aboutsummaryrefslogtreecommitdiffstats
path: root/main/dnssec-root/APKBUILD
blob: 425a7e931ec202baa9c69828721c8ee79ece31cc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dnssec-root
pkgver=20100715
pkgrel=2
pkgdesc="The DNSSEC root key(s)"
url="https://www.iana.org/dnssec/"
arch="noarch"
license="public-domain"
depends=""
makedepends="libxslt gnupg openssl"
install=""
subpackages=""
source="https://data.iana.org/root-anchors/icann.pgp
	https://data.iana.org/root-anchors/Kjqmt7v.csr
	https://data.iana.org/root-anchors/root-anchors.asc
	anchors2ds.xsl
	"

# http://permalink.gmane.org/gmane.network.dns.unbound.user/1039

_builddir="$srcdir"/build
_dnssecdir="usr/share/dnssec"
prepare() {
	mkdir -p "$_builddir"
	cd "$_builddir"

	# curl https://data.iana.org/root-anchors/root-anchors.xml
	cat >root-anchors.xml<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<TrustAnchor id="AD42165F-3B1A-4778-8F42-D34A1D41FD93" source="http://data.iana.org/root-anchors/root-anchors.xml">
<Zone>.</Zone>
<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00">
<KeyTag>19036</KeyTag>
<Algorithm>8</Algorithm>
<DigestType>2</DigestType>
<Digest>49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5</Digest>
</KeyDigest>
</TrustAnchor>
EOF

	(
		export GNUPGHOME="$_builddir"/gpg
		install -d -m 700 "$GNUPGHOME"
		gpg --import "$srcdir"/icann.pgp || exit 1
		gpg --verify "$srcdir"/root-anchors.asc \
			root-anchors.xml
	) || return 1

# the cert in p7s file expired:
# curl http://data.iana.org/root-anchors/root-anchors.p7s \
#	| openssl pkcs7 -inform DER -print_certs \
#	| openssl x509 -noout -text \
#	| grep 'Not After'
# Not After : Jun 28 22:32:16 2014 GMT

#	openssl smime  -verify -content "$srcdir"/root-anchors-$pkgver.xml \
#		-in "$srcdir"/root-anchors.p7s -inform der \
#		-CAfile "$srcdir"/icannbundle.pem \
#		|| return 1
}

build() {
	cd "$_builddir"
	xsltproc -o root-anchors.txt "$srcdir"/anchors2ds.xsl root-anchors.xml


}

package() {
	cd "$_builddir"
	mkdir -p "$pkgdir"/$_dnssecdir
	install root-anchors.xml root-anchors.txt "$srcdir"/Kjqmt7v.csr \
		"$pkgdir"/$_dnssecdir || return 1
}

md5sums="041a789ee96301623d3e66e4d52c8a0b  icann.pgp
427766bf91c674c4f0469ed363f207a8  Kjqmt7v.csr
a5612e1b84a75c29b642b9342286c511  root-anchors.asc
1043c559c923279600a6da395b794597  anchors2ds.xsl"
sha256sums="3e9beaaf9bbd1fe78a0d104230cbc04d544e833a2dc6b982992f74a4860a9ae8  icann.pgp
401120c1721ba100b2d9abf2d01332399535ba0f9c71dbd9f97232c5ebd608d2  Kjqmt7v.csr
5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa  root-anchors.asc
2cc436e29e5bfd39c055390045a4c14dfae517ebdad79002983756a508a15e8f  anchors2ds.xsl"
sha512sums="5fba8334850f2ae753f4f8a30d1e6c62abc341ece2dc83df4bc0f6db2b91ae68942c0d2a38eab3d33b5b91640cd1cf0970777225c15d5f961884c00077d539a2  icann.pgp
8e47be5054bbb801cb914d94a6f0d1e6b9b2eba387714f011f118bf8af6dacfe24a2dec80525ad005c545fa15fd8413cf90615e6d5c50d7925daa4aefff77112  Kjqmt7v.csr
e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913  root-anchors.asc
5b496d8f7fcb6a1241d889221f539b68485fea356feec13a94329b0807768c543c828c2821567f59d6a56931a6b2ea22827e49a1527582e3dda844d61c28b198  anchors2ds.xsl"