# Contributor: Sören Tempel # Contributor: Natanael Copa # Maintainer: Natanael Copa global pkgname := 'dnssec-root' global pkgver := '20100715' global pkgrel := '3' global pkgdesc := '"The DNSSEC root key(s)'" global url := '"https://www.iana.org/dnssec/'" global arch := '"noarch'" global license := '"public-domain'" global depends := ''"" global makedepends := '"libxslt gnupg bind-tools'" global install := ''"" global subpackages := ''"" global source := '"https://data.iana.org/root-anchors/old/icann.pgp https://data.iana.org/root-anchors/old/root-anchors.xml https://data.iana.org/root-anchors/old/root-anchors.asc anchors2ds.xsl '" # Modeled after the following approach: # http://permalink.gmane.org/gmane.network.dns.unbound.user/1039 global _keyflags := '257' global _hashalgo := '-2' global _builddir := ""$srcdir"/$pkgname-$pkgver" proc prepare { cd $srcdir mkdir -p $_builddir shell { export GNUPGHOME="$_builddir"/gpg install -d -m 700 $GNUPGHOME gpg --import "$srcdir"/icann.pgp || exit 1 gpg --verify "$srcdir"/root-anchors.asc \ root-anchors.xml } || return 1 } proc build { cd $_builddir xsltproc -o root-anchors.txt "$srcdir"/anchors2ds.xsl "$srcdir"/root-anchors.xml dig DNSKEY . | grep -w $_keyflags > untrusted.key dnssec-dsfromkey $_hashalgo untrusted.key > untrusted.ds cut -d ' ' -f1-6 untrusted.ds | tr '\n' ' ' > root-anchors.tmp cut -d ' ' -f7- untrusted.ds | sed 's/ //g' | tr '\n' ' ' >> root-anchors.tmp printf '\n' >> root-anchors.tmp if ! cmp root-anchors.txt root-anchors.tmp { echo "DNSKEY is invalid, don't continue." !1 > !2 exit 1 } awk '{print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 " " $6 " " $7; for (i = 8; i <= NF; i++) printf $i}' \ untrusted.key | tr '\n' ' ' > trusted-key.key printf "\n" >> trusted-key.key } proc package { install -Dm644 "$_builddir"/trusted-key.key \ "$pkgdir"/usr/share/$pkgname/trusted-key.key || return 1 } global md5sums := '"041a789ee96301623d3e66e4d52c8a0b icann.pgp 69e6f9b67e92fbc952d488cc6f67198f root-anchors.xml a5612e1b84a75c29b642b9342286c511 root-anchors.asc 1043c559c923279600a6da395b794597 anchors2ds.xsl'" global sha256sums := '"3e9beaaf9bbd1fe78a0d104230cbc04d544e833a2dc6b982992f74a4860a9ae8 icann.pgp dfb281b771dc854c18d1cff9d2eecaf184cf7a9668606aaa33e8f01bf4b4d8e4 root-anchors.xml 5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa root-anchors.asc 2cc436e29e5bfd39c055390045a4c14dfae517ebdad79002983756a508a15e8f anchors2ds.xsl'" global sha512sums := '"5fba8334850f2ae753f4f8a30d1e6c62abc341ece2dc83df4bc0f6db2b91ae68942c0d2a38eab3d33b5b91640cd1cf0970777225c15d5f961884c00077d539a2 icann.pgp bca506c852bc83aa9d04ed0b52bef6d0baec745e466292273d52f49fd73cec73db4c6d55a9921fe086c7edc618f3ab21dc03146b6d617644495b3926e262e572 root-anchors.xml e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913 root-anchors.asc 5b496d8f7fcb6a1241d889221f539b68485fea356feec13a94329b0807768c543c828c2821567f59d6a56931a6b2ea22827e49a1527582e3dda844d61c28b198 anchors2ds.xsl'" (CommandList children: [ (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgname) op:Equal rhs:{(dnssec-root)} spids:[9])] spids: [9] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgver) op:Equal rhs:{(20100715)} spids:[12])] spids: [12] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgrel) op:Equal rhs:{(3)} spids:[15])] spids: [15] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:pkgdesc) op: Equal rhs: {(DQ ("The DNSSEC root key(s)"))} spids: [18] ) ] spids: [18] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:url) op: Equal rhs: {(DQ ("https://www.iana.org/dnssec/"))} spids: [23] ) ] spids: [23] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:arch) op:Equal rhs:{(DQ (noarch))} spids:[28])] spids: [28] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:license) op:Equal rhs:{(DQ (public-domain))} spids:[33])] spids: [33] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:depends) op:Equal rhs:{(DQ )} spids:[38])] spids: [38] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:makedepends) op: Equal rhs: {(DQ ("libxslt gnupg bind-tools"))} spids: [42] ) ] spids: [42] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:install) op:Equal rhs:{(DQ )} spids:[47])] spids: [47] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:subpackages) op:Equal rhs:{(DQ )} spids:[51])] spids: [51] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:source) op: Equal rhs: { (DQ ("https://data.iana.org/root-anchors/old/icann.pgp\n") ("\thttps://data.iana.org/root-anchors/old/root-anchors.xml\n") ("\thttps://data.iana.org/root-anchors/old/root-anchors.asc\n") ("\tanchors2ds.xsl\n") ("\t") ) } spids: [55] ) ] spids: [55] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:_keyflags) op:Equal rhs:{(257)} spids:[72])] spids: [72] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:_hashalgo) op:Equal rhs:{(-2)} spids:[75])] spids: [75] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:_builddir) op: Equal rhs: {(DQ ($ VSub_Name "$srcdir")) (/) ($ VSub_Name "$pkgname") (-) ($ VSub_Name "$pkgver")} spids: [79] ) ] spids: [79] ) (FuncDef name: prepare body: (BraceGroup children: [ (C {(cd)} {(DQ ($ VSub_Name "$srcdir"))}) (C {(mkdir)} {(-p)} {(DQ ($ VSub_Name "$_builddir"))}) (AndOr children: [ (Subshell child: (CommandList children: [ (C {(export)} {(Lit_VarLike "GNUPGHOME=") (DQ ($ VSub_Name "$_builddir")) (/gpg)} ) (C {(install)} {(-d)} {(-m)} {(700)} {(DQ ($ VSub_Name "$GNUPGHOME"))}) (AndOr children: [ (C {(gpg)} {(--import)} {(DQ ($ VSub_Name "$srcdir")) (/icann.pgp)}) (C {(exit)} {(1)}) ] op_id: Op_DPipe ) (C {(gpg)} {(--verify)} {(DQ ($ VSub_Name "$srcdir")) (/root-anchors.asc)} {(root-anchors.xml)} ) ] ) spids: [112 167] ) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) ] spids: [92] ) spids: [88 91] ) (FuncDef name: build body: (BraceGroup children: [ (C {(cd)} {(DQ ($ VSub_Name "$_builddir"))}) (C {(xsltproc)} {(-o)} {(root-anchors.txt)} {(DQ ($ VSub_Name "$srcdir")) (/anchors2ds.xsl)} {(DQ ($ VSub_Name "$srcdir")) (/root-anchors.xml)} ) (Pipeline children: [ (C {(dig)} {(DNSKEY)} {(.)}) (SimpleCommand words: [{(grep)} {(-w)} {($ VSub_Name "$_keyflags")}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(untrusted.key)} spids:[224])] ) ] negated: False ) (SimpleCommand words: [{(dnssec-dsfromkey)} {($ VSub_Name "$_hashalgo")} {(untrusted.key)}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{(untrusted.ds)} spids:[235])] ) (Pipeline children: [ (C {(cut)} {(-d)} {(SQ <" ">)} {(-f1-6)} {(untrusted.ds)}) (SimpleCommand words: [{(tr)} {(SQ <"\\n">)} {(SQ <" ">)}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {(root-anchors.tmp)} spids: [265] ) ] ) ] negated: False ) (Pipeline children: [ (C {(cut)} {(-d)} {(SQ <" ">)} {(-f7-)} {(untrusted.ds)}) (C {(sed)} {(SQ <"s/ //g">)}) (SimpleCommand words: [{(tr)} {(SQ <"\\n">)} {(SQ <" ">)}] redirects: [ (Redir op_id: Redir_DGreat fd: -1 arg_word: {(root-anchors.tmp)} spids: [302] ) ] ) ] negated: False ) (SimpleCommand words: [{(printf)} {(SQ <"\\n">)}] redirects: [(Redir op_id:Redir_DGreat fd:-1 arg_word:{(root-anchors.tmp)} spids:[313])] ) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [(C {(cmp)} {(root-anchors.txt)} {(root-anchors.tmp)})] negated: True ) terminator: ) ] action: [ (SimpleCommand words: [{(echo)} {(DQ ("DNSKEY is invalid, don't continue."))}] redirects: [(Redir op_id:Redir_GreatAnd fd:1 arg_word:{(2)} spids:[339])] ) (C {(exit)} {(1)}) ] spids: [-1 330] ) ] spids: [-1 348] ) (Pipeline children: [ (C {(awk)} { (SQ < "{print $1 \"\\t\" $2 \"\\t\" $3 \"\\t\" $4 \"\\t\" $5 \" \" $6 \" \" $7; for (i = 8; i <= NF; i++) printf $i}" > ) } {(untrusted.key)} ) (SimpleCommand words: [{(tr)} {(SQ <"\\n">)} {(SQ <" ">)}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {(trusted-key.key)} spids: [374] ) ] ) ] negated: False ) (SimpleCommand words: [{(printf)} {(DQ (EscapedLiteralPart token:))}] redirects: [(Redir op_id:Redir_DGreat fd:-1 arg_word:{(trusted-key.key)} spids:[385])] ) ] spids: [182] ) spids: [178 181] ) (FuncDef name: package body: (BraceGroup children: [ (AndOr children: [ (C {(install)} {(-Dm644)} {(DQ ($ VSub_Name "$_builddir")) (/trusted-key.key)} {(DQ ($ VSub_Name "$pkgdir")) (/usr/share/) ($ VSub_Name "$pkgname") (/trusted-key.key) } ) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) ] spids: [396] ) spids: [392 395] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:md5sums) op: Equal rhs: { (DQ ("041a789ee96301623d3e66e4d52c8a0b icann.pgp\n") ("69e6f9b67e92fbc952d488cc6f67198f root-anchors.xml\n") ("a5612e1b84a75c29b642b9342286c511 root-anchors.asc\n") ("1043c559c923279600a6da395b794597 anchors2ds.xsl") ) } spids: [426] ) ] spids: [426] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:sha256sums) op: Equal rhs: { (DQ ("3e9beaaf9bbd1fe78a0d104230cbc04d544e833a2dc6b982992f74a4860a9ae8 icann.pgp\n") ( "dfb281b771dc854c18d1cff9d2eecaf184cf7a9668606aaa33e8f01bf4b4d8e4 root-anchors.xml\n" ) ("5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa root-anchors.asc\n") ( "2cc436e29e5bfd39c055390045a4c14dfae517ebdad79002983756a508a15e8f anchors2ds.xsl" ) ) } spids: [434] ) ] spids: [434] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:sha512sums) op: Equal rhs: { (DQ ( "5fba8334850f2ae753f4f8a30d1e6c62abc341ece2dc83df4bc0f6db2b91ae68942c0d2a38eab3d33b5b91640cd1cf0970777225c15d5f961884c00077d539a2 icann.pgp\n" ) ( "bca506c852bc83aa9d04ed0b52bef6d0baec745e466292273d52f49fd73cec73db4c6d55a9921fe086c7edc618f3ab21dc03146b6d617644495b3926e262e572 root-anchors.xml\n" ) ( "e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913 root-anchors.asc\n" ) ( "5b496d8f7fcb6a1241d889221f539b68485fea356feec13a94329b0807768c543c828c2821567f59d6a56931a6b2ea22827e49a1527582e3dda844d61c28b198 anchors2ds.xsl" ) ) } spids: [442] ) ] spids: [442] ) ] )