blob: 425a7e931ec202baa9c69828721c8ee79ece31cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dnssec-root
pkgver=20100715
pkgrel=2
pkgdesc="The DNSSEC root key(s)"
url="https://www.iana.org/dnssec/"
arch="noarch"
license="public-domain"
depends=""
makedepends="libxslt gnupg openssl"
install=""
subpackages=""
source="https://data.iana.org/root-anchors/icann.pgp
https://data.iana.org/root-anchors/Kjqmt7v.csr
https://data.iana.org/root-anchors/root-anchors.asc
anchors2ds.xsl
"
# http://permalink.gmane.org/gmane.network.dns.unbound.user/1039
_builddir="$srcdir"/build
_dnssecdir="usr/share/dnssec"
prepare() {
mkdir -p "$_builddir"
cd "$_builddir"
# curl https://data.iana.org/root-anchors/root-anchors.xml
cat >root-anchors.xml<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<TrustAnchor id="AD42165F-3B1A-4778-8F42-D34A1D41FD93" source="http://data.iana.org/root-anchors/root-anchors.xml">
<Zone>.</Zone>
<KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00">
<KeyTag>19036</KeyTag>
<Algorithm>8</Algorithm>
<DigestType>2</DigestType>
<Digest>49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5</Digest>
</KeyDigest>
</TrustAnchor>
EOF
(
export GNUPGHOME="$_builddir"/gpg
install -d -m 700 "$GNUPGHOME"
gpg --import "$srcdir"/icann.pgp || exit 1
gpg --verify "$srcdir"/root-anchors.asc \
root-anchors.xml
) || return 1
# the cert in p7s file expired:
# curl http://data.iana.org/root-anchors/root-anchors.p7s \
# | openssl pkcs7 -inform DER -print_certs \
# | openssl x509 -noout -text \
# | grep 'Not After'
# Not After : Jun 28 22:32:16 2014 GMT
# openssl smime -verify -content "$srcdir"/root-anchors-$pkgver.xml \
# -in "$srcdir"/root-anchors.p7s -inform der \
# -CAfile "$srcdir"/icannbundle.pem \
# || return 1
}
build() {
cd "$_builddir"
xsltproc -o root-anchors.txt "$srcdir"/anchors2ds.xsl root-anchors.xml
}
package() {
cd "$_builddir"
mkdir -p "$pkgdir"/$_dnssecdir
install root-anchors.xml root-anchors.txt "$srcdir"/Kjqmt7v.csr \
"$pkgdir"/$_dnssecdir || return 1
}
md5sums="041a789ee96301623d3e66e4d52c8a0b icann.pgp
427766bf91c674c4f0469ed363f207a8 Kjqmt7v.csr
a5612e1b84a75c29b642b9342286c511 root-anchors.asc
1043c559c923279600a6da395b794597 anchors2ds.xsl"
sha256sums="3e9beaaf9bbd1fe78a0d104230cbc04d544e833a2dc6b982992f74a4860a9ae8 icann.pgp
401120c1721ba100b2d9abf2d01332399535ba0f9c71dbd9f97232c5ebd608d2 Kjqmt7v.csr
5bffcac53f810c5fb1e1baf543e2de2f10ec99d7f7cddb5f1e47b1e58cf34cfa root-anchors.asc
2cc436e29e5bfd39c055390045a4c14dfae517ebdad79002983756a508a15e8f anchors2ds.xsl"
sha512sums="5fba8334850f2ae753f4f8a30d1e6c62abc341ece2dc83df4bc0f6db2b91ae68942c0d2a38eab3d33b5b91640cd1cf0970777225c15d5f961884c00077d539a2 icann.pgp
8e47be5054bbb801cb914d94a6f0d1e6b9b2eba387714f011f118bf8af6dacfe24a2dec80525ad005c545fa15fd8413cf90615e6d5c50d7925daa4aefff77112 Kjqmt7v.csr
e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913 root-anchors.asc
5b496d8f7fcb6a1241d889221f539b68485fea356feec13a94329b0807768c543c828c2821567f59d6a56931a6b2ea22827e49a1527582e3dda844d61c28b198 anchors2ds.xsl"
|