nixpkgs/pkgs/data/misc/dns-root-data/update-root-key.sh
Vladimír Čunát 338a195204
dns-root-data: improve determinism, clear key status
Nitpicks:
- The timestamps there were useless.
- The generator now switched the two keys; I don't know why.

I intentionally remove the comments like "state=1 [ ADDPEND ]".
The problem is that keys e.g. in ADDPEND state are *not* immediately
usable for validation - see RFC5011 for details.  I verified that Unbound
does disregard this on the format we and Debian use ATM, presumably due
to removing parts of the comments, but it would be confusing nevertheless.
2017-07-15 10:38:01 +02:00

10 lines
229 B
Bash
Executable file

#!/usr/bin/env nix-shell
#!nix-shell -i bash -p busybox unbound
TMP=`mktemp`
unbound-anchor -a "$TMP"
grep -Ev "^($$|;)" "$TMP" | sed -e 's/ ;;.*//' > root.key
unbound-anchor -F -a "$TMP"
sed '/^;/d' < "$TMP" > root.ds
rm $TMP