From: "Marc Schiffbauer" <mschiff@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/dnssec-root/
Date: Thu, 10 Nov 2022 00:35:39 +0000 (UTC) [thread overview]
Message-ID: <1668040530.d7d3e1a3f72e278bbb37c64400ea906553d207b8.mschiff@gentoo> (raw)
commit: d7d3e1a3f72e278bbb37c64400ea906553d207b8
Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 10 00:34:30 2022 +0000
Commit: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
CommitDate: Thu Nov 10 00:35:30 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7d3e1a3
net-dns/dnssec-root: add 20210902
Closes: https://bugs.gentoo.org/870358
Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org>
net-dns/dnssec-root/Manifest | 3 +
net-dns/dnssec-root/dnssec-root-20210902.ebuild | 81 +++++++++++++++++++++++++
2 files changed, 84 insertions(+)
diff --git a/net-dns/dnssec-root/Manifest b/net-dns/dnssec-root/Manifest
index e45aebf827d8..4fdc207de438 100644
--- a/net-dns/dnssec-root/Manifest
+++ b/net-dns/dnssec-root/Manifest
@@ -1,3 +1,6 @@
DIST icannbundle-20181220.pem 13026 BLAKE2B 36f760c69e8e22036d7d927071be25508b6906838f0f468900385d5a3b9ce301c5688f9bdcab471abc5445a14bfbbe34ecb39ca131b01d9e6bbebcc3f1481241 SHA512 6a8b8bec6d104d31253a8acafc1694a095714537a39a4dc53a379ac900c83715f85d75ea7322de430557691ff31ec95ae5104f47b050da3568dd68377c2d5767
+DIST icannbundle-20210902.pem 1261 BLAKE2B cc21c2066478c3385528a0b4635d324b2033f9d2c939c4d7176bdd42ba6e606a23036326036c82c665db64bec13783347d4ff0830807f431830ccf22ddbc7f58 SHA512 c749bf4649480f2ddaa2ee0622a104c56c858e10e8c8768307ef24ca0000c7afe120837bedc61dee1eda302273040cb61060298dceed8dd6e83904f953e3f3f5
DIST root-anchors-20181220.p7s 4182 BLAKE2B 3d7d881f5ef066a3ff937cf638941f783e9b65834a13ba0efce766b59e8f469826718cea9e8968ca64e216b7ef1f1b4d7b73c3110ff2d65667a28e071cd52859 SHA512 af96358bbb7847fe7c30452f566771480a38a99f192775168ab8672332381958ffa6d2f4870f539e3957b6ecf62e0e3a80b1cffbd579beb3be6941ffba3f6fa9
DIST root-anchors-20181220.xml 690 BLAKE2B 548fd62073542f527e0b05c09ed1e668baafbb3cf7ca8afd1a32b67dd43d8958cef5005729c1bc11c2b1d0ddea48ca4db69a10b049f2e8a05536b93fff15e911 SHA512 e3adfaa4f8c9751599b8062787f4c3a81d3fa1478411f138f227c0cc972c7262bcf85578d333d36352da3628211b7d8ec4416528814a8937078dc393ce195f32
+DIST root-anchors-20210902.p7s 2551 BLAKE2B 2a079bf36d77a7cc480c197700bfb3f06bbc67f0cc2937954793fab1f4fee5fff4477ceb028a8796a5cb41c0fb1369df7df45b33410f78b03cb18794ddd564df SHA512 3d57446cc145081841ced6cda3ecff8fba1de5123f116d580cd3ea33011e26ad9dc790281590a06f68e551e22fef45aa2408a4e2ea80e35ec0a642454b45ca0d
+DIST root-anchors-20210902.xml 690 BLAKE2B 548fd62073542f527e0b05c09ed1e668baafbb3cf7ca8afd1a32b67dd43d8958cef5005729c1bc11c2b1d0ddea48ca4db69a10b049f2e8a05536b93fff15e911 SHA512 e3adfaa4f8c9751599b8062787f4c3a81d3fa1478411f138f227c0cc972c7262bcf85578d333d36352da3628211b7d8ec4416528814a8937078dc393ce195f32
diff --git a/net-dns/dnssec-root/dnssec-root-20210902.ebuild b/net-dns/dnssec-root/dnssec-root-20210902.ebuild
new file mode 100644
index 000000000000..0bf32c583d2f
--- /dev/null
+++ b/net-dns/dnssec-root/dnssec-root-20210902.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+DESCRIPTION="The DNSSEC root key(s)"
+HOMEPAGE="https://www.iana.org/dnssec/"
+# check https://data.iana.org/root-anchors/ foro updates!
+SRC_URI="https://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-${PV}.xml
+ https://data.iana.org/root-anchors/root-anchors.p7s -> root-anchors-${PV}.p7s
+ https://data.iana.org/root-anchors/icannbundle.pem -> icannbundle-${PV}.pem"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-macos"
+IUSE=""
+
+BDEPEND=">=dev-perl/XML-XPath-1.420.0"
+DEPEND=""
+
+src_unpack() {
+ mkdir "${S}" || die
+
+ cp -t "${S}" "${DISTDIR}"/root-anchors-${PV}.{p7s,xml} "${DISTDIR}"/icannbundle-${PV}.pem || die
+}
+
+src_prepare() {
+ mv root-anchors-${PV}.xml root-anchors.xml || die
+ mv root-anchors-${PV}.p7s root-anchors.p7s || die
+ mv icannbundle-${PV}.pem icannbundle.pem || die
+
+ if has_version "dev-libs/openssl" ; then
+ # Signature validating is optional:
+ # - We are already downloading SRC, signature file & CA from same URI
+ # - We store checksums for distfiles
+ einfo "dev-libs/openssl is available, will validate signature of root-anchors.xml"
+ openssl smime -verify \
+ -content root-anchors.xml \
+ -in root-anchors.p7s -inform der \
+ -CAfile icannbundle.pem \
+ -noverify || die "OpenSSL S/Mime verify failed"
+ else
+ einfo "dev-libs/openssl is not available, skipping optional validation root-anchors.xml"
+ fi
+
+ default
+}
+
+src_compile() {
+ local KEYTAGS="" ALGORITHMS="" DIGESTTYPES="" DIGESTS="" i=1
+
+ KEYTAGS=$(xpath -q -e '/TrustAnchor/KeyDigest/KeyTag/node()' root-anchors.xml)
+ ALGORITHMS=$(xpath -q -e '/TrustAnchor/KeyDigest/Algorithm/node()' root-anchors.xml)
+ DIGESTTYPES=$(xpath -q -e '/TrustAnchor/KeyDigest/DigestType/node()' root-anchors.xml)
+ DIGESTS=$(xpath -q -e '/TrustAnchor/KeyDigest/Digest/node()' root-anchors.xml)
+ while [ 1 ] ; do
+ KEYTAG=$(echo ${KEYTAGS} | cut -d" " -f$i)
+ [[ "${KEYTAG}" != "" ]] || break
+
+ ALGORITHM=$(echo ${ALGORITHMS} | cut -d" " -f$i)
+ [[ "${ALGORITHM}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing algorithm"
+
+ DIGESTTYPE=$(echo ${DIGESTTYPES} | cut -d" " -f$i)
+ [[ "${DIGESTTYPE}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest type"
+
+ DIGEST=$(echo ${DIGESTS} | cut -d" " -f$i)
+ [[ "${DIGEST}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest"
+
+ echo ". IN DS $KEYTAG $ALGORITHM $DIGESTTYPE $DIGEST" >> root-anchors.txt
+ i=`expr $i + 1`
+ done
+
+ if [[ ! -s "root-anchors.txt" ]] ; then
+ die "Sanity check failed: root-anchors.txt is empty or does not exist!"
+ fi
+}
+
+src_install() {
+ insinto /etc/dnssec
+ doins root-anchors.{p7s,txt,xml} icannbundle.pem
+}
next reply other threads:[~2022-11-10 0:35 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-10 0:35 Marc Schiffbauer [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-08-02 8:15 [gentoo-commits] repo/gentoo:master commit in: net-dns/dnssec-root/ Marc Schiffbauer
2024-06-20 20:35 Arthur Zamarin
2024-06-20 10:16 Arthur Zamarin
2024-06-20 10:16 Arthur Zamarin
2024-06-20 7:29 Sam James
2024-06-20 7:27 Sam James
2024-06-19 19:43 Arthur Zamarin
2023-06-03 6:02 WANG Xuerui
2022-11-02 5:11 Jakov Smolić
2022-01-25 21:25 Sam James
2021-11-08 15:14 Thomas Deutschmann
2020-07-23 12:47 Kent Fredric
2019-11-30 1:52 Thomas Deutschmann
2019-11-30 1:45 Thomas Deutschmann
2019-03-13 22:58 Thomas Deutschmann
2019-03-01 1:30 Thomas Deutschmann
2018-12-02 8:52 Thomas Deutschmann
2018-10-11 14:56 Andreas Hüttel
2018-10-06 19:46 Matt Turner
2018-10-06 19:46 Matt Turner
2018-10-05 18:37 Thomas Deutschmann
2018-10-05 13:41 Mikle Kolyada
2018-10-05 12:25 Thomas Deutschmann
2018-10-05 3:20 Thomas Deutschmann
2018-10-05 2:52 Thomas Deutschmann
2017-06-05 15:54 Thomas Deutschmann
2017-03-16 12:23 Michael Weber
2017-02-17 10:42 Agostino Sarubbo
2017-02-17 10:15 Agostino Sarubbo
2017-02-16 22:02 Michael Weber
2016-07-05 5:47 Yixun Lan
2016-05-04 21:53 Manuel Rüger
2016-03-27 17:32 Michael Palimaka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1668040530.d7d3e1a3f72e278bbb37c64400ea906553d207b8.mschiff@gentoo \
--to=mschiff@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox