Utility script to convert anchors.mf from the ITAR into individual files that are amenable to RFC5011 tracking.

git-svn-id: file:///svn/unbound/trunk@1914 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2009-11-20 10:37:06 +00:00 · 2009-11-20 10:37:06 +00:00 · 521bd29041
commit 521bd29041
parent 9abe770f9e
4 changed files with 52 additions and 0 deletions
--- a/contrib/README
+++ b/contrib/README
@ -8,6 +8,8 @@ distribution but may be helpful.
 * update-anchor.sh: shell script that uses unbound-host to update a set
 	of trust anchor files. Run from cron twice a month.
 * update-itar.sh: shell script that updates from itar.iana.org. Run from cron.
+* split-itar.sh: shell script to split anchors.mf from itar.iana.org into
+	multiple key files so it can be used with auto-trust-anchor-file.
 * unbound_munin_ : plugin for munin statistics report
 * unbound_cacti.tar.gz : setup files for cacti statistics report
 * selinux: the .fc and .te files for SElinux protection of the unbound daemon
--- a/contrib/split-itar.sh
+++ b/contrib/split-itar.sh
@ -0,0 +1,46 @@
+#/usr/bin/env bash
+# Contributed by Tom Hendrikx <tom@whyscream.net>
+
+PROGNAME=$(basename $0)
+
+usage() {
+	echo "$PROGNAME: split the anchors.mf file from IANA into separate files." >&2
+	echo "" >&2
+	echo "$PROGNAME uses 2 arguments:" >&2
+	echo "  - the path to the anchors.mf, available at: https://itar.iana.org/" >&2
+	echo "  - the directory to leave the files, defaults to '.' (current working dir)" >&2
+	exit 1
+}
+
+if [ -n "$1" ] && [ -r "$1" ]; then
+	itar="$1"
+	echo "Reading from: $itar"
+else 
+	echo "Error: no anchors file given" >&2
+	usage
+fi
+
+if [ -n "$2" ]; then
+	dir="$2"
+else 
+	dir=$(pwd)
+fi
+
+if [ ! -d "$dir" ]; then
+	echo "Error: $dir is not a directory" >&2
+	usage
+fi
+
+while read cn line; do
+	if [ $(expr match "$cn" '[a-zA-Z0-9-]*\.') -gt 0 ]; then
+		# first line of key
+		out="$dir/$cn"anchor
+		echo "writing key for $cn to: $out"
+		echo "$cn	$line" > $out
+	elif [ "$cn" == "DS" ]; then
+		# second or later line of earlier defined key
+		echo "	$cn	$line" >> $out
+	fi
+done < "$itar"
+
+echo "Done."
--- a/doc/CREDITS
+++ b/doc/CREDITS
@ -17,3 +17,4 @@ Zdenek Vasicek and Marek Vavrusa - python module.
 cz.nic - sponsoring 'summer of code' development by Zdenek and Marek.
 Brett Carr - windows beta testing.
 Luca Bruno - patch for windows support in libunbound hosts and resolvconf().
+Tom Hendrikx - contributed split-itar.sh a useful script to 5011-track ITAR.
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,6 @@
+20 November 2009: Wouter
+	- contrib/split-itar.sh contributed by Tom Hendrikx.
+
 19 November 2009: Wouter
 	- better argument help for unbound-control.
 	- iana portlist updated.