2 ##############################################################################
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License version 2 as
6 # published by the Free Software Foundation.
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
13 # Copyright (C) 2016 Eric Luehrsen
15 ##############################################################################
17 # This component needs to be used within the unbound.sh as an include. It uses
18 # defaults and UCI scope variables defined there. It will copy root.key back
19 # to /etc/unbound/ periodically, but avoid ROM flash abuse (UCI option).
21 ##############################################################################
24 # TODO: Just structure to real UCI coming soon.
28 ##############################################################################
31 # TODO: Maybe this will not be implemented.
35 ##############################################################################
38 local basekey_date rootkey_date rootkey_age filestuff
40 # TODO: Just structure to real UCI coming soon.
41 if [ "$UNBOUND_N_ROOT_AGE" -gt 90 -o "$UNBOUND_B_DNSSEC" -lt 1 ] ; then
47 if [ -f /etc
/unbound
/root.key
] ; then
48 basekey_date
=$
( date -r /etc
/unbound
/root.key
+%s
)
51 # No persistent storage key
52 basekey_date
=$
( date -d 2000-01-01 +%s
)
56 if [ -f "$UNBOUND_KEYFILE" ] ; then
57 # Unbound maintains it itself
58 rootkey_date
=$
( date -r $UNBOUND_KEYFILE +%s
)
59 rootkey_age
=$
(( (rootkey_date
- basekey_date
) / 86440 ))
61 elif [ -x "$UNBOUND_ANCHOR" ] ; then
62 # No tmpfs key - use unbound-anchor
63 rootkey_date
=$
( date -I +%s
)
64 rootkey_age
=$
(( (rootkey_date
- basekey_date
) / 86440 ))
65 $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
73 if [ "$rootkey_age" -gt "$UNBOUND_N_ROOT_AGE" ] ; then
74 filestuff
=$
( cat $UNBOUND_KEYFILE )
79 # Header comment for drill and dig
80 logger
-t unbound
-s "root.key updated after $rootkey_age days"
81 cp -p $UNBOUND_KEYFILE /etc
/unbound
/root.key
84 *"state=2 [ VALID ]"*)
85 # Comment inline to key for unbound-anchor
86 logger
-t unbound
-s "root.key updated after $rootkey_age days"
87 cp -p $UNBOUND_KEYFILE /etc
/unbound
/root.key
91 logger
-t unbound
-s "root.key still $rootkey_age days old"
97 ##############################################################################
105 ##############################################################################