45afdb2672
4594. [func] dnssec-keygen no longer uses RSASHA1 by default; the signing algorithm must be specified on the command line with the "-a" option. Signing scripts that rely on the existing default behavior will break; use "dnssec-keygen -a RSASHA1" to repair them. (The goal of this change is to make it easier to find scripts using RSASHA1 so they can be changed in the event of that algorithm being deprecated in the future.) [RT #44755]
29 lines
904 B
Bash
29 lines
904 B
Bash
#!/bin/sh
|
|
#
|
|
# Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
SYSTEMTESTTOP=..
|
|
. $SYSTEMTESTTOP/conf.sh
|
|
|
|
$SHELL clean.sh
|
|
|
|
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
|
|
|
$SHELL ../genzone.sh 1 > ns1/master.db
|
|
$SHELL ../genzone.sh 1 > ns1/duplicate.db
|
|
cp bigserial.db ns1/
|
|
cd ns1
|
|
touch master.db.signed
|
|
echo '$INCLUDE "master.db.signed"' >> master.db
|
|
$KEYGEN -r $RANDFILE -a rsasha256 -q master.example > /dev/null 2>&1
|
|
$KEYGEN -r $RANDFILE -a rsasha256 -qfk master.example > /dev/null 2>&1
|
|
$SIGNER -SD -o master.example master.db > /dev/null \
|
|
2> signer.err || cat signer.err
|
|
echo '$INCLUDE "soa.db"' > reload.db
|
|
echo '@ 0 NS .' >> reload.db
|
|
echo '@ 0 SOA . . 1 0 0 0 0' > soa.db
|