sign.sh revision 247bf378605811d695e968dbe930a7fc45c0038e
#
# $Id: sign.sh,v 1.50 2011/11/04 05:36:28 each Exp $
SYSTEMTESTTOP=../..
# Have the child generate a zone key and pass it to us.
do
done
#
# changing the last 4 characters will lead to a bad base64 encoding.
#
awk '
tolower($1) == "bad-cname.example." && $4 == "RRSIG" && $5 == "CNAME" {
for (i = 1; i <= NF; i++ ) {
if (i <= 12) {
printf("%s ", $i);
continue;
}
prefix = substr($i, 1, length($i) - 4);
suffix = substr($i, length($i) - 4, 4);
if (i > 12 && tolower(prefix) != prefix)
printf("%s%s", tolower(prefix), suffix);
else if (i > 12 && toupper(prefix) != prefix)
printf("%s%s", toupper(prefix), suffix);
else
printf("%s%s ", prefix, suffix);
}
printf("\n");
next;
}
tolower($1) == "bad-dname.example." && $4 == "RRSIG" && $5 == "DNAME" {
for (i = 1; i <= NF; i++ ) {
if (i <= 12) {
printf("%s ", $i);
continue;
}
prefix = substr($i, 1, length($i) - 4);
suffix = substr($i, length($i) - 4, 4);
if (i > 12 && tolower(prefix) != prefix)
printf("%s%s", tolower(prefix), suffix);
else if (i > 12 && toupper(prefix) != prefix)
printf("%s%s", toupper(prefix), suffix);
else
printf("%s%s ", prefix, suffix);
}
printf("\n");
next;
}
# Sign the privately secure file
# Sign the DLV secure zone.
# Sign the badparam secure file
# Sign the single-nsec3 secure zone with optout
#
# algroll has just has the old DNSKEY records removed and is waiting
# for them to be flushed from caches. We still need to generate
# RRSIGs for the old DNSKEY.
#
$SIGNER -P -r $RANDFILE -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
#
# Make a zone big enough that it takes several seconds to generate a new
# nsec3 chain.
#
zone=nsec3chain-test
$TTL 10
awk 'END { for (i = 0; i < 300; i++)