aboutsummaryrefslogtreecommitdiffstats
path: root/main/dnssec-root/APKBUILD
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-11-07 08:42:07 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-11-07 08:47:14 +0000
commite31901843cc809958cd4680e3e721f4c6c2f57da (patch)
tree00d945cdca6ab26accc5ef17b60504360205775d /main/dnssec-root/APKBUILD
parent0aee83145a3a06dd920507deb6621e2b77a61500 (diff)
downloadaports-e31901843cc809958cd4680e3e721f4c6c2f57da.tar.bz2
aports-e31901843cc809958cd4680e3e721f4c6c2f57da.tar.xz
main/dnssec-root: embed root-anchors.xml in APKBUILD
- use https for signature and pgp key - use gnupg2
Diffstat (limited to 'main/dnssec-root/APKBUILD')
-rw-r--r--main/dnssec-root/APKBUILD69
1 files changed, 43 insertions, 26 deletions
diff --git a/main/dnssec-root/APKBUILD b/main/dnssec-root/APKBUILD
index 7f76f868fa..425a7e931e 100644
--- a/main/dnssec-root/APKBUILD
+++ b/main/dnssec-root/APKBUILD
@@ -2,24 +2,18 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dnssec-root
pkgver=20100715
-pkgrel=1
+pkgrel=2
pkgdesc="The DNSSEC root key(s)"
url="https://www.iana.org/dnssec/"
arch="noarch"
license="public-domain"
depends=""
-makedepends="libxslt gnupg1 openssl"
+makedepends="libxslt gnupg openssl"
install=""
subpackages=""
-source="saveas-http://data.iana.org/root-anchors/root-anchors.xml/root-anchors-$pkgver.xml
- http://data.iana.org/root-anchors/Kjqmt7v.csr
-
- http://data.iana.org/root-anchors/Kjqmt7v.crt
- http://data.iana.org/root-anchors/root-anchors.p7s
- http://data.iana.org/root-anchors/root-anchors.asc
- http://data.iana.org/root-anchors/icannbundle.pem
- http://data.iana.org/root-anchors/icann.pgp
-
+source="https://data.iana.org/root-anchors/icann.pgp
+ https://data.iana.org/root-anchors/Kjqmt7v.csr
+ https://data.iana.org/root-anchors/root-anchors.asc
anchors2ds.xsl
"
@@ -29,25 +23,46 @@ _builddir="$srcdir"/build
_dnssecdir="usr/share/dnssec"
prepare() {
mkdir -p "$_builddir"
+ cd "$_builddir"
+
+ # curl https://data.iana.org/root-anchors/root-anchors.xml
+ cat >root-anchors.xml<<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<TrustAnchor id="AD42165F-3B1A-4778-8F42-D34A1D41FD93" source="http://data.iana.org/root-anchors/root-anchors.xml">
+<Zone>.</Zone>
+<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00">
+<KeyTag>19036</KeyTag>
+<Algorithm>8</Algorithm>
+<DigestType>2</DigestType>
+<Digest>49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5</Digest>
+</KeyDigest>
+</TrustAnchor>
+EOF
(
export GNUPGHOME="$_builddir"/gpg
install -d -m 700 "$GNUPGHOME"
gpg --import "$srcdir"/icann.pgp || exit 1
gpg --verify "$srcdir"/root-anchors.asc \
- "$srcdir"/root-anchors-$pkgver.xml
+ root-anchors.xml
) || return 1
- openssl smime -verify -content "$srcdir"/root-anchors-$pkgver.xml \
- -in "$srcdir"/root-anchors.p7s -inform der \
- -CAfile "$srcdir"/icannbundle.pem \
- || return 1
+# the cert in p7s file expired:
+# curl http://data.iana.org/root-anchors/root-anchors.p7s \
+# | openssl pkcs7 -inform DER -print_certs \
+# | openssl x509 -noout -text \
+# | grep 'Not After'
+# Not After : Jun 28 22:32:16 2014 GMT
+
+# openssl smime -verify -content "$srcdir"/root-anchors-$pkgver.xml \
+# -in "$srcdir"/root-anchors.p7s -inform der \
+# -CAfile "$srcdir"/icannbundle.pem \
+# || return 1
}
build() {
cd "$_builddir"
- xsltproc -o root-anchors.txt "$srcdir"/anchors2ds.xsl \
- "$srcdir"/root-anchors-$pkgver.xml
+ xsltproc -o root-anchors.txt "$srcdir"/anchors2ds.xsl root-anchors.xml
}
@@ -55,17 +70,19 @@ build() {
package() {
cd "$_builddir"
mkdir -p "$pkgdir"/$_dnssecdir
- install root-anchors.txt "$srcdir"/Kjqmt7v.csr \
+ install root-anchors.xml root-anchors.txt "$srcdir"/Kjqmt7v.csr \
"$pkgdir"/$_dnssecdir || return 1
- install "$srcdir"/root-anchors-$pkgver.xml \
- "$pkgdir"/$_dnssecdir/root-anchors.xml
}
-md5sums="69e6f9b67e92fbc952d488cc6f67198f root-anchors-20100715.xml
+md5sums="041a789ee96301623d3e66e4d52c8a0b icann.pgp
427766bf91c674c4f0469ed363f207a8 Kjqmt7v.csr
-27bbd7b1e0b0381adddc33da2bfb3241 Kjqmt7v.crt
-4a6eaf38469abd82df5ce3832962ab4f root-anchors.p7s
a5612e1b84a75c29b642b9342286c511 root-anchors.asc
-59774aba58dbde1049bdf4722fb4f02c icannbundle.pem
-041a789ee96301623d3e66e4d52c8a0b icann.pgp
1043c559c923279600a6da395b794597 anchors2ds.xsl"
+sha256sums="3e9beaaf9bbd1fe78a0d104230cbc04d544e833a2dc6b982992f74a4860a9ae8 icann.pgp
+401120c1721ba100b2d9abf2d01332399535ba0f9c71dbd9f97232c5ebd608d2 Kjqmt7v.csr
+5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa root-anchors.asc
+2cc436e29e5bfd39c055390045a4c14dfae517ebdad79002983756a508a15e8f anchors2ds.xsl"
+sha512sums="5fba8334850f2ae753f4f8a30d1e6c62abc341ece2dc83df4bc0f6db2b91ae68942c0d2a38eab3d33b5b91640cd1cf0970777225c15d5f961884c00077d539a2 icann.pgp
+8e47be5054bbb801cb914d94a6f0d1e6b9b2eba387714f011f118bf8af6dacfe24a2dec80525ad005c545fa15fd8413cf90615e6d5c50d7925daa4aefff77112 Kjqmt7v.csr
+e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913 root-anchors.asc
+5b496d8f7fcb6a1241d889221f539b68485fea356feec13a94329b0807768c543c828c2821567f59d6a56931a6b2ea22827e49a1527582e3dda844d61c28b198 anchors2ds.xsl"
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 04:48:26 +0000