mat813/gen_ds.rb

## gen_ds.rb
#!/usr/bin/env ruby
# frozen_string_literal: true

# ods-ksmutil key export --keystate XXX -t KSK --all | ruby gen_ds.rb

require 'pp'
require 'rubygems'
require 'dnsruby'

module Dnsruby
  class RR
    # Tripoter
    class DS
      # Tripoter le rdata_to_string pour avoir ce dont on a besoin.
      def rdata_to_string
        return '' if @key_tag.nil?
        "#{@key_tag.to_i} #{@algorithm.code} #{@digest_type.code} #{@digest.upcase}"
      end
    end
  end
end

while (line = STDIN.gets)
  next unless line =~ /^[a-z0-9]/

  new_key = Dnsruby::RR::DNSKEY.new_from_string(line)

  new_ds = [1, 2, 4].map { |v| Dnsruby::RR::DS.from_key(new_key, v) }

  new_new_ds = new_ds.map do |d|
    d.ttl = 172_800
    d.to_s
  end

  puts new_new_ds
end

## rollover.sh
#!/bin/sh

if [ "${1}" = "-y" ]
then
	auto=1
	shift
fi

if [ -z "${1}" ]
then
	zones=$(ods-ksmutil key export --keystate ready -t KSK --all | awk '/IN\tDNSKEY/ {print $1}' | sed -e 's/\.$//'|sort)
else
	zones="$*"
fi

if [ -t 0 ]
then
	echo="echo"
	tee="tee"
else
	echo=":"
	tee=":"
	auto=1
fi

numb=$(echo "${zones}"|wc -w)
i=0

for zone in ${zones}
do
	i=$((i+1))
	${echo} '########################################################################'
	printf "#### % 3d/% 3d: %s\n" "${i}" "${numb}" "${zone}"
	${echo} '########################################################################'

	tmpfile=$(mktemp -t rollover)

	# Show active key
	ods-ksmutil key export -z "${zone}" -t KSK -e active 2>/dev/null | ${tee} /dev/null
	# Show ready keys in DNSKEY and DS form.
	ods-ksmutil key export -z "${zone}" -t KSK -e ready 2>/dev/null > "${tmpfile}"
	${tee} /dev/null < "${tmpfile}"
	ruby gen_ds.rb < "${tmpfile}" | ${tee} /dev/null
	${echo}

	key=$(awk '/IN	DNSKEY/ {print $11}' "${tmpfile}")

	if [ -z "${key}" ]
	then
		${echo} "pas de clef en attente"
	else
		${echo} 'NS'
		dig +trace +noall +answer NS "${zone}." | awk '!/^;/ && !/^$/ && !/^\./' | ${tee} /dev/null
		# Get the actual DS and/or DLV records.
		${echo} 'DS'
		dig +trace +noall +answer DS "${zone}." | awk '!/^;/ && !/^$/ && !/^\./' > "${tmpfile}"
		${tee} /dev/null < "${tmpfile}"
		#${echo} 'DLV'
		#dig +noall +answer dlv ${zone}.dlv.isc.org. @dlv.ord.sns-pb.isc.org | ${tee} /dev/null

		if [ ! -z ${auto} ]
		then
			if grep -q "DS[[:space:]]*${key}[[:space:]]" "${tmpfile}"
			then
				${echo} "Finishing rollover for ${zone} with ${key}."
				ods-ksmutil key ds-seen -l -z "${zone}" -x "${key}"
			fi
		else
			read -r -p "Finish rollover for ${zone} with ${key} ? [y/N] : " yes

			case ${yes} in
				[yY])
					${echo}

					ods-ksmutil key ds-seen -l -z "${zone}" -x "${key}"

					${echo}
			esac
		fi
	fi

	rm -f "${tmpfile}"
done
	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# ods-ksmutil key export --keystate XXX -t KSK --all \| ruby gen_ds.rb

	require 'pp'
	require 'rubygems'
	require 'dnsruby'

	module Dnsruby
	class RR
	# Tripoter
	class DS
	# Tripoter le rdata_to_string pour avoir ce dont on a besoin.
	def rdata_to_string
	return '' if @key_tag.nil?
	"#{@key_tag.to_i} #{@algorithm.code} #{@digest_type.code} #{@digest.upcase}"
	end
	end
	end
	end

	while (line = STDIN.gets)
	next unless line =~ /^[a-z0-9]/

	new_key = Dnsruby::RR::DNSKEY.new_from_string(line)

	new_ds = [1, 2, 4].map { \|v\| Dnsruby::RR::DS.from_key(new_key, v) }

	new_new_ds = new_ds.map do \|d\|
	d.ttl = 172_800
	d.to_s
	end

	puts new_new_ds
	end
	#!/bin/sh

	if [ "${1}" = "-y" ]
	then
	auto=1
	shift
	fi

	if [ -z "${1}" ]
	then
	zones=$(ods-ksmutil key export --keystate ready -t KSK --all \| awk '/IN\tDNSKEY/ {print $1}' \| sed -e 's/\.$//'\|sort)
	else
	zones="$*"
	fi

	if [ -t 0 ]
	then
	echo="echo"
	tee="tee"
	else
	echo=":"
	tee=":"
	auto=1
	fi

	numb=$(echo "${zones}"\|wc -w)
	i=0

	for zone in ${zones}
	do
	i=$((i+1))
	${echo} '########################################################################'
	printf "#### % 3d/% 3d: %s\n" "${i}" "${numb}" "${zone}"
	${echo} '########################################################################'

	tmpfile=$(mktemp -t rollover)

	# Show active key
	ods-ksmutil key export -z "${zone}" -t KSK -e active 2>/dev/null \| ${tee} /dev/null
	# Show ready keys in DNSKEY and DS form.
	ods-ksmutil key export -z "${zone}" -t KSK -e ready 2>/dev/null > "${tmpfile}"
	${tee} /dev/null < "${tmpfile}"
	ruby gen_ds.rb < "${tmpfile}" \| ${tee} /dev/null
	${echo}

	key=$(awk '/IN DNSKEY/ {print $11}' "${tmpfile}")

	if [ -z "${key}" ]
	then
	${echo} "pas de clef en attente"
	else
	${echo} 'NS'
	dig +trace +noall +answer NS "${zone}." \| awk '!/^;/ && !/^$/ && !/^\./' \| ${tee} /dev/null
	# Get the actual DS and/or DLV records.
	${echo} 'DS'
	dig +trace +noall +answer DS "${zone}." \| awk '!/^;/ && !/^$/ && !/^\./' > "${tmpfile}"
	${tee} /dev/null < "${tmpfile}"
	#${echo} 'DLV'
	#dig +noall +answer dlv ${zone}.dlv.isc.org. @dlv.ord.sns-pb.isc.org \| ${tee} /dev/null

	if [ ! -z ${auto} ]
	then
	if grep -q "DS[[:space:]]*${key}[[:space:]]" "${tmpfile}"
	then
	${echo} "Finishing rollover for ${zone} with ${key}."
	ods-ksmutil key ds-seen -l -z "${zone}" -x "${key}"
	fi
	else
	read -r -p "Finish rollover for ${zone} with ${key} ? [y/N] : " yes

	case ${yes} in
	[yY])
	${echo}

	ods-ksmutil key ds-seen -l -z "${zone}" -x "${key}"

	${echo}
	esac
	fi
	fi

	rm -f "${tmpfile}"
	done