aboutsummaryrefslogtreecommitdiffstats
path: root/main/dns-root-hints/update-dns-root-hints
diff options
context:
space:
mode:
Diffstat (limited to 'main/dns-root-hints/update-dns-root-hints')
-rwxr-xr-xmain/dns-root-hints/update-dns-root-hints58
1 files changed, 30 insertions, 28 deletions
diff --git a/main/dns-root-hints/update-dns-root-hints b/main/dns-root-hints/update-dns-root-hints
index 55f3dc77f96..0ec6db4c462 100755
--- a/main/dns-root-hints/update-dns-root-hints
+++ b/main/dns-root-hints/update-dns-root-hints
@@ -1,43 +1,45 @@
#!/bin/sh
+set -eu
-url=https://www.internic.net/domain
-base_dir=/usr/share/dns-root-hints
-_tmp=$(mktemp -d -p .)
+BASE_URL='https://www.internic.net/domain'
+destdir=${DNS_ROOT_HINTS_DIR:-"/usr/share/dns-root-hints"}
-if [ $(id -u) != "0" ]; then
- echo "Needs to run as root."
+if ! [ -w "$destdir" ]; then
+ echo 'Needs to run as root.' >&2
exit 1
fi
-_check_sig() {
- local GNUPGHOME="$HOME/.gpg"
- install -d -m 0700 "$GNUPGHOME"
- gpg --import < $base_dir/verisign-grs-nstld-key.asc
- gpg --verify "${_tmp}/named.root.sig" "${_tmp}/named.root"
+tmpdir=$(mktemp -d)
+
+cleanup() {
+ rm "$tmpdir"/* 2>/dev/null || true
+ rmdir "$tmpdir" || true
}
+trap cleanup EXIT HUP INT TERM
-for file in named.root named.root.sig; do
- curl -sLR ${url}/${file} -o "${_tmp}/${file}" || exit 1
+for f in named.root named.root.sig; do
+ curl -sLR "$BASE_URL/$f" -o "$tmpdir/$f"
done
+read_version() {
+ sed -En 's/.*related version of root zone:\s*([0-9]{10}).*/\1/p' "$1"
+}
# compare new and current versions
-_drh_new_ver=$(grep "related version of root zone:" ${_tmp}/named.root | egrep -o '[0-9]{10}')
-_drh_current_ver=$(grep "related version of root zone:" $base_dir/named.root | egrep -o '[0-9]{10}')
+new_ver=$(read_version "$tmpdir"/named.root)
+cur_ver=$(read_version "$destdir"/named.root)
+
+echo "Version $cur_ver <- Installed"
+echo "Version $new_ver <- Downloaded"
# update to new version if needed
-echo "Version $_drh_current_ver <- Installed"
-echo "Version $_drh_new_ver <- Downloaded"
-
-if [ "$_drh_new_ver" != "$_drh_current_ver" ]; then
- _check_sig || exit 1
- mv ${_tmp}/named.root $base_dir/named.root || exit 1
- mv ${_tmp}/named.root.sig $base_dir/named.root.sig || exit 1
- echo -e "\nZone file updated.\n"
-else
- echo -e "\nZone file already up-to-date.\n"
-fi
+if [ "$new_ver" != "$cur_ver" ]; then
+ gpgv --keyring "$destdir"/verisign-grs-nstld-key.gpg \
+ "$tmpdir"/named.root.sig "$tmpdir"/named.root || exit 10
-# cleanup
-rm "${_tmp}"/* 2>/dev/null || true
-rmdir "${_tmp}" 2>/dev/null || true
+ mv "$tmpdir"/named.root "$destdir"/named.root
+ mv "$tmpdir"/named.root.sig "$destdir"/named.root.sig
+ printf '\nZone file updated.\n\n'
+else
+ printf '\nZone file already up-to-date.\n\n'
+fi
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-24 08:52:26 +0000