1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#!/bin/sh
install_small_keys () {
TRIGGER=$1
cat >${TRIGGER}/dnssec_trigger_control.key <<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIBzQIBAAJhAMxEajRTflLFuWx/xNuKbogeiycNNMSD+ZzgS0lCtb4EMfx5jbPE
1SAleqY/SvlPM7V7/duNqiLRVbouChnTS+/NUnONqO2K5r4O38i66PpyD+Q14vAU
50m0odJjgkZTWwIDAQABAmEAjPVVOMC5NpNdbqMJDNsNhX9WVV+Gn2nXUctyCJ8x
XWv1tp2HDJvy2tkiNyEMMtjUwN0ZgpfchIwFirB3bimNmL3EIyeQWw8NBqd+W+BS
1o6s7IG9x4LpEzQljTpyZWFxAjEA80OIeW/1poagoP19O9Cv+YpNXQIYp3o6KlcV
ACXgoMesVTAo72yjjELVcHM26Da5AjEA1vY16D3UBiQaCiNa0YRyjCV6W98/LTZ9
9UZzPBxg/ACrpSyUR2wJzxZaXWvoIJCzAjEAyl3Yz2UTDtgaEjMuFi9x5P5ng0L2
LYShlI1i2/+mkTnqI+fvddWDbHBAzM4b1CuJAjEAl2RXmvTQenK6lCFKOP0a33EV
t9aG3ATguPmg9tjVxSWDvZSj6ZlBX0PS6LCyjxzZAjEAkYwXKlDEZWtSrSQ/rzPf
Gu4MMkM55jVy30XCCD5AGDVIpE1tzhBaRlH7rcxku/hK
-----END RSA PRIVATE KEY-----
EOF
cat >${TRIGGER}/dnssec_trigger_control.pem <<EOF
-----BEGIN CERTIFICATE-----
MIIBazCB9gIJALWPLptjkjP3MA0GCSqGSIb3DQEBBAUAMBkxFzAVBgNVBAMMDmRu
c3NlYy10cmlnZ2VyMB4XDTE5MDEwMzA1MjAyMFoXDTM4MDkyMDA1MjAyMFowITEf
MB0GA1UEAwwWZG5zc2VjLXRyaWdnZXItY29udHJvbDB8MA0GCSqGSIb3DQEBAQUA
A2sAMGgCYQDMRGo0U35Sxblsf8Tbim6IHosnDTTEg/mc4EtJQrW+BDH8eY2zxNUg
JXqmP0r5TzO1e/3bjaoi0VW6LgoZ00vvzVJzjajtiua+Dt/Iuuj6cg/kNeLwFOdJ
tKHSY4JGU1sCAwEAATANBgkqhkiG9w0BAQQFAANhAE70mVkvwEI4PGOWh6utw38I
XmgKqTgDgFDi+5ObHLa5DvPFZRD0lSGJJfqEYwJXm/SsnCsdAjpvVJIu2jkSU0KV
nO+a4PxNkzCE4E+GNk8AhS3OGLoookSFWrjL/elW5w==
-----END CERTIFICATE-----
EOF
cat >${TRIGGER}/dnssec_trigger_server.key <<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIBygIBAAJhAMFwfA7NctBmcDduhfiwBhLOwtihG2h5zQ//a395JJ2wzxjD+Or0
3hU1IHPfsb8sQPwyroKdKu3mLXu4/PhyTUXWXZtiiAfM8uNJMFmQF4G4GsiNcfyR
FwuGhyeOyqlZxwIDAQABAmBEKVO9j41We9Is5igVAkmRlQO5e8OBo/GrInCJoXFS
k3vWGS/78r7SsD64NemXGItMTT7wjDs2/SDFdv53LHwNowTF1PHrjso8PxjyB+zA
yY+gEfX8xtHfwpjFPxlLbakCMQDv6bAZmWsfaCykd15C3xqFDA+BkSVuauoN3fwB
OY3tgnIaEh5G2MJRYxSGUBpbIjUCMQDOaQokHZ1WyTXyB9qGfrWjuRWnkp8FcAbf
AQ7AmYILPk/sVTx3WsLeB0jREdSPi4sCMBylKVqVH947IQFuIzoWy2LRYtSUkQST
DWkkdR9sUM7oAVmtiiHpZaI0E1JKJCt3dQIxAKM+//5ATcftqvSYsYPdgtrR7wZx
N8OdLlIBDCHXRrqNtbg8UW40IhpnuHdhmrNMsQIwY9Tdci7Rzp31Rg9YRAQ0+Dip
IkgotaeLvsskBdjoyI+NyOFaiHj5ljJPU1DF08/F
-----END RSA PRIVATE KEY-----
EOF
cat >${TRIGGER}/dnssec_trigger_server.pem <<EOF
-----BEGIN CERTIFICATE-----
MIIBYzCB7gIJALSLw2fGm5doMA0GCSqGSIb3DQEBBAUAMBkxFzAVBgNVBAMMDmRu
c3NlYy10cmlnZ2VyMB4XDTE5MDEwMzA1MjAyMFoXDTM4MDkyMDA1MjAyMFowGTEX
MBUGA1UEAwwOZG5zc2VjLXRyaWdnZXIwfDANBgkqhkiG9w0BAQEFAANrADBoAmEA
wXB8Ds1y0GZwN26F+LAGEs7C2KEbaHnND/9rf3kknbDPGMP46vTeFTUgc9+xvyxA
/DKugp0q7eYte7j8+HJNRdZdm2KIB8zy40kwWZAXgbgayI1x/JEXC4aHJ47KqVnH
AgMBAAEwDQYJKoZIhvcNAQEEBQADYQBWAGiChxzTQZLUIFDrb5Gv211KcjFHCGC7
54ys4pWXngcNsu/8sdvH1WegY3v+as7pRDW2GDbiDB02lbwUcvW2I+pU8wlhW87j
7BpIdRCdWa5UQV5QS9vcP5COeWxQc4U=
-----END CERTIFICATE-----
EOF
}
was_key_upgraded () {
TRIGGER=$1
STATE=$2
TRIGGER_CONTROL="${TRIGGER}/dnssec_trigger_control.key"
OLD_SHA="eaf403126c164543a4f20850ab94fbe125440c528dba96395cb19795ee9c4757 ${TRIGGER_CONTROL}"
SHA=`sha256sum ${TRIGGER_CONTROL}`
if [ "${SHA}" = "${OLD_SHA}" ]; then
echo "Key was not replaced on ${STATE}"
echo "OLD ${OLD_SHA}"
echo "NEW ${SHA}"
return 1
else
echo "Key was replaced on ${STATE}"
return 0
fi
}
TRIGGER=/etc/dnssec-trigger
if [ -e ${TRIGGER}/dnssec_trigger_control.key ]; then
dpkg --purge dnssec-trigger 2>&1
fi
# Make sure trigger directory exists after purge
if [ \! -e ${TRIGGER} ]; then
mkdir ${TRIGGER}
fi
install_small_keys ${TRIGGER}
dpkg -i ../../binaries/dnssec-trigger.deb 2>&1
if was_key_upgraded ${TRIGGER} "install" ; then
echo "PASS"
else
echo "FAIL"
exit 1
fi
# do upgrades work?
service dnssec-triggerd stop
install_small_keys ${TRIGGER}
dpkg -i ../../binaries/dnssec-trigger.deb 2>&1
if was_key_upgraded ${TRIGGER} "upgrade" ; then
echo "PASS"
else
echo "FAIL"
exit 1
fi
exit 0
|
