG_ERROR, "parse_namedconf: need a filename after \"include\"!");
- }
- }
- else if ( tok == TOK_VIEW )
- {
- if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING )
- continue;
- snprintf (view, sizeof view, "%s", strval); /* store the name of the view */
- }
- else if ( tok == TOK_ZONE )
- {
- if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING )
- continue;
- snprintf (zone, sizeof zone, "%s", strval); /* store the name of the zone */
-
- if ( gettok (fp, strval, sizeof (strval)) != TOK_MASTER )
- continue;
- if ( gettok (fp, strval, sizeof (strval)) != TOK_FILE )
- continue;
- if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING )
- continue;
- snprintf (zonefile, sizeof zonefile, "%s", strval); /* this is the filename */
-
- dbg_val4 ("dir %s view %s zone %s file %s\n", dir, view, zone, zonefile);
- (*func) (dir, view, zone, zonefile);
- }
- else
- dbg_val3 ("%-10s(%d): %s\n", tok2str(tok), tok, strval);
- }
- fclose (fp);
-
- return 1;
-}
-
-#ifdef TEST_NCPARSE
-int printzone (const char *dir, const char *view, const char *zone, const char *file)
-{
- printf ("printzone ");
- printf ("view \"%s\" " , view);
- printf ("zone \"%s\" " , zone);
- printf ("file ");
- if ( dir && *dir )
- printf ("%s/", dir, file);
- printf ("%s", file);
- putchar ('\n');
- return 1;
-}
-
-char *progname;
-
-main (int argc, char *argv[])
-{
- char directory[255+1];
-
- progname = argv[0];
-
- directory[0] = '\0';
- if ( --argc == 0 )
- parse_namedconf ("/var/named/named.conf", NULL, directory, sizeof (directory), printzone);
- else
- parse_namedconf (argv[1], NULL, directory, sizeof (directory), printzone);
-}
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) ncparse.h -- headerfile for a simple named.conf parser
-**
-** Copyright (c) Apr 2005 - Nov 2007, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-#ifndef NCPARSE_H
-# define NCPARSE_H
-extern int parse_namedconf (const char *filename, const char *chroot_dir, char *dir, size_t dirsize, int (*func) ());
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) nscomm.c (c) 2005 - 2009 Holger Zuleger hznet.de
-**
-** Copyright (c) 2005 - 2009, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include "config_zkt.h"
-#include "zconf.h"
-#define extern
-#include "nscomm.h"
-#undef extern
-
-
-/*****************************************************************
-** dyn_update_freeze ()
-*****************************************************************/
-int dyn_update_freeze (const char *domain, const zconf_t *z, int freeze)
-{
- char cmdline[254+1];
- char str[254+1];
- char *action;
- FILE *fp;
-
- assert (z != NULL);
- if ( freeze )
- action = "freeze";
- else
- action = "thaw";
-
- if ( z->view )
- snprintf (str, sizeof (str), "\"%s\" in view \"%s\"", domain, z->view);
- else
- snprintf (str, sizeof (str), "\"%s\"", domain);
-
- lg_mesg (LG_NOTICE, "%s: %s dynamic zone", str, action);
- verbmesg (1, z, "\t%s dynamic zone %s\n", action, str);
-
- if ( z->view )
- snprintf (cmdline, sizeof (cmdline), "%s %s %s IN %s", RELOADCMD, action, domain, z->view);
- else
- snprintf (cmdline, sizeof (cmdline), "%s %s %s", RELOADCMD, action, domain);
-
- verbmesg (2, z, "\t Run cmd \"%s\"\n", cmdline);
- *str = '\0';
- if ( z->noexec == 0 )
- {
- if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
- return -1;
- pclose (fp);
- }
-
- verbmesg (2, z, "\t rndc %s return: \"%s\"\n", action, str_chop (str, '\n'));
-
- return 0;
-}
-
-/*****************************************************************
-** distribute and reload a zone via "distribute_command"
-** what is
-** 1 for zone distribution and relaod
-** 2 for key distribution (used by dynamic zoes)
-*****************************************************************/
-int dist_and_reload (const zone_t *zp, int what)
-{
- char path[MAX_PATHSIZE+1];
- char cmdline[254+1];
- char zone[254+1];
- char str[254+1];
- char *view;
- FILE *fp;
-
- assert (zp != NULL);
- assert (zp->conf->dist_cmd != NULL);
- assert ( what == 1 || what == 2 );
-
- if ( zp->conf->dist_cmd == NULL )
- return 0;
-
- if ( !is_exec_ok (zp->conf->dist_cmd) )
- {
- char *mesg;
-
- if ( getuid () == 0 )
- mesg = "\tDistribution command %s not run as root\n";
- else
- mesg = "\tDistribution command %s not run due to strange file mode settings\n";
-
- verbmesg (1, zp->conf, mesg, zp->conf->dist_cmd);
- lg_mesg (LG_ERROR, "exec of distribution command %s disabled due to security reasons", zp->conf->dist_cmd);
-
- return -1;
- }
-
- view = ""; /* default is an empty view string */
- if ( zp->conf->view )
- {
- snprintf (zone, sizeof (zone), "\"%s\" in view \"%s\"", zp->zone, zp->conf->view);
- view = zp->conf->view;
- }
- else
- snprintf (zone, sizeof (zone), "\"%s\"", zp->zone);
-
-
- if ( what == 2 )
- {
- lg_mesg (LG_NOTICE, "%s: key distribution triggered", zone);
- verbmesg (1, zp->conf, "\tDistribute keys for zone %s\n", zone);
- snprintf (cmdline, sizeof (cmdline), "%s distkeys %s %s %s",
- zp->conf->dist_cmd, zp->zone, path, view);
- *str = '\0';
- if ( zp->conf->noexec == 0 )
- {
- verbmesg (2, zp->conf, "\t Run cmd \"%s\"\n", cmdline);
- if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
- return -2;
- pclose (fp);
- verbmesg (2, zp->conf, "\t %s distribute return: \"%s\"\n", zp->conf->dist_cmd, str_chop (str, '\n'));
- }
-
- return 0;
- }
-
- pathname (path, sizeof (path), zp->dir, zp->sfile, NULL);
-
- lg_mesg (LG_NOTICE, "%s: distribution triggered", zone);
- verbmesg (1, zp->conf, "\tDistribute zone %s\n", zone);
- snprintf (cmdline, sizeof (cmdline), "%s distribute %s %s %s", zp->conf->dist_cmd, zp->zone, path, view);
-
- *str = '\0';
- if ( zp->conf->noexec == 0 )
- {
- verbmesg (2, zp->conf, "\t Run cmd \"%s\"\n", cmdline);
- if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
- return -2;
- pclose (fp);
- verbmesg (2, zp->conf, "\t %s distribute return: \"%s\"\n", zp->conf->dist_cmd, str_chop (str, '\n'));
- }
-
-
- lg_mesg (LG_NOTICE, "%s: reload triggered", zone);
- verbmesg (1, zp->conf, "\tReload zone %s\n", zone);
- snprintf (cmdline, sizeof (cmdline), "%s reload %s %s %s", zp->conf->dist_cmd, zp->zone, path, view);
-
- *str = '\0';
- if ( zp->conf->noexec == 0 )
- {
- verbmesg (2, zp->conf, "\t Run cmd \"%s\"\n", cmdline);
- if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
- return -2;
- pclose (fp);
- verbmesg (2, zp->conf, "\t %s reload return: \"%s\"\n", zp->conf->dist_cmd, str_chop (str, '\n'));
- }
-
- return 0;
-}
-
-/*****************************************************************
-** reload a zone via "rndc"
-*****************************************************************/
-int reload_zone (const char *domain, const zconf_t *z)
-{
- char cmdline[254+1];
- char str[254+1];
- FILE *fp;
-
- assert (z != NULL);
- dbg_val3 ("reload_zone %d :%s: :%s:\n", z->verbosity, domain, z->view);
- if ( z->view )
- snprintf (str, sizeof (str), "\"%s\" in view \"%s\"", domain, z->view);
- else
- snprintf (str, sizeof (str), "\"%s\"", domain);
-
- lg_mesg (LG_NOTICE, "%s: reload triggered", str);
- verbmesg (1, z, "\tReload zone %s\n", str);
-
- if ( z->view )
- snprintf (cmdline, sizeof (cmdline), "%s reload %s IN %s", RELOADCMD, domain, z->view);
- else
- snprintf (cmdline, sizeof (cmdline), "%s reload %s", RELOADCMD, domain);
-
- *str = '\0';
- if ( z->noexec == 0 )
- {
- verbmesg (2, z, "\t Run cmd \"%s\"\n", cmdline);
- if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
- return -1;
- pclose (fp);
- verbmesg (2, z, "\t rndc reload return: \"%s\"\n", str_chop (str, '\n'));
- }
-
- return 0;
-}
+++ /dev/null
-/*****************************************************************
-**
-** @(#) nscomm.h (c) 2005 - 2009 Holger Zuleger hznet.de
-**
-** Copyright (c) 2005 - 2009, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef NSCOMM_H
-# define NSCOMM_H
-# include <assert.h>
-# include <unistd.h>
-# include <sys/types.h>
-
-# include "zconf.h"
-# include "zone.h"
-# include "log.h"
-# include "misc.h"
-# include "debug.h"
-
-extern int dyn_update_freeze (const char *domain, const zconf_t *z, int freeze);
-extern int reload_zone (const char *domain, const zconf_t *z);
-extern int dist_and_reload (const zone_t *zp, int what);
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) rollover.c -- The key rollover functions
-**
-** Copyright (c) Jan 2005 - May 2008, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <ctype.h>
-# include <time.h>
-# include <assert.h>
-# include <dirent.h>
-# include <errno.h>
-# include <unistd.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-# include "zconf.h"
-# include "debug.h"
-
-# include "misc.h"
-# include "zone.h"
-# include "dki.h"
-# include "log.h"
-#define extern
-# include "rollover.h"
-#undef extern
-
-/*****************************************************************
-** local function definition
-*****************************************************************/
-
-static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status);
-
-/* generate the first (or primary) key (algorithm k_algo) */
-static dki_t *genfirstkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)
-{
- return genkey (0, listp, dir, domain, ksk, conf, status);
-}
-
-/* generate the additional (or second) key (algorithm k2_algo) */
-static dki_t *genaddkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)
-{
- return genkey (1, listp, dir, domain, ksk, conf, status);
-}
-
-
-/* generate a DNSKEY key */
-static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)
-{
- dki_t *dkp;
- int confalgo;
- int algo;
-
-#if 0
- if ( listp == NULL || domain == NULL )
- return NULL;
-#else
- assert ( listp != NULL );
- assert ( domain != NULL );
-#endif
-
- if ( addkey ) /* generating an additional key ? */
- confalgo = conf->k2_algo;
- else
- confalgo = conf->k_algo;
-
- algo = confalgo;
- if ( conf->nsec3 != NSEC3_OFF ) /* is nsec3 turned on ? */
- {
- if ( confalgo == DK_ALGO_RSASHA1 )
- algo = DK_ALGO_NSEC3RSASHA1;
- else if ( confalgo == DK_ALGO_DSA )
- algo = DK_ALGO_NSEC3DSA;
- }
-
- if ( ksk )
- dkp = dki_new (dir, domain, DKI_KSK, algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC);
- else
- dkp = dki_new (dir, domain, DKI_ZSK, algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC);
- dki_add (listp, dkp);
- dki_setstatus (dkp, status);
-
- return dkp;
-}
-
-/* get expiration time */
-static time_t get_exptime (dki_t *key, const zconf_t *z)
-{
- time_t exptime;
-
- exptime = dki_exptime (key);
- if ( exptime == 0L )
- {
- if ( dki_lifetime (key) )
- exptime = dki_time (key) + dki_lifetime (key);
- else
- exptime = dki_time (key) + z->k_life;
- }
-
- return exptime;
-}
-
-/*****************************************************************
-** is_parentdirsigned (name)
-** Check if the parent directory of the zone specified by zp
-** is a directory with a signed zone
-** Returns 0 | 1
-*****************************************************************/
-static int is_parentdirsigned (const zone_t *zonelist, const zone_t *zp)
-{
- char path[MAX_PATHSIZE+1];
- const char *ext;
-#if 0
- const zconf_t *conf;
-
- /* check if there is a local config file to get the name of the zone file */
- snprintf (path, sizeof (path), "%s/../%s", zp->dir, LOCALCONF_FILE);
- if ( fileexist (path) ) /* parent dir has local config file ? */
- conf = loadconfig (path, NULL);
- else
- conf = zp->conf;
-
- /* build the path of the .signed zone file */
- snprintf (path, sizeof (path), "%s/../%s.signed", conf->dir, conf->zonefile);
- if ( conf != zp->conf ) /* if we read in a local config file.. */
- free (conf); /* ..free the memory used */
-
-#else
- /* currently we use the signed zone file name of the
- * current directory for checking if the file exist.
- * TODO: Instead we have to use the name of the zone file
- * used in the parent dir (see above)
- */
-
- ext = strrchr (zp->sfile, '.');
- if ( ext && strcmp (zp->sfile, ".dsigned") == 0 ) /* is the current zone a dynamic one ? */
- /* hack: we are using the standard zone file name for a static zone here */
- snprintf (path, sizeof (path), "%s/../%s", zp->dir, "zone.db.signed");
- else
- {
-# if 1
- const zone_t *parent;
- const char *parentname;
-
- /* find out name of parent */
- parentname = strchr (zp->zone, '.'); /* find first dot in zone name */
- if ( parentname == NULL ) /* no parent found! */
- return 0;
- parentname += 1; /* skip '.' */
-
- /* try to find parent zone in zonelist */
- if ( (parent = zone_search (zonelist, parentname)) == NULL )
- return 0;
- snprintf (path, sizeof (path), "%s/%s", parent->dir, parent->sfile);
-# else
- snprintf (path, sizeof (path), "%s/../%s", zp->dir, zp->sfile);
-# endif
- }
-#endif
-lg_mesg (LG_DEBUG, "%s: is_parentdirsigned = %d fileexist (%s)\n", zp->zone, fileexist (path), path);
- return fileexist (path); /* parent dir has zone.db.signed file ? */
-}
-
-/*****************************************************************
-** create_parent_file ()
-*****************************************************************/
-static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)
-{
- FILE *fp;
-
- assert ( fname != NULL );
-
- if ( dkp == NULL || (phase != 1 && phase != 2) )
- return 0;
-
- if ( (fp = fopen (fname, "w")) == NULL )
- fatal ("can\'t create new parentfile \"%s\"\n", fname);
-
- if ( phase == 1 )
- fprintf (fp, "; KSK rollover phase1 (new key generated but this is alread the old one)\n");
- else
- fprintf (fp, "; KSK rollover phase2 (this is the new key)\n");
-
- dki_prt_dnskeyttl (dkp, fp, ttl);
- fclose (fp);
-
- return phase;
-}
-
-/*****************************************************************
-** get_parent_phase ()
-*****************************************************************/
-static int get_parent_phase (const char *file)
-{
- FILE *fp;
- int phase;
-
- if ( (fp = fopen (file, "r")) == NULL )
- return -1;
-
- phase = 0;
- if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 )
- phase = 0;
-
- fclose (fp);
- return phase;
-}
-
-/*****************************************************************
-** kskrollover ()
-*****************************************************************/
-static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)
-{
- char path[MAX_PATHSIZE+1];
- const zconf_t *z;
- time_t lifetime;
- time_t currtime;
- time_t age;
- int currphase;
- int parfile_age;
- int parent_propagation;
- int parent_resign;
- int parent_keyttl;
-
-
- assert ( ksk != NULL );
- assert ( zp != NULL );
-
- z = zp->conf;
- /* check ksk lifetime */
- if ( (lifetime = dki_lifetime (ksk)) == 0 ) /* if lifetime of key is not set.. */
- lifetime = z->k_life; /* ..use global configured lifetime */
-
- currtime = time (NULL);
- age = dki_age (ksk, currtime);
-
- /* build path of parent-file */
- pathname (path, sizeof (path), zp->dir, "parent-", zp->zone);
-
- /* check if we have to change the ksk ? */
- if ( lifetime > 0 && age > lifetime && !fileexist (path) ) /* lifetime is over and no kskrollover in progress */
- {
- /* we are in hierachical mode and the parent directory contains a signed zone ? */
- if ( z->keysetdir && strcmp (z->keysetdir, "..") == 0 && is_parentdirsigned (zonelist, zp) )
- {
- verbmesg (2, z, "\t\tkskrollover: create new key signing key\n");
- /* create a new key: this is phase one of a double signing key rollover */
- ksk = genfirstkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE);
- if ( ksk == NULL )
- {
- lg_mesg (LG_ERROR, "\"%s\": unable to generate new ksk for double signing rollover", zp->zone);
- return 0;
- }
- lg_mesg (LG_INFO, "\"%s\": kskrollover phase1: New key %d generated", zp->zone, ksk->tag);
-
- /* find the oldest active ksk to create the parent file */
- if ( (ksk = (dki_t *)dki_findalgo (zp->keys, DKI_KSK, zp->conf->k_algo, 'a', 1)) == NULL )
- lg_mesg (LG_ERROR, "kskrollover phase1: Couldn't find the old active key\n");
- if ( !create_parent_file (path, 1, z->key_ttl, ksk) )
- lg_mesg (LG_ERROR, "Couldn't create parentfile %s\n", path);
-
- }
- else /* print out a warning only */
- {
- logmesg ("\t\tWarning: Lifetime of Key Signing Key %d exceeded: %s\n",
- ksk->tag, str_delspace (age2str (age)));
- lg_mesg (LG_WARNING, "\"%s\": lifetime of key signing key %d exceeded since %s",
- zp->zone, ksk->tag, str_delspace (age2str (age - lifetime)));
- }
- return 1;
- }
-
- /* now check if there is an ongoing key rollover */
-
- /* check if parent-file already exist */
- if ( !fileexist (path) ) /* no parent-<zone> file found ? */
- return 0; /* ok, that's it */
-
- /* check the ksk rollover phase we are in */
- currphase = get_parent_phase (path); /* this is the actual state we are in */
- parfile_age = file_age (path);
-
- /* TODO: Set these values to the one found in the parent dnssec.conf file */
- parent_propagation = PARENT_PROPAGATION;
- parent_resign = z->resign;
- parent_keyttl = z->key_ttl;
-
- switch ( currphase )
- {
- case 1: /* we are currently in state one (new ksk already generated) */
- if ( parfile_age > z->proptime + z->key_ttl ) /* can we go to phase 2 ? */
- {
- verbmesg (2, z, "\t\tkskrollover: save new ksk in parent file\n");
- ksk = ksk->next; /* set ksk to new ksk */
- if ( !create_parent_file (path, currphase+1, z->key_ttl, ksk) )
- lg_mesg (LG_ERROR, "Couldn't create parentfile %s\n", path);
- lg_mesg (LG_INFO, "\"%s\": kskrollover phase2: send new key %d to the parent zone", zp->zone, ksk->tag);
- return 1;
- }
- else
- verbmesg (2, z, "\t\tkskrollover: we are in state 1 and waiting for propagation of the new key (parentfile %dsec < prop %dsec + keyttl %dsec\n", parfile_age, z->proptime, z->key_ttl);
- break;
- case 2: /* we are currently in state two (propagation of new key to the parent) */
-#if 0
- if ( parfile_age >= parent_propagation + parent_resign + parent_keyttl ) /* can we go to phase 3 ? */
-#else
- if ( parfile_age >= parent_propagation + parent_keyttl ) /* can we go to phase 3 ? */
-#endif
- {
- /* remove the parentfile */
- unlink (path);
-
- /* remove oldest key from list and mark file as removed */
- zp->keys = dki_remove (ksk);
-
- // verbmesg (2, z, "kskrollover: remove parentfile and rename old key to k<zone>+<algo>+<tag>.key\n");
- verbmesg (2, z, "\t\tkskrollover: remove parentfile and rename old key to k%s+%03d+%05d.key\n",
- ksk->name, ksk->algo, ksk->tag);
- lg_mesg (LG_INFO, "\"%s\": kskrollover phase3: Remove old key %d", zp->zone, ksk->tag);
- return 1;
- }
- else
-#if 0
- verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %d < parentprop %d + parentresig %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_resign, parent_keyttl);
-#else
- verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %dsec < parentprop %dsec + parentkeyttl %dsec\n", parfile_age, parent_propagation, parent_keyttl);
-#endif
- break;
- default:
- assert ( currphase == 1 || currphase == 2 );
- /* NOTREACHED */
- }
-
- return 0;
-}
-
-/*****************************************************************
-** global function definition
-*****************************************************************/
-
-/*****************************************************************
-** ksk5011status ()
-** Check if the list of zone keys containing a revoked or a
-** standby key.
-** Remove the revoked key if it is older than 30 days.
-** If the lifetime of the active key is reached, do a rfc5011
-** keyrollover.
-** Returns an int with the rightmost bit set if a resigning
-** is required. The second rightmost bit is set, if it is an
-** rfc5011 zone.
-*****************************************************************/
-int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)
-{
- dki_t *standbykey;
- dki_t *activekey;
- dki_t *dkp;
- dki_t *prev;
- time_t currtime;
- time_t exptime;
- int ret;
-
- assert ( listp != NULL );
- assert ( z != NULL );
-
- if ( z->k_life == 0 )
- return 0;
-
- verbmesg (1, z, "\tCheck RFC5011 status\n");
-
- ret = 0;
- currtime = time (NULL);
-
- /* go through the list of key signing keys, */
- /* remove revoked keys and set a pointer to standby and active key */
- standbykey = activekey = NULL;
- prev = NULL;
- for ( dkp = *listp; dkp && dki_isksk (dkp); dkp = dkp->next )
- {
- exptime = get_exptime (dkp, z);
- if ( dki_isrevoked (dkp) )
- lg_mesg (LG_DEBUG, "zone \"%s\": found revoked key (id=%d exptime=%s); waiting for remove hold down time",
- domain, dkp->tag, time2str (exptime, 's'));
-
- /* revoked key is older than 30 days? */
- if ( dki_isrevoked (dkp) && currtime > exptime + REMOVE_HOLD_DOWN )
- {
- verbmesg (1, z, "\tRemove revoked key %d which is older than 30 days\n", dkp->tag);
- lg_mesg (LG_NOTICE, "zone \"%s\": removing revoked key %d", domain, dkp->tag);
-
- /* remove key from list and mark file as removed */
- if ( prev == NULL ) /* at the beginning of the list ? */
- *listp = dki_remove (dkp);
- else /* anywhere in the middle of the list */
- prev->next = dki_remove (dkp);
-
- ret |= 01; /* from now on a resigning is necessary */
- }
-
- /* remember oldest standby and active key */
- if ( dki_status (dkp) == DKI_PUBLISHED )
- standbykey = dkp;
- if ( dki_status (dkp) == DKI_ACTIVE )
- activekey = dkp;
- }
- /* no activekey or no standby key and also no revoked key found ? */
- if ( activekey == NULL || (standbykey == NULL && ret == 0) )
- return ret; /* Seems that this is a non rfc5011 zone! */
-
- ret |= 02; /* Zone looks like a rfc5011 zone */
-
- exptime = get_exptime (activekey, z);
-#if 0
- lg_mesg (LG_DEBUG, "Act Exptime: %s", time2str (exptime, 's'));
- lg_mesg (LG_DEBUG, "Stb time: %s", time2str (dki_time (standbykey), 's'));
- lg_mesg (LG_DEBUG, "Stb time+wait: %s", time2str (dki_time (standbykey) + min (DAYSEC * 30, z->key_ttl), 's'));
-#endif
- /* At the first time we introduce a standby key, the lifetime of the current KSK shouldn't be expired, */
- /* otherwise we run into an (nearly) immediate key rollover! */
- if ( currtime > exptime && currtime > dki_time (standbykey) + min (ADD_HOLD_DOWN, z->key_ttl) )
- {
- lg_mesg (LG_NOTICE, "\"%s\": starting rfc5011 rollover", domain);
- verbmesg (1, z, "\tLifetime of Key Signing Key %d exceeded (%s): Starting rfc5011 rollover!\n",
- activekey->tag, str_delspace (age2str (dki_age (activekey, currtime))));
- verbmesg (2, z, "\t\t=>Generating new standby key signing key\n");
- dkp = genfirstkey (listp, dir, domain, DKI_KSK, z, DKI_PUBLISHED); /* gentime == now; lifetime = z->k_life; exp = 0 */
- if ( !dkp )
- {
- error ("\tcould not generate new standby KSK\n");
- lg_mesg (LG_ERROR, "\%s\": can't generate new standby KSK", domain);
- }
- else
- lg_mesg (LG_NOTICE, "\"%s\": generated new standby KSK %d", domain, dkp->tag);
-
- /* standby key gets active */
- verbmesg (2, z, "\t\t=>Activating old standby key %d \n", standbykey->tag);
- dki_setstatus (standbykey, DKI_ACT);
-
- /* active key should be revoked */
- verbmesg (2, z, "\t\t=>Revoking old active key %d \n", activekey->tag);
- dki_setstatus (activekey, DKI_REVOKED);
- dki_setexptime (activekey, currtime); /* now the key is expired */
-
- ret |= 01; /* resigning necessary */
- }
-
- return ret;
-}
-
-/*****************************************************************
-** kskstatus ()
-** Check the ksk status of a zone if a ksk lifetime is set.
-** If there is no key signing key present create a new one.
-** Prints out a warning message if the lifetime of the current
-** key signing key is over.
-** Returns 1 if a resigning of the zone is necessary, otherwise
-** the function returns 0.
-*****************************************************************/
-int kskstatus (zone_t *zonelist, zone_t *zp)
-{
- dki_t *akey;
- const zconf_t *z;
-
- assert ( zp != NULL );
-
- z = zp->conf;
- if ( z->k_life == 0 )
- return 0;
-
- verbmesg (1, z, "\tCheck KSK status\n");
- /* check if a key signing key exist ? */
- akey = (dki_t *)dki_findalgo (zp->keys, DKI_KSK, z->k_algo, 'a', 1);
- if ( akey == NULL )
- {
- verbmesg (1, z, "\tNo active KSK found: generate new one\n");
- akey = genfirstkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE);
- if ( !akey )
- {
- error ("\tcould not generate new KSK\n");
- lg_mesg (LG_ERROR, "\"%s\": can't generate new KSK: \"%s\"",
- zp->zone, dki_geterrstr());
- }
- else
- lg_mesg (LG_INFO, "\"%s\": generated new KSK %d", zp->zone, akey->tag);
- return akey != NULL; /* return value of 1 forces a resigning of the zone */
- }
- else /* try to start a full automated ksk rollover */
- kskrollover (akey, zonelist, zp);
-
- /* is a second algorithm requested ? (since 0.99) */
- if ( z->k2_algo && z->k2_algo != z->k_algo )
- {
- /* check for ksk supporting the additional algorithm */
- akey = (dki_t *)dki_findalgo (zp->keys, DKI_KSK, z->k2_algo, 'a', 1);
- if ( akey == NULL )
- {
- verbmesg (1, z, "\tNo active KSK for additional algorithm found: generate new one\n");
- akey = genaddkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE);
- if ( !akey )
- {
- error ("\tcould not generate new KSK for additional algorithm\n");
- lg_mesg (LG_ERROR, "\"%s\": can't generate new KSK for 2nd algorithm: \"%s\"",
- zp->zone, dki_geterrstr());
- }
- else
- lg_mesg (LG_INFO, "\"%s\": generated new KSK %d for additional algorithm",
- zp->zone, akey->tag);
- return 1; /* return value of 1 forces a resigning of the zone */
- }
- }
-
- return 0;
-}
-
-/*****************************************************************
-** zskstatus ()
-** Check the zsk status of a zone.
-** Returns 1 if a resigning of the zone is necessary, otherwise
-** the function returns 0.
-*****************************************************************/
-int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)
-{
- dki_t *akey;
- dki_t *nextkey;
- dki_t *dkp, *last;
- int keychange;
- time_t lifetime;
- time_t age;
- time_t currtime;
-
- assert ( listp != NULL );
- /* dir can be NULL */
- assert ( domain != NULL );
- assert ( z != NULL );
-
- currtime = time (NULL);
-
- verbmesg (1, z, "\tCheck ZSK status\n");
- dbg_val("zskstatus for %s \n", domain);
- keychange = 0;
- /* Is the depreciated key expired ? */
- /* As mentioned by olaf, this is the max_ttl of all the rr in the zone */
- lifetime = z->max_ttl + z->proptime; /* draft kolkman/gieben */
- last = NULL;
- dkp = *listp;
- while ( dkp )
- if ( !dki_isksk (dkp) &&
- dki_status (dkp) == DKI_DEPRECIATED &&
- dki_age (dkp, currtime) > lifetime )
- {
- keychange = 1;
- verbmesg (1, z, "\tLifetime(%d sec) of depreciated key %d exceeded (%d sec)\n",
- lifetime, dkp->tag, dki_age (dkp, currtime));
- lg_mesg (LG_INFO, "\"%s\": old ZSK %d removed", domain, dkp->tag);
- dkp = dki_destroy (dkp); /* delete the keyfiles */
- dbg_msg("zskstatus: depreciated key removed ");
- if ( last )
- last->next = dkp;
- else
- *listp = dkp;
- verbmesg (1, z, "\t\t->remove it\n");
- }
- else
- {
- last = dkp;
- dkp = dkp->next;
- }
-
- /* check status of active key */
- dbg_msg("zskstatus check status of active key ");
- lifetime = z->z_life; /* global configured lifetime for zsk */
- akey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'a', 1);
- if ( akey == NULL && lifetime > 0 ) /* no active key found */
- {
- verbmesg (1, z, "\tNo active ZSK found: generate new one\n");
- akey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE);
- if ( !akey )
- {
- error ("\tcould not generate new ZSK\n");
- lg_mesg (LG_ERROR, "\%s\": can't generate new ZSK", domain);
- }
- else
- lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d", domain, akey->tag);
- }
- else /* active key exist */
- {
- if ( dki_lifetime (akey) )
- lifetime = dki_lifetime (akey); /* set lifetime to lt of active key */
-
- /* lifetime of active key is expired and published key exist ? */
- age = dki_age (akey, currtime);
- if ( lifetime > 0 && age > lifetime - (OFFSET) )
- {
- verbmesg (1, z, "\tLifetime(%d +/-%d sec) of active key %d exceeded (%d sec)\n",
- lifetime, (OFFSET) , akey->tag, dki_age (akey, currtime) );
-
- /* depreciate the key only if there is another active or published key */
- if ( (nextkey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'a', 2)) == NULL ||
- nextkey == akey )
- nextkey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'p', 1);
-
- /* Is the published key sufficient long in the zone ? */
- /* As mentioned by Olaf, this should be the ttl of the DNSKEY RR ! */
- if ( nextkey && dki_age (nextkey, currtime) > z->key_ttl + z->proptime )
- {
- keychange = 1;
- verbmesg (1, z, "\t\t->depreciate it\n");
- dki_setstatus (akey, 'd'); /* depreciate the active key */
- verbmesg (1, z, "\t\t->activate published key %d\n", nextkey->tag);
- dki_setstatus (nextkey, 'a'); /* activate published key */
- lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded: ZSK rollover done", domain, akey->tag);
- akey = nextkey;
- nextkey = NULL;
- lifetime = dki_lifetime (akey); /* set lifetime to lt of the new active key (F. Behrens) */
- }
- else
- {
- verbmesg (1, z, "\t\t->waiting for published key\n");
- lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded since %s: ZSK rollover deferred: waiting for published key",
- domain, akey->tag, str_delspace (age2str (age - lifetime)));
- }
- }
- }
-
- /* Should we add a new publish key? */
- nextkey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k_algo, 'p', 1); /* is there a published ZSK? */
-#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK
- if ( z->z_always ) /* always add a pre-publish ZSK (patch from Hrant Dadivanyan) */
- {
- if ( nextkey == NULL )
- {
- verbmesg (1, z, "\tNew key for pre-publishing needed\n");
- nextkey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB);
- if ( nextkey )
- {
- keychange = 1;
- verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag);
- lg_mesg (LG_INFO, "\"%s\": new key %d generated for pre-publishing", domain, nextkey->tag);
- }
- else
- {
- error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr());
- lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"",
- domain, dki_geterrstr());
- }
- }
- }
- else /* do we need a new ZSK ? */
-#endif
- {
- /* This is necessary if the active key will be expired at the
- * next re-signing interval (The published time will be checked
- * just before the active key will be removed. See above).
- */
- if ( nextkey == NULL && lifetime > 0 && (akey == NULL ||
- dki_age (akey, currtime + z->resign) > lifetime - (OFFSET)) )
- {
- verbmesg (1, z, "\tNew ZSK for publishing needed\n");
- nextkey = genfirstkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB);
- if ( nextkey )
- {
- keychange = 1;
- verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag);
- lg_mesg (LG_INFO, "\"%s\": new zone signing key %d generated for publishing", domain, nextkey->tag);
- }
- else
- {
- error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr());
- lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"",
- domain, dki_geterrstr());
- }
- }
- }
-
- /* is a second algorithm requested ? (since 0.99) */
- if ( z->k2_algo && z->k2_algo != z->k_algo )
- {
- /* check for zsk supporting the additional algorithm */
- akey = (dki_t *)dki_findalgo (*listp, DKI_ZSK, z->k2_algo, 'a', 1);
- if ( akey == NULL )
- {
- verbmesg (1, z, "\tNo active ZSK for second algorithm found: generate new one\n");
- akey = genaddkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE);
- if ( !akey )
- {
- error ("\tcould not generate new ZSK for 2nd algorithm\n");
- lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK for 2nd algorithm: \"%s\"",
- domain, dki_geterrstr());
- }
- else
- lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d for 2nd algorithm",
- domain, akey->tag);
- return 1; /* return value of 1 forces a resigning of the zone */
- }
- }
-
- return keychange;
-}
-
+++ /dev/null
-/*****************************************************************
-**
-** @(#) rollover.h (c) 2005 - 2008 Holger Zuleger hznet.de
-**
-** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef ROLLOVER_H
-# define ROLLOVER_H
-# include <sys/types.h>
-# include <stdarg.h>
-# include <stdio.h>
-
-#ifndef ZCONF_H
-# include "zconf.h"
-#endif
-
-# define OFFSET ((int) (2.5 * MINSEC))
-# define PARENT_PROPAGATION (5 * MINSEC)
-# define ADD_HOLD_DOWN (30 * DAYSEC)
-# define REMOVE_HOLD_DOWN (30 * DAYSEC)
-
-extern int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z);
-extern int kskstatus (zone_t *zonelist, zone_t *zp);
-extern int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z);
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) soaserial.c -- helper function for the dnssec zone key tools
-**
-** Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <ctype.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include <time.h>
-# include <utime.h>
-# include <assert.h>
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-# include "config_zkt.h"
-# include "zconf.h"
-# include "log.h"
-# include "debug.h"
-#define extern
-# include "soaserial.h"
-#undef extern
-
-static int inc_soa_serial (FILE *fp, int use_unixtime);
-static int is_soa_rr (const char *line);
-static const char *strfindstr (const char *str, const char *search);
-
-
-/****************************************************************
-**
-** int inc_serial (filename, use_unixtime)
-**
-** This function depends on a special syntax formating the
-** SOA record in the zone file!!
-**
-** To match the SOA record, the SOA RR must be formatted
-** like this:
-** @ [ttl] IN SOA <master.fq.dn.> <hostmaster.fq.dn.> (
-** <SPACEes or TABs> 1234567890; serial number
-** <SPACEes or TABs> 86400 ; other values
-** ...
-** The space from the first digit of the serial number to
-** the first none white space char or to the end of the line
-** must be at least 10 characters!
-** So you have to left justify the serial number in a field
-** of at least 10 characters like this:
-** <SPACEes or TABs> 1 ; Serial
-**
-** Since ZKT 1.1.0 single line SOA records are also supported
-**
-****************************************************************/
-int inc_serial (const char *fname, int use_unixtime)
-{
- FILE *fp;
- char buf[4095+1];
- int error;
- int serial_pos;
-
- /**
- since BIND 9.4, there is a dnssec-signzone option available for
- serial number increment.
- If the user requests "unixtime"; then use this mechanism.
- **/
- if ( use_unixtime )
- return 0;
-
- if ( (fp = fopen (fname, "r+")) == NULL )
- return -1;
-
- /* read until the line matches the beginning of a soa record ... */
- while ( fgets (buf, sizeof buf, fp) )
- {
- dbg_val ("inc_serial() checking line for SOA RR \"%s\"\n", buf);
- serial_pos = is_soa_rr (buf);
- if ( serial_pos ) /* SOA record found ? */
- break;
- }
-
- if ( feof (fp) )
- {
- fclose (fp);
- return -2;
- }
- dbg_val ("serial_pos = %d\n", serial_pos);
- if (serial_pos > 1 ) /* if we found a single line SOA RR */
- fseek (fp, -(long)serial_pos, SEEK_CUR); /* go back to the beginning of the line */
-
- error = inc_soa_serial (fp, use_unixtime); /* .. inc soa serial no ... */
- dbg_val ("inc_soa_serial() returns %d\n", error);
-
- if ( fclose (fp) != 0 ) /* close the zone file in any case */
- return -5;
- return error;
-}
-
-#if 0
-/*****************************************************************
-** check if line is the beginning of a SOA RR record, thus
-** containing the string "IN .* SOA" and ends with a '('
-** returns 1 if true
-*****************************************************************/
-static int is_soa_rr (const char *line)
-{
- const char *p;
-
- assert ( line != NULL );
-
- /* line contains "IN" and "SOA" */
- if ( (p = strfindstr (line, "IN")) && strfindstr (p+2, "SOA") )
- {
- p = line + strlen (line) - 1;
- while ( p > line && isspace (*p) )
- p--;
- if ( *p == '(' ) /* last character must be a '(' to start a multi line record */
- return 1;
- }
-
- return 0;
-}
-#else
-/*****************************************************************
-**
-** check if line is the beginning of a SOA RR record, thus
-** containing the string "IN .* SOA" and ends with a '('
-** (multiline record) or is a single line record.
-**
-** returns 1 if it is a multi line record (for compability to
-** the old function) or the position of the serial number
-** field counted from the end of the line
-**
-*****************************************************************/
-static int is_soa_rr (const char *line)
-{
- const char *p;
- const char *soa_p;
-
- assert ( line != NULL );
-
- /* line contains "IN" and "SOA" ? */
- if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2, "SOA")) )
- {
- int len = strlen (line);
-
- /* check for multiline record */
- p = line + len - 1;
- while ( p > line && isspace (*p) )
- p--;
- if ( *p == '(' ) /* last character must be a '(' to start a multi line record */
- return 1;
-
- /* line is single line record */
- p = soa_p + 3; /* start just behind the SOA string */
- dbg_val1 ("p = \"%s\"\n", p);
- p += strspn (p, " \t"); /* skip white space */
- p += strcspn (p, " \t"); /* skip primary master */
- p += strspn (p, " \t"); /* skip white space */
- p += strcspn (p, " \t"); /* skip mail address */
- dbg_val1 ("p = \"%s\"\n", p);
-
- dbg_val1 ("is_soa_rr returns = %d\n", (line+len) - p);
- return (line+len) - p; /* position of serial nr from the end of the line */
- }
-
- return 0;
-}
-#endif
-
-/*****************************************************************
-** Find string 'search' in 'str' and ignore case in comparison.
-** returns the position of 'search' in 'str' or NULL if not found.
-*****************************************************************/
-static const char *strfindstr (const char *str, const char *search)
-{
- const char *p;
- int c;
-
- assert ( str != NULL );
- assert ( search != NULL );
-
- c = tolower (*search);
- p = str;
- do {
- while ( *p && tolower (*p) != c )
- p++;
- if ( strncasecmp (p, search, strlen (search)) == 0 )
- return p;
- p++;
- } while ( *p );
-
- return NULL;
-}
-
-/*****************************************************************
-** return the serial number of the given time in the form
-** of YYYYmmdd00 as ulong value
-*****************************************************************/
-static ulong serialtime (time_t sec)
-{
- struct tm *t;
- ulong serialtime;
-
- t = gmtime (&sec);
- serialtime = (t->tm_year + 1900) * 10000;
- serialtime += (t->tm_mon+1) * 100;
- serialtime += t->tm_mday;
- serialtime *= 100;
-
- return serialtime;
-}
-
-/*****************************************************************
-** inc_soa_serial (fp, use_unixtime)
-** increment the soa serial number of the file 'fp'
-** 'fp' must be opened "r+"
-** returns 0 on success or a negative value in case of an error
-*****************************************************************/
-static int inc_soa_serial (FILE *fp, int use_unixtime)
-{
- int c;
- long pos, eos;
- ulong serial;
- int digits;
- ulong today;
-
- /* move forward until any non ws is reached */
- while ( (c = getc (fp)) != EOF && isspace (c) )
- ;
- ungetc (c, fp); /* push back the last char */
-
- pos = ftell (fp); /* mark position */
-
- serial = 0L; /* read in the current serial number */
- /* be aware of the trailing space in the format string !! */
- if ( fscanf (fp, "%lu ", &serial) != 1 ) /* try to get serial no */
- return -3;
- eos = ftell (fp); /* mark first non digit/ws character pos */
-
- digits = eos - pos;
- if ( digits < 10 ) /* not enough space for serial no ? */
- return -4;
-
- today = time (NULL);
- if ( !use_unixtime )
- {
- today = serialtime (today); /* YYYYmmdd00 */
- if ( serial > 1970010100L && serial < today )
- serial = today; /* set to current time */
- serial++; /* increment anyway */
- }
-
- fseek (fp, pos, SEEK_SET); /* go back to the beginning */
- fprintf (fp, "%-*lu", digits, serial); /* write as many chars as before */
-
- return 0; /* yep! */
-}
-
-/*****************************************************************
-** return the error text of the inc_serial return coode
-*****************************************************************/
-const char *inc_errstr (int err)
-{
- switch ( err )
- {
- case -1: return "couldn't open zone file for modifying";
- case -2: return "unexpected end of file";
- case -3: return "no serial number found in zone file";
- case -4: return "not enough space left for serialno";
- case -5: return "error on closing zone file";
- }
- return "";
-}
-
-#ifdef SOA_TEST
-const char *progname;
-main (int argc, char *argv[])
-{
- ulong now;
- int err;
- char cmd[255];
-
- progname = *argv;
-
- now = time (NULL);
- now = serialtime (now);
- printf ("now = %lu\n", now);
-
- if ( (err = inc_serial (argv[1], 0)) < 0 )
- {
- fprintf (stderr, "can't change serial no: errno=%d %s\n",
- err, inc_errstr (err));
- exit (1);
- }
-
- snprintf (cmd, sizeof(cmd), "head -15 %s", argv[1]);
- system (cmd);
-}
-#endif
-
+++ /dev/null
-/*****************************************************************
-**
-** @(#) soserial.h (c) 2005 - 2007 Holger Zuleger hznet.de
-**
-** Copyright (c) 2005 - 2007, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef SOASERIAL_H
-# define SOASERIAL_H
-extern int inc_serial (const char *fname, int use_unixtime);
-extern const char *inc_errstr (int err);
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) strlist.c (c) Mar 2005 Holger Zuleger
-**
-** TODO: Maybe we should use a special type for the list:
-** typedef struct { char cnt; char list[0+1]; } strlist__t;
-** This results in better type control of the function parameters
-**
-** Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-#ifdef TEST
-# include <stdio.h>
-#endif
-#include <string.h>
-#include <stdlib.h>
-#include "strlist.h"
-
-
-/*****************************************************************
-** prepstrlist (str, delim)
-** prepare a string with delimiters to a so called strlist.
-** 'str' is a list of substrings delimited by 'delim'
-** The # of strings is stored at the first byte of the allocated
-** memory. Every substring is stored as a '\0' terminated C-String.
-** The function returns a pointer to dynamic allocated memory
-*****************************************************************/
-char *prepstrlist (const char *str, const char *delim)
-{
- char *p;
- char *new;
- int len;
- int cnt;
-
- if ( str == NULL )
- return NULL;
-
- len = strlen (str);
- if ( (new = malloc (len + 2)) == NULL )
- return new;
-
- cnt = 0;
- p = new;
- for ( *p++ = '\0'; *str; str++ )
- {
- if ( strchr (delim, *str) == NULL )
- *p++ = *str;
- else if ( p[-1] != '\0' )
- {
- *p++ = '\0';
- cnt++;
- }
- }
- *p = '\0'; /*terminate string */
- if ( p[-1] != '\0' )
- cnt++;
- *new = cnt & 0xFF;
-
- return new;
-}
-
-/*****************************************************************
-** isinlist (str, list)
-** check if 'list' contains 'str'
-*****************************************************************/
-int isinlist (const char *str, const char *list)
-{
- int cnt;
-
- if ( list == NULL || *list == '\0' )
- return 1;
- if ( str == NULL || *str == '\0' )
- return 0;
-
- cnt = *list;
- while ( cnt-- > 0 )
- {
- list++;
- if ( strcmp (str, list) == 0 )
- return 1;
- list += strlen (list);
- }
-
- return 0;
-}
-
-/*****************************************************************
-** unprepstrlist (list, delimc)
-*****************************************************************/
-char *unprepstrlist (char *list, char delimc)
-{
- char *p;
- int cnt;
-
- cnt = *list & 0xFF;
- p = list;
- for ( *p++ = delimc; cnt > 1; p++ )
- if ( *p == '\0' )
- {
- *p = delimc;
- cnt--;
- }
-
- return list;
-}
-
-#ifdef TEST
-main (int argc, char *argv[])
-{
- FILE *fp;
- char *p;
- char *searchlist = NULL;
- char group[255];
-
- if ( argc > 1 )
- searchlist = prepstrlist (argv[1], LISTDELIM);
-
- printf ("searchlist: %d entrys: \n", searchlist[0]);
- if ( (fp = fopen ("/etc/group", "r")) == NULL )
- exit (fprintf (stderr, "can't open file\n"));
-
- while ( fscanf (fp, "%[^:]:%*[^\n]\n", group) != EOF )
- if ( isinlist (group, searchlist) )
- printf ("%s\n", group);
-
- fclose (fp);
-
- printf ("searchlist: \"%s\"\n", unprepstrlist (searchlist, *LISTDELIM));
- for ( p = searchlist; *p; p++ )
- if ( *p < 32 )
- printf ("<%d>", *p);
- else
- printf ("%c", *p);
- printf ("\n");
-}
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) strlist.h (c) Mar 2005 Holger Zuleger
-**
-** Copyright (c) May 2005 Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-#ifndef STRLIST_H
-# define STRLIST_H
-
-# define LISTDELIM " ,:;|^\t"
-
-char *prepstrlist (const char *str, const char *delim);
-int isinlist (const char *str, const char *list);
-char *unprepstrlist (char *list, char delimc);
-#endif
+++ /dev/null
-!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/
-!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/
-!_TAG_PROGRAM_AUTHOR Darren Hiebert /dhiebert@users.sourceforge.net/
-!_TAG_PROGRAM_NAME Exuberant Ctags //
-!_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/
-!_TAG_PROGRAM_VERSION 5.9~svn20110310 //
-CONF_ALGO zconf.c /^ CONF_ALGO,$/;" e enum:__anon2 file:
-CONF_BOOL zconf.c /^ CONF_BOOL,$/;" e enum:__anon2 file:
-CONF_COMMENT zconf.c /^ CONF_COMMENT,$/;" e enum:__anon2 file:
-CONF_END zconf.c /^ CONF_END = 0,$/;" e enum:__anon2 file:
-CONF_FACILITY zconf.c /^ CONF_FACILITY,$/;" e enum:__anon2 file:
-CONF_INT zconf.c /^ CONF_INT,$/;" e enum:__anon2 file:
-CONF_LEVEL zconf.c /^ CONF_LEVEL,$/;" e enum:__anon2 file:
-CONF_NSEC3 zconf.c /^ CONF_NSEC3,$/;" e enum:__anon2 file:
-CONF_SERIAL zconf.c /^ CONF_SERIAL,$/;" e enum:__anon2 file:
-CONF_STRING zconf.c /^ CONF_STRING,$/;" e enum:__anon2 file:
-CONF_TIMEINT zconf.c /^ CONF_TIMEINT,$/;" e enum:__anon2 file:
-CONF_VERSION zconf.c /^ CONF_VERSION,$/;" e enum:__anon2 file:
-ISCOMMENT zconf.c 68;" d file:
-ISDELIM zconf.c 70;" d file:
-ISTRUE zconf.c 66;" d file:
-KEYGEN_COMPMODE dki.c 230;" d file:
-KEYSET_FILE_PFX zkt-signer.c 727;" d file:
-KeyWords ncparse.c /^static struct KeyWords {$/;" s file:
-MAXFNAME log.c 98;" d file:
-STRCONFIG_DELIMITER zconf.c 674;" d file:
-TAINTEDCHARS misc.c 60;" d file:
-TOK_DELEGATION ncparse.c 59;" d file:
-TOK_DIR ncparse.c 49;" d file:
-TOK_FILE ncparse.c 62;" d file:
-TOK_FORWARD ncparse.c 58;" d file:
-TOK_HINT ncparse.c 57;" d file:
-TOK_INCLUDE ncparse.c 50;" d file:
-TOK_MASTER ncparse.c 54;" d file:
-TOK_SLAVE ncparse.c 55;" d file:
-TOK_STRING ncparse.c 48;" d file:
-TOK_STUB ncparse.c 56;" d file:
-TOK_TYPE ncparse.c 53;" d file:
-TOK_UNKNOWN ncparse.c 64;" d file:
-TOK_VIEW ncparse.c 60;" d file:
-TOK_ZONE ncparse.c 52;" d file:
-a domaincmp.c /^ char *a;$/;" m struct:__anon1 file:
-add2zonelist zkt-signer.c /^static int add2zonelist (const char *dir, const char *view, const char *zone, const char *file)$/;" f file:
-addkeydb zfparse.c /^int addkeydb (const char *file, const char *keydbfile)$/;" f
-age2str misc.c /^char *age2str (time_t sec)$/;" f
-ageflag zkt-keyman.c /^int ageflag = 0;$/;" v
-ageflag zkt-ls.c /^int ageflag = 0;$/;" v
-allflag zkt-conf.c /^static int allflag = 0;$/;" v file:
-b domaincmp.c /^ char *b;$/;" m struct:__anon1 file:
-bind96_dynzone zkt-signer.c 123;" d file:
-bold_off tcap.c /^static const char *bold_off = "";$/;" v file:
-bold_on tcap.c /^static const char *bold_on = "";$/;" v file:
-bool2str zconf.c /^static const char *bool2str (int val)$/;" f file:
-check_keydb_timestamp zkt-signer.c /^static int check_keydb_timestamp (dki_t *keylist, time_t reftime)$/;" f file:
-checkconfig zconf.c /^int checkconfig (const zconf_t *z)$/;" f
-cmdln zconf.c 73;" d file:
-cmpfile misc.c /^int cmpfile (const char *file1, const char *file2)$/;" f
-colortab tcap.c /^static char colortab[8][31+1];$/;" v file:
-compversion zconf.c /^static int compversion;$/;" v file:
-config zconf.c /^static zconf_t *config;$/;" v file:
-config zkt-signer.c /^static zconf_t *config;$/;" v file:
-confpara zconf.c /^static zconf_para_t confpara[] = {$/;" v file:
-copy_keyset zkt-signer.c /^static void copy_keyset (const char *dir, const char *domain, const zconf_t *conf)$/;" f file:
-copyfile misc.c /^int copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile)$/;" f
-copyzonefile misc.c /^int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile)$/;" f
-create_parent_file rollover.c /^static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)$/;" f file:
-create_parent_file zkt-keyman.c /^static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)$/;" f file:
-createkey zkt-keyman.c /^static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf)$/;" f file:
-ctype_t zconf.c /^} ctype_t;$/;" t typeref:enum:__anon2 file:
-def zconf.c /^static zconf_t def = {$/;" v file:
-desc zconf.c /^ const char *desc;$/;" m struct:__anon3 file:
-dirflag zkt-keyman.c /^static int dirflag = 0;$/;" v file:
-dirflag zkt-ls.c /^static int dirflag = 0;$/;" v file:
-dirname zkt-signer.c /^static const char *dirname = NULL;$/;" v file:
-dist_and_reload nscomm.c /^int dist_and_reload (const zone_t *zp, int what)$/;" f
-dki_add dki.c /^dki_t *dki_add (dki_t **list, dki_t *new)$/;" f
-dki_age dki.c /^int dki_age (const dki_t *dkp, time_t curr)$/;" f
-dki_algo dki.c /^time_t dki_algo (const dki_t *dkp)$/;" f
-dki_algo2sstr dki.c /^char *dki_algo2sstr (int algo)$/;" f
-dki_algo2str dki.c /^char *dki_algo2str (int algo)$/;" f
-dki_allcmp dki.c /^int dki_allcmp (const dki_t *a, const dki_t *b)$/;" f
-dki_alloc dki.c /^static dki_t *dki_alloc ()$/;" f file:
-dki_cmp dki.c /^int dki_cmp (const dki_t *a, const dki_t *b)$/;" f
-dki_destroy dki.c /^dki_t *dki_destroy (dki_t *dkp)$/;" f
-dki_estr dki.c /^static char dki_estr[255+1];$/;" v file:
-dki_exptime dki.c /^time_t dki_exptime (const dki_t *dkp)$/;" f
-dki_find dki.c /^const dki_t *dki_find (const dki_t *list, int ksk, int status, int no)$/;" f
-dki_findalgo dki.c /^const dki_t *dki_findalgo (const dki_t *list, int ksk, int alg, int status, int no)$/;" f
-dki_free dki.c /^void dki_free (dki_t *dkp)$/;" f
-dki_freelist dki.c /^void dki_freelist (dki_t **listp)$/;" f
-dki_gentime dki.c /^time_t dki_gentime (const dki_t *dkp)$/;" f
-dki_geterrstr dki.c /^const char *dki_geterrstr ()$/;" f
-dki_getflag dki.c /^dk_flag_t dki_getflag (const dki_t *dkp, time_t curr)$/;" f
-dki_isactive dki.c /^int dki_isactive (const dki_t *dkp)$/;" f
-dki_isdepreciated dki.c /^int dki_isdepreciated (const dki_t *dkp)$/;" f
-dki_isksk dki.c /^int dki_isksk (const dki_t *dkp)$/;" f
-dki_ispublished dki.c /^int dki_ispublished (const dki_t *dkp)$/;" f
-dki_isrevoked dki.c /^int dki_isrevoked (const dki_t *dkp)$/;" f
-dki_lifetime dki.c /^time_t dki_lifetime (const dki_t *dkp)$/;" f
-dki_lifetimedays dki.c /^ushort dki_lifetimedays (const dki_t *dkp)$/;" f
-dki_namecmp dki.c /^int dki_namecmp (const dki_t *a, const dki_t *b)$/;" f
-dki_new dki.c /^dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days)$/;" f
-dki_prt_comment dki.c /^int dki_prt_comment (const dki_t *dkp, FILE *fp)$/;" f
-dki_prt_dnskey dki.c /^int dki_prt_dnskey (const dki_t *dkp, FILE *fp)$/;" f
-dki_prt_dnskey_raw dki.c /^int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp)$/;" f
-dki_prt_dnskeyttl dki.c /^int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl)$/;" f
-dki_prt_managedkey dki.c /^int dki_prt_managedkey (const dki_t *dkp, FILE *fp)$/;" f
-dki_prt_trustedkey dki.c /^int dki_prt_trustedkey (const dki_t *dkp, FILE *fp)$/;" f
-dki_read dki.c /^dki_t *dki_read (const char *dirname, const char *filename)$/;" f
-dki_readdir dki.c /^int dki_readdir (const char *dir, dki_t **listp, int recursive)$/;" f
-dki_readfile dki.c /^static int dki_readfile (FILE *fp, dki_t *dkp)$/;" f file:
-dki_remove dki.c /^dki_t *dki_remove (dki_t *dkp)$/;" f
-dki_revnamecmp dki.c /^int dki_revnamecmp (const dki_t *a, const dki_t *b)$/;" f
-dki_search dki.c /^const dki_t *dki_search (const dki_t *list, int tag, const char *name)$/;" f
-dki_setexptime dki.c /^time_t dki_setexptime (dki_t *dkp, time_t sec)$/;" f
-dki_setflag dki.c /^dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag)$/;" f
-dki_setlifetime dki.c /^ushort dki_setlifetime (dki_t *dkp, int days)$/;" f
-dki_setstat dki.c /^static int dki_setstat (dki_t *dkp, int status, int preserve_time)$/;" f file:
-dki_setstatus dki.c /^int dki_setstatus (dki_t *dkp, int status)$/;" f
-dki_setstatus_preservetime dki.c /^int dki_setstatus_preservetime (dki_t *dkp, int status)$/;" f
-dki_status dki.c /^dk_status_t dki_status (const dki_t *dkp)$/;" f
-dki_statusstr dki.c /^const char *dki_statusstr (const dki_t *dkp)$/;" f
-dki_tadd dki.c /^dki_t *dki_tadd (dki_t **tree, dki_t *new, int sub_before)$/;" f
-dki_tagcmp dki.c /^int dki_tagcmp (const dki_t *a, const dki_t *b)$/;" f
-dki_tfree dki.c /^void dki_tfree (dki_t **tree)$/;" f
-dki_time dki.c /^time_t dki_time (const dki_t *dkp)$/;" f
-dki_timecmp dki.c /^int dki_timecmp (const dki_t *a, const dki_t *b)$/;" f
-dki_tsearch dki.c /^const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name)$/;" f
-dki_unsetflag dki.c /^dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag)$/;" f
-dki_writeinfo dki.c /^static int dki_writeinfo (const dki_t *dkp, const char *path)$/;" f file:
-domain_canonicdup misc.c /^char *domain_canonicdup (const char *s)$/;" f
-domaincmp domaincmp.c /^int domaincmp (const char *a, const char *b)$/;" f
-domaincmp_dir domaincmp.c /^int domaincmp_dir (const char *a, const char *b, int subdomain_above)$/;" f
-dosigning zkt-signer.c /^static int dosigning (zone_t *zonelist, zone_t *zp)$/;" f file:
-dupconfig zconf.c /^zconf_t *dupconfig (const zconf_t *conf)$/;" f
-dyn_update_freeze nscomm.c /^int dyn_update_freeze (const char *domain, const zconf_t *z, int freeze)$/;" f
-dynamic_zone zkt-signer.c /^static int dynamic_zone = 0; \/* dynamic zone ? *\/$/;" v file:
-error misc.c /^void error (char *fmt, ...)$/;" f
-ex domaincmp.c /^} ex[] = {$/;" v typeref:struct:__anon1 file:
-exptimeflag zkt-keyman.c /^int exptimeflag = 0;$/;" v
-exptimeflag zkt-ls.c /^int exptimeflag = 0;$/;" v
-extern dki.c 59;" d file:
-extern dki.c 61;" d file:
-extern domaincmp.c 43;" d file:
-extern domaincmp.c 45;" d file:
-extern log.c 55;" d file:
-extern log.c 57;" d file:
-extern misc.c 56;" d file:
-extern misc.c 58;" d file:
-extern ncparse.c 44;" d file:
-extern ncparse.c 46;" d file:
-extern nscomm.c 45;" d file:
-extern nscomm.c 47;" d file:
-extern rollover.c 57;" d file:
-extern rollover.c 59;" d file:
-extern soaserial.c 53;" d file:
-extern soaserial.c 55;" d file:
-extern tcap.c 31;" d file:
-extern tcap.c 33;" d file:
-extern zconf.c 61;" d file:
-extern zconf.c 63;" d file:
-extern zfparse.c 51;" d file:
-extern zfparse.c 53;" d file:
-extern zkt.c 49;" d file:
-extern zkt.c 51;" d file:
-extern zone.c 53;" d file:
-extern zone.c 55;" d file:
-fatal misc.c /^void fatal (char *fmt, ...)$/;" f
-file_age misc.c /^int file_age (const char *fname)$/;" f
-file_mtime misc.c /^time_t file_mtime (const char *fname)$/;" f
-fileexist misc.c /^int fileexist (const char *name)$/;" f
-filesize misc.c /^size_t filesize (const char *name)$/;" f
-first zconf.c 74;" d file:
-force zkt-signer.c /^static int force = 0;$/;" v file:
-freeconfig zconf.c /^zconf_t *freeconfig (zconf_t *conf)$/;" f
-genaddkey rollover.c /^static dki_t *genaddkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file:
-genfirstkey rollover.c /^static dki_t *genfirstkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file:
-genkey rollover.c /^static dki_t *genkey (int addkey, dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file:
-gensalt misc.c /^int gensalt (char *salt, size_t saltsize, int saltbits, unsigned int seed)$/;" f
-get_exptime rollover.c /^static time_t get_exptime (dki_t *key, const zconf_t *z)$/;" f file:
-get_parent_phase rollover.c /^static int get_parent_phase (const char *file)$/;" f file:
-get_parent_phase zkt-keyman.c /^static int get_parent_phase (const char *file)$/;" f file:
-get_ttl zfparse.c /^static long get_ttl (const char *s)$/;" f file:
-getdefconfname misc.c /^const char *getdefconfname (const char *view)$/;" f
-getnameappendix misc.c /^const char *getnameappendix (const char *progname, const char *basename)$/;" f
-gettok ncparse.c /^static int gettok (FILE *fp, char *val, size_t valsize)$/;" f file:
-goto_labelstart domaincmp.c 48;" d file:
-headerflag zkt-keyman.c /^int headerflag = 1;$/;" v
-headerflag zkt-ls.c /^int headerflag = 1;$/;" v
-html tcap.c /^static int html = 0;$/;" v file:
-in_strarr misc.c /^int in_strarr (const char *str, char *const arr[], int cnt)$/;" f
-inc_errstr soaserial.c /^const char *inc_errstr (int err)$/;" f
-inc_serial soaserial.c /^int inc_serial (const char *fname, int use_unixtime)$/;" f
-inc_soa_serial soaserial.c /^static int inc_soa_serial (FILE *fp, int use_unixtime)$/;" f file:
-is1 tcap.c /^static const char *is1 = "";$/;" v file:
-is2 tcap.c /^static const char *is2 = "";$/;" v file:
-is_defined zkt-signer.c 124;" d file:
-is_directory misc.c /^int is_directory (const char *name)$/;" f
-is_dotfilename misc.c /^int is_dotfilename (const char *name)$/;" f
-is_exec_ok misc.c /^int is_exec_ok (const char *prog)$/;" f
-is_keyfilename misc.c /^int is_keyfilename (const char *name)$/;" f
-is_multiline_rr zfparse.c /^static const char *is_multiline_rr (int *multi_line_rr, const char *p)$/;" f file:
-is_parentdirsigned rollover.c /^static int is_parentdirsigned (const zone_t *zonelist, const zone_t *zp)$/;" f file:
-is_soa_rr soaserial.c /^static int is_soa_rr (const char *line)$/;" f file:
-iscmdline zconf.c 77;" d file:
-iscompatible zconf.c 78;" d file:
-isinlist strlist.c /^int isinlist (const char *str, const char *list)$/;" f
-isparentdomain domaincmp.c /^int isparentdomain (const char *child, const char *parent, int level)$/;" f
-issubdomain domaincmp.c /^int issubdomain (const char *child, const char *parent)$/;" f
-italic_off tcap.c /^static const char *italic_off = "";$/;" v file:
-italic_on tcap.c /^static const char *italic_on = "";$/;" v file:
-ksk5011status rollover.c /^int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;" f
-ksk_roll zkt-keyman.c /^static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf)$/;" f file:
-kskdomain zkt-keyman.c /^static char *kskdomain = "";$/;" v file:
-kskflag zkt-keyman.c /^int kskflag = 1;$/;" v
-kskflag zkt-ls.c /^int kskflag = 1;$/;" v
-kskrollover rollover.c /^static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)$/;" f file:
-kskstatus rollover.c /^int kskstatus (zone_t *zonelist, zone_t *zp)$/;" f
-kw ncparse.c /^} kw[] = {$/;" v typeref:struct:KeyWords file:
-label zconf.c /^ char *label; \/* the name of the parameter *\/$/;" m struct:__anon3 file:
-labellist zkt-keyman.c /^char *labellist = NULL;$/;" v
-labellist zkt-ls.c /^char *labellist = NULL;$/;" v
-last zconf.c 75;" d file:
-level log.c /^ lg_lvl_t level;$/;" m struct:__anon4 file:
-lg_args log.c /^void lg_args (lg_lvl_t level, int argc, char * const argv[])$/;" f
-lg_close log.c /^int lg_close ()$/;" f
-lg_errcnt log.c /^static long lg_errcnt;$/;" v file:
-lg_fileopen log.c /^static FILE *lg_fileopen (const char *path, const char *name)$/;" f file:
-lg_fp log.c /^static FILE *lg_fp;$/;" v file:
-lg_fpsave log.c /^static FILE *lg_fpsave;$/;" v file:
-lg_geterrcnt log.c /^long lg_geterrcnt ()$/;" f
-lg_lvl2str log.c /^const char *lg_lvl2str (lg_lvl_t level)$/;" f
-lg_lvl2syslog log.c /^lg_lvl_t lg_lvl2syslog (lg_lvl_t level)$/;" f
-lg_mesg log.c /^void lg_mesg (int priority, char *fmt, ...)$/;" f
-lg_minfilelevel log.c /^static int lg_minfilelevel;$/;" v file:
-lg_minsyslevel log.c /^static int lg_minsyslevel;$/;" v file:
-lg_open log.c /^int lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel)$/;" f
-lg_progname log.c /^static const char *lg_progname;$/;" v file:
-lg_reseterrcnt log.c /^long lg_reseterrcnt ()$/;" f
-lg_seterrcnt log.c /^long lg_seterrcnt (long value)$/;" f
-lg_str2lvl log.c /^lg_lvl_t lg_str2lvl (const char *name)$/;" f
-lg_str2syslog log.c /^int lg_str2syslog (const char *facility)$/;" f
-lg_symtbl_t log.c /^} lg_symtbl_t;$/;" t typeref:struct:__anon4 file:
-lg_syslogging log.c /^static int lg_syslogging;$/;" v file:
-lg_zone_end log.c /^int lg_zone_end ()$/;" f
-lg_zone_start log.c /^int lg_zone_start (const char *dir, const char *domain)$/;" f
-lifetime zkt-keyman.c /^int lifetime = 0;$/;" v
-lifetime zkt-ls.c /^int lifetime = 0;$/;" v
-lifetimeflag zkt-keyman.c /^int lifetimeflag = 0;$/;" v
-lifetimeflag zkt-ls.c /^int lifetimeflag = 0;$/;" v
-linkfile misc.c /^int linkfile (const char *fromfile, const char *tofile)$/;" f
-list_dnskey zkt.c /^static void list_dnskey (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
-list_key zkt.c /^static void list_key (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
-list_managedkey zkt.c /^static void list_managedkey (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
-list_trustedkey zkt.c /^static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
-ljustflag zkt-keyman.c /^int ljustflag = 0;$/;" v
-ljustflag zkt-ls.c /^int ljustflag = 0;$/;" v
-loadconfig zconf.c /^zconf_t *loadconfig (const char *filename, zconf_t *z)$/;" f
-loadconfig_fromstr zconf.c /^zconf_t *loadconfig_fromstr (const char *str, zconf_t *z)$/;" f
-logfile zkt-signer.c /^static const char *logfile = NULL;$/;" v file:
-logflush misc.c /^void logflush ()$/;" f
-logmesg misc.c /^void logmesg (char *fmt, ...)$/;" f
-long_options zkt-conf.c /^static struct option long_options[] = {$/;" v typeref:struct:option file:
-long_options zkt-keyman.c /^static struct option long_options[] = {$/;" v typeref:struct:option file:
-long_options zkt-ls.c /^static struct option long_options[] = {$/;" v typeref:struct:option file:
-long_options zkt-signer.c /^static struct option long_options[] = {$/;" v typeref:struct:option file:
-lopt_usage zkt-conf.c 317;" d file:
-lopt_usage zkt-conf.c 320;" d file:
-lopt_usage zkt-keyman.c 334;" d file:
-lopt_usage zkt-keyman.c 337;" d file:
-lopt_usage zkt-ls.c 325;" d file:
-lopt_usage zkt-ls.c 328;" d file:
-lopt_usage zkt-signer.c 328;" d file:
-lopt_usage zkt-signer.c 331;" d file:
-loptstr zkt-conf.c 318;" d file:
-loptstr zkt-conf.c 321;" d file:
-loptstr zkt-keyman.c 335;" d file:
-loptstr zkt-keyman.c 338;" d file:
-loptstr zkt-ls.c 326;" d file:
-loptstr zkt-ls.c 329;" d file:
-loptstr zkt-signer.c 329;" d file:
-loptstr zkt-signer.c 332;" d file:
-main domaincmp.c /^main (int argc, char *argv[])$/;" f
-main log.c /^int main (int argc, char *argv[])$/;" f
-main misc.c /^main (int argc, char *argv[])$/;" f
-main ncparse.c /^main (int argc, char *argv[])$/;" f
-main soaserial.c /^main (int argc, char *argv[])$/;" f
-main strlist.c /^main (int argc, char *argv[])$/;" f
-main tcap.c /^main (int argc, const char *argv[])$/;" f
-main zconf.c /^main (int argc, char *argv[])$/;" f
-main zfparse.c /^int main (int argc, char *argv[])$/;" f
-main zkt-conf.c /^int main (int argc, char *argv[])$/;" f
-main zkt-keyman.c /^int main (int argc, char *argv[])$/;" f
-main zkt-ls.c /^int main (int argc, char *argv[])$/;" f
-main zkt-signer.c /^int main (int argc, char *const argv[])$/;" f
-main zkt-soaserial.c /^int main (int argc, char *argv[])$/;" f
-managedkeyflag zkt-ls.c /^static int managedkeyflag = 0;$/;" v file:
-maxcolor tcap.c /^static int maxcolor;$/;" v file:
-name ncparse.c /^ char *name;$/;" m struct:KeyWords file:
-namedconf zkt-signer.c /^static const char *namedconf = NULL;$/;" v file:
-new_keysetfiles zkt-signer.c /^static int new_keysetfiles (const char *dir, time_t zone_signing_time)$/;" f file:
-noexec zkt-signer.c /^static int noexec = 0;$/;" v file:
-origin zkt-signer.c /^static const char *origin = NULL;$/;" v file:
-parent zkt.c /^const dki_t *parent;$/;" v
-parse_namedconf ncparse.c /^int parse_namedconf (const char *filename, const char *chroot_dir, char *dir, size_t dirsize, int (*func) ())$/;" f
-parseconfigline zconf.c /^static void parseconfigline (char *buf, unsigned int line, zconf_t *z)$/;" f file:
-parsedir zkt-signer.c /^static int parsedir (const char *dir, zone_t **zp, const zconf_t *conf)$/;" f file:
-parsedirectory zkt-keyman.c /^static int parsedirectory (const char *dir, dki_t **listp)$/;" f file:
-parsedirectory zkt-ls.c /^static int parsedirectory (const char *dir, dki_t **listp, int sub_before)$/;" f file:
-parsefile zkt-keyman.c /^static void parsefile (const char *file, dki_t **listp)$/;" f file:
-parsefile zkt-ls.c /^static void parsefile (const char *file, dki_t **listp, int sub_before)$/;" f file:
-parsetag zkt-keyman.c /^static const char *parsetag (const char *str, int *tagp)$/;" f file:
-parseurl misc.c /^void parseurl (char *url, char **proto, char **host, char **port, char **para)$/;" f
-parsezonefile zfparse.c /^int parsezonefile (const char *file, long *pminttl, long *pmaxttl, const char *keydbfile)$/;" f
-pathflag zkt-keyman.c /^int pathflag = 0;$/;" v
-pathflag zkt-ls.c /^int pathflag = 0;$/;" v
-pathname misc.c /^char *pathname (char *path, size_t size, const char *dir, const char *file, const char *ext)$/;" f
-prepstrlist strlist.c /^char *prepstrlist (const char *str, const char *delim)$/;" f
-printconfig zconf.c /^int printconfig (const char *fname, const zconf_t *z)$/;" f
-printconfigdiff zconf.c /^int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z)$/;" f
-printconfigline zconf.c /^static void printconfigline (FILE *fp, zconf_para_t *cp)$/;" f file:
-printkeyinfo zkt.c /^static void printkeyinfo (const dki_t *dkp, const char *oldpath)$/;" f file:
-printserial zkt-soaserial.c /^static void printserial (const char *fname, unsigned long serial)$/;" f file:
-printzone ncparse.c /^int printzone (const char *dir, const char *view, const char *zone, const char *file)$/;" f
-progname domaincmp.c /^const char *progname;$/;" v
-progname log.c /^const char *progname;$/;" v
-progname misc.c /^const char *progname;$/;" v
-progname ncparse.c /^char *progname;$/;" v
-progname soaserial.c /^const char *progname;$/;" v
-progname tcap.c /^static const char *progname;$/;" v file:
-progname zconf.c /^const char *progname;$/;" v
-progname zfparse.c /^const char *progname;$/;" v
-progname zkt-conf.c /^const char *progname;$/;" v
-progname zkt-keyman.c /^const char *progname;$/;" v
-progname zkt-ls.c /^const char *progname;$/;" v
-progname zkt-signer.c /^const char *progname;$/;" v
-progname zkt-soaserial.c /^static const char *progname;$/;" v file:
-put tcap.c /^static int put (int c)$/;" f file:
-r1 tcap.c /^static const char *r1 = "";$/;" v file:
-r2 tcap.c /^static const char *r2 = "";$/;" v file:
-read_serial_fromfile zkt-soaserial.c /^static int read_serial_fromfile (const char *fname, unsigned long *serial)$/;" f file:
-recflag zkt-keyman.c /^static int recflag = RECURSIVE;$/;" v file:
-recflag zkt-ls.c /^static int recflag = RECURSIVE;$/;" v file:
-register_key zkt-signer.c /^static void register_key (dki_t *list, const zconf_t *z)$/;" f file:
-reload_zone nscomm.c /^int reload_zone (const char *domain, const zconf_t *z)$/;" f
-reloadflag zkt-signer.c /^static int reloadflag = 0;$/;" v file:
-res domaincmp.c /^ int res;$/;" m struct:__anon1 file:
-searchitem zkt.c /^static int searchitem;$/;" v file:
-searchkw ncparse.c /^static int searchkw (const char *keyword)$/;" f file:
-searchresult zkt.c /^static const dki_t *searchresult;$/;" v file:
-serialtime soaserial.c /^static ulong serialtime (time_t sec)$/;" f file:
-set_all_varptr zconf.c /^static void set_all_varptr (zconf_t *cp, const zconf_t *cp2)$/;" f file:
-set_bind96_dynzone zkt-signer.c 122;" d file:
-set_keylifetime zkt.c /^static void set_keylifetime (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
-set_varptr zconf.c /^static int set_varptr (char *entry, void *ptr, const void *ptr2)$/;" f file:
-setconfigpar zconf.c /^int setconfigpar (zconf_t *config, char *entry, const void *pval)$/;" f
-setconfigversion zconf.c /^void setconfigversion (int version)$/;" f
-setglobalflags zkt-keyman.c /^static void setglobalflags (zconf_t *config)$/;" f file:
-setglobalflags zkt-ls.c /^static void setglobalflags (zconf_t *config)$/;" f file:
-setminmax zfparse.c /^static void setminmax (long *pmin, long val, long *pmax)$/;" f file:
-short_options zkt-conf.c 73;" d file:
-short_options zkt-keyman.c 88;" d file:
-short_options zkt-ls.c 93;" d file:
-short_options zkt-ls.c 95;" d file:
-short_options zkt-signer.c 67;" d file:
-sign_zone zkt-signer.c /^static int sign_zone (const zone_t *zp)$/;" f file:
-skiplabel zfparse.c /^static const char *skiplabel (const char *s)$/;" f file:
-skipws zfparse.c /^static const char *skipws (const char *s)$/;" f file:
-sopt_usage zkt-conf.c 315;" d file:
-sopt_usage zkt-keyman.c 332;" d file:
-sopt_usage zkt-ls.c 323;" d file:
-sopt_usage zkt-signer.c 326;" d file:
-splitpath misc.c /^const char *splitpath (char *path, size_t psize, const char *filename)$/;" f
-start_timer misc.c /^time_t start_timer ()$/;" f
-stop_timer misc.c /^time_t stop_timer (time_t start)$/;" f
-str log.c /^ const char *str;$/;" m struct:__anon4 file:
-str_chop misc.c /^char *str_chop (char *str, char c)$/;" f
-str_delspace misc.c /^char *str_delspace (char *s)$/;" f
-str_untaint misc.c /^char *str_untaint (char *str)$/;" f
-strfindstr soaserial.c /^static const char *strfindstr (const char *str, const char *search)$/;" f file:
-subdomain_before_parent zkt-ls.c /^int subdomain_before_parent = 1;$/;" v
-symtbl log.c /^static lg_symtbl_t symtbl[] = {$/;" v file:
-syslog_level log.c /^ int syslog_level;$/;" m struct:__anon4 file:
-tag_search zkt.c /^static void tag_search (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
-tc_attr tcap.c /^int tc_attr (FILE *fp, tc_att_t attr, int on)$/;" f
-tc_color tcap.c /^static int tc_color (FILE *fp, int color)$/;" f file:
-tc_end tcap.c /^int tc_end (FILE *fp, const char *term)$/;" f
-tc_init tcap.c /^int tc_init (FILE *fp, const char *term)$/;" f
-tc_outfp tcap.c /^static FILE *tc_outfp;$/;" v file:
-tc_printattr tcap.c /^static int tc_printattr (FILE *fp, const char *attstr)$/;" f file:
-term zkt-ls.c /^static const char *term = NULL;$/;" v file:
-testflag zkt-conf.c /^static int testflag = 0;$/;" v file:
-time2isostr misc.c /^char *time2isostr (time_t sec, int precision)$/;" f
-time2str misc.c /^char *time2str (time_t sec, int precision)$/;" f
-timeflag zkt-keyman.c /^int timeflag = 1;$/;" v
-timeflag zkt-ls.c /^int timeflag = 1;$/;" v
-timeint2str zconf.c /^const char *timeint2str (unsigned long val)$/;" f
-timestr zkt-soaserial.c /^static char *timestr (time_t sec)$/;" f file:
-timestr2time misc.c /^time_t timestr2time (const char *timestr)$/;" f
-tok ncparse.c /^ int tok;$/;" m struct:KeyWords file:
-tok2str ncparse.c /^static const char *tok2str (int tok)$/;" f file:
-touch misc.c /^int touch (const char *fname, time_t sec)$/;" f
-trustedkeyflag zkt-ls.c /^static int trustedkeyflag = 0;$/;" v file:
-type zconf.c /^ ctype_t type; \/* the parameter type *\/$/;" m struct:__anon3 file:
-unprepstrlist strlist.c /^char *unprepstrlist (char *list, char delimc)$/;" f
-usage zkt-conf.c /^static void usage (char *mesg)$/;" f file:
-usage zkt-keyman.c /^static void usage (char *mesg, zconf_t *cp)$/;" f file:
-usage zkt-ls.c /^static void usage (char *mesg, zconf_t *cp)$/;" f file:
-usage zkt-signer.c /^static void usage (char *mesg, zconf_t *conf)$/;" f file:
-usage zkt-soaserial.c /^static void usage (const char *msg)$/;" f file:
-used_since zconf.c /^ short used_since; \/* compability (from version; 0 == command line) *\/$/;" m struct:__anon3 file:
-used_till zconf.c /^ short used_till; \/* compability (to version) *\/$/;" m struct:__anon3 file:
-var zconf.c /^ void *var; \/* pointer to the parameter variable *\/$/;" m struct:__anon3 file:
-var2 zconf.c /^ const void *var2; \/* pointer to a second parameter variable *\/$/;" m struct:__anon3 file:
-verbmesg misc.c /^void verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...)$/;" f
-verbose zkt-signer.c /^static int verbose = 0;$/;" v file:
-view zkt-conf.c /^static const char *view = "";$/;" v file:
-view zkt-keyman.c /^static const char *view = "";$/;" v file:
-view zkt-ls.c /^static const char *view = "";$/;" v file:
-viewname zkt-signer.c /^static const char *viewname = NULL;$/;" v file:
-writeflag zkt-conf.c /^static int writeflag = 0;$/;" v file:
-writekeyfile zkt-signer.c /^static int writekeyfile (const char *fname, const dki_t *list, int key_ttl)$/;" f file:
-zconf_para_t zconf.c /^} zconf_para_t;$/;" t typeref:struct:__anon3 file:
-zkt_list_dnskeys zkt.c /^void zkt_list_dnskeys (const dki_t *data)$/;" f
-zkt_list_keys zkt.c /^void zkt_list_keys (const dki_t *data)$/;" f
-zkt_list_managedkeys zkt.c /^void zkt_list_managedkeys (const dki_t *data)$/;" f
-zkt_list_trustedkeys zkt.c /^void zkt_list_trustedkeys (const dki_t *data)$/;" f
-zkt_search zkt.c /^const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname)$/;" f
-zkt_setkeylifetime zkt.c /^void zkt_setkeylifetime (dki_t *data)$/;" f
-zone_add zone.c /^zone_t *zone_add (zone_t **list, zone_t *new)$/;" f
-zone_alloc zone.c /^static zone_t *zone_alloc ()$/;" f file:
-zone_cmp zone.c /^static int zone_cmp (const zone_t *a, const zone_t *b)$/;" f file:
-zone_estr zone.c /^static char zone_estr[255+1];$/;" v file:
-zone_free zone.c /^void zone_free (zone_t *zp)$/;" f
-zone_freelist zone.c /^void zone_freelist (zone_t **listp)$/;" f
-zone_geterrstr zone.c /^const char *zone_geterrstr ()$/;" f
-zone_new zone.c /^zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp)$/;" f
-zone_print zone.c /^int zone_print (const char *mesg, const zone_t *z)$/;" f
-zone_readdir zone.c /^int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone)$/;" f
-zone_search zone.c /^const zone_t *zone_search (const zone_t *list, const char *zone)$/;" f
-zonelist zkt-signer.c /^static zone_t *zonelist = NULL; \/* must be static global because add2zonelist use it *\/$/;" v file:
-zskflag zkt-keyman.c /^int zskflag = 1;$/;" v
-zskflag zkt-ls.c /^int zskflag = 1;$/;" v
-zskstatus rollover.c /^int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;" f
+++ /dev/null
-/*****************************************************************
-**
-** tcap.c -- termcap color capabilities
-**
-** (c) Jan 1991 - Feb 2010 by hoz
-**
-** Feb 2002 max line size increased to 512 byte
-** default terminal "html" added
-** Feb 2010 color capabilities added
-**
-*****************************************************************/
-
-#include <stdio.h>
-#include <string.h>
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-# include "config_zkt.h"
-
-#if defined(COLOR_MODE) && COLOR_MODE && HAVE_LIBNCURSES
-# ifdef HAVE_TERM_H
-# include <term.h>
-# endif
-# ifdef HAVE_CURSES_H
-# include <curses.h>
-# endif
-#endif
-
-#define extern
-# include "tcap.h"
-#undef extern
-
-/*****************************************************************
-** global vars
-*****************************************************************/
-/* termcap strings */
-static const char *is1 = "";
-static const char *is2 = "";
-static const char *r1 = "";
-static const char *r2 = "";
-static const char *bold_on = "";
-static const char *bold_off = "";
-static const char *italic_on = "";
-static const char *italic_off = "";
-static char colortab[8][31+1];
-
-/* termcap numbers */
-static int maxcolor;
-
-/* function declaration */
-static int tc_printattr (FILE *fp, const char *attstr);
-static int tc_color (FILE *fp, int color);
-
-static int html = 0;
-
-
-
-/*****************************************************************
-** global functions
-*****************************************************************/
-#if defined(COLOR_MODE) && COLOR_MODE && HAVE_LIBNCURSES
-int tc_init (FILE *fp, const char *term)
-{
- static char area[1024];
- char buf[1024];
- char *ap = area;
- char *af = ""; /* AF */ /* ansi foreground */
- int i;
-
- /* clear all color strings */
- for ( i = 0; i < 8; i++ )
- colortab[i][0] = '\0';
-
- if ( term == NULL || *term == '\0' ||
- strcmp (term, "none") == 0 || strcmp (term, "dumb") == 0 )
- return 0;
-
- if ( strcmp (term, "html") == 0 || strcmp (term, "HTML") == 0 )
- {
- bold_on = "<B>";
- bold_off = "</B>";
- italic_on = "<I>";
- italic_off = "</I>";
- af = "";
- maxcolor = 8;
- snprintf (colortab[TC_BLACK], sizeof colortab[0], "<font color=black>");
- snprintf (colortab[TC_BLUE], sizeof colortab[0], "<font color=blue>");
- snprintf (colortab[TC_GREEN], sizeof colortab[0], "<font color=green>");
- snprintf (colortab[TC_CYAN], sizeof colortab[0], "<font color=cyan>");
- snprintf (colortab[TC_RED], sizeof colortab[0], "<font color=red>");
- snprintf (colortab[TC_MAGENTA], sizeof colortab[0], "<font color=magenta>");
- snprintf (colortab[TC_YELLOW], sizeof colortab[0], "<font color=yellow>");
- snprintf (colortab[TC_WHITE], sizeof colortab[0], "<font color=white>");
- html = 1;
- return 0;
- }
-#if 0
- if ( !istty (fp) )
- return 0;
-#endif
- switch ( tgetent (buf, term) )
- {
- case -1: perror ("termcap file");
- return -1;
- case 0: fprintf (stderr, "unknown terminal %s\n", term);
- return -1;
- }
-
- if ( !(is1 = tgetstr ("is1", &ap)) )
- is1 = "";
- if ( !(is2 = tgetstr ("is2", &ap)) )
- is2 = "";
- if ( !(r1 = tgetstr ("r1", &ap)) )
- r1 = "";
- if ( !(r2 = tgetstr ("r2", &ap)) )
- r2 = "";
-
- /* if bold is not present */
- if ( !(bold_on = tgetstr ("md", &ap)) )
- /* use standout mode */
- if ( !(bold_on = tgetstr ("so", &ap)) )
- bold_on = bold_off = "";
- else
- bold_off = tgetstr ("se", &ap);
- else
- bold_off = tgetstr ("me", &ap);
-
- /* if italic not present */
- if ( !(italic_on = tgetstr ("ZH", &ap)) )
- /* use underline mode */
- if ( !(italic_on = tgetstr ("us", &ap)) )
- italic_on = italic_off = "";
- else
- italic_off = tgetstr ("ue", &ap);
- else
- italic_off = tgetstr ("ZR", &ap);
-
- maxcolor = tgetnum ("Co");
- if ( maxcolor < 0 ) /* no colors ? */
- return 0;
- if ( maxcolor > 8 )
- maxcolor = 8;
-
- if ( (af = tgetstr ("AF", &ap)) ) /* set ansi color foreground */
- {
- for ( i = 0; i < maxcolor; i++ )
- snprintf (colortab[i], sizeof colortab[0], "%s", tparm (af, i));
- }
- else if ( (af = tgetstr ("Sf", &ap)) ) /* or set color foreground */
- {
- snprintf (colortab[TC_BLACK], sizeof colortab[0], "%s", tparm (af, 0));
- snprintf (colortab[TC_BLUE], sizeof colortab[0], "%s", tparm (af, 1));
- snprintf (colortab[TC_GREEN], sizeof colortab[0], "%s", tparm (af, 2));
- snprintf (colortab[TC_CYAN], sizeof colortab[0], "%s", tparm (af, 3));
- snprintf (colortab[TC_RED], sizeof colortab[0], "%s", tparm (af, 4));
- snprintf (colortab[TC_MAGENTA], sizeof colortab[0], "%s", tparm (af, 5));
- snprintf (colortab[TC_YELLOW], sizeof colortab[0], "%s", tparm (af, 6));
- snprintf (colortab[TC_WHITE], sizeof colortab[0], "%s", tparm (af, 7));
- }
-
-#if 0
- if ( is1 && *is1 )
- tc_printattr (fp, is1);
- if ( is2 && *is2 )
- tc_printattr (fp, is2);
-#endif
-
- return 0;
-}
-#else
-int tc_init (FILE *fp, const char *term)
-{
- int i;
-
- is1 = "";
- is2 = "";
- r1 = "";
- r2 = "";
- bold_on = "";
- bold_off = "";
- italic_on = "";
- italic_off = "";
- for ( i = 0; i < 8; i++ )
- colortab[i][0] = '\0';
- maxcolor = 0;
- html = 0;
-
- return 0;
-}
-#endif
-
-#if defined(COLOR_MODE) && COLOR_MODE && HAVE_LIBNCURSES
-int tc_end (FILE *fp, const char *term)
-{
-#if 0
- if ( term )
- {
-// if ( r1 && *r1 ) tc_printattr (fp, r1);
- if ( r2 && *r2 )
- tc_printattr (fp, r2);
- }
-#endif
- return 0;
-}
-#else
-int tc_end (FILE *fp, const char *term)
-{
- return 0;
-}
-#endif
-
-#if defined(COLOR_MODE) && COLOR_MODE && HAVE_LIBNCURSES
-int tc_attr (FILE *fp, tc_att_t attr, int on)
-{
- int len;
-
- len = 0;
- if ( on ) /* turn attributes on ? */
- {
- if ( (attr & TC_BOLD) == TC_BOLD )
- len += tc_printattr (fp, bold_on);
- if ( (attr & TC_ITALIC) == TC_ITALIC )
- len += tc_printattr (fp, italic_on);
-
- if ( attr & 0xFF )
- len += tc_color (fp, attr & 0xFF);
- }
- else /* turn attributes off */
- {
- if ( html )
- len += fprintf (fp, "</font>");
- else
- len += tc_color (fp, TC_BLACK);
-
- if ( (attr & TC_ITALIC) == TC_ITALIC )
- len += tc_printattr (fp, italic_off);
- if ( !html || (attr & TC_BOLD) == TC_BOLD )
- len += tc_printattr (fp, bold_off);
- }
-
- return len;
-}
-#else
-int tc_attr (FILE *fp, tc_att_t attr, int on)
-{
- return 0;
-}
-#endif
-
-/*****************************************************************
-** internal functions
-*****************************************************************/
-static FILE *tc_outfp;
-static int put (int c)
-{
- return putc (c, tc_outfp);
-}
-
-#if defined(COLOR_MODE) && COLOR_MODE && HAVE_LIBNCURSES
-static int tc_printattr (FILE *fp, const char *attstr)
-{
- tc_outfp = fp;
- return tputs (attstr, 0, put);
-}
-#else
-static int tc_printattr (FILE *fp, const char *attstr)
-{
- return 0;
-}
-#endif
-
-#if defined(COLOR_MODE) && COLOR_MODE && HAVE_LIBNCURSES
-static int tc_color (FILE *fp, int color)
-{
- tc_outfp = fp;
-
- if ( color < 0 || color >= maxcolor )
- return 0;
- return tputs (colortab[color], 0, put);
-}
-#else
-static int tc_color (FILE *fp, int color)
-{
- return 0;
-}
-#endif
-
-
-#ifdef TEST
-static const char *progname;
-/*****************************************************************
-** test main()
-*****************************************************************/
-main (int argc, const char *argv[])
-{
- extern char *getenv ();
- char *term = getenv ("TERM");
- int i;
- const char *text;
-
- progname = *argv;
-
- tc_init (stdout, term);
-
- // printattr (is); /* Initialisierungsstring ausgeben */
-
- text = "Test";
- if ( argc > 1 )
- text = *++argv;
-
- tc_attr (stdout, TC_BOLD, 1);
- printf ("Bold Headline\n");
- tc_attr (stdout, TC_BOLD, 0);
- for ( i = 0; i < 8; i++ )
- {
- tc_attr (stdout, i, 1);
- printf ("%s", text);
- tc_attr (stdout, i, 0);
-
-#if 0
- tc_attr (stdout, (i | TC_BOLD), 1);
- printf ("\t%s", text);
- tc_attr (stdout, (i | TC_BOLD), 0);
-
- tc_attr (stdout, (i | TC_ITALIC), 1);
- printf ("\t%s", text);
- tc_attr (stdout, (i | TC_ITALIC), 0);
-
- tc_attr (stdout, (i | TC_BOLD | TC_ITALIC), 1);
- printf ("\t%s", text);
- tc_attr (stdout, (i | TC_BOLD | TC_ITALIC), 0);
-#endif
- printf ("\n");
- }
- printf ("now back to black\n");
-
- // printattr (r2); /* Zuruecksetzen */
-
- return (0);
-}
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** tcap.h -- termcap color capabilities
-**
-** (c) Mar 2010 by hoz
-**
-*****************************************************************/
-
-#ifndef TCAP_H
-# define TCAP_H
-
-typedef enum {
- TC_BLACK = 0,
- TC_RED,
- TC_GREEN,
- TC_YELLOW,
- TC_BLUE,
- TC_MAGENTA,
- TC_CYAN,
- TC_WHITE,
-
- TC_BOLD = 0x100,
- TC_ITALIC = 0x200
-} tc_att_t;
-
-extern int tc_init (FILE *fp, const char *term);
-extern int tc_end (FILE *fp, const char *term);
-extern int tc_attr (FILE *fp, tc_att_t attr, int on);
-#endif
+++ /dev/null
-/****************************************************************
-**
-** @(#) zconf.c -- configuration file parser for dnssec.conf
-**
-** The initial code of this module is from the SixXS Heartbeat Client
-** written by Jeroen Massar <jeroen@sixxs.net>
-**
-** New config types and many code changes by Holger Zuleger
-**
-** Copyright (c) Aug 2005, Jeroen Massar.
-** Copyright (c) Aug 2005 - Nov 2010, Holger Zuleger.
-** All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Jeroen Masar or Holger Zuleger nor the
-** names of its contributors may be used to endorse or promote products
-** derived from this software without specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-****************************************************************/
-# include <sys/types.h>
-# include <stdio.h>
-# include <errno.h>
-# include <unistd.h>
-# include <stdlib.h>
-# include <stdarg.h>
-# include <string.h>
-# include <strings.h>
-# include <assert.h>
-# include <ctype.h>
-
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-# include "config_zkt.h"
-# include "debug.h"
-# include "misc.h"
-#define extern
-# include "zconf.h"
-#undef extern
-# include "dki.h"
-
-# define ISTRUE(val) (strcasecmp (val, "yes") == 0 || \
- strcasecmp (val, "true") == 0 )
-# define ISCOMMENT(cp) (*(cp) == '#' || *(cp) == ';' || \
- (*(cp) == '/' && *((cp)+1) == '/') )
-# define ISDELIM(c) (isspace (c) || (c) == ':' || (c) == '=')
-
-
-# define cmdln (0)
-# define first (1)
-# define last (0x7FFF)
-
-# define iscmdline(x) ((x)->used_since == cmdln)
-# define iscompatible(x) ((x)->used_since != cmdln && compversion >= (x)->used_since && \
- ((x)->used_till == 1 || (compversion <= (x)->used_till)))
-
-typedef enum {
- CONF_END = 0,
- CONF_STRING,
- CONF_INT,
- CONF_TIMEINT,
- CONF_BOOL,
- CONF_ALGO,
- CONF_SERIAL,
- CONF_FACILITY,
- CONF_LEVEL,
- CONF_NSEC3,
- CONF_COMMENT,
- CONF_VERSION,
-} ctype_t;
-
-/*****************************************************************
-** private (static) variables
-*****************************************************************/
-static int compversion;
-
-static zconf_t def = {
- ZONEDIR, RECURSIVE,
- PRINTTIME, PRINTAGE, LJUST, LSCOLORTERM,
- SIG_VALIDITY, MAX_TTL, KEY_TTL, PROPTIME, Unixtime,
- RESIGN_INT,
- KEY_ALGO, ADDITIONAL_KEY_ALGO,
- KSK_LIFETIME, KSK_BITS, KSK_RANDOM,
- ZSK_LIFETIME, ZSK_BITS, ZSK_ALWAYS, ZSK_RANDOM,
- NSEC3_OFF, SALTLEN,
- NULL, /* viewname cmdline parameter */
- 0, /* noexec cmdline parameter */
- LOGFILE, LOGLEVEL, LOGDOMAINDIR, SYSLOGFACILITY, SYSLOGLEVEL, VERBOSELOG, 0,
- DNSKEYFILE, ZONEFILE, KEYSETDIR,
- LOOKASIDEDOMAIN,
- SIG_RANDOM, SIG_PSEUDO, SIG_GENDS, SIG_DNSKEY_KSK, SIG_PARAM,
- DEPENDFILES,
- DIST_CMD, /* defaults to NULL which means to run "rndc reload" */
- NAMED_CHROOT
-};
-
-typedef struct {
- char *label; /* the name of the parameter */
- short used_since; /* compability (from version; 0 == command line) */
- short used_till; /* compability (to version) */
- ctype_t type; /* the parameter type */
- void *var; /* pointer to the parameter variable */
- const char *desc;
- const void *var2; /* pointer to a second parameter variable */
- /* this is a ugly hack needed by cmpconfig () */
-} zconf_para_t;
-
-static zconf_para_t confpara[] = {
- { "", first, last, CONF_COMMENT, ""},
- { "", first, last, CONF_COMMENT, "\t@(#) dnssec.conf "},
- { "", first, last, CONF_VERSION, "" },
- { "", first, last, CONF_COMMENT, ""},
- { "", first, last, CONF_COMMENT, NULL },
-
- { "", first, 99, CONF_COMMENT, "dnssec-zkt options" },
- { "", 100, last, CONF_COMMENT, "zkt-ls options" },
- { "ZoneDir", first, last, CONF_STRING, &def.zonedir, "default zone file directory (also used by zkt-signer)"},
- { "Recursive", first, last, CONF_BOOL, &def.recursive, "looking for keys down the directory tree?" },
- { "PrintTime", first, last, CONF_BOOL, &def.printtime, "print absolute key generation time?" },
- { "PrintAge", first, last, CONF_BOOL, &def.printage, "print relative key age?" },
- { "LeftJustify", first, last, CONF_BOOL, &def.ljust, "zone name is printed left justified?" },
- { "lsColor", 100, last, CONF_STRING, &def.colorterm, "terminal name (for coloring)" },
-
- { "", first, last, CONF_COMMENT, NULL },
- { "", first, last, CONF_COMMENT, "zone specific values" },
- { "ResignInterval", first, last, CONF_TIMEINT, &def.resign },
- { "SigValidity", first, last, CONF_TIMEINT, &def.sigvalidity },
- { "Max_TTL", first, 100, CONF_TIMEINT, &def.max_ttl },
- { "MaximumTTL", 101, last, CONF_TIMEINT, &def.max_ttl },
- { "Propagation", first, last, CONF_TIMEINT, &def.proptime },
- { "Key_TTL", 90, 100, CONF_TIMEINT, &def.key_ttl },
- { "DnsKeyTTL", 101, last, CONF_TIMEINT, &def.key_ttl },
-#if defined (DEF_TTL)
- { "def_ttl", first, last, CONF_TIMEINT, &def.def_ttl },
-#endif
- { "SerialFormat", 92, last, CONF_SERIAL, &def.serialform },
-
- { "", first, last, CONF_COMMENT, NULL },
- { "", first, last, CONF_COMMENT, "signing key parameters"},
- { "Key_Algo", 99, 100, CONF_ALGO, &def.k_algo }, /* now used as general KEY algorithm (KSK & ZSK) */
- { "KeyAlgo", 101, last, CONF_ALGO, &def.k_algo }, /* now used as general KEY algorithm (KSK & ZSK) */
- { "AddKey_Algo", 99, 100, CONF_ALGO, &def.k2_algo }, /* second key algorithm added (v0.99) */
- { "AddKeyAlgo", 101, last, CONF_ALGO, &def.k2_algo }, /* second key algorithm added (v0.99) */
- { "KSK_lifetime", first, 100, CONF_TIMEINT, &def.k_life },
- { "KSKlifetime", 101, last, CONF_TIMEINT, &def.k_life },
- { "KSK_algo", first, 98, CONF_ALGO, &def.k_algo }, /* old KSK value changed to key algorithm */
- { "KSK_bits", first, 100, CONF_INT, &def.k_bits },
- { "KSKbits", 101, last, CONF_INT, &def.k_bits },
- { "KSK_randfile", first, 100, CONF_STRING, &def.k_random },
- { "KSKrandfile", 101, last, CONF_STRING, &def.k_random },
- { "ZSK_lifetime", first, 100, CONF_TIMEINT, &def.z_life },
- { "ZSKlifetime", 101, last, CONF_TIMEINT, &def.z_life },
- /* { "ZSK_algo", 1, CONF_ALGO, &def.z_algo }, ZSK algo removed (set to same as ksk) */
- { "ZSK_algo", first, 98, CONF_ALGO, &def.k2_algo }, /* if someone using it already, map the algo to the additional key algorithm */
- { "ZSK_bits", first, 100, CONF_INT, &def.z_bits },
- { "ZSKbits", 101, last, CONF_INT, &def.z_bits },
-#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK
- { "ZSKpermanent", 102, last, CONF_BOOL, &def.z_always, "Always add a pre-publish zone signing key?" },
-#endif
- { "ZSK_randfile", first, 100, CONF_STRING, &def.z_random },
- { "ZSKrandfile", 101, last, CONF_STRING, &def.z_random },
- { "NSEC3", 100, last, CONF_NSEC3, &def.nsec3 },
- { "SaltBits", 98, last, CONF_INT, &def.saltbits, },
-
- { "", first, last, CONF_COMMENT, NULL },
- { "", first, 99, CONF_COMMENT, "dnssec-signer options"},
- { "", 100, last, CONF_COMMENT, "zkt-signer options"},
- { "--view", cmdln, last, CONF_STRING, &def.view },
- { "--noexec", cmdln, last, CONF_BOOL, &def.noexec },
- { "LogFile", 96, last, CONF_STRING, &def.logfile },
- { "LogLevel", 96, last, CONF_LEVEL, &def.loglevel },
- { "LogDomainDir", 96, last, CONF_STRING, &def.logdomaindir },
- { "SyslogFacility", 96, last, CONF_FACILITY, &def.syslogfacility },
- { "SyslogLevel", 96, last, CONF_LEVEL, &def.sysloglevel },
- { "VerboseLog", 96, last, CONF_INT, &def.verboselog },
- { "-v", cmdln, last, CONF_INT, &def.verbosity },
- { "KeyFile", first, last, CONF_STRING, &def.keyfile },
- { "ZoneFile", first, last, CONF_STRING, &def.zonefile },
- { "KeySetDir", first, last, CONF_STRING, &def.keysetdir },
- { "DLV_Domain", first, 100, CONF_STRING, &def.lookaside },
- { "DLVdomain", 101, last, CONF_STRING, &def.lookaside },
- { "Sig_Randfile", first, 100, CONF_STRING, &def.sig_random },
- { "SigRandfile", 101, last, CONF_STRING, &def.sig_random, "a file containing random data" },
- { "Sig_Pseudorand", first, 100, CONF_BOOL, &def.sig_pseudo },
- { "SigPseudorand", 101, last, CONF_BOOL, &def.sig_pseudo, "use pseudorandom data (faster but less secure)?" },
- { "Sig_GenerateDS", first, 100, CONF_BOOL, &def.sig_gends },
- { "SigGenerateDS", 101, last, CONF_BOOL, &def.sig_gends, "update DS records based on child zone\' dsset-* files?" },
- { "Sig_DnsKeyKSK", 99, 100, CONF_BOOL, &def.sig_dnskeyksk },
- { "SigDnsKeyKSK", 101, last, CONF_BOOL, &def.sig_dnskeyksk, "sign dns keyset with ksk only?" },
- { "Sig_Parameter", first, 100, CONF_STRING, &def.sig_param },
- { "SigParameter", 101, last, CONF_STRING, &def.sig_param, "additional dnssec-signzone parameter (if any)" },
- { "DependFiles", 113, last, CONF_STRING, &def.dependfiles, "list of files included in ZoneFile (except KeyFile)" },
- { "Distribute_Cmd", 97, 100, CONF_STRING, &def.dist_cmd },
- { "DistributeCmd", 101, last, CONF_STRING, &def.dist_cmd },
- { "NamedChrootDir", 99, last, CONF_STRING, &def.chroot_dir },
-
- { NULL, 0, 0, CONF_END, NULL},
-};
-
-/*****************************************************************
-** private (static) function deklaration and definition
-*****************************************************************/
-static const char *bool2str (int val)
-{
- return val ? "True" : "False";
-}
-
-static int set_varptr (char *entry, void *ptr, const void *ptr2)
-{
- zconf_para_t *c;
-
- for ( c = confpara; c->label; c++ )
- if ( strcasecmp (entry, c->label) == 0 )
- {
- c->var = ptr;
- c->var2 = ptr2;
- return 1;
- }
- return 0;
-}
-
-static void set_all_varptr (zconf_t *cp, const zconf_t *cp2)
-{
- set_varptr ("zonedir", &cp->zonedir, cp2 ? &cp2->zonedir: NULL);
- set_varptr ("recursive", &cp->recursive, cp2 ? &cp2->recursive: NULL);
- set_varptr ("printage", &cp->printage, cp2 ? &cp2->printage: NULL);
- set_varptr ("printtime", &cp->printtime, cp2 ? &cp2->printtime: NULL);
- set_varptr ("leftjustify", &cp->ljust, cp2 ? &cp2->ljust: NULL);
- set_varptr ("lscolor", &cp->colorterm, cp2 ? &cp2->colorterm: NULL);
-
- set_varptr ("resigninterval", &cp->resign, cp2 ? &cp2->resign: NULL);
- set_varptr ("sigvalidity", &cp->sigvalidity, cp2 ? &cp2->sigvalidity: NULL);
- set_varptr ("max_ttl", &cp->max_ttl, cp2 ? &cp2->max_ttl: NULL);
- set_varptr ("maximumttl", &cp->max_ttl, cp2 ? &cp2->max_ttl: NULL);
- set_varptr ("key_ttl", &cp->key_ttl, cp2 ? &cp2->key_ttl: NULL);
- set_varptr ("dnskeyttl", &cp->key_ttl, cp2 ? &cp2->key_ttl: NULL);
- set_varptr ("propagation", &cp->proptime, cp2 ? &cp2->proptime: NULL);
-#if defined (DEF_TTL)
- set_varptr ("def_ttl", &cp->def_ttl, cp2 ? &cp2->def_ttl: NULLl);
-#endif
- set_varptr ("serialformat", &cp->serialform, cp2 ? &cp2->serialform: NULL);
-
- set_varptr ("key_algo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL);
- set_varptr ("keyalgo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL);
- set_varptr ("addkey_algo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL);
- set_varptr ("addkeyalgo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL);
- set_varptr ("ksk_lifetime", &cp->k_life, cp2 ? &cp2->k_life: NULL);
- set_varptr ("ksklifetime", &cp->k_life, cp2 ? &cp2->k_life: NULL);
- set_varptr ("ksk_algo", &cp->k_algo, cp2 ? &cp2->k_algo: NULL); /* used only in compability mode */
- set_varptr ("ksk_bits", &cp->k_bits, cp2 ? &cp2->k_bits: NULL);
- set_varptr ("kskbits", &cp->k_bits, cp2 ? &cp2->k_bits: NULL);
- set_varptr ("ksk_randfile", &cp->k_random, cp2 ? &cp2->k_random: NULL);
- set_varptr ("kskrandfile", &cp->k_random, cp2 ? &cp2->k_random: NULL);
-
- set_varptr ("zsk_lifetime", &cp->z_life, cp2 ? &cp2->z_life: NULL);
- set_varptr ("zsklifetime", &cp->z_life, cp2 ? &cp2->z_life: NULL);
- // set_varptr ("zsk_algo", &cp->z_algo, cp2 ? &cp2->z_algo: NULL);
- set_varptr ("zsk_algo", &cp->k2_algo, cp2 ? &cp2->k2_algo: NULL);
- set_varptr ("zsk_bits", &cp->z_bits, cp2 ? &cp2->z_bits: NULL);
- set_varptr ("zskbits", &cp->z_bits, cp2 ? &cp2->z_bits: NULL);
-#if defined(ALLOW_ALWAYS_PREPUBLISH_ZSK) && ALLOW_ALWAYS_PREPUBLISH_ZSK
- set_varptr ("zskpermanent", &cp->z_always, cp2 ? &cp2->z_always: NULL);
-#endif
- set_varptr ("zsk_randfile", &cp->z_random, cp2 ? &cp2->z_random: NULL);
- set_varptr ("zskrandfile", &cp->z_random, cp2 ? &cp2->z_random: NULL);
- set_varptr ("nsec3", &cp->nsec3, cp2 ? &cp2->nsec3: NULL);
- set_varptr ("saltbits", &cp->saltbits, cp2 ? &cp2->saltbits: NULL);
-
- set_varptr ("--view", &cp->view, cp2 ? &cp2->view: NULL);
- set_varptr ("--noexec", &cp->noexec, cp2 ? &cp2->noexec: NULL);
- set_varptr ("logfile", &cp->logfile, cp2 ? &cp2->logfile: NULL);
- set_varptr ("loglevel", &cp->loglevel, cp2 ? &cp2->loglevel: NULL);
- set_varptr ("logdomaindir", &cp->logdomaindir, cp2 ? &cp2->logdomaindir: NULL);
- set_varptr ("syslogfacility", &cp->syslogfacility, cp2 ? &cp2->syslogfacility: NULL);
- set_varptr ("sysloglevel", &cp->sysloglevel, cp2 ? &cp2->sysloglevel: NULL);
- set_varptr ("verboselog", &cp->verboselog, cp2 ? &cp2->verboselog: NULL);
- set_varptr ("-v", &cp->verbosity, cp2 ? &cp2->verbosity: NULL);
- set_varptr ("keyfile", &cp->keyfile, cp2 ? &cp2->keyfile: NULL);
- set_varptr ("zonefile", &cp->zonefile, cp2 ? &cp2->zonefile: NULL);
- set_varptr ("keysetdir", &cp->keysetdir, cp2 ? &cp2->keysetdir: NULL);
- set_varptr ("dlv_domain", &cp->lookaside, cp2 ? &cp2->lookaside: NULL);
- set_varptr ("dlvdomain", &cp->lookaside, cp2 ? &cp2->lookaside: NULL);
- set_varptr ("sig_randfile", &cp->sig_random, cp2 ? &cp2->sig_random: NULL);
- set_varptr ("sigrandfile", &cp->sig_random, cp2 ? &cp2->sig_random: NULL);
- set_varptr ("sig_pseudorand", &cp->sig_pseudo, cp2 ? &cp2->sig_pseudo: NULL);
- set_varptr ("sigpseudorand", &cp->sig_pseudo, cp2 ? &cp2->sig_pseudo: NULL);
- set_varptr ("sig_generateds", &cp->sig_gends, cp2 ? &cp2->sig_gends: NULL);
- set_varptr ("siggenerateds", &cp->sig_gends, cp2 ? &cp2->sig_gends: NULL);
- set_varptr ("sig_dnskeyksk", &cp->sig_dnskeyksk, cp2 ? &cp2->sig_dnskeyksk: NULL);
- set_varptr ("sigdnskeyksk", &cp->sig_dnskeyksk, cp2 ? &cp2->sig_dnskeyksk: NULL);
- set_varptr ("sig_parameter", &cp->sig_param, cp2 ? &cp2->sig_param: NULL);
- set_varptr ("sigparameter", &cp->sig_param, cp2 ? &cp2->sig_param: NULL);
- set_varptr ("dependfiles", &cp->dependfiles, cp2 ? &cp2->dependfiles: NULL);
- set_varptr ("distribute_cmd", &cp->dist_cmd, cp2 ? &cp2->dist_cmd: NULL);
- set_varptr ("distributecmd", &cp->dist_cmd, cp2 ? &cp2->dist_cmd: NULL);
- set_varptr ("namedchrootdir", &cp->chroot_dir, cp2 ? &cp2->chroot_dir: NULL);
-}
-
-static void parseconfigline (char *buf, unsigned int line, zconf_t *z)
-{
- char *end, *val, *p;
- char *tag;
- unsigned int found;
- zconf_para_t *c;
-
- assert (buf[0] != '\0');
-
- p = &buf[strlen(buf)-1]; /* Chop off white space at eol */
- while ( p >= buf && isspace (*p) )
- *p-- = '\0';
-
- for (p = buf; isspace (*p); p++ ) /* Ignore leading white space */
- ;
-
- /* Ignore comments and emtpy lines */
- if ( *p == '\0' || ISCOMMENT (p) )
- return;
-
- tag = p;
- /* Get the end of the first argument */
- end = &buf[strlen(buf)-1];
- while ( p < end && !ISDELIM (*p) ) /* Skip until delim */
- p++;
- *p++ = '\0'; /* Terminate this argument */
- dbg_val1 ("Parsing \"%s\"\n", tag);
-
- while ( p < end && ISDELIM (*p) ) /* Skip delim chars */
- p++;
-
- val = p; /* Start of the value */
- dbg_val1 ("\tgot value \"%s\"\n", val);
-
- /* If starting with quote, skip until next quote */
- if ( *p == '"' || *p == '\'' )
- {
- p++; /* Find next quote */
- while ( p <= end && *p && *p != *val )
- p++;
- *p = '\0';
- val++; /* Skip the first quote */
- }
- else /* Otherwise check if there is any comment char at the end */
- {
- while ( p < end && *p && !ISCOMMENT(p) )
- p++;
- if ( ISCOMMENT (p) )
- {
- do /* Chop off white space before comment */
- *p-- = '\0';
- while ( p >= val && isspace (*p) );
- }
- }
-
- /* Otherwise it is already terminated above */
- found = 0;
- c = confpara;
- while ( !found && c->type != CONF_END )
- {
- if ( strcasecmp (tag, c->label) == 0 )
- {
- char **str;
- char quantity;
- long lval;
-
- found = 1;
- switch ( c->type )
- {
- case CONF_VERSION:
- break;
- case CONF_LEVEL:
- case CONF_FACILITY:
- case CONF_STRING:
- str = (char **)c->var;
- *str = strdup (val);
- str_untaint (*str); /* remove "bad" characters */
- break;
- case CONF_INT:
- sscanf (val, "%d", (int *)c->var);
- break;
- case CONF_TIMEINT:
- quantity = 'd';
- if ( *val == 'u' || *val == 'U' )
- lval = 0L;
- else
- sscanf (val, "%ld%c", &lval, &quantity);
- if ( quantity == 'm' )
- lval *= MINSEC;
- else if ( quantity == 'h' )
- lval *= HOURSEC;
- else if ( quantity == 'd' )
- lval *= DAYSEC;
- else if ( quantity == 'w' )
- lval *= WEEKSEC;
- else if ( quantity == 'y' )
- lval *= YEARSEC;
- (*(long *)c->var) = lval;
- break;
- case CONF_ALGO:
- if ( strcmp (val, "1") == 0 || strcasecmp (val, "rsa") == 0 ||
- strcasecmp (val, "rsamd5") == 0 )
- *((int *)c->var) = DK_ALGO_RSA;
- else if ( strcmp (val, "3") == 0 ||
- strcasecmp (val, "dsa") == 0 )
- *((int *)c->var) = DK_ALGO_DSA;
- else if ( strcmp (val, "5") == 0 ||
- strcasecmp (val, "rsasha1") == 0 )
- *((int *)c->var) = DK_ALGO_RSASHA1;
- else if ( strcmp (val, "6") == 0 ||
- strcasecmp (val, "nsec3dsa") == 0 ||
- strcasecmp (val, "n3dsa") == 0 )
- *((int *)c->var) = DK_ALGO_NSEC3DSA;
- else if ( strcmp (val, "7") == 0 ||
- strcasecmp (val, "nsec3rsasha1") == 0 ||
- strcasecmp (val, "n3rsasha1") == 0 )
- *((int *)c->var) = DK_ALGO_NSEC3RSASHA1;
- else if ( strcmp (val, "8") == 0 ||
- strcasecmp (val, "rsasha2") == 0 ||
- strcasecmp (val, "rsasha256") == 0 ||
- strcasecmp (val, "nsec3rsasha2") == 0 ||
- strcasecmp (val, "n3rsasha2") == 0 ||
- strcasecmp (val, "nsec3rsasha256") == 0 ||
- strcasecmp (val, "n3rsasha256") == 0 )
- *((int *)c->var) = DK_ALGO_RSASHA256;
- else if ( strcmp (val, "10") == 0 ||
- strcasecmp (val, "rsasha5") == 0 ||
- strcasecmp (val, "rsasha512") == 0 ||
- strcasecmp (val, "nsec3rsasha5") == 0 ||
- strcasecmp (val, "n3rsasha5") == 0 ||
- strcasecmp (val, "nsec3rsasha512") == 0 ||
- strcasecmp (val, "n3rsasha512") == 0 )
- *((int *)c->var) = DK_ALGO_RSASHA512;
- else
- error ("Illegal algorithm \"%s\" "
- "in line %d.\n" , val, line);
- break;
- case CONF_SERIAL:
- if ( strcasecmp (val, "unixtime") == 0 )
- *((serial_form_t *)c->var) = Unixtime;
- else if ( strcasecmp (val, "incremental") == 0 || strcasecmp (val, "inc") == 0 )
- *((serial_form_t *)c->var) = Incremental;
- else
- error ("Illegal serial no format \"%s\" "
- "in line %d.\n" , val, line);
- break;
- case CONF_NSEC3:
- if ( strcasecmp (val, "off") == 0 )
- *((nsec3_t *)c->var) = NSEC3_OFF;
- else if ( strcasecmp (val, "on") == 0 )
- *((nsec3_t *)c->var) = NSEC3_ON;
- else if ( strcasecmp (val, "optout") == 0 )
- *((nsec3_t *)c->var) = NSEC3_OPTOUT;
- else
- error ("Illegal NSEC3 format \"%s\" "
- "in line %d.\n" , val, line);
- break;
- case CONF_BOOL:
- *((int *)c->var) = ISTRUE (val);
- break;
- default:
- fatal ("Illegal configuration type in line %d.\n", line);
- }
- }
- c++;
- }
- if ( !found )
- error ("Unknown configuration statement: %s \"%s\"\n", tag, val);
- return;
-}
-
-static void printconfigline (FILE *fp, zconf_para_t *cp)
-{
- int i;
- long lval;
- int printnl;
-
- assert (fp != NULL);
- assert (cp != NULL);
-
- printnl = 0;
- switch ( cp->type )
- {
- case CONF_VERSION:
- fprintf (fp, "#\tZKT config file for version %d.%d.%d\n",
- compversion / 100,
- (compversion / 10 ) % 10,
- compversion % 10);
- break;
- case CONF_COMMENT:
- if ( cp->var )
- fprintf (fp, "# %s", (char *)cp->var);
- printnl = 1;
- break;
- case CONF_LEVEL:
- case CONF_FACILITY:
- if ( *(char **)cp->var != NULL )
- {
- if ( **(char **)cp->var != '\0' )
- {
- char *p;
-
- fprintf (fp, "%s:\t", cp->label);
- for ( p = *(char **)cp->var; *p; p++ )
- putc (toupper (*p), fp);
- // fprintf (fp, "\n");
- }
- else
- fprintf (fp, "%s:\tNONE", cp->label);
- }
- if ( cp->type == CONF_LEVEL )
- fprintf (fp, "\t\t# (NONE|DEBUG|INFO|NOTICE|WARNING|ERROR|FATAL)\n");
- else
- fprintf (fp, "\t\t# (NONE|USER|DAEMON|LOCAL[0-7])\n");
- break;
- case CONF_STRING:
- if ( *(char **)cp->var )
- printnl = fprintf (fp, "%s:\t\"%s\"", cp->label, *(char **)cp->var);
- break;
- case CONF_BOOL:
- fprintf (fp, "%s:\t%s", cp->label, bool2str ( *(int*)cp->var ));
- printnl = 1;
- break;
- case CONF_TIMEINT:
- lval = *(ulong*)cp->var; /* in that case it should be of type ulong */
- fprintf (fp, "%s:\t%s", cp->label, timeint2str (lval));
- if ( lval )
- fprintf (fp, "\t\t# (%ld seconds)", lval);
- printnl = 1;
- break;
- case CONF_ALGO:
- i = *(int*)cp->var;
- if ( i )
- {
- fprintf (fp, "%s:\t%s ", cp->label, dki_algo2str (i));
- fprintf (fp, "\t# (Algorithm ID %d)\n", i);
- }
- break;
- case CONF_SERIAL:
- fprintf (fp, "%s:\t", cp->label);
- if ( *(serial_form_t*)cp->var == Unixtime )
- fprintf (fp, "UnixTime");
- else
- fprintf (fp, "Incremental");
- fprintf (fp, "\t# (UnixTime|Incremental)\n");
- break;
- case CONF_NSEC3:
- fprintf (fp, "%s:\t\t", cp->label);
- if ( *(nsec3_t*)cp->var == NSEC3_OFF )
- fprintf (fp, "Off");
- else if ( *(nsec3_t*)cp->var == NSEC3_ON )
- fprintf (fp, "On");
- else if ( *(nsec3_t*)cp->var == NSEC3_OPTOUT )
- fprintf (fp, "OptOut");
- fprintf (fp, "\t\t# (On|Off|OptOut)\n");
- break;
- case CONF_INT:
- fprintf (fp, "%s:\t%d", cp->label, *(int *)cp->var);
- printnl = 1;
- break;
- case CONF_END:
- /* NOTREACHED */
- break;
- }
- if ( printnl )
- {
- if ( cp->desc )
- {
- if ( printnl < 20 )
- putc ('\t', fp);
- fprintf (fp, "\t# %s\n", cp->desc);
- }
- else
- putc ('\n', fp);
-
- }
-}
-
-/*****************************************************************
-** public function definition
-*****************************************************************/
-
-void setconfigversion (int version)
-{
- compversion = version;
-}
-
-const char *timeint2str (unsigned long val)
-{
- static char str[20+1];
-
- if ( val == 0 )
- snprintf (str, sizeof (str), "Unset");
- else if ( val % YEARSEC == 0 )
- snprintf (str, sizeof (str), "%luy", val / YEARSEC);
- else if ( val % WEEKSEC == 0 )
- snprintf (str, sizeof (str), "%luw", val / WEEKSEC);
- else if ( val % DAYSEC == 0 )
- snprintf (str, sizeof (str), "%lud", val / DAYSEC);
- else if ( val % HOURSEC == 0 )
- snprintf (str, sizeof (str), "%luh", val / HOURSEC);
- else if ( val % MINSEC == 0 )
- snprintf (str, sizeof (str), "%lum", val / MINSEC);
- else
- snprintf (str, sizeof (str), "%lus", val);
-
- return str;
-}
-
-
-/*****************************************************************
-** loadconfig (file, conf)
-** Loads a config file into the "conf" structure pointed to by "z".
-** If "z" is NULL then a new conf struct will be dynamically
-** allocated.
-** If no filename is given the conf struct will be initialized
-** with the builtin default config
-*****************************************************************/
-zconf_t *loadconfig (const char *filename, zconf_t *z)
-{
- FILE *fp;
- char buf[1023+1];
- unsigned int line;
-
- if ( z == NULL ) /* allocate new memory for zconf_t */
- {
- if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
- return NULL;
-
- if ( filename && *filename )
- memcpy (z, &def, sizeof (zconf_t)); /* init new struct with defaults */
- }
-
- if ( filename == NULL || *filename == '\0' ) /* no file name given... */
- {
- dbg_val0("loadconfig (NULL)\n");
- memcpy (z, &def, sizeof (zconf_t)); /* ..then init with defaults */
- return z;
- }
-
- dbg_val1 ("loadconfig (%s)\n", filename);
- set_all_varptr (z, NULL);
-
- if ( (fp = fopen(filename, "r")) == NULL )
- fatal ("Could not open config file \"%s\"\n", filename);
-
- line = 0;
- while (fgets(buf, sizeof(buf), fp))
- parseconfigline (buf, ++line, z);
-
- fclose(fp);
- return z;
-}
-
-# define STRCONFIG_DELIMITER ";\r\n"
-zconf_t *loadconfig_fromstr (const char *str, zconf_t *z)
-{
- char *buf;
- char *tok, *toksave;
- unsigned int line;
-
- if ( z == NULL )
- {
- if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
- return NULL;
- memcpy (z, &def, sizeof (zconf_t)); /* init with defaults */
- }
-
- if ( str == NULL || *str == '\0' )
- {
- dbg_val0("loadconfig_fromstr (NULL)\n");
- memcpy (z, &def, sizeof (zconf_t)); /* init with defaults */
- return z;
- }
-
- dbg_val1 ("loadconfig_fromstr (\"%s\")\n", str);
- set_all_varptr (z, NULL);
-
- /* str is const, so we have to copy it into a new buffer */
- if ( (buf = strdup (str)) == NULL )
- fatal ("loadconfig_fromstr: Out of memory");
-
- line = 0;
- tok = strtok_r (buf, STRCONFIG_DELIMITER, &toksave);
- while ( tok )
- {
- line++;
- parseconfigline (tok, line, z);
- tok = strtok_r (NULL, STRCONFIG_DELIMITER, &toksave);
- }
- free (buf);
- return z;
-}
-
-/*****************************************************************
-** dupconfig (config)
-** duplicate config struct and return a ptr to the new struct
-*****************************************************************/
-zconf_t *dupconfig (const zconf_t *conf)
-{
- zconf_t *z;
-
- assert (conf != NULL);
-
- if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
- return NULL;
-
- memcpy (z, conf, sizeof (zconf_t));
-
- return z;
-}
-
-/*****************************************************************
-** freeconfig (config)
-** free memory for config struct and return a NULL ptr
-*****************************************************************/
-zconf_t *freeconfig (zconf_t *conf)
-{
- if (conf != NULL);
- free (conf);
-
- return (zconf_t *)NULL;
-}
-
-/*****************************************************************
-** setconfigpar (entry, pval)
-*****************************************************************/
-int setconfigpar (zconf_t *config, char *entry, const void *pval)
-{
- char *str;
- zconf_para_t *c;
-
- set_all_varptr (config, NULL);
-
- for ( c = confpara; c->type != CONF_END; c++ )
- if ( strcasecmp (entry, c->label) == 0 )
- {
- switch ( c->type )
- {
- case CONF_VERSION:
- break;
- case CONF_LEVEL:
- case CONF_FACILITY:
- case CONF_STRING:
- if ( pval )
- {
- str = strdup ((char *)pval);
- str_untaint (str); /* remove "bad" characters */
- }
- else
- str = NULL;
- *((char **)c->var) = str;
- break;
- case CONF_BOOL:
- /* fall through */
- case CONF_ALGO:
- /* fall through */
- case CONF_INT:
- *((int *)c->var) = *((int *)pval);
- break;
- case CONF_TIMEINT:
- *((long *)c->var) = *((long *)pval);
- break;
- case CONF_NSEC3:
- *((nsec3_t *)c->var) = *((nsec3_t *)pval);
- break;
- case CONF_SERIAL:
- *((serial_form_t *)c->var) = *((serial_form_t *)pval);
- break;
- case CONF_COMMENT:
- case CONF_END:
- /* NOTREACHED */
- break;
- }
- return 1;
- }
- return 0;
-}
-
-/*****************************************************************
-** printconfig (fname, config)
-*****************************************************************/
-int printconfig (const char *fname, const zconf_t *z)
-{
- zconf_para_t *cp;
- FILE *fp;
-
- if ( z == NULL )
- return 0;
-
- fp = stdout;
- if ( fname && *fname )
- {
- if ( strcmp (fname, "stdout") == 0 )
- fp = stdout;
- else if ( strcmp (fname, "stderr") == 0 )
- fp = stderr;
- else if ( (fp = fopen(fname, "w")) == NULL )
- {
- error ("Could not open config file \"%s\" for writing\n", fname);
- return -1;
- }
- }
-
- set_all_varptr ((zconf_t *)z, NULL);
-
- for ( cp = confpara; cp->type != CONF_END; cp++ ) /* loop through all parameter */
- if ( iscompatible (cp) ) /* is parameter compatible to current version? */
- printconfigline (fp, cp); /* print it out */
-
- if ( fp && fp != stdout && fp != stderr )
- fclose (fp);
-
- return 1;
-}
-
-/*****************************************************************
-** printconfigdiff (fname, conf_a, conf_b)
-*****************************************************************/
-int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z)
-{
- zconf_para_t *cp;
- int eq;
- char *p1, *p2;
- FILE *fp;
-
- if ( ref == NULL || z == NULL )
- return 0;
-
- fp = NULL;
- if ( fname && *fname )
- {
- if ( strcmp (fname, "stdout") == 0 )
- fp = stdout;
- else if ( strcmp (fname, "stderr") == 0 )
- fp = stderr;
- else if ( (fp = fopen(fname, "w")) == NULL )
- {
- error ("Could not open config file \"%s\" for writing\n", fname);
- return -1;
- }
- }
-
- set_all_varptr ((zconf_t *)z, ref);
-
- for ( cp = confpara; cp->type != CONF_END; cp++ ) /* loop through all parameter */
- {
- eq = 0;
- if ( iscmdline (cp) ) /* skip command line parameter */
- continue;
-
- if ( !iscompatible (cp) ) /* is parameter compatible to current version? */
- continue;
-
- if ( cp->type == CONF_VERSION || cp->type == CONF_END || cp->type == CONF_COMMENT )
- continue;
-
- dbg_val5 ("printconfigdiff: %d: %s %d %d %d\n", cp->type, cp->label,
- compversion, cp->used_since, cp->used_till);
- assert ( cp->var2 != NULL );
-
- switch ( cp->type )
- {
- case CONF_VERSION:
- case CONF_END:
- case CONF_COMMENT:
- continue;
- case CONF_NSEC3:
- eq = ( *(nsec3_t *)cp->var == *(nsec3_t *)cp->var2 );
- break;
- case CONF_SERIAL:
- eq = ( *(serial_form_t *)cp->var == *(serial_form_t *)cp->var2 );
- break;
- case CONF_BOOL:
- case CONF_ALGO:
- case CONF_INT:
- eq = ( *(int *)cp->var == *(int *)cp->var2 );
- break;
- case CONF_TIMEINT:
- eq = ( *(long *)cp->var == *(long *)cp->var2 );
- break;
- case CONF_LEVEL:
- case CONF_FACILITY:
- case CONF_STRING:
- p1 = *(char **)cp->var;
- p2 = *(char **)cp->var2;
- if ( p1 && p2 )
- eq = strcmp (p1, p2) == 0;
- else if ( p1 == NULL || p2 == NULL )
- eq = 0;
- else
- eq = 1;
- }
- if ( !eq )
- printconfigline (fp, cp); /* print it out */
- }
-
- if ( fp && fp != stdout && fp != stderr )
- fclose (fp);
-
- return 1;
-}
-
-/*****************************************************************
-** checkconfig (config)
-*****************************************************************/
-int checkconfig (const zconf_t *z)
-{
- int ret;
- long max_ttl;
-
- if ( z == NULL )
- return 1;
-
- max_ttl = z->max_ttl;
- if ( max_ttl <= 0 )
- max_ttl = z->sigvalidity;
-
- ret = 0;
- if ( z->k_random && strcmp (z->k_random, "/dev/urandom") == 0 )
- ret = fprintf (stderr, "random device without enough entropie used for KSK generation \n");
- if ( z->z_random && strcmp (z->z_random, "/dev/urandom") == 0 )
- ret = fprintf (stderr, "random device without enough entropie used for ZSK generation\n");
-
- if ( z->k_bits < 512 || z->z_bits < 512 )
- ret = fprintf (stderr, "Algorithm requires a bit size of at least 512 \n");
-
- if ( z->k_algo == DK_ALGO_RSASHA512 && ( z->k_bits < 1024 || z->z_bits < 1024 ) )
- ret = fprintf (stderr, "Algorithm RSASHA 512 requires a bit size of at least 1024 \n");
-
- if ( z->saltbits < 4 )
- ret = fprintf (stderr, "Saltlength must be at least 4 bits\n");
- if ( z->saltbits > 128 )
- {
- fprintf (stderr, "While the maximum is 520 bits of salt, it's not recommended to use more than 128 bits.\n");
- ret = fprintf (stderr, "The current value is %d bits\n", z->saltbits);
- }
-
- if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) )
- {
- fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n");
- ret = fprintf (stderr, "The current value is %s\n", timeint2str (z->sigvalidity));
- }
-
- if ( z->max_ttl <= 0 )
- {
- ret = fprintf (stderr, "The max TTL is unknown which results in suboptimal key rollover.\n");
- fprintf (stderr, "Please set max_ttl to the maximum ttl used in the zone (run zkt-conf -w zone.db)\n");
- }
- else
- if ( max_ttl > z->sigvalidity/2 )
- ret = fprintf (stderr, "Max TTL (%ld) should be a few times smaller than the signature validity (%ld)\n",
- max_ttl, z->sigvalidity);
-
- // if ( z->resign > (z->sigvalidity*5/6) - (max_ttl + z->proptime) )
- if ( z->resign > (z->sigvalidity*5/6) )
- {
- fprintf (stderr, "Re-signing interval (%s) should be less than ", timeint2str (z->resign));
- ret = fprintf (stderr, "5/6 of sigvalidity (%s)\n", timeint2str (z->sigvalidity));
- }
-
- if ( z->max_ttl > 0 && z->resign > (z->sigvalidity - max_ttl) )
- {
- fprintf (stderr, "Re-signing interval (%s) should be ", timeint2str (z->resign));
- fprintf (stderr, "end at least one max_ttl (%ld) before the end of ", max_ttl);
- ret = fprintf (stderr, "signature lifetime (%ld) (%s)\n", z->sigvalidity, timeint2str(z->sigvalidity - max_ttl));
- }
-
- if ( z->z_life > (24 * WEEKSEC) * (z->z_bits / 512.) )
- {
- fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life));
- fprintf (stderr, "seems a little bit high ");
- ret = fprintf (stderr, "(In respect of key size (%d))\n", z->z_bits);
- }
-
- if ( z->k_life > 0 && z->k_life <= z->z_life )
- {
- fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
- ret = fprintf (stderr, "should be greater than lifetime of zsk\n");
- }
- if ( z->k_life > 0 && z->k_life > (52 * WEEKSEC) * (z->k_bits / 512.) )
- {
- fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
- fprintf (stderr, "seems a little bit high ");
- ret = fprintf (stderr, "(In respect of key size (%d))\n", z->k_bits);
- }
-
- return !ret;
-}
-
-#ifdef CONF_TEST
-const char *progname;
-static zconf_t *config;
-
-main (int argc, char *argv[])
-{
- char *optstr;
- int val;
-
- progname = *argv;
-
- config = loadconfig ("", (zconf_t *) NULL); /* load built in defaults */
-
- while ( --argc >= 1 )
- {
- optstr = *++argv;
- config = loadconfig_fromstr (optstr, config);
- }
-
- val = 1;
- setconfigpar (config, "-v", &val);
- val = 2;
- setconfigpar (config, "verboselog", &val);
- val = 1;
- setconfigpar (config, "recursive", &val);
- val = 1200;
- setconfigpar (config, "propagation", &val);
-
- printconfig ("stdout", config);
-}
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zconf.h
-**
-** Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger.
-** All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Jeroen Masar and Holger Zuleger nor the
-** names of its contributors may be used to endorse or promote products
-** derived from this software without specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef ZCONF_H
-# define ZCONF_H
-
-
-# define MINSEC 60L
-# define HOURSEC (MINSEC * 60)
-# define DAYSEC (HOURSEC * 24)
-# define WEEKSEC (DAYSEC * 7)
-# define YEARSEC (DAYSEC * 365)
-# define DAY (1)
-# define WEEK (DAY * 7)
-# define MONTH (DAY * 30)
-# define YEAR (DAY * 365)
-
-# define SIG_VALID_DAYS (21) /* 3 Weeks */
-# define SIG_VALIDITY (SIG_VALID_DAYS * DAYSEC)
-# define MAX_TTL ( 8 * HOURSEC) /* default value of maximum ttl time */
-# define KEY_TTL ( 4 * HOURSEC) /* default value of KEY TTL */
-# define PROPTIME ( 5 * MINSEC) /* expected slave propagation time */
- /* should be small if notify is used */
-#if defined (DEF_TTL)
-# define DEF_TTL (MAX_TTL/2) /* currently not used */
-#endif
-
-# define RESIGN_INT ((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC)
-# define KSK_LIFETIME (2 * YEARSEC)
-#if 1
-# define ZSK_LIFETIME ((SIG_VALID_DAYS * 3) * DAYSEC) /* set to three times the sig validity */
-#else
-# define ZSK_LIFETIME (12 * WEEKSEC) /* set fixed to 3 month */
-#endif
-
-/* # define KSK_ALGO (DK_ALGO_RSASHA1) KSK_ALGO renamed to KEY_ALGO (v0.99) */
-# define KEY_ALGO (DK_ALGO_RSASHA1) /* general KEY_ALGO used for both ksk and zsk */
-# define ADDITIONAL_KEY_ALGO 0
-# define KSK_BITS (1300)
-# define KSK_RANDOM NULL
-/* # define ZSK_ALGO (DK_ALGO_RSASHA1) ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */
-# define ZSK_BITS (512)
-# define ZSK_ALWAYS 0
-# define ZSK_RANDOM "/dev/urandom"
-# define NSEC3 0 /* by default nsec3 is off */
-# define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/
-
-#if 0
-# define ZONEDIR "."
-#else
-# define ZONEDIR CONFIG_PATH
-#endif
-# define RECURSIVE 0
-# define PRINTTIME 1
-# define PRINTAGE 0
-# define LJUST 0
-# define LSCOLORTERM NULL /* or "" */
-# define KEYSETDIR ".." /* keysets */
-# define LOGFILE ""
-# define LOGLEVEL "error"
-# define LOGDOMAINDIR ""
-# define SYSLOGFACILITY "none"
-# define SYSLOGLEVEL "notice"
-# define VERBOSELOG 0
-# define ZONEFILE "zone.db"
-# define DNSKEYFILE "dnskey.db"
-# define LOOKASIDEDOMAIN "" /* "dlv.trusted-keys.de" */
-# define SIG_RANDOM NULL /* "/dev/urandom" */
-# define SIG_PSEUDO 0
-# define SIG_GENDS 1
-# define SIG_DNSKEY_KSK 0 /* Sign DNSKEY RR with KSK only */
-# define SIG_PARAM ""
-# define DEPENDFILES ""
-# define DIST_CMD NULL /* default is to run "rndc reload" */
-# define NAMED_CHROOT NULL /* default is none */
-
-#ifndef CONFIG_PATH
-# define CONFIG_PATH "/var/named/"
-#endif
-# define CONFIG_FILE CONFIG_PATH "dnssec.conf"
-# define LOCALCONF_FILE "dnssec.conf"
-
-/* external command execution path (should be set via config.h) */
-#ifndef BIND_UTIL_PATH
-# define BIND_UTIL_PATH "/usr/local/sbin/" /* beware of trailing '/' */
-#endif
-# define SIGNCMD BIND_UTIL_PATH "dnssec-signzone"
-# define KEYGENCMD BIND_UTIL_PATH "dnssec-keygen"
-# define RELOADCMD BIND_UTIL_PATH "rndc"
-
-/* macros */
-# define isflistdelim(c) ( (c) == ':' || (c) == ',' || isspace (c) )
-
-typedef enum {
- Unixtime = 1,
- Incremental
-} serial_form_t;
-
-typedef enum {
- NSEC3_OFF = 0,
- NSEC3_ON,
- NSEC3_OPTOUT
-} nsec3_t;
-
-typedef enum {
- none = 0,
- user,
- local0, local1, local2, local3, local4, local5, local6, local7
-} syslog_facility_t;
-
-typedef struct zconf {
- char *zonedir;
- int recursive;
- int printtime;
- int printage;
- int ljust;
- char *colorterm;
- long sigvalidity; /* should be less than expire time */
- long max_ttl; /* should be set to the maximum used ttl in the zone */
- long key_ttl;
- long proptime; /* expected time offset for zone propagation */
-#if defined (DEF_TTL)
- long def_ttl; /* default ttl set in soa record */
-#endif
- serial_form_t serialform; /* format of serial no */
- long resign; /* resign interval */
-
- int k_algo;
- int k2_algo;
- long k_life;
- int k_bits;
- char *k_random;
- long z_life;
- /* int z_algo; no longer used; renamed to k2_algo (v0.99) */
- int z_bits;
- int z_always; /* always pre-publish zsk ? */
- char *z_random;
- nsec3_t nsec3; /* 0 == off; 1 == on; 2 == on with optout */
- int saltbits;
-
- char *view;
- int noexec;
- // char *errlog;
- char *logfile;
- char *loglevel;
- char *logdomaindir;
- char *syslogfacility;
- char *sysloglevel;
- int verboselog;
- int verbosity;
- char *keyfile;
- char *zonefile;
- char *keysetdir;
- char *lookaside;
- char *sig_random;
- int sig_pseudo;
- int sig_gends;
- int sig_dnskeyksk;
- char *sig_param;
- char *dependfiles;
- char *dist_cmd; /* cmd to run instead of "rndc reload" */
- char *chroot_dir; /* chroot directory of named */
-} zconf_t;
-
-extern const char *timeint2str (unsigned long val);
-extern zconf_t *loadconfig (const char *filename, zconf_t *z);
-extern zconf_t *loadconfig_fromstr (const char *str, zconf_t *z);
-extern zconf_t *dupconfig (const zconf_t *conf);
-extern zconf_t *freeconfig (zconf_t *conf);
-extern int setconfigpar (zconf_t *conf, char *entry, const void *pval);
-extern int printconfig (const char *fname, const zconf_t *cp);
-extern int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z);
-extern int checkconfig (const zconf_t *z);
-extern void setconfigversion (int version);
-
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zfparse.c -- A zone file parser
-**
-** Copyright (c) Jan 2010 - Jan 2010, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <unistd.h> /* for link(), unlink() */
-# include <ctype.h>
-# include <assert.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-# include "zconf.h"
-# include "misc.h"
-# include "log.h"
-# include "debug.h"
-#define extern
-# include "zfparse.h"
-#undef extern
-
-
-extern const char *progname;
-
-/*****************************************************************
-** is_multiline_rr (const char *s)
-*****************************************************************/
-static const char *is_multiline_rr (int *multi_line_rr, const char *p)
-{
- while ( *p && *p != ';' )
- {
- if ( *p == '\"' )
- do
- p++;
- while ( *p && *p != '\"' );
-
- if ( *p == '(' )
- *multi_line_rr = 1;
- if ( *p == ')' )
- *multi_line_rr = 0;
- p++;
- }
- return p;
-}
-
-/*****************************************************************
-** skipws (const char *s)
-*****************************************************************/
-static const char *skipws (const char *s)
-{
- while ( *s && (*s == ' ' || *s == '\t' || *s == '\n') )
- s++;
- return s;
-}
-
-/*****************************************************************
-** skiplabel (const char *s)
-*****************************************************************/
-static const char *skiplabel (const char *s)
-{
- while ( *s && *s != ';' && *s != ' ' && *s != '\t' && *s != '\n' )
- s++;
- return s;
-}
-
-/*****************************************************************
-** setminmax ()
-*****************************************************************/
-static void setminmax (long *pmin, long val, long *pmax)
-{
- if ( val < *pmin )
- *pmin = val;
- if ( val > *pmax )
- *pmax = val;
-}
-
-/*****************************************************************
-** get_ttl ()
-*****************************************************************/
-static long get_ttl (const char *s)
-{
- char quantity;
- long lval;
-
- quantity = 'd';
- sscanf (s, "%ld%c", &lval, &quantity);
- quantity = tolower (quantity);
- if ( quantity == 'm' )
- lval *= MINSEC;
- else if ( quantity == 'h' )
- lval *= HOURSEC;
- else if ( quantity == 'd' )
- lval *= DAYSEC;
- else if ( quantity == 'w' )
- lval *= WEEKSEC;
- else if ( quantity == 'y' )
- lval *= YEARSEC;
-
- return lval;
-}
-
-/*****************************************************************
-** addkeydb ()
-*****************************************************************/
-int addkeydb (const char *file, const char *keydbfile)
-{
- FILE *fp;
-
- if ( (fp = fopen (file, "a")) == NULL )
- return -1;
-
- fprintf (fp, "\n");
- fprintf (fp, "$INCLUDE %s\t; this is the database of public DNSKEY RR\n", keydbfile);
-
- fclose (fp);
-
- return 0;
-}
-
-/*****************************************************************
-** parsezonefile ()
-** parse the BIND zone file 'file' and store the minimum and
-** maximum ttl value in the corresponding parameter.
-** if keydbfile is set, check if this file is already include.
-** if inclfiles is not NULL store a list of included files names
-** in it.
-** return 0 if keydbfile is not included
-** return 1 if keydbfile is included
-** return -1 on error
-*****************************************************************/
-int parsezonefile (const char *file, long *pminttl, long *pmaxttl, const char *keydbfile, char *inclfiles, size_t *plen)
-{
- FILE *infp;
- int len;
- int lnr;
- long ttl;
- int multi_line_rr;
- int keydbfilefound;
- char buf[1024];
- const char *p;
-
- assert (file != NULL);
- assert (pminttl != NULL);
- assert (pmaxttl != NULL);
-
- dbg_val4 ("parsezonefile (\"%s\", %ld, %ld, \"%s\")\n", file, *pminttl, *pmaxttl, keydbfile);
-
- if ( (infp = fopen (file, "r")) == NULL )
- {
- error ("parsezonefile: couldn't open file \"%s\" for input\n", file);
- return -1;
- }
-
- lnr = 0;
- keydbfilefound = 0;
- multi_line_rr = 0;
- while ( fgets (buf, sizeof buf, infp) != NULL )
- {
- len = strlen (buf);
- if ( buf[len-1] != '\n' ) /* line too long ? */
- fprintf (stderr, "line too long\n");
- lnr++;
-
- p = buf;
- if ( multi_line_rr ) /* skip line if it's part of a multiline rr */
- {
- is_multiline_rr (&multi_line_rr, p);
- continue;
- }
-
- if ( *p == '$' ) /* special directive ? */
- {
- if ( strncmp (p+1, "TTL", 3) == 0 ) /* $TTL ? */
- {
- ttl = get_ttl (p+4);
- dbg_val3 ("%s:%d:ttl %ld\n", file, lnr, ttl);
- setminmax (pminttl, ttl, pmaxttl);
- }
- else if ( strncmp (p+1, "INCLUDE", 7) == 0 ) /* $INCLUDE ? */
- {
- char fname[30+1];
-
- sscanf (p+9, "%30s", fname);
- dbg_val ("$INCLUDE directive for file \"%s\" found\n", fname);
- if ( strcmp (fname, keydbfile) == 0 )
- keydbfilefound = 1;
- else
- {
- if ( inclfiles && plen )
- {
- len = snprintf (inclfiles, *plen, ",%s", fname);
- if ( *plen <= len ) /* no space left in include file string */
- return keydbfilefound;
- inclfiles += len;
- *plen -= len;
- }
- int ret = parsezonefile (fname, pminttl, pmaxttl, keydbfile, inclfiles, plen);
- if ( ret ) /* keydb found or read error ? */
- keydbfilefound = ret;
- }
- }
- }
- else if ( !isspace (*p) ) /* label ? */
- p = skiplabel (p);
-
- p = skipws (p);
- if ( *p == ';' ) /* skip line if it's a comment line */
- continue;
-
- /* skip class (hesiod is not supported now) */
- if ( (toupper (*p) == 'I' && toupper (p[1]) == 'N') ||
- (toupper (*p) == 'C' && toupper (p[1]) == 'H') )
- p += 2;
- p = skipws (p);
-
- if ( isdigit (*p) ) /* ttl ? */
- {
- ttl = get_ttl (p);
- dbg_val3 ("%s:%d:ttl %ld\n", file, lnr, ttl);
- setminmax (pminttl, ttl, pmaxttl);
- }
-
- /* check the rest of the line if it's the beginning of a multi_line_rr */
- is_multiline_rr (&multi_line_rr, p);
- }
-
- if ( file )
- fclose (infp);
-
- dbg_val5 ("parsezonefile (\"%s\", %ld, %ld, \"%s\") ==> %d\n",
- file, *pminttl, *pmaxttl, keydbfile, keydbfilefound);
- return keydbfilefound;
-}
-
-
-#ifdef TEST
-const char *progname;
-int main (int argc, char *argv[])
-{
- long minttl;
- long maxttl;
- int keydbfound;
- char *dnskeydb;
-
- progname = *argv;
- dnskeydb = NULL;
- dnskeydb = "dnskey.db";
-
- minttl = 0x7FFFFFFF;
- maxttl = 0;
- keydbfound = parsezonefile (argv[1], &minttl, &maxttl, dnskeydb);
- if ( keydbfound < 0 )
- error ("can't parse zone file %s\n", argv[1]);
-
- if ( dnskeydb && !keydbfound )
- {
- printf ("$INCLUDE %s directive added \n", dnskeydb);
- addkeydb (argv[1], dnskeydb);
- }
-
- printf ("minttl = %ld\n", minttl);
- printf ("maxttl = %ld\n", maxttl);
-
- return 0;
-}
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zfparse.h -- headerfile for a zone file parser
-**
-** Copyright (c) Jan 2010 - Feb 2010, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-#ifndef ZFPARSE_H
-# define ZFPARSE_H
-extern int parsezonefile (const char *file, long *pminttl, long *pmaxttl, const char *keydbfile, char *inclfiles, size_t *plen);
-extern int addkeydb (const char *file, const char *keydbfile);
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zkt-conf.c (c) Jan 2005 / Jan 2010 Holger Zuleger hznet.de
-**
-** A config file utility for the DNSSEC Zone Key Tool
-**
-** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-# include <stdio.h>
-# include <stdlib.h> /* abort(), exit(), ... */
-# include <string.h>
-# include <dirent.h>
-# include <assert.h>
-# include <unistd.h>
-# include <ctype.h>
-# include <time.h>
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# include <getopt.h>
-#endif
-
-# include "debug.h"
-# include "misc.h"
-# include "zfparse.h"
-# include "zconf.h"
-
-extern int optopt;
-extern int opterr;
-extern int optind;
-extern char *optarg;
-const char *progname;
-
-static const char *view = "";
-static int writeflag = 0;
-static int allflag = 0;
-static int testflag = 0;
-
-# define short_options ":aC:c:O:dlstvwV:rh"
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-static struct option long_options[] = {
- {"compability", required_argument, NULL, 'C'},
- {"config", required_argument, NULL, 'c'},
- {"option", required_argument, NULL, 'O'},
- {"config-option", required_argument, NULL, 'O'},
- {"default", no_argument, NULL, 'd'},
- {"sidecfg", no_argument, NULL, 's'},
- {"localcfg", no_argument, NULL, 'l'},
- {"all-values", no_argument, NULL, 'a'},
- {"test", no_argument, NULL, 't'},
- {"overwrite", no_argument, NULL, 'w'},
- {"version", no_argument, NULL, 'v' },
- {"write", no_argument, NULL, 'w'},
- {"view", required_argument, NULL, 'V' },
- {"help", no_argument, NULL, 'h'},
- {0, 0, 0, 0}
-};
-#endif
-
-static void usage (char *mesg);
-
-
-int main (int argc, char *argv[])
-{
- int c;
- int opt_index;
- int major = 0;
- int minor = 0;
- int revision = 0;
- const char *file;
- const char *defconfname = NULL;
- const char *confname = NULL;
- char *p;
- char str[254+1];
- zconf_t *refconfig = NULL;
- zconf_t *config;
-
- progname = *argv;
- if ( (p = strrchr (progname, '/')) )
- progname = ++p;
- view = getnameappendix (progname, "zkt-conf");
-
- defconfname = getdefconfname (view);
- dbg_val0 ("Load built in config\n");
- config = loadconfig ("", (zconf_t *)NULL); /* load built in config */
-
- if ( fileexist (defconfname) ) /* load default config file */
- {
- dbg_val ("Load site wide config file \"%s\"\n", defconfname);
- config = loadconfig (defconfname, config);
- }
- if ( config == NULL )
- fatal ("Out of memory\n");
- confname = defconfname;
-
- opterr = 0;
- opt_index = 0;
-
- /* set current config version based on ZKT version */
- switch ( sscanf (ZKT_VERSION, "%d.%d.%d", &major, &minor, &revision) )
- {
- case 3: major = (major * 100) + (minor * 10) + revision; break;
- case 2: major = (major * 100) + (minor * 10); break;
- case 1: major = major * 100; break;
- default:
- usage ("illegal release number");
- }
- setconfigversion (major);
-
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
- while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 )
-#else
- while ( (c = getopt (argc, argv, short_options)) != -1 )
-#endif
- {
- switch ( c )
- {
- case 'V': /* view name */
- view = optarg;
- defconfname = getdefconfname (view);
- if ( fileexist (defconfname) ) /* load default config file */
- config = loadconfig (defconfname, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- confname = defconfname;
- break;
- case 'O': /* read option from commandline */
- config = loadconfig_fromstr (optarg, config);
- break;
- case 'C':
- switch ( sscanf (optarg, "%d.%d.%d", &major, &minor, &revision) )
- {
- case 3: major = (major * 100) + (minor * 10) + revision; break;
- case 2: major = (major * 100) + (minor * 10); break;
- case 1: major = major * 100; break;
- default:
- usage ("illegal release number");
- }
- setconfigversion (major);
- break;
- case 'c':
- if ( *optarg == '\0' )
- usage ("empty config file name");
- config = loadconfig (optarg, config);
- if ( *optarg == '-' || strcmp (optarg, "stdin") == 0 )
- confname = "stdout";
- else
- confname = optarg;
- break;
- case 'd': /* built-in default config */
- config = loadconfig ("", config); /* load built-in config */
- confname = defconfname;
- break;
- case 's': /* side wide config */
- /* this is the default **/
- break;
- case 'a': /* set all flag */
- allflag = 1;
- break;
- case 'l': /* local config file */
- refconfig = dupconfig (config); /* duplicate current config */
- confname = LOCALCONF_FILE;
- if ( fileexist (LOCALCONF_FILE) ) /* try to load local config file */
- {
- dbg_val ("Load local config file \"%s\"\n", LOCALCONF_FILE);
- config = loadconfig (LOCALCONF_FILE, config);
- }
- else if ( !writeflag )
- usage ("error: no local config file found");
- break;
- case 't': /* test config */
- testflag = 1;
- break;
- case 'v': /* version */
- fprintf (stderr, "%s version %s compiled for BIND version %d\n",
- progname, ZKT_VERSION, BIND_VERSION);
- fprintf (stderr, "ZKT %s\n", ZKT_COPYRIGHT);
- return 0;
- break;
- case 'w': /* write back conf file */
- writeflag = 1;
- break;
- case 'h': /* print help */
- usage ("");
- break;
- case ':':
- snprintf (str, sizeof(str), "option \"-%c\" requires an argument.",
- optopt);
- usage (str);
- break;
- case '?':
- if ( isprint (optopt) )
- snprintf (str, sizeof(str), "Unknown option \"-%c\".",
- optopt);
- else
- snprintf (str, sizeof (str), "Unknown option char \\x%x.",
- optopt);
- usage (str);
- break;
- default:
- abort();
- }
- }
-
- c = optind;
- if ( c >= argc ) /* no arguments given on commandline */
- {
- if ( testflag )
- {
- if ( checkconfig (config) )
- fprintf (stderr, "All config file parameter seems to be ok\n");
- }
- else
- {
- if ( !writeflag ) /* print to stdout */
- confname = "stdout";
-
- if ( refconfig ) /* have we seen a local config file ? */
- if ( allflag )
- printconfig (confname, config);
- else
- printconfigdiff (confname, refconfig, config);
- else
- printconfig (confname, config);
- }
- }
- else /* command line argument found: use it as name of zone file */
- {
- char includefiles[1023+1]; /* list of include files */
- size_t filelistsize; /* size of list */
- long minttl;
- long maxttl;
- int keydbfound;
- char *dnskeydb;
-
- file = argv[c++];
-
- dnskeydb = config->keyfile;
-
- minttl = 0x7FFFFFFF;
- maxttl = 0;
- includefiles[0] = '\0';
- filelistsize = sizeof (includefiles);
- keydbfound = parsezonefile (file, &minttl, &maxttl, dnskeydb, includefiles, &filelistsize);
- if ( keydbfound < 0 )
- error ("can't parse zone file %s\n", file);
-
- if ( dnskeydb && !keydbfound )
- {
- if ( writeflag )
- {
- addkeydb (file, dnskeydb);
- printf ("\"$INCLUDE %s\" directive added to \"%s\"\n", dnskeydb, file);
- }
- else
- printf ("\"$INCLUDE %s\" should be added to \"%s\" (run with option -w)\n",
- dnskeydb, file);
- }
-
- if ( isflistdelim (*includefiles) )
- {
- printf ("InclFiles:\t\"%s\"\n", includefiles+1);
- }
-
- if ( minttl < (10 * MINSEC) )
- fprintf (stderr, "MinimumTTL of %s (%ld seconds) is too low to use it in a signed zone (see RFC4641)\n",
- timeint2str (minttl), minttl);
- else
- fprintf (stderr, "MinimumTTL:\t%s\t# (%ld seconds)\n", timeint2str (minttl), minttl);
- fprintf (stdout, "MaximumTTL:\t%s\t# (%ld seconds)\n", timeint2str (maxttl), maxttl);
-
- if ( writeflag )
- {
- refconfig = dupconfig (config); /* duplicate current config */
- confname = LOCALCONF_FILE;
- if ( fileexist (LOCALCONF_FILE) ) /* try to load local config file */
- {
- dbg_val ("Load local config file \"%s\"\n", LOCALCONF_FILE);
- config = loadconfig (LOCALCONF_FILE, config);
- }
- setconfigpar (config, "MaximumTTL", &maxttl);
- printconfigdiff (confname, refconfig, config);
- }
- }
-
-
- return 0;
-}
-
-# define sopt_usage(mesg, value) fprintf (stderr, mesg, value)
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# define lopt_usage(mesg, value) fprintf (stderr, mesg, value)
-# define loptstr(lstr, sstr) lstr
-#else
-# define lopt_usage(mesg, value)
-# define loptstr(lstr, sstr) sstr
-#endif
-static void usage (char *mesg)
-{
- fprintf (stderr, "%s version %s\n", progname, ZKT_VERSION);
- if ( mesg && *mesg )
- fprintf (stderr, "%s\n", mesg);
- fprintf (stderr, "\n");
- fprintf (stderr, "usage: %s -h\n", progname);
- fprintf (stderr, "usage: %s [-V view] [-w|-t] -d [-O <optstr>]\n", progname);
- fprintf (stderr, "usage: %s [-V view] [-w|-t] [-s] [-c config] [-O <optstr>]\n", progname);
- fprintf (stderr, "usage: %s [-V view] [-w|-t] [-a] -l [-c config] [-O <optstr>]\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, "usage: %s [-c config] [-w] <zonefile>\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, " -V name%s", loptstr (", --view=name\n", ""));
- fprintf (stderr, "\t\t specify the view name \n");
- fprintf (stderr, " -d%s\tprint built-in default config parameter\n", loptstr (", --default", ""));
- fprintf (stderr, " -s%s\tprint site wide config file parameter (this is the default)\n", loptstr (", --sitecfg", ""));
- fprintf (stderr, " -l%s\tprint local config file parameter\n", loptstr (", --localcfg", ""));
- fprintf (stderr, " -a%s\tprint all parameter not only the different one\n", loptstr (", --all", ""));
- fprintf (stderr, " -c file%s", loptstr (", --config=file\n", ""));
- fprintf (stderr, " \t\tread config from <file> instead of %s\n", CONFIG_FILE);
- fprintf (stderr, " -O optstr%s", loptstr (", --config-option=\"optstr\"\n", ""));
- fprintf (stderr, " \t\tread config options from commandline\n");
- fprintf (stderr, " -t%s\ttest the config parameter if they are useful \n", loptstr (", --test", "\t"));
- fprintf (stderr, " -w%s\twrite or rewrite config file \n", loptstr (", --write", "\t"));
- fprintf (stderr, " -h%s\tprint this help \n", loptstr (", --help", "\t"));
- exit (1);
-}
-
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zkt-keyman.c (c) Jan 2005 - Apr 2010 Holger Zuleger hznet.de
-**
-** ZKT key managing tool (formely knon as dnsses-zkt)
-** A wrapper command around the BIND dnssec-keygen utility
-**
-** Copyright (c) 2005 - 2010, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-# include <stdio.h>
-# include <stdlib.h> /* abort(), exit(), ... */
-# include <string.h>
-# include <dirent.h>
-# include <assert.h>
-# include <unistd.h>
-# include <ctype.h>
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# include <getopt.h>
-#endif
-
-# include "debug.h"
-# include "misc.h"
-# include "strlist.h"
-# include "zconf.h"
-# include "dki.h"
-# include "zkt.h"
-
-extern int optopt;
-extern int opterr;
-extern int optind;
-extern char *optarg;
-const char *progname;
-
-char *labellist = NULL;
-
-int headerflag = 1;
-int ageflag = 0;
-int lifetime = 0;
-int lifetimeflag = 0;
-int timeflag = 1;
-int exptimeflag = 0;
-int pathflag = 0;
-int kskflag = 1;
-int zskflag = 1;
-int ljustflag = 0;
-
-static int dirflag = 0;
-static int recflag = RECURSIVE;
-static char *kskdomain = "";
-static const char *view = "";
-
-# define short_options ":0:1:2:3:9A:C:D:P:S:R:h:ZV:F:c:O:krz"
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-static struct option long_options[] = {
- {"ksk-rollover", no_argument, NULL, '9'},
- {"ksk-status", required_argument, NULL, '0'},
- {"ksk-roll-status", required_argument, NULL, '0'},
- {"ksk-newkey", required_argument, NULL, '1'},
- {"ksk-publish", required_argument, NULL, '2'},
- {"ksk-delkey", required_argument, NULL, '3'},
- {"ksk-roll-phase1", required_argument, NULL, '1'},
- {"ksk-roll-phase2", required_argument, NULL, '2'},
- {"ksk-roll-phase3", required_argument, NULL, '3'},
- {"ksk", no_argument, NULL, 'k'},
- {"zsk", no_argument, NULL, 'z'},
- {"recursive", no_argument, NULL, 'r'},
- {"config", required_argument, NULL, 'c'},
- {"option", required_argument, NULL, 'O'},
- {"config-option", required_argument, NULL, 'O'},
- {"published", required_argument, NULL, 'P'},
- {"standby", required_argument, NULL, 'S'},
- {"active", required_argument, NULL, 'A'},
- {"depreciated", required_argument, NULL, 'D'},
- {"create", required_argument, NULL, 'C'},
- {"revoke", required_argument, NULL, 'R'},
- {"remove", required_argument, NULL, 19 },
- {"destroy", required_argument, NULL, 20 },
- {"setlifetime", required_argument, NULL, 'F' },
- {"view", required_argument, NULL, 'V' },
- {"help", no_argument, NULL, 'h'},
- {0, 0, 0, 0}
-};
-#endif
-
-static int parsedirectory (const char *dir, dki_t **listp);
-static void parsefile (const char *file, dki_t **listp);
-static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf);
-static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf);
-static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp);
-static void usage (char *mesg, zconf_t *cp);
-static const char *parsetag (const char *str, int *tagp);
-
-static void setglobalflags (zconf_t *config)
-{
- recflag = config->recursive;
-}
-
-int main (int argc, char *argv[])
-{
- dki_t *data = NULL;
- dki_t *dkp;
- int c;
- int opt_index;
- int action;
- const char *file;
- const char *defconfname = NULL;
- char *p;
- char str[254+1];
- const char *keyname = NULL;
- int searchtag;
- zconf_t *config;
-
- progname = *argv;
- if ( (p = strrchr (progname, '/')) )
- progname = ++p;
- view = getnameappendix (progname, "dnssec-zkt");
-
- defconfname = getdefconfname (view);
- config = loadconfig ("", (zconf_t *)NULL); /* load built in config */
- if ( fileexist (defconfname) ) /* load default config file */
- config = loadconfig (defconfname, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- setglobalflags (config);
-
- opterr = 0;
- opt_index = 0;
- action = 0;
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
- while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 )
-#else
- while ( (c = getopt (argc, argv, short_options)) != -1 )
-#endif
- {
- switch ( c )
- {
- case '9': /* ksk rollover help */
- ksk_roll ("help", c - '0', NULL, NULL);
- exit (1);
- case '1': /* ksk rollover: create new key */
- case '2': /* ksk rollover: publish DS */
- case '3': /* ksk rollover: delete old key */
- case '0': /* ksk rollover: show current status */
- action = c;
- if ( !optarg )
- usage ("ksk rollover requires an domain argument", config);
- kskdomain = domain_canonicdup (optarg);
- break;
- case 'h':
- case 'K':
- case 'Z':
- action = c;
- break;
- case 'C':
- pathflag = !pathflag;
- /* fall through */
- case 'P':
- case 'S':
- case 'A':
- case 'D':
- case 'R':
- case 's':
- case 19:
- case 20:
- if ( (keyname = parsetag (optarg, &searchtag)) != NULL )
- keyname = domain_canonicdup (keyname);
- action = c;
- break;
- case 'F': /* set key lifetime */
- lifetime = atoi (optarg);
- action = c;
- break;
- case 'V': /* view name */
- view = optarg;
- defconfname = getdefconfname (view);
- if ( fileexist (defconfname) ) /* load default config file */
- config = loadconfig (defconfname, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- setglobalflags (config);
- break;
- case 'c':
- config = loadconfig (optarg, config);
- setglobalflags (config);
- checkconfig (config);
- break;
- case 'O': /* read option from commandline */
- config = loadconfig_fromstr (optarg, config);
- setglobalflags (config);
- checkconfig (config);
- break;
- case 'd': /* ignore directory arg */
- dirflag = 1;
- break;
- case 'k': /* ksk only */
- zskflag = 0;
- break;
- case 'r': /* switch recursive flag */
- recflag = !recflag;
- break;
- case 'z': /* zsk only */
- kskflag = 0;
- break;
- case ':':
- snprintf (str, sizeof(str), "option \"-%c\" requires an argument.\n",
- optopt);
- usage (str, config);
- break;
- case '?':
- if ( isprint (optopt) )
- snprintf (str, sizeof(str), "Unknown option \"-%c\".\n",
- optopt);
- else
- snprintf (str, sizeof (str), "Unknown option char \\x%x.\n",
- optopt);
- usage (str, config);
- break;
- default:
- abort();
- }
- }
-
- if ( kskflag == 0 && zskflag == 0 )
- kskflag = zskflag = 1;
-
- c = optind;
- do {
- if ( c >= argc ) /* no args left */
- file = config->zonedir; /* use default directory */
- else
- file = argv[c++];
-
- if ( is_directory (file) )
- parsedirectory (file, &data);
- else
- parsefile (file, &data);
-
- } while ( c < argc ); /* for all arguments */
-
- switch ( action )
- {
- case 'h':
- usage ("", config);
- case 'C':
- createkey (keyname, data, config);
- break;
- case 'P':
- case 'S':
- case 'A':
- case 'D':
- if ( (dkp = (dki_t*)zkt_search (data, searchtag, keyname)) == NULL )
- fatal ("Key with tag %u not found\n", searchtag);
- else if ( dkp == (void *) 01 )
- fatal ("Key with tag %u found multiple times\n", searchtag);
- if ( (c = dki_setstatus_preservetime (dkp, action)) != 0 )
- fatal ("Couldn't change status of key %u: %d\n", searchtag, c);
- break;
- case 19: /* remove (rename) key file */
- if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL )
- fatal ("Key with tag %u not found\n", searchtag);
- else if ( dkp == (void *) 01 )
- fatal ("Key with tag %u found multiple times\n", searchtag);
- dki_remove (dkp);
- break;
- case 20: /* destroy the key (remove the files!) */
- if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL )
- fatal ("Key with tag %u not found\n", searchtag);
- else if ( dkp == (void *) 01 )
- fatal ("Key with tag %u found multiple times\n", searchtag);
- dki_destroy (dkp);
- break;
- case 'R':
- if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL )
- fatal ("Key with tag %u not found\n", searchtag);
- else if ( dkp == (void *) 01 )
- fatal ("Key with tag %u found multiple times\n", searchtag);
- if ( (c = dki_setstatus (dkp, action)) != 0 )
- fatal ("Couldn't change status of key %u: %d\n", searchtag, c);
- break;
- case '1': /* ksk rollover new key */
- case '2': /* ksk rollover publish DS */
- case '3': /* ksk rollover delete old key */
- case '0': /* ksk rollover status */
- ksk_roll (kskdomain, action - '0', data, config);
- break;
- case 'F':
- zkt_setkeylifetime (data);
- /* fall through */
- default:
- zkt_list_keys (data);
- }
-
- return 0;
-}
-
-# define sopt_usage(mesg, value) fprintf (stderr, mesg, value)
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# define lopt_usage(mesg, value) fprintf (stderr, mesg, value)
-# define loptstr(lstr, sstr) lstr
-#else
-# define lopt_usage(mesg, value)
-# define loptstr(lstr, sstr) sstr
-#endif
-static void usage (char *mesg, zconf_t *cp)
-{
- fprintf (stderr, "DNS Zone Key Management Tool %s\n", ZKT_VERSION);
- fprintf (stderr, "\n");
- fprintf (stderr, "Create a new key \n");
- sopt_usage ("\tusage: %s -C <name> [-k] [-dpr] [-c config] [dir ...]\n", progname);
- lopt_usage ("\tusage: %s --create=<name> [-k] [-dpr] [-c config] [dir ...]\n", progname);
- fprintf (stderr, "\t\tKSK (use -k): %s %d bits\n", dki_algo2str (cp->k_algo), cp->k_bits);
- fprintf (stderr, "\t\tZSK (default): %s %d bits\n", dki_algo2str (cp->k_algo), cp->z_bits);
- fprintf (stderr, "\n");
- fprintf (stderr, "Change key status of specified key to published, active or depreciated\n");
- fprintf (stderr, "\t(<keyspec> := tag | tag:name) \n");
- sopt_usage ("\tusage: %s -P|-A|-D <keyspec> [-dr] [-c config] [dir ...]\n", progname);
- lopt_usage ("\tusage: %s --published=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
- lopt_usage ("\tusage: %s --active=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
- lopt_usage ("\tusage: %s --depreciated=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, "Revoke specified key (<keyspec> := tag | tag:name) \n");
- sopt_usage ("\tusage: %s -R <keyspec> [-dr] [-c config] [dir ...]\n", progname);
- lopt_usage ("\tusage: %s --revoke=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, "Remove (rename) or destroy (delete) specified key (<keyspec> := tag | tag:name) \n");
- lopt_usage ("\tusage: %s --remove=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
- lopt_usage ("\tusage: %s --destroy=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, "Initiate a semi-automated KSK rollover");
- fprintf (stderr, "('%s -9%s' prints out a brief description)\n", progname, loptstr ("|--ksk-rollover", ""));
- sopt_usage ("\tusage: %s {-1} do.ma.in.\n", progname);
- lopt_usage ("\tusage: %s {--ksk-roll-phase1|--ksk-newkey} do.ma.in.\n", progname);
- sopt_usage ("\tusage: %s {-2} do.ma.in.\n", progname);
- lopt_usage ("\tusage: %s {--ksk-roll-phase2|--ksk-publish} do.ma.in.\n", progname);
- sopt_usage ("\tusage: %s {-3} do.ma.in.\n", progname);
- lopt_usage ("\tusage: %s {--ksk-roll-phase3|--ksk-delkey} do.ma.in.\n", progname);
- sopt_usage ("\tusage: %s {-0} do.ma.in.\n", progname);
- lopt_usage ("\tusage: %s {--ksk-roll-status|--ksk-status} do.ma.in.\n", progname);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "\n");
- fprintf (stderr, "General options \n");
- fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", ""));
- fprintf (stderr, "\t\t read config from <file> instead of %s\n", CONFIG_FILE);
- fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", ""));
- fprintf (stderr, "\t\t read config options from commandline\n");
- fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t"));
- fprintf (stderr, "\t-r%s\t recursive mode on/off (default: %s)\n", loptstr(", --recursive", "\t"), recflag ? "on": "off");
- fprintf (stderr, "\t-F days%s=days\t set key lifetime\n", loptstr (", --setlifetime", "\t"));
- fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t"));
- fprintf (stderr, "\t-z%s\t zone signing keys only\n", loptstr (", --zsk", "\t"));
- if ( mesg && *mesg )
- fprintf (stderr, "%s\n", mesg);
- exit (1);
-}
-
-static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf)
-{
- const char *dir = "";
- dki_t *dkp;
-
- if ( keyname == NULL || *keyname == '\0' )
- fatal ("Create key: no keyname!");
-
- dbg_val2 ("createkey: keyname %s, pathflag = %d\n", keyname, pathflag);
- /* search for already existent key to get the directory name */
- if ( pathflag && (dkp = (dki_t *)zkt_search (list, 0, keyname)) != NULL )
- {
- char path[MAX_PATHSIZE+1];
- zconf_t localconf;
-
- dir = dkp->dname;
- pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL);
- if ( fileexist (path) ) /* load local config file */
- {
- dbg_val ("Load local config file \"%s\"\n", path);
- memcpy (&localconf, conf, sizeof (zconf_t));
- conf = loadconfig (path, &localconf);
- }
- }
-
- if ( zskflag )
- dkp = dki_new (dir, keyname, DKI_ZSK, conf->k_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC);
- else
- dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC);
- if ( dkp == NULL )
- fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ());
-
- /* create a new key always in state published, which means "standby" for ksk */
- dki_setstatus (dkp, DKI_PUB);
-}
-
-static int get_parent_phase (const char *file)
-{
- FILE *fp;
- int phase;
-
- if ( (fp = fopen (file, "r")) == NULL )
- return -1;
-
- phase = 0;
- if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 )
- phase = 0;
-
- fclose (fp);
- return phase;
-}
-
-static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf)
-{
- char path[MAX_PATHSIZE+1];
- zconf_t localconf;
- const char *dir;
- dki_t *keylist;
- dki_t *dkp;
- dki_t *standby;
- int parent_exist;
- int parent_age;
- int parent_phase;
- int parent_propagation;
- int key_ttl;
- int ksk;
-
- if ( phase == 9 ) /* usage */
- {
- fprintf (stderr, "A KSK rollover requires three consecutive steps:\n");
- fprintf (stderr, "\n");
- fprintf (stderr, "-1%s", loptstr ("|--ksk-roll-phase1 (--ksk-newkey)\n", ""));
- fprintf (stderr, "\t Create a new KSK.\n");
- fprintf (stderr, "\t This step also creates a parent-<domain> file which contains only\n");
- fprintf (stderr, "\t the _old_ key. This file will be copied in hierarchical mode\n");
- fprintf (stderr, "\t by dnssec-signer to the parent directory as keyset-<domain> file.\n");
- fprintf (stderr, "\t Wait until the new keyset is propagated, before going to the next step.\n");
- fprintf (stderr, "\n");
- fprintf (stderr, "-2%s", loptstr ("|--ksk-roll-phase2 (--ksk-publish)\n", ""));
- fprintf (stderr, "\t This step creates a parent-<domain> file with the _new_ key only.\n");
- fprintf (stderr, "\t Please send this file immediately to the parent (In hierarchical\n");
- fprintf (stderr, "\t mode this will be done automatically by the dnssec-signer command).\n");
- fprintf (stderr, "\t Then wait until the new DS is generated by the parent and propagated\n");
- fprintf (stderr, "\t to all the parent name server, plus the old DS TTL before going to step three.\n");
- fprintf (stderr, "\n");
- fprintf (stderr, "-3%s", loptstr ("|--ksk-roll-phase3 (--ksk-delkey)\n", ""));
- fprintf (stderr, "\t Remove (rename) the old KSK and the parent-<domain> file.\n");
- fprintf (stderr, "\t You have to manually delete the old KSK (look at file names beginning\n");
- fprintf (stderr, "\t with an lower 'k').\n");
- fprintf (stderr, "\n");
- fprintf (stderr, "-0%s", loptstr ("|--ksk-roll-stat (--ksk-status)\n", ""));
- fprintf (stderr, "\t Show the current KSK rollover state of a domain.\n");
-
- fprintf (stderr, "\n");
-
- return;
- }
-
- if ( keyname == NULL || *keyname == '\0' )
- fatal ("ksk rollover: no domain!");
-
- dbg_val2 ("ksk_roll: keyname %s, phase = %d\n", keyname, phase);
-
- /* search for already existent key to get the directory name */
- if ( (keylist = (dki_t *)zkt_search (list, 0, keyname)) == NULL )
- fatal ("ksk rollover: domain %s not found!\n", keyname);
- dkp = keylist;
-
- /* try to read local config file */
- dir = dkp->dname;
- pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL);
- if ( fileexist (path) ) /* load local config file */
- {
- dbg_val ("Load local config file \"%s\"\n", path);
- memcpy (&localconf, conf, sizeof (zconf_t));
- conf = loadconfig (path, &localconf);
- }
- key_ttl = conf->key_ttl;
-
- /* check if parent-file already exist */
- pathname (path, sizeof (path), dir, "parent-", keyname);
- parent_phase = parent_age = 0;
- if ( (parent_exist = fileexist (path)) != 0 )
- {
- parent_phase = get_parent_phase (path);
- parent_age = file_age (path);
- }
- // parent_propagation = 2 * DAYSEC;
- parent_propagation = 5 * MINSEC;
-
- ksk = 0; /* count active(!) key signing keys */
- standby = NULL; /* find standby key if available */
- for ( dkp = keylist; dkp; dkp = dkp->next )
- if ( dki_isksk (dkp) )
- {
- if ( dki_status (dkp) == DKI_ACT )
- ksk++;
- else if ( dki_status (dkp) == DKI_PUB )
- standby = dkp;
- }
-
- switch ( phase )
- {
- case 0: /* print status (debug) */
- fprintf (stdout, "ksk_rollover:\n");
- fprintf (stdout, "\t domain = %s\n", keyname);
- fprintf (stdout, "\t phase = %d\n", parent_phase);
- fprintf (stdout, "\t parent_file %s %s\n", path, parent_exist ? "exist": "not exist");
- if ( parent_exist )
- fprintf (stdout, "\t age of parent_file %d %s\n", parent_age, str_delspace (age2str (parent_age)));
- fprintf (stdout, "\t # of active key signing keys %d\n", ksk);
- fprintf (stdout, "\t parent_propagation %d %s\n", parent_propagation, str_delspace (age2str (parent_propagation)));
- fprintf (stdout, "\t keys ttl %d %s\n", key_ttl, age2str (key_ttl));
-
- for ( dkp = keylist; dkp; dkp = dkp->next )
- {
- /* TODO: Nur zum testen */
- dki_prt_dnskey (dkp, stdout);
- }
- break;
- case 1:
- if ( parent_exist || ksk > 1 )
- fatal ("Can\'t create new ksk because there is already an ksk rollover in progress\n");
-
- fprintf (stdout, "create new ksk \n");
- dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC);
- if ( dkp == NULL )
- fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ());
- if ( standby )
- {
- dki_setstatus (standby, DKI_ACT); /* activate standby key */
- dki_setstatus (dkp, DKI_PUB); /* new key will be the new standby */
- }
-
- // dkp = keylist; /* use old key to create the parent file */
- if ( (dkp = (dki_t *)dki_findalgo (keylist, 1, conf->k_algo, 'a', 1)) == NULL ) /* find the oldest active ksk to create the parent file */
- fatal ("ksk_rollover phase1: Couldn't find the old active key\n");
- if ( !create_parent_file (path, phase, key_ttl, dkp) )
- fatal ("Couldn't create parentfile %s\n", path);
- break;
-
- case 2:
- if ( ksk < 2 )
- fatal ("Can\'t publish new key because no one exist\n");
- if ( !parent_exist )
- fatal ("More than one KSK but no parent file found!\n");
- if ( parent_phase != 1 )
- fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase);
- if ( parent_age < conf->proptime + key_ttl )
- fatal ("ksk_rollover (phase2): you have to wait for the propagation of the new KSK (at least %dsec or %s)\n",
- conf->proptime + key_ttl - parent_age,
- str_delspace (age2str (conf->proptime + key_ttl - parent_age)));
-
- fprintf (stdout, "save new ksk in parent file\n");
- dkp = keylist->next; /* set dkp to new ksk */
- if ( !create_parent_file (path, phase, key_ttl, dkp) )
- fatal ("Couldn't create parentfile %s\n", path);
- break;
- case 3:
- if ( !parent_exist || ksk < 2 )
- fatal ("ksk-delkey only allowed after ksk-publish\n");
- if ( parent_phase != 2 )
- fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase);
- if ( parent_age < parent_propagation + key_ttl )
- fatal ("ksk_rollover (phase3): you have to wait for DS propagation (at least %dsec or %s)\n",
- parent_propagation + key_ttl - parent_age,
- str_delspace (age2str (parent_propagation + key_ttl - parent_age)));
- /* remove the parentfile */
- fprintf (stdout, "remove parentfile \n");
- unlink (path);
- /* remove or rename the old key */
- fprintf (stdout, "old ksk renamed \n");
- dkp = keylist; /* set dkp to old ksk */
- dki_remove (dkp);
- break;
- default: assert (phase == 1 || phase == 2 || phase == 3);
- }
-}
-
-/*****************************************************************
-** create_parent_file ()
-*****************************************************************/
-static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)
-{
- FILE *fp;
-
- assert ( fname != NULL );
-
- if ( dkp == NULL || (phase != 1 && phase != 2) )
- return 0;
-
- if ( (fp = fopen (fname, "w")) == NULL )
- fatal ("can\'t create new parentfile \"%s\"\n", fname);
-
- if ( phase == 1 )
- fprintf (fp, "; KSK rollover phase1 (old key)\n");
- else
- fprintf (fp, "; KSK rollover phase2 (new key)\n");
-
- dki_prt_dnskeyttl (dkp, fp, ttl);
- fclose (fp);
-
- return phase;
-}
-
-static int parsedirectory (const char *dir, dki_t **listp)
-{
- dki_t *dkp;
- DIR *dirp;
- struct dirent *dentp;
- char path[MAX_PATHSIZE+1];
-
- if ( dirflag )
- return 0;
-
- dbg_val ("directory: opendir(%s)\n", dir);
- if ( (dirp = opendir (dir)) == NULL )
- return 0;
-
- while ( (dentp = readdir (dirp)) != NULL )
- {
- if ( is_dotfilename (dentp->d_name) )
- continue;
-
- dbg_val ("directory: check %s\n", dentp->d_name);
- pathname (path, sizeof (path), dir, dentp->d_name, NULL);
- if ( is_directory (path) && recflag )
- {
- dbg_val ("directory: recursive %s\n", path);
- parsedirectory (path, listp);
- }
- else if ( is_keyfilename (dentp->d_name) )
- if ( (dkp = dki_read (dir, dentp->d_name)) )
- {
- // fprintf (stderr, "parsedir: tssearch (%d %s)\n", dkp, dkp->name);
-#if defined (USE_TREE) && USE_TREE
- dki_tadd (listp, dkp, 1);
-#else
- dki_add (listp, dkp);
-#endif
- }
- }
- closedir (dirp);
- return 1;
-}
-
-static void parsefile (const char *file, dki_t **listp)
-{
- char path[MAX_PATHSIZE+1];
- dki_t *dkp;
-
- /* file arg contains path ? ... */
- file = splitpath (path, sizeof (path), file); /* ... then split of */
-
- if ( is_keyfilename (file) ) /* plain file name looks like DNS key file ? */
- {
- if ( (dkp = dki_read (path, file)) ) /* read DNS key file ... */
-#if defined (USE_TREE) && USE_TREE
- dki_tadd (listp, dkp, 1); /* ... and add to tree */
-#else
- dki_add (listp, dkp); /* ... and add to list */
-#endif
- else
- error ("error parsing %s: (%s)\n", file, dki_geterrstr());
- }
-}
-
-static const char *parsetag (const char *str, int *tagp)
-{
- const char *p;
-
- *tagp = 0;
- while ( isspace (*str) ) /* skip leading ws */
- str++;
-
- p = str;
- if ( isdigit (*p) ) /* keytag starts with digit */
- {
- sscanf (p, "%u", tagp); /* read keytag as number */
- do /* eat up to the end of the number */
- p++;
- while ( isdigit (*p) );
-
- if ( *p == ':' ) /* label follows ? */
- return p+1; /* return that */
- if ( *p == '\0' )
- return NULL; /* no label */
- }
- return str; /* return as label string if not a numeric keytag */
-}
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zkt-ls.c (c) Jan 2010 Holger Zuleger hznet.de
-**
-** Secure DNS zone key tool
-** A command to list dnssec keys
-**
-** Copyright (c) 2005 - 2010, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-# include <stdio.h>
-# include <stdlib.h> /* abort(), exit(), ... */
-# include <string.h>
-# include <dirent.h>
-# include <assert.h>
-# include <unistd.h>
-# include <ctype.h>
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# include <getopt.h>
-#endif
-
-# include "debug.h"
-# include "misc.h"
-# include "strlist.h"
-# include "zconf.h"
-# include "dki.h"
-# include "tcap.h"
-# include "zkt.h"
-
-extern int optopt;
-extern int opterr;
-extern int optind;
-extern char *optarg;
-const char *progname;
-
-char *labellist = NULL;
-
-int headerflag = 1;
-int ageflag = 0;
-int lifetime = 0;
-int lifetimeflag = 0;
-int timeflag = 1;
-int exptimeflag = 0;
-int pathflag = 0;
-int kskflag = 1;
-int zskflag = 1;
-int ljustflag = 0;
-int subdomain_before_parent = 1;
-
-static int dirflag = 0;
-static int recflag = RECURSIVE;
-static int trustedkeyflag = 0;
-static int managedkeyflag = 0;
-static const char *view = "";
-static const char *term = NULL;
-
-#if defined(COLOR_MODE) && COLOR_MODE
-# define short_options ":HKTMV:afC::c:O:dhkLl:prstez"
-#else
-# define short_options ":HKTMV:af:c:O:dhkLl:prstez"
-#endif
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-static struct option long_options[] = {
- {"list-dnskeys", no_argument, NULL, 'K'},
- {"list-trustedkeys", no_argument, NULL, 'T'},
- {"list-managedkeys", no_argument, NULL, 'M'},
- {"ksk", no_argument, NULL, 'k'},
- {"zsk", no_argument, NULL, 'z'},
- {"age", no_argument, NULL, 'a'},
- {"lifetime", no_argument, NULL, 'f'},
- {"time", no_argument, NULL, 't'},
- {"expire", no_argument, NULL, 'e'},
- {"recursive", no_argument, NULL, 'r'},
- {"leftjust", no_argument, NULL, 'L'},
- {"label-list", no_argument, NULL, 'l'},
- {"path", no_argument, NULL, 'p'},
- {"sort", no_argument, NULL, 's'},
- {"subdomain", no_argument, NULL, 's'},
- {"nohead", no_argument, NULL, 'h'},
- {"directory", no_argument, NULL, 'd'},
-#if defined(COLOR_MODE) && COLOR_MODE
- {"color", optional_argument, NULL, 'C'},
-#endif
- {"config", required_argument, NULL, 'c'},
- {"option", required_argument, NULL, 'O'},
- {"config-option", required_argument, NULL, 'O'},
- {"view", required_argument, NULL, 'V' },
- {"help", no_argument, NULL, 'H'},
- {0, 0, 0, 0}
-};
-#endif
-
-static int parsedirectory (const char *dir, dki_t **listp, int sub_before);
-static void parsefile (const char *file, dki_t **listp, int sub_before);
-static void usage (char *mesg, zconf_t *cp);
-
-static void setglobalflags (zconf_t *config)
-{
- recflag = config->recursive;
- ageflag = config->printage;
- timeflag = config->printtime;
- ljustflag = config->ljust;
- term = config->colorterm;
- if ( term && *term == '\0' )
- term = getenv ("TERM");
-}
-
-int main (int argc, char *argv[])
-{
- dki_t *data = NULL;
- int c;
- int opt_index;
- int action;
- const char *file;
- const char *defconfname = NULL;
- char *p;
- char str[254+1];
- zconf_t *config;
-
- progname = *argv;
- if ( (p = strrchr (progname, '/')) )
- progname = ++p;
- view = getnameappendix (progname, "zkt-ls");
-
- defconfname = getdefconfname (view);
- config = loadconfig ("", (zconf_t *)NULL); /* load built in config */
- if ( fileexist (defconfname) ) /* load default config file */
- config = loadconfig (defconfname, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- setglobalflags (config);
-
- opterr = 0;
- opt_index = 0;
- action = 0;
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
- while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 )
-#else
- while ( (c = getopt (argc, argv, short_options)) != -1 )
-#endif
- {
- switch ( c )
- {
-#if defined(COLOR_MODE) && COLOR_MODE
- case 'C': /* color mode on; optional with terminal name */
- if ( optarg )
- term = optarg;
- else
- term = getenv ("TERM");
- break;
-#endif
- case 'M':
- managedkeyflag = 1;
- subdomain_before_parent = 0;
- zskflag = pathflag = 0;
- action = c;
- break;
- case 'T':
- trustedkeyflag = 1;
- subdomain_before_parent = 0;
- zskflag = pathflag = 0;
- /* fall through */
- case 'H':
- case 'K':
- case 'Z':
- action = c;
- break;
- case 'a': /* age */
- ageflag = !ageflag;
- break;
- case 'f': /* key lifetime */
- lifetimeflag = !lifetimeflag;
- break;
- case 'V': /* view name */
- view = optarg;
- defconfname = getdefconfname (view);
- if ( fileexist (defconfname) ) /* load default config file */
- config = loadconfig (defconfname, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- setglobalflags (config);
- break;
- case 'c':
- config = loadconfig (optarg, config);
- setglobalflags (config);
- checkconfig (config);
- break;
- case 'O': /* read option from commandline */
- config = loadconfig_fromstr (optarg, config);
- setglobalflags (config);
- checkconfig (config);
- break;
- case 'd': /* ignore directory arg */
- dirflag = 1;
- break;
- case 'h': /* print no headline */
- headerflag = 0;
- break;
- case 'k': /* ksk only */
- zskflag = 0;
- break;
- case 'L': /* ljust */
- ljustflag = !ljustflag;
- break;
- case 'l': /* label list */
- labellist = prepstrlist (optarg, LISTDELIM);
- if ( labellist == NULL )
- fatal ("Out of memory\n");
- break;
- case 'p': /* print path */
- pathflag = 1;
- break;
- case 'r': /* switch recursive flag */
- recflag = !recflag;
- break;
- case 's': /* switch subdomain sorting flag */
- subdomain_before_parent = !subdomain_before_parent;
- break;
- case 't': /* time */
- timeflag = !timeflag;
- break;
- case 'e': /* expire time */
- exptimeflag = !exptimeflag;
- break;
- case 'z': /* zsk only */
- kskflag = 0;
- break;
- case ':':
- snprintf (str, sizeof(str), "option \"-%c\" requires an argument.\n",
- optopt);
- usage (str, config);
- break;
- case '?':
- if ( isprint (optopt) )
- snprintf (str, sizeof(str), "Unknown option \"-%c\".\n",
- optopt);
- else
- snprintf (str, sizeof (str), "Unknown option char \\x%x.\n",
- optopt);
- usage (str, config);
- break;
- default:
- abort();
- }
- }
-
- if ( kskflag == 0 && zskflag == 0 )
- kskflag = zskflag = 1;
-
- tc_init (stdout, term);
-
- c = optind;
- do {
- if ( c >= argc ) /* no args left */
- file = config->zonedir; /* use default directory */
- else
- file = argv[c++];
-
- if ( is_directory (file) )
- parsedirectory (file, &data, subdomain_before_parent);
- else
- parsefile (file, &data, subdomain_before_parent);
-
- } while ( c < argc ); /* for all arguments */
-
- switch ( action )
- {
- case 'H':
- usage ("", config);
- case 'K':
- zkt_list_dnskeys (data);
- break;
- case 'T':
- zkt_list_trustedkeys (data);
- break;
- case 'M':
- zkt_list_managedkeys (data);
- break;
- default:
- zkt_list_keys (data);
- }
-
- tc_end (stdout, term);
-
- return 0;
-}
-
-# define sopt_usage(mesg, value) fprintf (stderr, mesg, value)
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# define lopt_usage(mesg, value) fprintf (stderr, mesg, value)
-# define loptstr(lstr, sstr) lstr
-#else
-# define lopt_usage(mesg, value)
-# define loptstr(lstr, sstr) sstr
-#endif
-static void usage (char *mesg, zconf_t *cp)
-{
- fprintf (stderr, "Secure DNS Zone Key Tool %s\n", ZKT_VERSION);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "List keys in current or given directory (-r for recursive mode)\n");
- sopt_usage ("\tusage: %s [-adefhkLprtzC] [-c config] [file|dir ...]\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, "List public part of keys in DNSKEY RR format\n");
- sopt_usage ("\tusage: %s -K [-dhkrz] [-c config] [file|dir ...]\n", progname);
- lopt_usage ("\tusage: %s --list-dnskeys [-dhkzr] [-c config] [file|dir ...]\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, "List keys (output is suitable for trusted-keys section)\n");
- sopt_usage ("\tusage: %s -T [-dhrz] [-c config] [file|dir ...]\n", progname);
- lopt_usage ("\tusage: %s --list-trustedkeys [-dhzr] [-c config] [file|dir ...]\n", progname);
- fprintf (stderr, "\n");
- fprintf (stderr, "List managed keys (output is suitable for managed-keys section)\n");
- sopt_usage ("\tusage: %s -M [-dhrz] [-c config] [file|dir ...]\n", progname);
- lopt_usage ("\tusage: %s --list-managedkeys [-dhzr] [-c config] [file|dir ...]\n", progname);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "General options \n");
- fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", ""));
- fprintf (stderr, "\t\t read config from <file> instead of %s\n", CONFIG_FILE);
- fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", ""));
- fprintf (stderr, "\t\t read config options from commandline\n");
- fprintf (stderr, "\t-h%s\t no headline or trusted/managed-key section header/trailer in -T/-M mode\n", loptstr (", --nohead", "\t"));
- fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t"));
- fprintf (stderr, "\t-L%s\t print the domain name left justified (default: %s)\n", loptstr (", --leftjust", "\t"), ljustflag ? "on": "off");
- fprintf (stderr, "\t-l list%s", loptstr (", --label=\"list\"\n\t", ""));
- fprintf (stderr, "\t\t print out only zone keys from the given domain list\n");
- fprintf (stderr, "\t-C[term]%s", loptstr (", --color[=\"term\"]\n\t", ""));
- fprintf (stderr, "\t\t turn color mode on \n");
- fprintf (stderr, "\t-p%s\t show path of keyfile / create key in current directory\n", loptstr (", --path", "\t"));
- fprintf (stderr, "\t-r%s\t recursive mode on/off (default: %s)\n", loptstr(", --recursive", "\t"), recflag ? "on": "off");
- fprintf (stderr, "\t-s%s\t change sorting of subdomains\n", loptstr(", --subdomain", "\t"));
- fprintf (stderr, "\t-a%s\t print age of key (default: %s)\n", loptstr (", --age", "\t"), ageflag ? "on": "off");
- fprintf (stderr, "\t-t%s\t print key generation time (default: %s)\n", loptstr (", --time", "\t"),
- timeflag ? "on": "off");
- fprintf (stderr, "\t-e%s\t print key expiration time\n", loptstr (", --expire", "\t"));
- fprintf (stderr, "\t-f%s\t print key lifetime\n", loptstr (", --lifetime", "\t"));
- fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t"));
- fprintf (stderr, "\t-z%s\t zone signing keys only\n", loptstr (", --zsk", "\t"));
- if ( mesg && *mesg )
- fprintf (stderr, "%s\n", mesg);
- exit (1);
-}
-
-static int parsedirectory (const char *dir, dki_t **listp, int sub_before)
-{
- dki_t *dkp;
- DIR *dirp;
- struct dirent *dentp;
- char path[MAX_PATHSIZE+1];
-
- if ( dirflag )
- return 0;
-
- dbg_val ("directory: opendir(%s)\n", dir);
- if ( (dirp = opendir (dir)) == NULL )
- return 0;
-
- while ( (dentp = readdir (dirp)) != NULL )
- {
- if ( is_dotfilename (dentp->d_name) )
- continue;
-
- dbg_val ("directory: check %s\n", dentp->d_name);
- pathname (path, sizeof (path), dir, dentp->d_name, NULL);
- if ( is_directory (path) && recflag )
- {
- dbg_val ("directory: recursive %s\n", path);
- parsedirectory (path, listp, sub_before);
- }
- else if ( is_keyfilename (dentp->d_name) )
- if ( (dkp = dki_read (dir, dentp->d_name)) )
- {
- // fprintf (stderr, "parsedir: tssearch (%d %s)\n", dkp, dkp->name);
-#if defined (USE_TREE) && USE_TREE
- dki_tadd (listp, dkp, sub_before);
-#else
- dki_add (listp, dkp);
-#endif
- }
- }
- closedir (dirp);
- return 1;
-}
-
-static void parsefile (const char *file, dki_t **listp, int sub_before)
-{
- char path[MAX_PATHSIZE+1];
- dki_t *dkp;
-
- /* file arg contains path ? ... */
- file = splitpath (path, sizeof (path), file); /* ... then split of */
-
- if ( is_keyfilename (file) ) /* plain file name looks like DNS key file ? */
- {
- if ( (dkp = dki_read (path, file)) ) /* read DNS key file ... */
-#if defined (USE_TREE) && USE_TREE
- dki_tadd (listp, dkp, sub_before); /* ... and add to tree */
-#else
- dki_add (listp, dkp); /* ... and add to list */
-#endif
- else
- error ("error parsing %s: (%s)\n", file, dki_geterrstr());
- }
-}
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zkt-signer.c (c) Jan 2005 - Jan 2010 Holger Zuleger hznet.de
-**
-** A wrapper around the BIND dnssec-signzone command which is able
-** to resign a zone if necessary and doing a zone or key signing key rollover.
-**
-** Copyright (c) 2005 - 2010, Holger Zuleger HZnet. All rights reserved.
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <assert.h>
-# include <dirent.h>
-# include <errno.h>
-# include <unistd.h>
-# include <ctype.h>
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# include <getopt.h>
-#endif
-# include "zconf.h"
-# include "debug.h"
-# include "misc.h"
-# include "ncparse.h"
-# include "nscomm.h"
-# include "soaserial.h"
-# include "zone.h"
-# include "dki.h"
-# include "rollover.h"
-# include "log.h"
-
-# define short_options "c:L:V:D:N:o:O:dfHhnrv"
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-static struct option long_options[] = {
- {"reload", no_argument, NULL, 'r'},
- {"force", no_argument, NULL, 'f'},
- {"noexec", no_argument, NULL, 'n'},
- {"verbose", no_argument, NULL, 'v'},
- {"directory", no_argument, NULL, 'd'},
- {"config", required_argument, NULL, 'c'},
- {"option", required_argument, NULL, 'O'},
- {"config-option", required_argument, NULL, 'O'},
- {"logfile", required_argument, NULL, 'L' },
- {"view", required_argument, NULL, 'V' },
- {"directory", required_argument, NULL, 'D'},
- {"named-conf", required_argument, NULL, 'N'},
- {"origin", required_argument, NULL, 'o'},
- {"dynamic", no_argument, NULL, 'd' },
- {"help", no_argument, NULL, 'h'},
- {0, 0, 0, 0}
-};
-#endif
-
-
-/** function declaration **/
-static void usage (char *mesg, zconf_t *conf);
-static int add2zonelist (const char *dir, const char *view, const char *zone, const char *file);
-static int parsedir (const char *dir, zone_t **zp, const zconf_t *conf);
-static int dosigning (zone_t *zonelist, zone_t *zp);
-static int check_keydb_timestamp (dki_t *keylist, time_t reftime);
-static int new_keysetfiles (const char *dir, time_t zone_signing_time);
-static int writekeyfile (const char *fname, const dki_t *list, int key_ttl);
-static int sign_zone (const zone_t *zp);
-static void register_key (dki_t *listp, const zconf_t *z);
-static void copy_keyset (const char *dir, const char *domain, const zconf_t *conf);
-
-/** global command line options **/
-extern int optopt;
-extern int opterr;
-extern int optind;
-extern char *optarg;
-const char *progname;
-static const char *viewname = NULL;
-static const char *logfile = NULL;
-static const char *origin = NULL;
-static const char *namedconf = NULL;
-static const char *dirname = NULL;
-static int verbose = 0;
-static int force = 0;
-static int reloadflag = 0;
-static int noexec = 0;
-static int dynamic_zone = 0; /* dynamic zone ? */
-static zone_t *zonelist = NULL; /* must be static global because add2zonelist use it */
-static zconf_t *config;
-
-/** macros **/
-#define set_bind96_dynzone(dz) ((dz) = 6)
-#define bind96_dynzone(dz) ( (dz) >= 6 )
-#define is_defined(str) ( (str) && *(str) )
-
-int main (int argc, char *const argv[])
-{
- int c;
- int errcnt;
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
- int opt_index;
-#endif
- char errstr[255+1];
- char *p;
- const char *defconfname;
- zone_t *zp;
-
- progname = *argv;
- if ( (p = strrchr (progname, '/')) )
- progname = ++p;
-
- if ( strncmp (progname, "dnssec-signer", 13) == 0 )
- {
- fprintf (stderr, "The use of dnssec-signer is deprecated, please run zkt-signer instead\n");
- viewname = getnameappendix (progname, "dnssec-signer");
- }
- else
- viewname = getnameappendix (progname, "zkt-signer");
- defconfname = getdefconfname (viewname);
- config = loadconfig ("", (zconf_t *)NULL); /* load build-in config */
- if ( fileexist (defconfname) ) /* load default config file */
- config = loadconfig (defconfname, config);
- if ( config == NULL )
- fatal ("Couldn't load config: Out of memory\n");
-
- zonelist = NULL;
- opterr = 0;
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
- while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 )
-#else
- while ( (c = getopt (argc, argv, short_options)) != -1 )
-#endif
- {
- switch ( c )
- {
- case 'V': /* view name */
- viewname = optarg;
- defconfname = getdefconfname (viewname);
- if ( fileexist (defconfname) ) /* load default config file */
- config = loadconfig (defconfname, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- break;
- case 'c': /* load config from file */
- config = loadconfig (optarg, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- break;
- case 'O': /* load config option from commandline */
- config = loadconfig_fromstr (optarg, config);
- if ( config == NULL )
- fatal ("Out of memory\n");
- break;
- case 'o':
- origin = optarg;
- break;
- case 'N':
- namedconf = optarg;
- break;
- case 'D':
- dirname = optarg;
- break;
- case 'L': /* error log file|directory */
- logfile = optarg;
- break;
- case 'f':
- force++;
- break;
- case 'H':
- case 'h':
- usage (NULL, config);
- break;
- case 'd':
- dynamic_zone = 1;
- /* dynamic zone requires a name server reload... */
- reloadflag = 0; /* ...but "rndc thaw" reloads the zone anyway */
- break;
- case 'n':
- noexec = 1;
- break;
- case 'r':
- if ( !dynamic_zone ) /* dynamic zones don't need a rndc reload (see "-d" */
- reloadflag = 1;
- break;
- case 'v':
- verbose++;
- break;
- case '?':
- if ( isprint (optopt) )
- snprintf (errstr, sizeof(errstr),
- "Unknown option \"-%c\".\n", optopt);
- else
- snprintf (errstr, sizeof (errstr),
- "Unknown option char \\x%x.\n", optopt);
- usage (errstr, config);
- break;
- default:
- abort();
- }
- }
- dbg_line();
-
- /* store some of the commandline parameter in the config structure */
- setconfigpar (config, "--view", viewname);
- setconfigpar (config, "-v", &verbose);
- setconfigpar (config, "--noexec", &noexec);
- if ( logfile == NULL )
- logfile = config->logfile;
-
- if ( lg_open (progname, config->syslogfacility, config->sysloglevel, config->zonedir, logfile, config->loglevel) < -1 )
- fatal ("Couldn't open logfile %s in dir %s\n", logfile, config->zonedir);
-
- lg_args (LG_NOTICE, argc, argv);
-
- /* 1.0rc1: If the ttl is 0 or not known because of dynamic zone signing, ... */
- /* ... use sig valid time for this */
- if ( config->max_ttl <= 0 || dynamic_zone )
- {
- // config = dupconfig (config);
- config->max_ttl = config->sigvalidity;
- }
-
-
- if ( origin ) /* option -o ? */
- {
- int ret;
-
- if ( (argc - optind) <= 0 ) /* no arguments left ? */
- ret = zone_readdir (".", origin, NULL, &zonelist, config, dynamic_zone);
- else
- ret = zone_readdir (".", origin, argv[optind], &zonelist, config, dynamic_zone);
-
- /* anyway, "delete" all (remaining) arguments */
- optind = argc;
-
- /* complain if nothing could read in */
- if ( ret != 1 || zonelist == NULL )
- {
- lg_mesg (LG_FATAL, "\"%s\": couldn't read", origin);
- fatal ("Couldn't read zone \"%s\"\n", origin);
- }
- }
- if ( namedconf ) /* option -N ? */
- {
- char dir[255+1];
-
- memset (dir, '\0', sizeof (dir));
- if ( config->zonedir )
- strncpy (dir, config->zonedir, sizeof(dir));
- if ( !parse_namedconf (namedconf, config->chroot_dir, dir, sizeof (dir), add2zonelist) )
- fatal ("Can't read file %s as namedconf file\n", namedconf);
- if ( zonelist == NULL )
- fatal ("No signed zone found in file %s\n", namedconf);
- }
- if ( dirname ) /* option -D ? */
- {
- char *dir = strdup (dirname);
-
- p = dir + strlen (dir);
- if ( p > dir )
- p--;
- if ( *p == '/' )
- *p = '\0'; /* remove trailing path seperator */
-
- if ( !parsedir (dir, &zonelist, config) )
- fatal ("Can't read directory tree %s\n", dir);
- if ( zonelist == NULL )
- fatal ("No signed zone found in directory tree %s\n", dir);
- free (dir);
- }
-
- /* none of the above: read default directory tree */
- if ( zonelist == NULL )
- parsedir (config->zonedir, &zonelist, config);
-
-#if defined(DBG) && DBG
- for ( zp = zonelist; zp; zp = zp->next )
- zone_print ("in main: ", zp);
-#endif
- for ( zp = zonelist; zp; zp = zp->next )
- if ( in_strarr (zp->zone, &argv[optind], argc - optind) )
- {
- dosigning (zonelist, zp);
- verbmesg (1, zp->conf, "\n");
- }
-
- zone_freelist (&zonelist);
-
- errcnt = lg_geterrcnt ();
- lg_mesg (LG_NOTICE, "end of run: %d error%s occured", errcnt, errcnt == 1 ? "" : "s");
- lg_close ();
-
- return errcnt < 64 ? errcnt : 64;
-}
-
-# define sopt_usage(mesg, value) fprintf (stderr, mesg, value)
-#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
-# define lopt_usage(mesg, value) fprintf (stderr, mesg, value)
-# define loptstr(lstr, sstr) lstr
-#else
-# define lopt_usage(mesg, value)
-# define loptstr(lstr, sstr) sstr
-#endif
-static void usage (char *mesg, zconf_t *conf)
-{
- fprintf (stderr, "%s version %s compiled for BIND %d\n", progname, ZKT_VERSION, BIND_VERSION);
- fprintf (stderr, "ZKT %s\n", ZKT_COPYRIGHT);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "usage: %s [-L] [-V view] [-c file] [-O optstr] ", progname);
- fprintf (stderr, "[-D directorytree] ");
- fprintf (stderr, "[-fhnr] [-v [-v]] [zone ...]\n");
-
- fprintf (stderr, "usage: %s [-L] [-V view] [-c file] [-O optstr] ", progname);
- fprintf (stderr, "-N named.conf ");
- fprintf (stderr, "[-fhnr] [-v [-v]] [zone ...]\n");
-
- fprintf (stderr, "usage: %s [-L] [-V view] [-c file] [-O optstr] ", progname);
- fprintf (stderr, "-o origin ");
- fprintf (stderr, "[-fhnr] [-v [-v]] [zonefile.signed]\n");
-
- fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", ""));
- fprintf (stderr, "\t\t read config from <file> instead of %s\n", CONFIG_FILE);
- fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", ""));
- fprintf (stderr, "\t\t set config options on the commandline\n");
- fprintf (stderr, "\t-L file|dir%s", loptstr (", --logfile=file|dir\n", ""));
- fprintf (stderr, "\t\t specify file or directory for the log output\n");
- fprintf (stderr, "\t-V name%s", loptstr (", --view=name\n", ""));
- fprintf (stderr, "\t\t specify the view name \n");
- fprintf (stderr, "\t-D dir%s", loptstr (", --directory=dir\n", ""));
- fprintf (stderr, "\t\t parse the given directory tree for a list of secure zones \n");
- fprintf (stderr, "\t-N file%s", loptstr (", --named-conf=file\n", ""));
- fprintf (stderr, "\t\t get the list of secure zones out of the named like config file \n");
- fprintf (stderr, "\t-o zone%s", loptstr (", --origin=zone", ""));
- fprintf (stderr, "\tspecify the name of the zone \n");
- fprintf (stderr, "\t\t The file to sign should be given as an argument (default is \"%s.signed\")\n", conf->zonefile);
- fprintf (stderr, "\t-h%s\t print this help\n", loptstr (", --help", "\t"));
- fprintf (stderr, "\t-f%s\t force re-signing\n", loptstr (", --force", "\t"));
- fprintf (stderr, "\t-n%s\t no execution of external signing command\n", loptstr (", --noexec", "\t"));
- // fprintf (stderr, "\t-r%s\t reload zone via <rndc reload zone> (or via the external distribution command)\n", loptstr (", --reload", "\t"));
- fprintf (stderr, "\t-r%s\t reload zone via %s\n", loptstr (", --reload", "\t"), conf->dist_cmd ? conf->dist_cmd: "rndc");
- fprintf (stderr, "\t-v%s\t be verbose (use twice to be very verbose)\n", loptstr (", --verbose", "\t"));
-
- fprintf (stderr, "\t[zone]\t sign only those zones given as argument\n");
-
- fprintf (stderr, "\n");
- fprintf (stderr, "\tif neither -D nor -N nor -o is given, the directory tree specified\n");
- fprintf (stderr, "\tin the dnssec config file (\"%s\") will be parsed\n", conf->zonedir);
-
- if ( mesg && *mesg )
- fprintf (stderr, "%s\n", mesg);
- exit (127);
-}
-
-/** fill zonelist with infos coming out of named.conf **/
-static int add2zonelist (const char *dir, const char *view, const char *zone, const char *file)
-{
-#ifdef DBG
- fprintf (stderr, "printzone ");
- fprintf (stderr, "view \"%s\" " , view);
- fprintf (stderr, "zone \"%s\" " , zone);
- fprintf (stderr, "file ");
- if ( dir && *dir )
- fprintf (stderr, "%s/", dir);
- fprintf (stderr, "%s", file);
- fprintf (stderr, "\n");
-#endif
- dbg_line ();
- if ( view[0] != '\0' ) /* view found in named.conf */
- {
- if ( viewname == NULL || viewname[0] == '\0' ) /* viewname wasn't set on startup ? */
- {
- dbg_line ();
- error ("zone \"%s\" in view \"%s\" found in name server config, but no matching view was set on startup\n", zone, view);
- lg_mesg (LG_ERROR, "\"%s\" in view \"%s\" found in name server config, but no matching view was set on startup", zone, view);
- return 0;
- }
- dbg_line ();
- if ( strcmp (viewname, view) != 0 ) /* zone is _not_ in current view */
- return 0;
- }
- return zone_readdir (dir, zone, file, &zonelist, config, dynamic_zone);
-}
-
-static int parsedir (const char *dir, zone_t **zp, const zconf_t *conf)
-{
- DIR *dirp;
- struct dirent *dentp;
- char path[MAX_PATHSIZE+1];
-
- dbg_val ("parsedir: (%s)\n", dir);
- if ( !is_directory (dir) )
- return 0;
-
- dbg_line ();
- zone_readdir (dir, NULL, NULL, zp, conf, dynamic_zone);
-
- dbg_val ("parsedir: opendir(%s)\n", dir);
- if ( (dirp = opendir (dir)) == NULL )
- return 0;
-
- while ( (dentp = readdir (dirp)) != NULL )
- {
- if ( is_dotfilename (dentp->d_name) )
- continue;
-
- pathname (path, sizeof (path), dir, dentp->d_name, NULL);
- if ( !is_directory (path) )
- continue;
-
- dbg_val ("parsedir: recursive %s\n", path);
- parsedir (path, zp, conf);
- }
- closedir (dirp);
- return 1;
-}
-
-static int dosigning (zone_t *zonelist, zone_t *zp)
-{
- char path[MAX_PATHSIZE+1];
- int err;
- int newkey;
- int newkeysetfile;
- int use_unixtime;
- time_t currtime;
- time_t zfile_time;
- time_t zfilesig_time;
- char mesg[255+1];
-
- verbmesg (1, zp->conf, "parsing zone \"%s\" in dir \"%s\"\n", zp->zone, zp->dir);
-
- pathname (path, sizeof (path), zp->dir, zp->sfile, NULL);
- dbg_val("parsezonedir fileexist (%s)\n", path);
- if ( !fileexist (path) )
- {
- error ("Not a secure zone directory (%s)!\n", zp->dir);
- lg_mesg (LG_ERROR, "\"%s\": not a secure zone directory (%s)!", zp->zone, zp->dir);
- return 1;
- }
- zfilesig_time = file_mtime (path);
-
- pathname (path, sizeof (path), zp->dir, zp->file, NULL);
- dbg_val("parsezonedir fileexist (%s)\n", path);
- if ( !fileexist (path) )
- {
- error ("No zone file found (%s)!\n", path);
- lg_mesg (LG_ERROR, "\"%s\": no zone file found (%s)!", zp->zone, path);
- return 2;
- }
-
- zfile_time = file_mtime (path);
- currtime = time (NULL);
-
- /* check for domain based logging */
- if ( is_defined (zp->conf->logdomaindir) ) /* parameter is not null or empty ? */
- {
- if ( strcmp (zp->conf->logdomaindir, ".") == 0 ) /* current (".") means zone directory */
- lg_zone_start (zp->dir, zp->zone);
- else
- lg_zone_start (zp->conf->logdomaindir, zp->zone);
- }
-
- /* check rfc5011 key signing keys, create new one if necessary */
- dbg_msg("parsezonedir check rfc 5011 ksk ");
- newkey = ksk5011status (&zp->keys, zp->dir, zp->zone, zp->conf);
- if ( (newkey & 02) != 02 ) /* not a rfc 5011 zone ? */
- {
- verbmesg (2, zp->conf, "\t\t->not a rfc5011 zone, looking for a regular ksk rollover\n");
- /* check key signing keys, create new one if necessary */
- dbg_msg("parsezonedir check ksk ");
- newkey |= kskstatus (zonelist, zp);
- }
- else
- newkey &= ~02; /* reset bit 2 */
-
- /* check age of zone keys, probably retire (depreciate) or remove old keys */
- dbg_msg("parsezonedir check zsk ");
- newkey += zskstatus (&zp->keys, zp->dir, zp->zone, zp->conf);
-
- /* check age of "dnskey.db" file against age of keyfiles */
- pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
- dbg_val("parsezonedir check_keydb_timestamp (%s)\n", path);
- if ( !newkey )
- newkey = check_keydb_timestamp (zp->keys, file_mtime (path));
-
- newkeysetfile = 0;
-#if defined(ALWAYS_CHECK_KEYSETFILES) && ALWAYS_CHECK_KEYSETFILES /* patch from Shane Wegner 15. June 2009 */
- /* check if there is a new keyset- file */
- if ( !newkey )
- newkeysetfile = new_keysetfiles (zp->dir, zfilesig_time);
-#else
- /* if we work in subdir mode, check if there is a new keyset- file */
- if ( !newkey && zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
- newkeysetfile = new_keysetfiles (zp->dir, zfilesig_time);
-#endif
-
- /* is there a list of files included in zone.db ? */
- if ( zp->conf->dependfiles && *zp->conf->dependfiles )
- {
- char file[255+1];
- const char *p;
- int i;
- time_t incfile_mtime;
-
- /* check the timestamp of each file against "zone.db" */
- p = zp->conf->dependfiles;
- while ( p && *p )
- {
- while ( isflistdelim (*p) )
- p++;
-
- for ( i = 0; i < 255 && *p && !isflistdelim (*p); i++ )
- file[i] = *p++;
- file[i] = '\0';
-
- pathname (path, sizeof (path), zp->dir, file, NULL);
-
- incfile_mtime = file_mtime (path);
- if ( incfile_mtime > zfile_time ) /* include file is newer? */
- zfile_time = incfile_mtime; /* take this one as new mtime */
- }
- }
-
- /**
- ** Check if it is time to do a re-sign. This is the case if
- ** a) the command line flag -f is set, or
- ** b) new keys are generated, or
- ** c) we found a new KSK of a delegated domain, or
- ** d) the "dnskey.db" file is newer than "zone.db"
- ** e) the "zone.db" is newer than "zone.db.signed" or
- ** f) "zone.db.signed" is older than the re-sign interval
- **/
- mesg[0] = '\0';
- if ( force )
- snprintf (mesg, sizeof(mesg), "Option -f");
- else if ( newkey )
- snprintf (mesg, sizeof(mesg), "Modified zone key set");
- else if ( newkeysetfile )
- snprintf (mesg, sizeof(mesg), "Modified KSK in delegated domain");
- else if ( file_mtime (path) > zfilesig_time )
- snprintf (mesg, sizeof(mesg), "Modified keys");
- else if ( zfile_time > zfilesig_time )
- snprintf (mesg, sizeof(mesg), "Zone file edited");
- else if ( (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) )
- snprintf (mesg, sizeof(mesg), "re-signing interval (%s) reached",
- str_delspace (age2str (zp->conf->resign)));
-
- if ( *mesg )
- verbmesg (1, zp->conf, "\tRe-signing necessary: %s\n", mesg);
- else
- verbmesg (1, zp->conf, "\tRe-signing not necessary!\n");
-
- if ( *mesg )
- lg_mesg (LG_NOTICE, "\"%s\": re-signing triggered: %s", zp->zone, mesg);
-
- dbg_line ();
- if ( !(force || newkey || newkeysetfile || zfile_time > zfilesig_time ||
- file_mtime (path) > zfilesig_time ||
- (currtime - zfilesig_time) > zp->conf->resign - (OFFSET)) )
- {
- verbmesg (2, zp->conf, "\tCheck if there is a parent file to copy\n");
- if ( zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
- copy_keyset (zp->dir, zp->zone, zp->conf); /* copy the parent- file if it exist */
- if ( is_defined (zp->conf->logdomaindir) )
- lg_zone_end ();
- return 0; /* nothing to do */
- }
-
- /* let's start signing the zone */
- dbg_line ();
-
- /* create new "dnskey.db" file */
- pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
- verbmesg (1, zp->conf, "\tWriting key file \"%s\"\n", path);
- if ( !writekeyfile (path, zp->keys, zp->conf->key_ttl) )
- {
- error ("Can't create keyfile %s \n", path);
- lg_mesg (LG_ERROR, "\"%s\": can't create keyfile %s", zp->zone , path);
- }
-
- err = 1;
- use_unixtime = ( zp->conf->serialform == Unixtime );
- dbg_val1 ("Use unixtime = %d\n", use_unixtime);
- if ( !dynamic_zone && !use_unixtime ) /* increment serial number in static zone files */
- {
- pathname (path, sizeof (path), zp->dir, zp->file, NULL);
- err = 0;
- if ( noexec == 0 )
- {
- if ( (err = inc_serial (path, use_unixtime)) < 0 )
- {
- error ("could not increment serialno of domain %s in file %s: %s!\n",
- zp->zone, path, inc_errstr (err));
- lg_mesg (LG_ERROR,
- "zone \"%s\": couldn't increment serialno in file %s: %s",
- zp->zone, path, inc_errstr (err));
- }
- else
- verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
- }
- else
- verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
- }
-
- /* at last, sign the zone file */
- if ( err >= 0 )
- {
- time_t timer;
-
- verbmesg (1, zp->conf, "\tSigning zone \"%s\"\n", zp->zone);
- logflush ();
-
- /* dynamic zones uses incremental signing, so we have to */
- /* prepare the old (signed) file as new input file */
- if ( dynamic_zone )
- {
- char zfile[MAX_PATHSIZE+1];
-
- dyn_update_freeze (zp->zone, zp->conf, 1); /* freeze dynamic zone ! */
-
- pathname (zfile, sizeof (zfile), zp->dir, zp->file, NULL);
- pathname (path, sizeof (path), zp->dir, zp->sfile, NULL);
- if ( filesize (path) == 0L ) /* initial signing request ? */
- {
- verbmesg (1, zp->conf, "\tDynamic Zone signing: Initial signing request: Add DNSKEYs to zonefile\n");
- copyfile (zfile, path, zp->conf->keyfile);
- }
-#if 1
- else if ( zfile_time > zfilesig_time ) /* zone.db is newer than signed file */
- {
- verbmesg (1, zp->conf, "\tDynamic Zone signing: zone file manually edited: Use it as new input file\n");
- copyfile (zfile, path, NULL);
- }
-#endif
- verbmesg (1, zp->conf, "\tDynamic Zone signing: copy old signed zone file %s to new input file %s\n",
- path, zfile);
-
- if ( newkey ) /* if we have new keys, they should be added to the zone file */
- {
- copyzonefile (path, zfile, zp->conf->keyfile);
-#if 0
- if ( zp->conf->dist_cmd )
- dist_and_reload (zp, 2); /* ... and send to the name server */
-#endif
- }
- else /* else we can do a simple file copy */
- copyfile (path, zfile, NULL);
- }
-
- timer = start_timer ();
- if ( (err = sign_zone (zp)) < 0 )
- {
- error ("\tSigning of zone %s failed (%d)!\n", zp->zone, err);
- lg_mesg (LG_ERROR, "\"%s\": signing failed!", zp->zone);
- }
- timer = stop_timer (timer);
-
- if ( dynamic_zone )
- dyn_update_freeze (zp->zone, zp->conf, 0); /* thaw dynamic zone file */
-
- if ( err >= 0 )
- {
- const char *tstr = str_delspace (age2str (timer));
-
- if ( !tstr || *tstr == '\0' )
- tstr = "0s";
- verbmesg (1, zp->conf, "\tSigning completed after %s.\n", tstr);
- }
- }
-
- copy_keyset (zp->dir, zp->zone, zp->conf);
-
- if ( err >= 0 && reloadflag )
- {
- if ( zp->conf->dist_cmd )
- dist_and_reload (zp, 1);
- else
- reload_zone (zp->zone, zp->conf);
-
- register_key (zp->keys, zp->conf);
- }
-
- if ( is_defined (zp->conf->logdomaindir) )
- lg_zone_end ();
-
- return err;
-}
-
-static void register_key (dki_t *list, const zconf_t *z)
-{
- dki_t *dkp;
- time_t age;
-
- time_t currtime;
- assert ( list != NULL );
- assert ( z != NULL );
-
- currtime = time (NULL);
- for ( dkp = list; dkp && dki_isksk (dkp); dkp = dkp->next )
- {
- age = dki_age (dkp, currtime);
-#if 0
- /* announce "new" and active key signing keys */
- if ( REG_URL && *REG_URL && dki_status (dkp) == DKI_ACT && age <= z->resign * 4 )
- {
- if ( verbose )
- logmesg ("\tRegister new KSK with tag %d for domain %s\n",
- dkp->tag, dkp->name);
- }
-#endif
- }
-}
-
-/*
- * This function is not working with symbolic links to keyset- files,
- * because file_mtime() returns the mtime of the underlying file, and *not*
- * that of the symlink file.
- * This is bad, because the keyset-file will be newly generated by dnssec-signzone
- * on every re-signing call.
- * Instead, in the case of a hierarchical directory structure, we copy the file
- * (and so we change the timestamp) only if it was modified after the last
- * generation (checked with cmpfile(), see func sign_zone()).
- */
-# define KEYSET_FILE_PFX "keyset-"
-static int new_keysetfiles (const char *dir, time_t zone_signing_time)
-{
- DIR *dirp;
- struct dirent *dentp;
- char path[MAX_PATHSIZE+1];
- int newkeysetfile;
-
- if ( (dirp = opendir (dir)) == NULL )
- return 0;
-
- newkeysetfile = 0;
- dbg_val2 ("new_keysetfile (%s, %s)\n", dir, time2str (zone_signing_time, 's'));
- while ( !newkeysetfile && (dentp = readdir (dirp)) != NULL )
- {
- if ( strncmp (dentp->d_name, KEYSET_FILE_PFX, strlen (KEYSET_FILE_PFX)) != 0 )
- continue;
-
- pathname (path, sizeof (path), dir, dentp->d_name, NULL);
- dbg_val2 ("newkeysetfile timestamp of %s = %s\n", path, time2str (file_mtime(path), 's'));
- if ( file_mtime (path) > zone_signing_time )
- newkeysetfile = 1;
- }
- closedir (dirp);
-
- return newkeysetfile;
-}
-
-static int check_keydb_timestamp (dki_t *keylist, time_t reftime)
-{
- dki_t *key;
-
- assert ( keylist != NULL );
- if ( reftime == 0 )
- return 1;
-
- for ( key = keylist; key; key = key->next )
- if ( dki_time (key) > reftime )
- return 1;
-
- return 0;
-}
-
-static int writekeyfile (const char *fname, const dki_t *list, int key_ttl)
-{
- FILE *fp;
- const dki_t *dkp;
- time_t curr = time (NULL);
- int ksk;
-
- if ( (fp = fopen (fname, "w")) == NULL )
- return 0;
- fprintf (fp, ";\n");
- fprintf (fp, ";\t!!! Don\'t edit this file by hand.\n");
- fprintf (fp, ";\t!!! It will be generated by %s.\n", progname);
- fprintf (fp, ";\n");
- fprintf (fp, ";\t Last generation time %s\n", time2str (curr, 's'));
- fprintf (fp, ";\n");
-
- fprintf (fp, "\n");
- fprintf (fp, "; *** List of Key Signing Keys ***\n");
- ksk = 1;
- for ( dkp = list; dkp; dkp = dkp->next )
- {
- if ( ksk && !dki_isksk (dkp) )
- {
- fprintf (fp, "; *** List of Zone Signing Keys ***\n");
- ksk = 0;
- }
- dki_prt_comment (dkp, fp);
- dki_prt_dnskeyttl (dkp, fp, key_ttl);
- putc ('\n', fp);
- }
-
- fclose (fp);
- return 1;
-}
-
-static int sign_zone (const zone_t *zp)
-{
- char cmd[2047+1];
- char str[1023+1];
- char rparam[254+1];
- char nsec3param[637+1];
- char keysetdir[254+1];
- const char *gends;
- const char *dnskeyksk;
- const char *pseudo;
- const char *param;
- int len;
- FILE *fp;
-
- const char *dir;
- const char *domain;
- const char *file;
- const zconf_t *conf;
-
- assert (zp != NULL);
- dir = zp->dir;
- domain = zp->zone;
- file = zp->file;
- conf = zp->conf;
-
- len = 0;
- str[0] = '\0';
- if ( conf->lookaside && conf->lookaside[0] )
- len = snprintf (str, sizeof (str), "-l %.250s", conf->lookaside);
-
- dbg_line();
- if ( !dynamic_zone && conf->serialform == Unixtime )
- snprintf (str+len, sizeof (str) - len, " -N unixtime");
-
- gends = "";
- if ( conf->sig_gends )
- gends = "-C -g ";
-
- dnskeyksk = "";
- if ( conf->sig_dnskeyksk )
- dnskeyksk = "-x ";
-
- pseudo = "";
- if ( conf->sig_pseudo )
- pseudo = "-p ";
-
- param = "";
- if ( conf->sig_param && conf->sig_param[0] )
- param = conf->sig_param;
-
- nsec3param[0] = '\0';
- if ( conf->k_algo == DK_ALGO_NSEC3DSA || conf->k_algo == DK_ALGO_NSEC3RSASHA1 ||
- conf->nsec3 != NSEC3_OFF )
- {
- char salt[510+1]; /* salt has a maximum of 255 bytes == 510 hex nibbles */
- const char *update;
- const char *optout;
- unsigned int seed;
-
- update = "-u "; /* trailing blank is necessary */
- if ( conf->nsec3 == NSEC3_OPTOUT )
- optout = "-A ";
- else
- optout = "";
-
- /* static zones can use always a new salt (full zone signing) */
- seed = 0L; /* no seed: use mechanism build in gensalt() */
- if ( dynamic_zone )
- { /* dynamic zones have to reuse the salt on signing */
- const dki_t *kp;
-
- /* use gentime timestamp of ZSK for seeding rand generator */
- kp = dki_find (zp->keys, DKI_ZSK, DKI_ACTIVE, 1);
- assert ( kp != NULL );
- if ( kp->gentime )
- seed = kp->gentime;
- else
- seed = kp->time;
- }
-
- if ( gensalt (salt, sizeof (salt), conf->saltbits, seed) )
- snprintf (nsec3param, sizeof (nsec3param), "%s%s-3 %s ", update, optout, salt);
- }
-
- dbg_line();
- rparam[0] = '\0';
- if ( conf->sig_random && conf->sig_random[0] )
- snprintf (rparam, sizeof (rparam), "-r %.250s ", conf->sig_random);
-
- dbg_line();
- keysetdir[0] = '\0';
- if ( conf->keysetdir && conf->keysetdir[0] && strcmp (conf->keysetdir, "..") != 0 )
- snprintf (keysetdir, sizeof (keysetdir), "-d %.250s ", conf->keysetdir);
-
- if ( dir == NULL || *dir == '\0' )
- dir = ".";
-
- dbg_line();
- if ( dynamic_zone )
- snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s%s%s-o %s -e +%ld %s -N increment -f %s.dsigned %s K*.private 2>&1",
- dir, SIGNCMD, param, nsec3param, dnskeyksk, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file, file);
- else
- snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s%s%s-o %s -e +%ld %s %s K*.private 2>&1",
- dir, SIGNCMD, param, nsec3param, dnskeyksk, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file);
- verbmesg (2, conf, "\t Run cmd \"%s\"\n", cmd);
- *str = '\0';
- if ( noexec == 0 )
- {
-#if 0
- if ( (fp = popen (cmd, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
- return -1;
-#else
- if ( (fp = popen (cmd, "r")) == NULL )
- return -1;
- str[0] = '\0';
- while ( fgets (str, sizeof str, fp) != NULL ) /* eat up all output until the last line */
- ;
-#endif
- pclose (fp);
- }
-
- dbg_line();
- verbmesg (2, conf, "\t Cmd dnssec-signzone return: \"%s\"\n", str_chop (str, '\n'));
- len = strlen (str) - 6;
- if ( len < 0 || strcmp (str+len, "signed") != 0 )
- return -1;
-
- return 0;
-}
-
-static void copy_keyset (const char *dir, const char *domain, const zconf_t *conf)
-{
- char fromfile[1024];
- char tofile[1024];
- int ret;
-
- /* propagate "keyset"-file to parent dir */
- if ( conf->keysetdir && strcmp (conf->keysetdir, "..") == 0 )
- {
- /* check if special parent-file exist (ksk rollover) */
- snprintf (fromfile, sizeof (fromfile), "%s/parent-%s", dir, domain);
- if ( !fileexist (fromfile) ) /* use "normal" keyset-file */
- snprintf (fromfile, sizeof (fromfile), "%s/keyset-%s", dir, domain);
-
- /* verbmesg (2, conf, "\t check \"%s\" against parent dir\n", fromfile); */
- snprintf (tofile, sizeof (tofile), "%s/../keyset-%s", dir, domain);
- if ( cmpfile (fromfile, tofile) != 0 )
- {
- verbmesg (2, conf, "\t copy \"%s\" to parent dir\n", fromfile);
- if ( (ret = copyfile (fromfile, tofile, NULL)) != 0 )
- {
- error ("Couldn't copy \"%s\" to parent dir (%d:%s)\n",
- fromfile, ret, strerror(errno));
- lg_mesg (LG_ERROR, "\%s\": can't copy \"%s\" to parent dir (%d:%s)",
- domain, fromfile, ret, strerror(errno));
- }
- }
- }
-}
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zkt-soaserial.c (c) Oct 2007 Holger Zuleger hznet.de
-**
-** A small utility to print out the (unixtime) soa serial
-** number in a human readable form
-**
-** Copyright (c) Oct 2007, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <sys/types.h>
-# include <time.h>
-# include <utime.h>
-# include <assert.h>
-# include <stdlib.h>
-# include <ctype.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-
-static const char *progname;
-
-static char *timestr (time_t sec);
-static int read_serial_fromfile (const char *fname, unsigned long *serial);
-static void printserial (const char *fname, unsigned long serial);
-static void usage (const char *msg);
-
-/*****************************************************************
-** timestr (sec)
-*****************************************************************/
-static char *timestr (time_t sec)
-{
- struct tm *t;
- static char timestr[31+1]; /* 27+1 should be enough */
-
-#if defined(HAVE_STRFTIME) && HAVE_STRFTIME
- t = localtime (&sec);
- strftime (timestr, sizeof (timestr), "%b %d %Y %T %z", t);
-#else
- static char *mstr[] = {
- "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
- };
- int h, s;
-
- t = localtime (&sec);
- s = abs (t->tm_gmtoff);
- h = t->tm_gmtoff / 3600;
- s = t->tm_gmtoff % 3600;
- snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d %c%02d%02d",
- mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900,
- t->tm_hour, t->tm_min, t->tm_sec,
- t->tm_gmtoff < 0 ? '-': '+',
- h, s);
-#endif
-
- return timestr;
-}
-
-
-/****************************************************************
-**
-** int read_serial_fromfile (filename)
-**
-** This function depends on a special syntax formating the
-** SOA record in the zone file!!
-**
-** To match the SOA record, the SOA RR must be formatted
-** like this:
-** @ IN SOA <master.fq.dn.> <hostmaster.fq.dn.> (
-** <SPACEes or TABs> 1234567890; serial number
-** <SPACEes or TABs> 86400 ; other values
-** ...
-**
-****************************************************************/
-static int read_serial_fromfile (const char *fname, unsigned long *serial)
-{
- FILE *fp;
- char buf[4095+1];
- char master[254+1];
- int c;
- int soafound;
-
- if ( (fp = fopen (fname, "r")) == NULL )
- return -1; /* file not found */
-
- /* read until the line matches the beginning of a soa record ... */
- soafound = 0;
- while ( !soafound && fgets (buf, sizeof buf, fp) )
- {
- if ( sscanf (buf, "%*s %*d IN SOA %255s %*s (\n", master) == 1 )
- soafound = 1;
- else if ( sscanf (buf, "%*s IN SOA %255s %*s (\n", master) == 1 )
- soafound = 1;
- }
-
- if ( !soafound )
- return -2; /* no zone file (soa not found) */
-
- /* move forward until any non ws is reached */
- while ( (c = getc (fp)) != EOF && isspace (c) )
- ;
- ungetc (c, fp); /* pushback the non ws */
-
- *serial = 0L; /* read in the current serial number */
- if ( fscanf (fp, "%lu", serial) != 1 ) /* try to get serial no */
- return -3; /* no serial number found */
-
- fclose (fp);
-
- return 0; /* ok! */
-}
-
-/*****************************************************************
-** printserial()
-*****************************************************************/
-static void printserial (const char *fname, unsigned long serial)
-{
- if ( fname && *fname )
- printf ("%-30s\t", fname);
-
- printf ("%10lu", serial);
-
- /* try to guess the soa serial format */
- if ( serial < 1136070000L ) /* plain integer (this is 2006-1-1 00:00 in unixtime format) */
- ;
- else if ( serial > 2006010100L ) /* date format */
- {
- int y, m, d, v;
-
- v = serial % 100;
- serial /= 100;
- d = serial % 100;
- serial /= 100;
- m = serial % 100;
- serial /= 100;
- y = serial;
-
- printf ("\t%d-%02d-%02d Version %02d", y, m, d, v);
- }
- else /* unixtime */
- printf ("\t%s\n", timestr (serial) );
-
- printf ("\n");
-}
-
-/*****************************************************************
-** usage (msg)
-*****************************************************************/
-static void usage (const char *msg)
-{
- if ( msg && *msg )
- fprintf (stderr, "%s\n", msg);
- fprintf (stderr, "usage: %s {-s serial | signed_zonefile [...]}\n", progname);
-
- exit (1);
-}
-
-/*****************************************************************
-** main()
-*****************************************************************/
-int main (int argc, char *argv[])
-{
- unsigned long serial;
-
- progname = *argv;
-
- if ( --argc == 0 )
- usage ("");
-
- if ( argv[1][0] == '-' )
- {
- if ( argv[1][1] != 's' )
- usage ("illegal option");
-
- if ( argc != 2 )
- usage ("Option -s requires an argument");
-
- serial = atol (argv[2]);
- printserial ("", serial);
- }
- else
- while ( argc-- > 0 )
- if ( (read_serial_fromfile (*++argv, &serial)) != 0 )
- fprintf (stderr, "couldn't read serial number from file %s\n", *argv);
- else
- printserial (*argv, serial);
-
- return 0;
-}
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zkt.c -- A library for managing a list of dns zone files.
-**
-** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-# include "dki.h"
-# include "misc.h"
-# include "strlist.h"
-# include "zconf.h"
-# include "domaincmp.h"
-# include "tcap.h"
-#define extern
-# include "zkt.h"
-#undef extern
-
-extern char *labellist;
-extern int headerflag;
-extern int timeflag;
-extern int exptimeflag;
-extern int lifetime;
-extern int ageflag;
-extern int lifetimeflag;
-extern int kskflag;
-extern int zskflag;
-extern int pathflag;
-extern int ljustflag;
-
-static void printkeyinfo (const dki_t *dkp, const char *oldpath);
-
-static void printkeyinfo (const dki_t *dkp, const char *oldpath)
-{
- time_t currtime;
-
- if ( dkp == NULL ) /* print headline */
- {
- if ( headerflag )
- {
- tc_attr (stdout, TC_BOLD, 1);
- printf ("%-33.33s %5s %3s %3.3s %-7s", "Keyname",
- "Tag", "Typ", "Status", "Algorit");
- if ( timeflag )
- printf (" %-20s", "Generation Time");
- if ( exptimeflag )
- printf (" %-20s", "Expiration Time");
- if ( ageflag )
- printf (" %16s", "Age");
- if ( lifetimeflag )
- printf (" %4s", "LfTm");
- tc_attr (stdout, TC_BOLD, 0);
- putchar ('\n');
- }
- return;
- }
- time (&currtime);
-
- /* TODO: use next line if dname is dynamically allocated */
- /* if ( pathflag && dkp->dname && strcmp (oldpath, dkp->dname) != 0 ) */
- if ( pathflag && strcmp (oldpath, dkp->dname) != 0 )
- printf ("%s/\n", dkp->dname);
-
- if ( (kskflag && dki_isksk (dkp)) || (zskflag && !dki_isksk (dkp)) )
- {
- int color;
-
- if ( ljustflag )
- printf ("%-33.33s ", dkp->name);
- else
- printf ("%33.33s ", dkp->name);
- printf ("%05d ", dkp->tag);
- printf ("%3s ", dki_isksk (dkp) ? "KSK" : "ZSK");
-
- if ( dkp->status == DKI_ACT )
- color = TC_GREEN;
- else if ( dkp->status == DKI_PUB )
- color = TC_BLUE;
- else if ( dkp->status == DKI_DEP )
- color = TC_RED;
- else
- color = TC_BLACK;
- tc_attr (stdout, color, 1);
- printf ("%-3.3s ", dki_statusstr (dkp) );
- tc_attr (stdout, color, 0);
-
- printf ("%-7s", dki_algo2sstr(dkp->algo));
-
- if ( currtime < dkp->time + dkp->lifetime )
- color = TC_GREEN;
- else
- color = TC_BOLD|TC_RED;
- tc_attr (stdout, color, 1);
-
- if ( timeflag )
- printf (" %-20s", time2str (dkp->gentime ? dkp->gentime: dkp->time, 's'));
- if ( exptimeflag )
- printf (" %-20s", time2str (dkp->exptime, 's'));
- if ( ageflag )
- printf (" %16s", age2str (dki_age (dkp, currtime)));
- if ( lifetimeflag && dkp->lifetime )
- {
- if ( dkp->status == 'a' )
- printf ("%c", (currtime < dkp->time + dkp->lifetime) ? '<' : '!');
- else
- putchar (' ');
- printf ("%hdd", dki_lifetimedays (dkp));
- }
- tc_attr (stdout, color, 0);
- putchar ('\n');
- }
-}
-
-#if defined(USE_TREE) && USE_TREE
-static void list_key (const dki_t **nodep, const VISIT which, int depth)
-{
- const dki_t *dkp;
- static const char *oldpath = "";
-
- if ( nodep == NULL )
- return;
-//fprintf (stderr, "listkey %d %d %s\n", which, depth, dkp->name);
-
- if ( which == INORDER || which == LEAF )
- {
- dkp = *nodep;
- while ( dkp ) /* loop through list */
- {
- if ( labellist == NULL || isinlist (dkp->name, labellist) )
- printkeyinfo (dkp, oldpath); /* print entry */
- oldpath = dkp->dname;
- dkp = dkp->next;
- }
- }
-}
-#endif
-
-void zkt_list_keys (const dki_t *data)
-{
-#if ! defined(USE_TREE) || !USE_TREE
- const dki_t *dkp;
- const char *oldpath;
-#endif
-
- if ( data ) /* print headline if list is not empty */
- printkeyinfo (NULL, "");
-
-#if defined(USE_TREE) && USE_TREE
- twalk (data, list_key);
-#else
- oldpath = "";
- for ( dkp = data; dkp; dkp = dkp->next ) /* loop through list */
- {
- if ( labellist == NULL || isinlist (dkp->name, labellist) )
- printkeyinfo (dkp, oldpath); /* print entry */
- oldpath = dkp->dname;
- }
-#endif
-}
-
-#if defined(USE_TREE) && USE_TREE
-# if 0
-static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth)
-{
- const dki_t *dkp;
-
- if ( nodep == NULL )
- return;
-
- dkp = *nodep;
- if ( which == INORDER || which == LEAF )
- {
-// fprintf (stderr, "list_trustedkey order=%d(pre=0,in=1,post=2,leaf=3) depth=%d %s\n", which, depth, dkp->name);
- /* loop through list */
- while ( dkp )
- {
- if ( (dki_isksk (dkp) || zskflag) &&
- (labellist == NULL || isinlist (dkp->name, labellist)) )
- dki_prt_trustedkey (dkp, stdout);
- dkp = dkp->next;
- }
- }
-}
-# else
-const dki_t *parent;
-static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth)
-{
- const dki_t *dkp;
-
- if ( nodep == NULL )
- return;
-
- dkp = *nodep;
- if ( which == INORDER || which == LEAF )
- {
-// fprintf (stderr, "list_trustedkey order=%d(pre=0,in=1,post=2,leaf=3) depth=%d %s\n", which, depth, dkp->name);
- if ( labellist && !isinlist (dkp->name, labellist) )
- return;
-
- if ( parent == NULL || !issubdomain (dkp->name, parent->name) )
- {
- parent = dkp;
- /* loop through list */
- while ( dkp )
- {
- if ( (dki_isksk (dkp) || zskflag) )
- dki_prt_trustedkey (dkp, stdout);
- dkp = dkp->next;
- }
- }
- }
-}
-static void list_managedkey (const dki_t **nodep, const VISIT which, int depth)
-{
- const dki_t *dkp;
-
- if ( nodep == NULL )
- return;
-
- dkp = *nodep;
- if ( which == INORDER || which == LEAF )
- {
-// fprintf (stderr, "list_trustedkey order=%d(pre=0,in=1,post=2,leaf=3) depth=%d %s\n", which, depth, dkp->name);
- if ( labellist && !isinlist (dkp->name, labellist) )
- return;
-
- if ( parent == NULL || !issubdomain (dkp->name, parent->name) )
- {
- const dki_t *dkp_head = NULL;
- const dki_t *standby = NULL;
-
- parent = dkp;
-
- dkp_head = dkp;
- /* look for a standby key */
- for ( dkp = dkp_head; dkp; dkp = dkp->next )
- if ( dki_isksk (dkp) && dki_ispublished (dkp) )
- standby = dkp;
-
- if ( !standby ) /* no standby key found ? */
- return;
-
- /* print all non-standby ksk */
- for ( dkp = dkp_head; dkp; dkp = dkp->next )
- if ( dki_isksk (dkp) && dkp != standby )
- dki_prt_managedkey (dkp, stdout);
- }
- }
-}
-# endif
-#endif
-
-void zkt_list_trustedkeys (const dki_t *data)
-{
-
- /* print headline if list is not empty */
- if ( data && headerflag )
- printf ("trusted-keys {\n");
-
-#if defined(USE_TREE) && USE_TREE
- twalk (data, list_trustedkey);
-#else
- for ( dkp = data; dkp; dkp = dkp->next ) /* loop through list */
- if ( (dki_isksk (dkp) || zskflag) &&
- (labellist == NULL || isinlist (dkp->name, labellist)) )
- dki_prt_trustedkey (dkp, stdout);
-#endif
-
- /* print end of trusted-key section */
- if ( data && headerflag )
- printf ("};\n");
-}
-
-void zkt_list_managedkeys (const dki_t *data)
-{
-
- /* print headline if list is not empty */
- if ( data && headerflag )
- printf ("managed-keys {\n");
-
-#if defined(USE_TREE) && USE_TREE
- twalk (data, list_managedkey);
-#else
- for ( dkp = data; dkp; dkp = dkp->next ) /* loop through list */
- if ( (dki_isksk (dkp) || zskflag) &&
- (labellist == NULL || isinlist (dkp->name, labellist)) )
- dki_prt_managedkey (dkp, stdout);
-#endif
-
- /* print end of trusted-key section */
- if ( data && headerflag )
- printf ("};\n");
-}
-
-#if defined(USE_TREE) && USE_TREE
-static void list_dnskey (const dki_t **nodep, const VISIT which, int depth)
-{
- const dki_t *dkp;
- int ksk;
-
- if ( nodep == NULL )
- return;
-
- if ( which == INORDER || which == LEAF )
- for ( dkp = *nodep; dkp; dkp = dkp->next )
- {
- ksk = dki_isksk (dkp);
- if ( (ksk && !kskflag) || (!ksk && !zskflag) )
- continue;
-
- if ( labellist == NULL || isinlist (dkp->name, labellist) )
- {
- if ( headerflag )
- dki_prt_comment (dkp, stdout);
- dki_prt_dnskey (dkp, stdout);
- }
- }
-}
-#endif
-
-void zkt_list_dnskeys (const dki_t *data)
-{
-#if defined(USE_TREE) && USE_TREE
- twalk (data, list_dnskey);
-#else
- const dki_t *dkp;
- int ksk;
-
- for ( dkp = data; dkp; dkp = dkp->next )
- {
- ksk = dki_isksk (dkp);
- if ( (ksk && !kskflag) || (!ksk && !zskflag) )
- continue;
-
- if ( labellist == NULL || isinlist (dkp->name, labellist) )
- {
- if ( headerflag )
- dki_prt_comment (dkp, stdout);
- dki_prt_dnskey (dkp, stdout);
- }
- }
-#endif
-}
-
-#if defined(USE_TREE) && USE_TREE
-static void set_keylifetime (const dki_t **nodep, const VISIT which, int depth)
-{
- const dki_t *dkp;
- int ksk;
-
- if ( nodep == NULL )
- return;
-
- if ( which == INORDER || which == LEAF )
- for ( dkp = *nodep; dkp; dkp = dkp->next )
- {
- ksk = dki_isksk (dkp);
- if ( (ksk && !kskflag) || (!ksk && !zskflag) )
- continue;
-
- if ( labellist == NULL || isinlist (dkp->name, labellist) )
- dki_setlifetime ((dki_t *)dkp, lifetime);
- }
-}
-#endif
-
-void zkt_setkeylifetime (dki_t *data)
-{
-#if defined(USE_TREE) && USE_TREE
- twalk (data, set_keylifetime);
-#else
- dki_t *dkp;
- int ksk;
-
- for ( dkp = data; dkp; dkp = dkp->next )
- {
- ksk = dki_isksk (dkp);
- if ( (ksk && !kskflag) || (!ksk && !zskflag) )
- continue;
-
- if ( labellist == NULL || isinlist (dkp->name, labellist) )
- {
- dki_setlifetime (dkp, lifetime);
- }
- }
-#endif
-}
-
-
-#if defined(USE_TREE) && USE_TREE
-static const dki_t *searchresult;
-static int searchitem;
-static void tag_search (const dki_t **nodep, const VISIT which, int depth)
-{
- const dki_t *dkp;
-
- if ( nodep == NULL )
- return;
-
- if ( which == PREORDER || which == LEAF )
- for ( dkp = *nodep; dkp; dkp = dkp->next )
- {
- if ( dkp->tag == searchitem )
- {
- if ( searchresult == NULL )
- searchresult = dkp;
- else
- searchitem = 0;
- }
- }
-}
-#endif
-const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname)
-{
- const dki_t *dkp = NULL;
-
-#if defined(USE_TREE) && USE_TREE
- if ( keyname == NULL || *keyname == '\0' )
- {
- searchresult = NULL;
- searchitem = searchtag;
- twalk (data, tag_search);
- if ( searchresult != NULL && searchitem == 0 )
- dkp = (void *)01;
- else
- dkp = searchresult;
- }
- else
- dkp = (dki_t*)dki_tsearch (data, searchtag, keyname);
-#else
- dkp = (dki_t*)dki_search (data, searchtag, keyname);
-#endif
- return dkp;
-}
-
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zkt.h (c) 2005 - 2008 Holger Zuleger hznet.de
-**
-** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef ZKT_H
-# define ZKT_H
-
-extern const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname);
-extern void zkt_list_keys (const dki_t *data);
-extern void zkt_list_trustedkeys (const dki_t *data);
-extern void zkt_list_managedkeys (const dki_t *data);
-extern void zkt_list_dnskeys (const dki_t *data);
-extern void zkt_setkeylifetime (dki_t *data);
-
-#endif
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zone.c (c) Mar 2005 Holger Zuleger hznet.de
-**
-** Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include <dirent.h>
-# include <assert.h>
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-# include "config_zkt.h"
-# include "debug.h"
-# include "domaincmp.h"
-# include "misc.h"
-# include "zconf.h"
-# include "dki.h"
-#define extern
-# include "zone.h"
-#undef extern
-
-/*****************************************************************
-** private (static) function declaration and definition
-*****************************************************************/
-static char zone_estr[255+1];
-
-/*****************************************************************
-** zone_alloc ()
-*****************************************************************/
-static zone_t *zone_alloc ()
-{
- zone_t *zp;
-
- if ( (zp = malloc (sizeof (zone_t))) )
- {
- memset (zp, 0, sizeof (zone_t));
- return zp;
- }
-
- snprintf (zone_estr, sizeof (zone_estr),
- "zone_alloc: Out of memory");
- return NULL;
-}
-
-/*****************************************************************
-** zone_cmp () return <0 | 0 | >0
-*****************************************************************/
-static int zone_cmp (const zone_t *a, const zone_t *b)
-{
- if ( a == NULL ) return -1;
- if ( b == NULL ) return 1;
-
- return domaincmp (a->zone, b->zone);
-}
-
-
-/*****************************************************************
-** public function definition
-*****************************************************************/
-
-/*****************************************************************
-** zone_free ()
-*****************************************************************/
-void zone_free (zone_t *zp)
-{
- assert (zp != NULL);
-
- if ( zp->zone ) free ((char *)zp->zone);
- if ( zp->dir ) free ((char *)zp->dir);
- if ( zp->file ) free ((char *)zp->file);
- if ( zp->sfile ) free ((char *)zp->sfile);
-#if 0
- /* TODO: actually there are some problems freeing the config :-( */
- if ( zp->conf ) free ((zconf_t *)zp->conf);
-#endif
- if ( zp->keys ) dki_freelist (&zp->keys);
- free (zp);
-}
-
-/*****************************************************************
-** zone_freelist ()
-*****************************************************************/
-void zone_freelist (zone_t **listp)
-{
- zone_t *curr;
- zone_t *next;
-
- assert (listp != NULL);
-
- curr = *listp;
- while ( curr )
- {
- next = curr->next;
- zone_free (curr);
- curr = next;
- }
- if ( *listp )
- *listp = NULL;
-}
-
-/*****************************************************************
-** zone_new ()
-** allocate memory for new zone structure and initialize it
-*****************************************************************/
-zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp)
-{
- char path[MAX_PATHSIZE+1];
- zone_t *new;
-
- assert (zp != NULL);
- assert (zone != NULL && *zone != '\0');
-
- dbg_val3 ("zone_new: (zp, zone: %s, dir: %s, file: %s, cp)\n", zone, dir, file);
- if ( dir == NULL || *dir == '\0' )
- dir = ".";
-
- if ( file == NULL || *file == '\0' )
- file = cp->zonefile;
- else
- { /* check if file contains a path */
- const char *p;
- if ( (p = strrchr (file, '/')) != NULL )
- {
- snprintf (path, sizeof (path), "%s/%.*s", dir, (int)(p-file), file);
- dir = path;
- file = p+1;
- }
- }
-
- if ( (new = zone_alloc ()) != NULL )
- {
- char *p;
-
- new->zone = domain_canonicdup (zone);
- new->dir = strdup (dir);
- new->file = strdup (file);
- /* check if file ends with ".signed" ? */
- if ( (p = strrchr (new->file, '.')) != NULL && strcmp (p, signed_ext) == 0 )
- {
- new->sfile = strdup (new->file);
- *p = '\0';
- }
- else
- {
- snprintf (path, sizeof (path), "%s%s", file, signed_ext);
- new->sfile = strdup (path);
- }
- new->conf = cp;
- new->keys = NULL;
- dki_readdir (new->dir, &new->keys, 0);
- new->next = NULL;
- }
-
- return zone_add (zp, new);
-}
-
-/*****************************************************************
-** zone_readdir ()
-*****************************************************************/
-int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone)
-{
- char *p;
- char path[MAX_PATHSIZE+1];
- char *signed_ext = ".signed";
- zconf_t *localconf = NULL;
-
- assert (dir != NULL && *dir != '\0');
- assert (conf != NULL);
-
- if ( zone == NULL ) /* zone not given ? */
- {
- if ( (zone = strrchr (dir, '/')) ) /* try to extract zone name out of directory */
- zone++;
- else
- zone = dir;
- }
- if ( zone == NULL ) /* zone name still null ? */
- return 0;
-
- dbg_val4 ("zone_readdir: (dir: \"%s\", zone: \"%s\", zfile: \"%s\", zp, cp, dyn_zone = %d)\n",
- dir, zone, zfile ? zfile: "NULL", dyn_zone);
-
- if ( dyn_zone )
- signed_ext = ".dsigned";
-
- if ( zfile && (p = strrchr (zfile, '/')) ) /* check if zfile contains a directory */
- {
- char subdir[MAX_PATHSIZE+1];
-
- snprintf (subdir, sizeof (subdir), "%s/%.*s", dir, (int)(p - zfile), zfile);
- pathname (path, sizeof (path), subdir, LOCALCONF_FILE, NULL);
- }
- else
- pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL);
- dbg_val1 ("zone_readdir: check local config file %s\n", path);
- if ( fileexist (path) ) /* load local config file */
- {
- localconf = dupconfig (conf);
- conf = loadconfig (path, localconf);
- /* do not free localconf, because a ptr to it will be added to the zone by zone_new() */
- }
-
- if ( zfile == NULL )
- {
- zfile = conf->zonefile;
- pathname (path, sizeof (path), dir, zfile, signed_ext);
- }
- else
- {
- dbg_val2("zone_readdir: add %s to zonefile if not already there ? (%s)\n", signed_ext, zfile);
- if ( (p = strrchr (zfile, '.')) == NULL || strcmp (p, signed_ext) != 0 )
- pathname (path, sizeof (path), dir, zfile, signed_ext);
- else
- pathname (path, sizeof (path), dir, zfile, NULL);
- }
-
- dbg_val1("zone_readdir: fileexist (%s): ", path);
- if ( !fileexist (path) ) /* no .signed file found ? ... */
- {
- dbg_val0("no!\n");
- return 0; /* ... not a secure zone ! */
- }
- dbg_val0("yes!\n");
-
- dbg_val("zone_readdir: add zone (%s)\n", zone);
- zone_new (listp, zone, dir, zfile, signed_ext, conf);
-
- return 1;
-}
-
-
-/*****************************************************************
-** zone_geterrstr ()
-** return error string
-*****************************************************************/
-const char *zone_geterrstr ()
-{
- return zone_estr;
-}
-
-/*****************************************************************
-** zone_add ()
-*****************************************************************/
-zone_t *zone_add (zone_t **list, zone_t *new)
-{
- zone_t *curr;
- zone_t *last;
-
- if ( list == NULL )
- return NULL;
- if ( new == NULL )
- return *list;
-
- last = curr = *list;
- while ( curr && zone_cmp (curr, new) < 0 )
- {
- last = curr;
- curr = curr->next;
- }
-
- if ( curr == *list ) /* add node at the begining of the list */
- *list = new;
- else /* add node at end or between two nodes */
- last->next = new;
- new->next = curr;
-
- return new;
-}
-
-/*****************************************************************
-** zone_search ()
-*****************************************************************/
-const zone_t *zone_search (const zone_t *list, const char *zone)
-{
- if ( zone == NULL || *zone == '\0' )
- return NULL;
-
- while ( list && strcmp (zone, list->zone) != 0 )
- list = list->next;
-
- return list;
-}
-
-/*****************************************************************
-** zone_print ()
-*****************************************************************/
-int zone_print (const char *mesg, const zone_t *z)
-{
- dki_t *dkp;
-
- if ( !z )
- return 0;
- fprintf (stderr, "%s: zone\t %s\n", mesg, z->zone);
- fprintf (stderr, "%s: dir\t %s\n", mesg, z->dir);
- fprintf (stderr, "%s: file\t %s\n", mesg, z->file);
- fprintf (stderr, "%s: sfile\t %s\n", mesg, z->sfile);
-
- for ( dkp = z->keys; dkp; dkp = dkp->next )
- {
- dki_prt_comment (dkp, stderr);
- }
-
- return 1;
-}
+++ /dev/null
-/*****************************************************************
-**
-** @(#) zone.h -- Header file for zone info
-**
-** Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved.
-**
-** This software is open source.
-**
-** Redistribution and use in source and binary forms, with or without
-** modification, are permitted provided that the following conditions
-** are met:
-**
-** Redistributions of source code must retain the above copyright notice,
-** this list of conditions and the following disclaimer.
-**
-** Redistributions in binary form must reproduce the above copyright notice,
-** this list of conditions and the following disclaimer in the documentation
-** and/or other materials provided with the distribution.
-**
-** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
-** be used to endorse or promote products derived from this software without
-** specific prior written permission.
-**
-** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
-** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-** POSSIBILITY OF SUCH DAMAGE.
-**
-*****************************************************************/
-#ifndef ZONE_H
-# define ZONE_H
-
-# include <sys/types.h>
-# include <stdio.h>
-# include <time.h>
-# include "dki.h"
-
-/* all we have to know about a zone */
-typedef struct Zone {
- const char *zone; /* domain name or label */
- const char *dir; /* directory of zone data */
- const char *file; /* file name (zone.db) */
- const char *sfile; /* file name of secured zone (zone.db.signed) */
- const zconf_t *conf; /* ptr to config */ /* TODO: Should this be only a ptr to a local config ? */
- dki_t *keys; /* ptr to keylist */
- struct Zone *next; /* ptr to next entry in list */
-} zone_t;
-
-extern void zone_free (zone_t *zp);
-extern void zone_freelist (zone_t **listp);
-extern zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp);
-extern const char *zone_geterrstr ();
-extern zone_t *zone_add (zone_t **list, zone_t *new);
-extern const zone_t *zone_search (const zone_t *list, const char *name);
-extern int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone);
-extern const char *zone_geterrstr (void);
-extern int zone_print (const char *mesg, const zone_t *z);
-
-#endif
projects / thirdparty / bind9.git / commitdiff
