diff options
Diffstat (limited to 'net-dns/dnssec-root')
| -rw-r--r-- | net-dns/dnssec-root/Manifest | 4 | ||||
| -rw-r--r-- | net-dns/dnssec-root/dnssec-root-20210902.ebuild | 81 |
2 files changed, 85 insertions, 0 deletions
diff --git a/net-dns/dnssec-root/Manifest b/net-dns/dnssec-root/Manifest index 5e00eda5db9a..25f7651e6f7b 100644 --- a/net-dns/dnssec-root/Manifest +++ b/net-dns/dnssec-root/Manifest @@ -1,5 +1,9 @@ DIST icannbundle-20181220.pem 13026 BLAKE2B 36f760c69e8e22036d7d927071be25508b6906838f0f468900385d5a3b9ce301c5688f9bdcab471abc5445a14bfbbe34ecb39ca131b01d9e6bbebcc3f1481241 SHA512 6a8b8bec6d104d31253a8acafc1694a095714537a39a4dc53a379ac900c83715f85d75ea7322de430557691ff31ec95ae5104f47b050da3568dd68377c2d5767 +DIST icannbundle-20210902.pem 1261 BLAKE2B cc21c2066478c3385528a0b4635d324b2033f9d2c939c4d7176bdd42ba6e606a23036326036c82c665db64bec13783347d4ff0830807f431830ccf22ddbc7f58 SHA512 c749bf4649480f2ddaa2ee0622a104c56c858e10e8c8768307ef24ca0000c7afe120837bedc61dee1eda302273040cb61060298dceed8dd6e83904f953e3f3f5 DIST root-anchors-20181220.p7s 4182 BLAKE2B 3d7d881f5ef066a3ff937cf638941f783e9b65834a13ba0efce766b59e8f469826718cea9e8968ca64e216b7ef1f1b4d7b73c3110ff2d65667a28e071cd52859 SHA512 af96358bbb7847fe7c30452f566771480a38a99f192775168ab8672332381958ffa6d2f4870f539e3957b6ecf62e0e3a80b1cffbd579beb3be6941ffba3f6fa9 DIST root-anchors-20181220.xml 690 BLAKE2B 548fd62073542f527e0b05c09ed1e668baafbb3cf7ca8afd1a32b67dd43d8958cef5005729c1bc11c2b1d0ddea48ca4db69a10b049f2e8a05536b93fff15e911 SHA512 e3adfaa4f8c9751599b8062787f4c3a81d3fa1478411f138f227c0cc972c7262bcf85578d333d36352da3628211b7d8ec4416528814a8937078dc393ce195f32 +DIST root-anchors-20210902.p7s 2551 BLAKE2B 2a079bf36d77a7cc480c197700bfb3f06bbc67f0cc2937954793fab1f4fee5fff4477ceb028a8796a5cb41c0fb1369df7df45b33410f78b03cb18794ddd564df SHA512 3d57446cc145081841ced6cda3ecff8fba1de5123f116d580cd3ea33011e26ad9dc790281590a06f68e551e22fef45aa2408a4e2ea80e35ec0a642454b45ca0d +DIST root-anchors-20210902.xml 690 BLAKE2B 548fd62073542f527e0b05c09ed1e668baafbb3cf7ca8afd1a32b67dd43d8958cef5005729c1bc11c2b1d0ddea48ca4db69a10b049f2e8a05536b93fff15e911 SHA512 e3adfaa4f8c9751599b8062787f4c3a81d3fa1478411f138f227c0cc972c7262bcf85578d333d36352da3628211b7d8ec4416528814a8937078dc393ce195f32 EBUILD dnssec-root-20181220-r1.ebuild 2798 BLAKE2B 109ee1c0e3f3476c56ecbf0ba74619cbc2e0133231d9f995d9c0789b8abbc6a856f41463ae8254a08b7139b48aad3446c087b7757fc4f7899f9b9f7cfd291ddd SHA512 47683cd914620700672b74339cd6f9422f9c24a0d55f82cb172c057e9360b4442afa7eedb7e983a04415aba64801dea5f6a022c1b079127c6208a2a84c7ce942 +EBUILD dnssec-root-20210902.ebuild 2862 BLAKE2B c4f100a9327004e540662ef6ab0c8c2c56c04af44b964af30d969edd1a4b8962937d984946017180b3343b450f0847c6a8e2b0a0aaf199e554044ef7548723d1 SHA512 ca3a6d9618fddaa2a7771db8f480eb7bd414aea67adf547b34c08c318af0b8671abc5cfa6da3d125af0baae756bc2029ecd847f1c89442476170105fbf61e9f0 MISC metadata.xml 251 BLAKE2B c4b2c58fbe476fa27226d01a46b74c9506d938c1e14fe68ccbee1383f683d357ff87a3c1aacee177b7f3908333cd58540e446bc73ed8258359481c4b507c155e SHA512 f113d652bc4a2cded17c6fc788d425f8a5d1fac17709b4f0583c7d530cbba5093c4309d2539d169f733d8e8bff3c0e71e24ffe4ba6a81ebd5bab23191c0e4278 diff --git a/net-dns/dnssec-root/dnssec-root-20210902.ebuild b/net-dns/dnssec-root/dnssec-root-20210902.ebuild new file mode 100644 index 000000000000..0bf32c583d2f --- /dev/null +++ b/net-dns/dnssec-root/dnssec-root-20210902.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +DESCRIPTION="The DNSSEC root key(s)" +HOMEPAGE="https://www.iana.org/dnssec/" +# check https://data.iana.org/root-anchors/ foro updates! +SRC_URI="https://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-${PV}.xml + https://data.iana.org/root-anchors/root-anchors.p7s -> root-anchors-${PV}.p7s + https://data.iana.org/root-anchors/icannbundle.pem -> icannbundle-${PV}.pem" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-macos" +IUSE="" + +BDEPEND=">=dev-perl/XML-XPath-1.420.0" +DEPEND="" + +src_unpack() { + mkdir "${S}" || die + + cp -t "${S}" "${DISTDIR}"/root-anchors-${PV}.{p7s,xml} "${DISTDIR}"/icannbundle-${PV}.pem || die +} + +src_prepare() { + mv root-anchors-${PV}.xml root-anchors.xml || die + mv root-anchors-${PV}.p7s root-anchors.p7s || die + mv icannbundle-${PV}.pem icannbundle.pem || die + + if has_version "dev-libs/openssl" ; then + # Signature validating is optional: + # - We are already downloading SRC, signature file & CA from same URI + # - We store checksums for distfiles + einfo "dev-libs/openssl is available, will validate signature of root-anchors.xml" + openssl smime -verify \ + -content root-anchors.xml \ + -in root-anchors.p7s -inform der \ + -CAfile icannbundle.pem \ + -noverify || die "OpenSSL S/Mime verify failed" + else + einfo "dev-libs/openssl is not available, skipping optional validation root-anchors.xml" + fi + + default +} + +src_compile() { + local KEYTAGS="" ALGORITHMS="" DIGESTTYPES="" DIGESTS="" i=1 + + KEYTAGS=$(xpath -q -e '/TrustAnchor/KeyDigest/KeyTag/node()' root-anchors.xml) + ALGORITHMS=$(xpath -q -e '/TrustAnchor/KeyDigest/Algorithm/node()' root-anchors.xml) + DIGESTTYPES=$(xpath -q -e '/TrustAnchor/KeyDigest/DigestType/node()' root-anchors.xml) + DIGESTS=$(xpath -q -e '/TrustAnchor/KeyDigest/Digest/node()' root-anchors.xml) + while [ 1 ] ; do + KEYTAG=$(echo ${KEYTAGS} | cut -d" " -f$i) + [[ "${KEYTAG}" != "" ]] || break + + ALGORITHM=$(echo ${ALGORITHMS} | cut -d" " -f$i) + [[ "${ALGORITHM}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing algorithm" + + DIGESTTYPE=$(echo ${DIGESTTYPES} | cut -d" " -f$i) + [[ "${DIGESTTYPE}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest type" + + DIGEST=$(echo ${DIGESTS} | cut -d" " -f$i) + [[ "${DIGEST}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest" + + echo ". IN DS $KEYTAG $ALGORITHM $DIGESTTYPE $DIGEST" >> root-anchors.txt + i=`expr $i + 1` + done + + if [[ ! -s "root-anchors.txt" ]] ; then + die "Sanity check failed: root-anchors.txt is empty or does not exist!" + fi +} + +src_install() { + insinto /etc/dnssec + doins root-anchors.{p7s,txt,xml} icannbundle.pem +} |