upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-25 00:59:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixup itar.sh

Browse source 
git-svn-id: file:///svn/unbound/trunk@1492 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2009-02-20 14:03:34 +00:00
parent e6fbf88b59
commit 84edc1428b
2 changed files with 18 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
contrib/update-itar.sh
View file

@ -28,11 +28,11 @@ pgp_cmd="gpg"
usage ( ) usage ( )
{ {
echo "usage: update-itar" echo "usage: update-itar"
echo " updates the trust anchors from the interim trust" echo " Updates the trust anchors from the interim trust"
echo " anchor repository." echo " anchor repository, https://itar.iana.org, and checks PGP sig."
echo echo
echo " Updates $ub_ta_file with the latest keys" echo " Updates $ub_ta_file with the latest keys."
echo " read that file from the unbound config with" echo " Read that file from the unbound config with"
echo " trust-anchor-file: "'"'"$ub_ta_file"'"' echo " trust-anchor-file: "'"'"$ub_ta_file"'"'
echo echo
echo " Exit code 0 means anchors updated, 1 no changes, " echo " Exit code 0 means anchors updated, 1 no changes, "
@ -95,7 +95,10 @@ a9g3AhsMAAoJEPR9+zCB1GT0AUwAn2ZtBwAyVxppdeTqilXufUvAkvjbAJ9dUpR1
EOF EOF
fi fi
# import the new key # import the new key
$pgp_cmd --no-default-keyring --keyring $pgp_keyring_file --primary-keyring $pgp_keyring_file --import $pgp_pub_key_file >$tmpf.log 2>&1 || error_exit "could not import pgp public key into keyring" $pgp_cmd --no-default-keyring --keyring $pgp_keyring_file \
--primary-keyring $pgp_keyring_file \
--import $pgp_pub_key_file >$tmpf.log 2>&1 \
|| error_exit "could not import pgp public key into keyring"
fi fi
$fetch_cmd $tmpf $itar_url >$tmpf.log 2>&1 \ $fetch_cmd $tmpf $itar_url >$tmpf.log 2>&1 \
@ -106,17 +109,19 @@ $fetch_cmd $tmpf.sig $itar_sig >$tmpf.log 2>&1 \
|| error_exit "fetching $itar_sig failed" || error_exit "fetching $itar_sig failed"
# check the file with pgp # check the file with pgp
$pgp_cmd --no-default-keyring --keyring $pgp_keyring_file --verify $tmpf.sig $tmpf >$tmpf.log 2>&1 || error_exit "the PGP signature failed!" $pgp_cmd --no-default-keyring --keyring $pgp_keyring_file \
--verify $tmpf.sig $tmpf >$tmpf.log 2>&1 \
|| error_exit "the PGP signature failed!"
# check for differences # check for differences
val=0 val=1
if diff "$ub_ta_file" $tmpf; then if diff "$ub_ta_file" $tmpf; then
# echo "The interim trust anchor repository did not change." # echo "The interim trust anchor repository did not change."
: :
else else
echo "Updating $ub_ta_file" echo "Updating $ub_ta_file"
cp $tmpf $ub_ta_file cp $tmpf $ub_ta_file
val=1 val=0
fi fi
rm -f $tmpf $tmpf.sig $tmpf.log rm -f $tmpf $tmpf.sig $tmpf.log

4
doc/Changelog
View file

@ -1,3 +1,7 @@
20 February 2009: Wouter
- Fixup contrib/update-itar.sh, the exit codes 1 and 0 were swapped.
Nicer script layout. Added url to site in -h output.
19 February 2009: Wouter 19 February 2009: Wouter
- unbound-checkconf and unbound print warnings when trust anchors - unbound-checkconf and unbound print warnings when trust anchors
have unsupported algorithms. have unsupported algorithms.