upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove couple old and rusty scripts from contrib/

Browse source 
* dnssec-keyset.sh - obsoleted by dnssec-policy
* named-bootconf.sh - unmaintained script from NetBSD that would
		      generate named.conf
This commit is contained in:
Ondřej Surý 2021-09-20 13:47:19 +02:00
parent 57b8a12734
commit b9319fc998
3 changed files with 0 additions and 511 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

210
contrib/scripts/dnssec-keyset.sh
View file

@ -1,210 +0,0 @@
#!/bin/sh
# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
#
# Original script contributed by Jeffry A. Spain <spainj@countryday.net>
HELP="
Generates a set of <count> successive DNSSEC keys for <zone>
Key timings are based on a pre-publication rollover strategy
<life> (lifetime) is the key active lifetime in days [default 180]
<intro> (introduction time) is the number of days from publication
to activation of a key [default 30]
<ret> (retirement time) is the number of days from inactivation
to deletion of a key [default 30]
Options:
-a <alg> Cryptographic algorithm. See man dnssec-keygen for defaults.
-b <bits> Number of bits in the key. See man dnssec-keygen for defaults.
-k if present, generate Key Signing Keys (KSKs). Otherwise,
generate Zone Signing Keys (ZSKs).
-3 If present and if -a is not specified, use an NSEC3-
capable algorithm. See man dnssec-keygen for defaults.
-i <date> Inception date of the set of keys, in 'mm/dd/yyyy' format.
The first two keys will be published by this date, and the
first one will be activated. Default is today.
-f <index> Index of first key generated. Defaults to 0.
-K <dir> Key repository: write keys to this directory. Defaults to CWD.
-d Dry run. No actual keys generated if present."
USAGE="Usage:
`basename $0` [-a <alg>] [-b <bits>] [-k] [-3] [-i <date>]
[-f <index>] [-d] <zone> <count> [<life>] [<intro>] [<ret>]"
ALGFLAG=''
BITSFLAG=''
KSKFLAG=''
NSEC3FLAG=''
KEYREPO=''
DRYRUN=false
OPTKSK=false
K=0
INCEP=`date +%m/%d/%Y`
# Parse command line options
while getopts ":a:b:df:hkK:3i:" thisOpt
do
case $thisOpt in
a)
ALGFLAG=" -a $OPTARG"
;;
b)
BITSFLAG=" -b $OPTARG"
;;
d)
DRYRUN=true
;;
f)
OPTKSK=true
K=$OPTARG
;;
h)
echo "$USAGE"
echo "$HELP"
exit 0
;;
k)
KSKFLAG=" -f KSK"
;;
K)
KEYREPO=$OPTARG
;;
3)
NSEC3FLAG=" -3"
;;
i)
INCEP=$OPTARG
;;
*)
echo 'Unrecognized option.'
echo "$USAGE"
exit 1
;;
esac
done
shift `expr $OPTIND - 1`
# Check that required arguments are present
if [ $# -gt 5 -o $# -lt 2 ]; then
echo "$USAGE"
exit 1
fi
# Remaining arguments:
# DNS zone name
ZONE=$1
shift
# Number of keys to be generated
COUNT=$1
shift
# Key active lifetime
LIFE=${1:-180}
[ $# -ne 0 ] && shift
# Key introduction time (publication to activation)
INTRO=${1:-30}
[ $# -ne 0 ] && shift
# Key retirement time (inactivation to deletion)
RET=${1:-30}
# Today's date in dnssec-keygen format (YYYYMMDD)
TODAY=`date +%Y%m%d`
# Key repository defaults to CWD
if [ -z "$KEYREPO" ]; then
KEYREPO="."
fi
if $DRYRUN; then
echo 'Dry Run (no key files generated)'
elif [ ! -d "$KEYREPO" ]; then
# Create the key repository if it does not currently exist
mkdir -p "$KEYREPO"
fi
# Iterate through the key set. K is the index, zero-based.
KLAST=`expr $K + $COUNT`
while [ $K -lt $KLAST ]; do
KEYLABEL="Key `printf \"%02d\" $K`:"
# Epoch of the current key
# (zero for the first key, increments of key lifetime)
# The epoch is in days relative to the inception date of the key set
EPOCH=`expr $LIFE \* $K`
# Activation date in days is the same as the epoch
ACTIVATE=$EPOCH
# Publication date in days relative to the key epoch
PUBLISH=`expr $EPOCH - $LIFE - $INTRO`
# Inactivation date in days relative to the key epoch
INACTIVE=`expr $EPOCH + $LIFE`
# Deletion date in days relative to the key epoch
DELETE=`expr $EPOCH + $LIFE + $RET`
# ... these values should not precede the key epoch
[ $ACTIVATE -lt 0 ] && ACTIVATE=0
[ $PUBLISH -lt 0 ] && PUBLISH=0
[ $INACTIVE -lt 0 ] && INACTIVE=0
[ $DELETE -lt 0 ] && DELETE=0
# Key timing dates in dnssec-keygen format (YYYYMMDD):
# publication, activation, inactivation, deletion
PDATE=`date -d "$INCEP +$PUBLISH day" +%Y%m%d`
ADATE=`date -d "$INCEP +$ACTIVATE day" +%Y%m%d`
IDATE=`date -d "$INCEP +$INACTIVE day" +%Y%m%d`
DDATE=`date -d "$INCEP +$DELETE day" +%Y%m%d`
# Construct the dnssec-keygen command including all the specified options.
# Suppress key generation progress information, and save the key in
# the $KEYREPO directory.
KEYGENCMD="dnssec-keygen -q$ALGFLAG$BITSFLAG$NSEC3FLAG$KSKFLAG -P $PDATE -A $ADATE -I $IDATE -D $DDATE -K $KEYREPO $ZONE"
echo "$KEYLABEL $KEYGENCMD"
# Generate the key and retrieve its name
if $DRYRUN; then
KEYNAME="DryRunKey-`printf \"%02d\" $K`"
else
KEYNAME=`$KEYGENCMD`
fi
# Indicate the key status based on key timing dates relative to today
if [ $TODAY -ge $DDATE ]; then
echo "$KEYLABEL $KEYNAME is obsolete post deletion date."
elif [ $TODAY -ge $IDATE ]; then
echo "$KEYLABEL $KEYNAME is published and inactive prior to deletion date."
elif [ $TODAY -ge $ADATE ]; then
echo "$KEYLABEL $KEYNAME is published and active."
elif [ $TODAY -ge $PDATE ]; then
echo "$KEYLABEL $KEYNAME is published prior to activation date."
else
echo "$KEYLABEL $KEYNAME is pending publication."
fi
# For published KSKs, generate the required DS records,
# saving them to the file $KEYREPO/DS-$KEYNAME
if $OPTKSK && [ $TODAY -ge $PDATE -a $TODAY -lt $DDATE ]; then
echo "$KEYLABEL $KEYNAME (KSK) requires the publication of DS records in the parent zone."
if $DRYRUN; then
echo "$KEYLABEL No DS-$KEYNAME file created."
else
dnssec-dsfromkey "$KEYREPO/$KEYNAME" > "$KEYREPO/DS-$KEYNAME"
echo "$KEYLABEL See $KEYREPO/DS-$KEYNAME."
fi
fi
K=`expr $K + 1`
done
exit 0

299
contrib/scripts/named-bootconf.sh
View file

@ -1,299 +0,0 @@
#!/bin/sh
#
# Portions Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# $NetBSD: named-bootconf.sh,v 1.5 1998/12/15 01:00:53 tron Exp $
#
# Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
# All rights reserved.
#
# This code is derived from software contributed to The NetBSD Foundation
# by Matthias Scheler.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
if [ ${OPTIONFILE-X} = X ]; then
WORKDIR=/tmp/`date +%s`.$$
( umask 077 ; mkdir $WORKDIR ) || {
echo "unable to create work directory '$WORKDIR'" >&2
exit 1
}
OPTIONFILE=$WORKDIR/options
ZONEFILE=$WORKDIR/zones
COMMENTFILE=$WORKDIR/comments
export OPTIONFILE ZONEFILE COMMENTFILE
touch $OPTIONFILE $ZONEFILE $COMMENTFILE
DUMP=1
else
DUMP=0
fi
while read CMD ARGS; do
class=
CMD=`echo "${CMD}" | tr '[A-Z]' '[a-z]'`
case $CMD in
\; )
echo \# $ARGS >>$COMMENTFILE
;;
cache )
set - X $ARGS
shift
if [ $# -eq 2 ]; then
(echo ""
cat $COMMENTFILE
echo "zone \"$1\" {"
echo " type hint;"
echo " file \"$2\";"
echo "};") >>$ZONEFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
fi
;;
directory )
set - X $ARGS
shift
if [ $# -eq 1 ]; then
(cat $COMMENTFILE
echo " directory \"$1\";") >>$OPTIONFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
DIRECTORY=$1
export DIRECTORY
fi
;;
forwarders )
(cat $COMMENTFILE
echo " forwarders {"
for ARG in $ARGS; do
echo " $ARG;"
done
echo " };") >>$OPTIONFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
;;
include )
if [ "$ARGS" != "" ]; then
(cd ${DIRECTORY-.}; cat $ARGS) | $0
fi
;;
limit )
ARGS=`echo "${ARGS}" | tr '[A-Z]' '[a-z]'`
set - X $ARGS
shift
if [ $# -eq 2 ]; then
cat $COMMENTFILE >>$OPTIONFILE
case $1 in
datasize | files | transfers-in | transfers-per-ns )
echo " $1 $2;" >>$OPTIONFILE
;;
esac
rm -f $COMMENTFILE
touch $COMMENTFILE
fi
;;
options )
ARGS=`echo "${ARGS}" | tr '[A-Z]' '[a-z]'`
cat $COMMENTFILE >>$OPTIONFILE
for ARG in $ARGS; do
case $ARG in
fake-iquery )
echo " fake-iquery yes;" >>$OPTIONFILE
;;
forward-only )
echo " forward only;" >>$OPTIONFILE
;;
no-fetch-glue )
echo " fetch-glue no;" >>$OPTIONFILE
;;
no-recursion )
echo " recursion no;" >>$OPTIONFILE
;;
esac
done
rm -f $COMMENTFILE
touch $COMMENTFILE
;;
primary|primary/* )
case $CMD in
primary/chaos )
class="chaos "
;;
primary/hs )
class="hesiod "
;;
esac
set - X $ARGS
shift
if [ $# -eq 2 ]; then
(echo ""
cat $COMMENTFILE
echo "zone \"$1\" ${class}{"
echo " type master;"
echo " file \"$2\";"
echo "};") >>$ZONEFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
fi
;;
secondary|secondary/* )
case $CMD in
secondary/chaos )
class="chaos "
;;
secondary/hs )
class="hesiod "
;;
esac
set - X $ARGS
shift
if [ $# -gt 2 ]; then
ZONE=$1
shift
PRIMARIES=$1
while [ $# -gt 2 ]; do
shift
PRIMARIES="$PRIMARIES $1"
done
(echo ""
cat $COMMENTFILE
echo "zone \"$ZONE\" ${class}{"
echo " type slave;"
echo " file \"$2\";"
echo " masters {"
for PRIMARY in $PRIMARIES; do
echo " $PRIMARY;"
done
echo " };"
echo "};") >>$ZONEFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
fi
;;
stub|stub/* )
case $CMD in
stub/chaos )
class="chaos "
;;
stub/hs )
class="hesiod "
;;
esac
set - X $ARGS
shift
if [ $# -gt 2 ]; then
ZONE=$1
shift
PRIMARIES=$1
while [ $# -gt 2 ]; do
shift
PRIMARIES="$PRIMARIES $1"
done
(echo ""
cat $COMMENTFILE
echo "zone \"$ZONE\" ${class}{"
echo " type stub;"
echo " file \"$2\";"
echo " masters {"
for PRIMARY in $PRIMARIES; do
echo " $PRIMARY;"
done
echo " };"
echo "};") >>$ZONEFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
fi
;;
slave )
cat $COMMENTFILE >>$OPTIONFILE
echo " forward only;" >>$OPTIONFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
;;
sortlist )
(cat $COMMENTFILE
echo " topology {"
for ARG in $ARGS; do
case $ARG in
*.0.0.0 )
echo " $ARG/8;"
;;
*.0.0 )
echo " $ARG/16;"
;;
*.0 )
echo " $ARG/24;"
;;
* )
echo " $ARG;"
;;
esac
done
echo " };") >>$OPTIONFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
;;
tcplist | xfrnets )
(cat $COMMENTFILE
echo " allow-transfer {"
for ARG in $ARGS; do
case $ARG in
*.0.0.0 )
echo " $ARG/8;"
;;
*.0.0 )
echo " $ARG/16;"
;;
*.0 )
echo " $ARG/24;"
;;
* )
echo " $ARG;"
;;
esac
done
echo " };") >>$OPTIONFILE
rm -f $COMMENTFILE
touch $COMMENTFILE
;;
esac
done
if [ $DUMP -eq 1 ]; then
echo ""
echo "options {"
cat $OPTIONFILE
echo "};"
cat $ZONEFILE $COMMENTFILE
rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE
rmdir $WORKDIR
fi
exit 0

2
util/copyrights
View file

@ -983,8 +983,6 @@
./contrib/scripts/catzhash.py X 2020,2021
./contrib/scripts/check-secure-delegation.pl.in PERL 2010,2012,2014,2016,2018,2019,2020
./contrib/scripts/check5011.pl X 2013,2014,2017,2018,2019,2020,2021
./contrib/scripts/dnssec-keyset.sh X 2015,2018,2019,2020,2021
./contrib/scripts/named-bootconf.sh SH.PORTION 1999,2000,2001,2004,2006,2007,2012,2014,2016,2018,2019,2020,2021
./contrib/scripts/nanny.pl PERL 2000,2001,2004,2007,2012,2014,2016,2018,2019,2020,2021
./contrib/scripts/zone-edit.sh.in SH 2010,2012,2014,2016,2018,2019,2020
./dangerfile.py PYTHON 2020,2021