diff options
Diffstat (limited to 'main/dns-root-hints/update-dns-root-hints')
-rwxr-xr-x | main/dns-root-hints/update-dns-root-hints | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/main/dns-root-hints/update-dns-root-hints b/main/dns-root-hints/update-dns-root-hints index 55f3dc77f96..0ec6db4c462 100755 --- a/main/dns-root-hints/update-dns-root-hints +++ b/main/dns-root-hints/update-dns-root-hints @@ -1,43 +1,45 @@ #!/bin/sh +set -eu -url=https://www.internic.net/domain -base_dir=/usr/share/dns-root-hints -_tmp=$(mktemp -d -p .) +BASE_URL='https://www.internic.net/domain' +destdir=${DNS_ROOT_HINTS_DIR:-"/usr/share/dns-root-hints"} -if [ $(id -u) != "0" ]; then - echo "Needs to run as root." +if ! [ -w "$destdir" ]; then + echo 'Needs to run as root.' >&2 exit 1 fi -_check_sig() { - local GNUPGHOME="$HOME/.gpg" - install -d -m 0700 "$GNUPGHOME" - gpg --import < $base_dir/verisign-grs-nstld-key.asc - gpg --verify "${_tmp}/named.root.sig" "${_tmp}/named.root" +tmpdir=$(mktemp -d) + +cleanup() { + rm "$tmpdir"/* 2>/dev/null || true + rmdir "$tmpdir" || true } +trap cleanup EXIT HUP INT TERM -for file in named.root named.root.sig; do - curl -sLR ${url}/${file} -o "${_tmp}/${file}" || exit 1 +for f in named.root named.root.sig; do + curl -sLR "$BASE_URL/$f" -o "$tmpdir/$f" done +read_version() { + sed -En 's/.*related version of root zone:\s*([0-9]{10}).*/\1/p' "$1" +} # compare new and current versions -_drh_new_ver=$(grep "related version of root zone:" ${_tmp}/named.root | egrep -o '[0-9]{10}') -_drh_current_ver=$(grep "related version of root zone:" $base_dir/named.root | egrep -o '[0-9]{10}') +new_ver=$(read_version "$tmpdir"/named.root) +cur_ver=$(read_version "$destdir"/named.root) + +echo "Version $cur_ver <- Installed" +echo "Version $new_ver <- Downloaded" # update to new version if needed -echo "Version $_drh_current_ver <- Installed" -echo "Version $_drh_new_ver <- Downloaded" - -if [ "$_drh_new_ver" != "$_drh_current_ver" ]; then - _check_sig || exit 1 - mv ${_tmp}/named.root $base_dir/named.root || exit 1 - mv ${_tmp}/named.root.sig $base_dir/named.root.sig || exit 1 - echo -e "\nZone file updated.\n" -else - echo -e "\nZone file already up-to-date.\n" -fi +if [ "$new_ver" != "$cur_ver" ]; then + gpgv --keyring "$destdir"/verisign-grs-nstld-key.gpg \ + "$tmpdir"/named.root.sig "$tmpdir"/named.root || exit 10 -# cleanup -rm "${_tmp}"/* 2>/dev/null || true -rmdir "${_tmp}" 2>/dev/null || true + mv "$tmpdir"/named.root "$destdir"/named.root + mv "$tmpdir"/named.root.sig "$destdir"/named.root.sig + printf '\nZone file updated.\n\n' +else + printf '\nZone file already up-to-date.\n\n' +fi |