diff --git a/contrib/scripts/dnssec-keyset.sh b/contrib/scripts/dnssec-keyset.sh deleted file mode 100644 index f93ac9ff47..0000000000 --- a/contrib/scripts/dnssec-keyset.sh +++ /dev/null @@ -1,210 +0,0 @@ -#!/bin/sh -# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC") -# -# Permission to use, copy, modify, and/or distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. -# -# Original script contributed by Jeffry A. Spain - -HELP=" -Generates a set of successive DNSSEC keys for -Key timings are based on a pre-publication rollover strategy - - (lifetime) is the key active lifetime in days [default 180] - (introduction time) is the number of days from publication - to activation of a key [default 30] - (retirement time) is the number of days from inactivation - to deletion of a key [default 30] - -Options: - -a Cryptographic algorithm. See man dnssec-keygen for defaults. - -b Number of bits in the key. See man dnssec-keygen for defaults. - -k if present, generate Key Signing Keys (KSKs). Otherwise, - generate Zone Signing Keys (ZSKs). - -3 If present and if -a is not specified, use an NSEC3- - capable algorithm. See man dnssec-keygen for defaults. - -i Inception date of the set of keys, in 'mm/dd/yyyy' format. - The first two keys will be published by this date, and the - first one will be activated. Default is today. - -f Index of first key generated. Defaults to 0. - -K Key repository: write keys to this directory. Defaults to CWD. - -d Dry run. No actual keys generated if present." - -USAGE="Usage: -`basename $0` [-a ] [-b ] [-k] [-3] [-i ] - [-f ] [-d] [] [] []" - -ALGFLAG='' -BITSFLAG='' -KSKFLAG='' -NSEC3FLAG='' -KEYREPO='' -DRYRUN=false -OPTKSK=false -K=0 -INCEP=`date +%m/%d/%Y` - -# Parse command line options -while getopts ":a:b:df:hkK:3i:" thisOpt -do - case $thisOpt in - a) - ALGFLAG=" -a $OPTARG" - ;; - b) - BITSFLAG=" -b $OPTARG" - ;; - d) - DRYRUN=true - ;; - f) - OPTKSK=true - K=$OPTARG - ;; - h) - echo "$USAGE" - echo "$HELP" - exit 0 - ;; - k) - KSKFLAG=" -f KSK" - ;; - K) - KEYREPO=$OPTARG - ;; - 3) - NSEC3FLAG=" -3" - ;; - i) - INCEP=$OPTARG - ;; - *) - echo 'Unrecognized option.' - echo "$USAGE" - exit 1 - ;; - esac -done -shift `expr $OPTIND - 1` - -# Check that required arguments are present -if [ $# -gt 5 -o $# -lt 2 ]; then - echo "$USAGE" - exit 1 -fi - -# Remaining arguments: -# DNS zone name -ZONE=$1 -shift - -# Number of keys to be generated -COUNT=$1 -shift - -# Key active lifetime -LIFE=${1:-180} -[ $# -ne 0 ] && shift - -# Key introduction time (publication to activation) -INTRO=${1:-30} -[ $# -ne 0 ] && shift - -# Key retirement time (inactivation to deletion) -RET=${1:-30} - -# Today's date in dnssec-keygen format (YYYYMMDD) -TODAY=`date +%Y%m%d` - -# Key repository defaults to CWD -if [ -z "$KEYREPO" ]; then - KEYREPO="." -fi - -if $DRYRUN; then - echo 'Dry Run (no key files generated)' -elif [ ! -d "$KEYREPO" ]; then - # Create the key repository if it does not currently exist - mkdir -p "$KEYREPO" -fi - -# Iterate through the key set. K is the index, zero-based. -KLAST=`expr $K + $COUNT` -while [ $K -lt $KLAST ]; do - KEYLABEL="Key `printf \"%02d\" $K`:" - # Epoch of the current key - # (zero for the first key, increments of key lifetime) - # The epoch is in days relative to the inception date of the key set - EPOCH=`expr $LIFE \* $K` - # Activation date in days is the same as the epoch - ACTIVATE=$EPOCH - # Publication date in days relative to the key epoch - PUBLISH=`expr $EPOCH - $LIFE - $INTRO` - # Inactivation date in days relative to the key epoch - INACTIVE=`expr $EPOCH + $LIFE` - # Deletion date in days relative to the key epoch - DELETE=`expr $EPOCH + $LIFE + $RET` - - # ... these values should not precede the key epoch - [ $ACTIVATE -lt 0 ] && ACTIVATE=0 - [ $PUBLISH -lt 0 ] && PUBLISH=0 - [ $INACTIVE -lt 0 ] && INACTIVE=0 - [ $DELETE -lt 0 ] && DELETE=0 - - # Key timing dates in dnssec-keygen format (YYYYMMDD): - # publication, activation, inactivation, deletion - PDATE=`date -d "$INCEP +$PUBLISH day" +%Y%m%d` - ADATE=`date -d "$INCEP +$ACTIVATE day" +%Y%m%d` - IDATE=`date -d "$INCEP +$INACTIVE day" +%Y%m%d` - DDATE=`date -d "$INCEP +$DELETE day" +%Y%m%d` - - # Construct the dnssec-keygen command including all the specified options. - # Suppress key generation progress information, and save the key in - # the $KEYREPO directory. - KEYGENCMD="dnssec-keygen -q$ALGFLAG$BITSFLAG$NSEC3FLAG$KSKFLAG -P $PDATE -A $ADATE -I $IDATE -D $DDATE -K $KEYREPO $ZONE" - echo "$KEYLABEL $KEYGENCMD" - - # Generate the key and retrieve its name - if $DRYRUN; then - KEYNAME="DryRunKey-`printf \"%02d\" $K`" - else - KEYNAME=`$KEYGENCMD` - fi - - # Indicate the key status based on key timing dates relative to today - if [ $TODAY -ge $DDATE ]; then - echo "$KEYLABEL $KEYNAME is obsolete post deletion date." - elif [ $TODAY -ge $IDATE ]; then - echo "$KEYLABEL $KEYNAME is published and inactive prior to deletion date." - elif [ $TODAY -ge $ADATE ]; then - echo "$KEYLABEL $KEYNAME is published and active." - elif [ $TODAY -ge $PDATE ]; then - echo "$KEYLABEL $KEYNAME is published prior to activation date." - else - echo "$KEYLABEL $KEYNAME is pending publication." - fi - - # For published KSKs, generate the required DS records, - # saving them to the file $KEYREPO/DS-$KEYNAME - if $OPTKSK && [ $TODAY -ge $PDATE -a $TODAY -lt $DDATE ]; then - echo "$KEYLABEL $KEYNAME (KSK) requires the publication of DS records in the parent zone." - if $DRYRUN; then - echo "$KEYLABEL No DS-$KEYNAME file created." - else - dnssec-dsfromkey "$KEYREPO/$KEYNAME" > "$KEYREPO/DS-$KEYNAME" - echo "$KEYLABEL See $KEYREPO/DS-$KEYNAME." - fi - fi - K=`expr $K + 1` -done - -exit 0 diff --git a/contrib/scripts/named-bootconf.sh b/contrib/scripts/named-bootconf.sh deleted file mode 100644 index cef5f8af1a..0000000000 --- a/contrib/scripts/named-bootconf.sh +++ /dev/null @@ -1,299 +0,0 @@ -#!/bin/sh -# -# Portions Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -# $NetBSD: named-bootconf.sh,v 1.5 1998/12/15 01:00:53 tron Exp $ -# -# Copyright (c) 1995, 1998 The NetBSD Foundation, Inc. -# All rights reserved. -# -# This code is derived from software contributed to The NetBSD Foundation -# by Matthias Scheler. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS -# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS -# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -if [ ${OPTIONFILE-X} = X ]; then - WORKDIR=/tmp/`date +%s`.$$ - ( umask 077 ; mkdir $WORKDIR ) || { - echo "unable to create work directory '$WORKDIR'" >&2 - exit 1 - } - OPTIONFILE=$WORKDIR/options - ZONEFILE=$WORKDIR/zones - COMMENTFILE=$WORKDIR/comments - export OPTIONFILE ZONEFILE COMMENTFILE - touch $OPTIONFILE $ZONEFILE $COMMENTFILE - DUMP=1 -else - DUMP=0 -fi - -while read CMD ARGS; do - class= - CMD=`echo "${CMD}" | tr '[A-Z]' '[a-z]'` - case $CMD in - \; ) - echo \# $ARGS >>$COMMENTFILE - ;; - cache ) - set - X $ARGS - shift - if [ $# -eq 2 ]; then - (echo "" - cat $COMMENTFILE - echo "zone \"$1\" {" - echo " type hint;" - echo " file \"$2\";" - echo "};") >>$ZONEFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - fi - ;; - directory ) - set - X $ARGS - shift - if [ $# -eq 1 ]; then - (cat $COMMENTFILE - echo " directory \"$1\";") >>$OPTIONFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - - DIRECTORY=$1 - export DIRECTORY - fi - ;; - forwarders ) - (cat $COMMENTFILE - echo " forwarders {" - for ARG in $ARGS; do - echo " $ARG;" - done - echo " };") >>$OPTIONFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - ;; - include ) - if [ "$ARGS" != "" ]; then - (cd ${DIRECTORY-.}; cat $ARGS) | $0 - fi - ;; - limit ) - ARGS=`echo "${ARGS}" | tr '[A-Z]' '[a-z]'` - set - X $ARGS - shift - if [ $# -eq 2 ]; then - cat $COMMENTFILE >>$OPTIONFILE - case $1 in - datasize | files | transfers-in | transfers-per-ns ) - echo " $1 $2;" >>$OPTIONFILE - ;; - esac - rm -f $COMMENTFILE - touch $COMMENTFILE - fi - ;; - options ) - ARGS=`echo "${ARGS}" | tr '[A-Z]' '[a-z]'` - cat $COMMENTFILE >>$OPTIONFILE - for ARG in $ARGS; do - case $ARG in - fake-iquery ) - echo " fake-iquery yes;" >>$OPTIONFILE - ;; - forward-only ) - echo " forward only;" >>$OPTIONFILE - ;; - no-fetch-glue ) - echo " fetch-glue no;" >>$OPTIONFILE - ;; - no-recursion ) - echo " recursion no;" >>$OPTIONFILE - ;; - esac - done - rm -f $COMMENTFILE - touch $COMMENTFILE - ;; - primary|primary/* ) - case $CMD in - primary/chaos ) - class="chaos " - ;; - primary/hs ) - class="hesiod " - ;; - esac - set - X $ARGS - shift - if [ $# -eq 2 ]; then - (echo "" - cat $COMMENTFILE - echo "zone \"$1\" ${class}{" - echo " type master;" - echo " file \"$2\";" - echo "};") >>$ZONEFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - fi - ;; - secondary|secondary/* ) - case $CMD in - secondary/chaos ) - class="chaos " - ;; - secondary/hs ) - class="hesiod " - ;; - esac - set - X $ARGS - shift - if [ $# -gt 2 ]; then - ZONE=$1 - shift - PRIMARIES=$1 - while [ $# -gt 2 ]; do - shift - PRIMARIES="$PRIMARIES $1" - done - (echo "" - cat $COMMENTFILE - echo "zone \"$ZONE\" ${class}{" - echo " type slave;" - echo " file \"$2\";" - echo " masters {" - for PRIMARY in $PRIMARIES; do - echo " $PRIMARY;" - done - echo " };" - echo "};") >>$ZONEFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - fi - ;; - stub|stub/* ) - case $CMD in - stub/chaos ) - class="chaos " - ;; - stub/hs ) - class="hesiod " - ;; - esac - set - X $ARGS - shift - if [ $# -gt 2 ]; then - ZONE=$1 - shift - PRIMARIES=$1 - while [ $# -gt 2 ]; do - shift - PRIMARIES="$PRIMARIES $1" - done - (echo "" - cat $COMMENTFILE - echo "zone \"$ZONE\" ${class}{" - echo " type stub;" - echo " file \"$2\";" - echo " masters {" - for PRIMARY in $PRIMARIES; do - echo " $PRIMARY;" - done - echo " };" - echo "};") >>$ZONEFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - fi - ;; - slave ) - cat $COMMENTFILE >>$OPTIONFILE - echo " forward only;" >>$OPTIONFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - ;; - sortlist ) - (cat $COMMENTFILE - echo " topology {" - for ARG in $ARGS; do - case $ARG in - *.0.0.0 ) - echo " $ARG/8;" - ;; - *.0.0 ) - echo " $ARG/16;" - ;; - *.0 ) - echo " $ARG/24;" - ;; - * ) - echo " $ARG;" - ;; - esac - done - echo " };") >>$OPTIONFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - ;; - tcplist | xfrnets ) - (cat $COMMENTFILE - echo " allow-transfer {" - for ARG in $ARGS; do - case $ARG in - *.0.0.0 ) - echo " $ARG/8;" - ;; - *.0.0 ) - echo " $ARG/16;" - ;; - *.0 ) - echo " $ARG/24;" - ;; - * ) - echo " $ARG;" - ;; - esac - done - echo " };") >>$OPTIONFILE - rm -f $COMMENTFILE - touch $COMMENTFILE - ;; - esac -done - -if [ $DUMP -eq 1 ]; then - echo "" - echo "options {" - cat $OPTIONFILE - echo "};" - cat $ZONEFILE $COMMENTFILE - - rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE - rmdir $WORKDIR -fi - -exit 0 diff --git a/util/copyrights b/util/copyrights index e0b70326eb..2d0d2faf53 100644 --- a/util/copyrights +++ b/util/copyrights @@ -983,8 +983,6 @@ ./contrib/scripts/catzhash.py X 2020,2021 ./contrib/scripts/check-secure-delegation.pl.in PERL 2010,2012,2014,2016,2018,2019,2020 ./contrib/scripts/check5011.pl X 2013,2014,2017,2018,2019,2020,2021 -./contrib/scripts/dnssec-keyset.sh X 2015,2018,2019,2020,2021 -./contrib/scripts/named-bootconf.sh SH.PORTION 1999,2000,2001,2004,2006,2007,2012,2014,2016,2018,2019,2020,2021 ./contrib/scripts/nanny.pl PERL 2000,2001,2004,2007,2012,2014,2016,2018,2019,2020,2021 ./contrib/scripts/zone-edit.sh.in SH 2010,2012,2014,2016,2018,2019,2020 ./dangerfile.py PYTHON 2020,2021